Fun with the MTK 6573 Baseband (Patching / Replacing)

Craig Comstock craig_comstock at yahoo.com
Thu Apr 13 03:21:39 UTC 2017


I don't have the files mentioned in that patch. They look very much like some part of an Android source code tree. So far I am working mostly not with Android at all... only osmocom-bb, nuttx, fernly and fernvale-nuttx.

My work on the newer MT chip in the ZTE Obsidian is a ways down the road. One thing that was VERY encouraging is that I have tested the beginnings of interaction with it's bootloader (as in the fernly project)
and it seems at least the initial MSG and ACK from the bootloader works the same as for fernly types of MT chips (6260/6261). So that might be a good starting point in terms of experimenting/fuzzing/???

Maybe you could find a custom rom source tree and find those files that are being patched.

In terms of participating in my project, I have a github repo and am primarily using the fernvale board I purchased from sysmocom as well as some mt6260/6261 based watches and the Seeed Studio RePhone.

So I'd say go get one or more of those things and start hacking on fernly, fernvale-nuttx, osmocom-bb and nuttx-bb (combo of osmocom-bb and nuttx).

I don't work too hard on the project. This branch is my latest not-working work in progress:

https://github.com/craigcomstock/osmocom-bb/tree/feb-22-2017-mt62xx-wip

I have since changed my strategy and so this branch will likely rot. :( But it might give some indication of what I'm up to.

-Craig



--------------------------------------------
On Wed, 4/12/17, bruce lee <bbsoo7 at live.com> wrote:

 Subject: Re: Fun with the MTK 6573 Baseband (Patching / Replacing)
 To: "Craig Comstock" <craig_comstock at yahoo.com>, "baseband-devel at lists.osmocom.org" <baseband-devel at lists.osmocom.org>
 Date: Wednesday, April 12, 2017, 9:39 PM
 
 
 
 Craig,
 
 
 
 
 
 
 do you have the files mentioned at
 
 
 
 https://github.com/shadowsim/shadowsim/blob/master/mdlogger.patch
 
 
 
 
 
 and for your project, seem very interesting, and I would
 like to participate in.
 
 
 
 thanks
 RZ
 
 
 
 
 
 
 
 
 
 
 
 
 From: Craig Comstock
 <craig_comstock at yahoo.com>
 
 Sent: Tuesday, April 11, 2017 11:35 AM
 
 To: baseband-devel at lists.osmocom.org; RootZero
 
 Subject: Re: Fun with the MTK 6573 Baseband (Patching
 / Replacing)
  
 
 My target was Mt6735 in a Zte Obsidian. I chose it for
 4g lte. I could root one and see if similar techniques work.
 My hope was to leverage leaked source for mt626x and hope to
 work my way up the chip models. I am currently working on
 porting osmocom-bb
  and nuttx-bb to fernvale/rephone/mt626x.
 
 
 
 On April 11, 2017
 4:39:46 AM CDT, RootZero <bbsoo7 at live.com> wrote:
 
 Markus and all,
 
 I am very interesting in this
 project/hack.
 
 can you share
 more information with US?
 
 I
 searched lots web pages and do not find the source of
 mdlogger.cpp file.
 
 I do
 have the source code of "modem.img" if you want
 please let me know. 
 
 
 
 
 
 thanks
 RootZero
 
 
 
 --
 View this message in
 context: http://baseband-devel.722152.n3.nabble.com/Fun-with-the-MTK-6573-Baseband-Patching-Replacing-tp4026683p4026772.htmlbaseband-devel
  - Fun with the MTK 6573 Baseband (Patching /
 Replacing)baseband-devel.722152.n3.nabble.comFun
  with the MTK 6573 Baseband (Patching / Replacing).
 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm
 Markus, a security researcher from Germany. I recently did
 some work on MTK
 6573...
 
 Sent from the baseband-devel
 mailing list archive at Nabble.com.Nabble
  • Free Forum • Embeddable Web Appsnabble.comEmbed
  into any Website. All Nabble apps are naturally embeddable,
 which means that they can be easily displayed inside any web
 page.
 
 
 
 
 
 
 -- 
 
 Sent from my Android device with K-9 Mail. Please excuse my
 brevity.
 
 
 


More information about the baseband-devel mailing list