baseband-devel

baseband-devel@lists.osmocom.org

1982 discussions

Useful article on patching Nokia DCT4+ firmware

by Andrew Tipton

Hi folks, Came across this article in the latest PoC||GTFO journal describing (part of) the process for patching firmware on Nokia DCT4+ phones. The good stuff is pages 22-29 of this file: http://openwall.info/wiki/_media/people/solar/pocorgtfo03.pdf Alas, this does not appear to permit patching the first 1MB of firmware, so may not be helpful for OsmocomBB. But perhaps someone with more time on their hands can take this and run with it... Cheers, -Andrew

11 years, 4 months

baseband-devel unsubscribe notification

by mailman-bounces＠lists.osmocom.org

rodrigo(a)chupelupe.com.ar has been removed from baseband-devel.

11 years, 4 months

baseband-devel unsubscribe notification

by mailman-bounces＠lists.osmocom.org

lea_lss_bollnas(a)telia.com has been removed from baseband-devel.

11 years, 4 months

Frame Structure and Multiframe questions

by R M

Hi, I am trying to understand the Multiframe structure in GSM. Here is my question: Lets say that in a particular cell, only two GSM frequencies are available to cater to all the traffic. FB is the frequency of the beacon channel and FT is the frequency of the traffic channel. FBT0 is having the following configuration FCCH + SCH + BCCH + CCCH. Now a phone which is in this cell, gets paged for an incoming SMS. The phone responds to the paging request and gets an immediate assignment. The immediate assignment assigns it a channel with the following configuration: FTT2 and channel multiplexing is SDCCH/8 + SACCH/8. Now how does the phone know the multiframe structure of FTT2 ? In other words how does the phone know how long it has to wait, so that it can transmit in the right time-slot ? The same question applies to the BTS if we are talking about down-link ? Is there a relation between the multiframe structure of FBT0 and FTT2 ? Thanks and Regards, R M

11 years, 4 months

Re: strange crashes in current main branch

by Christophe Devine

Quick heads up: I finally ended up using a LM 317T to lower the output voltage to ~4V, using R1=220, R2=550 and a 1uF capacitor, plus a OTB battery pcb. The phone doesn't get as hot as before, and the "battery" powers without delay. https://drive.google.com/file/d/0ByHQWL5Q6bSwTWo3ZnBHTS1KeXc/edit?usp=shari… https://drive.google.com/file/d/0ByHQWL5Q6bSwM1FPeS1iVlBYX3M/edit?usp=shari…

11 years, 4 months

Re: strange crashes in current main branch

by Christophe Devine

Tim, Following your advice, I disassembled a battery, and directly connected the output of a 3.6v motorola charger to gnd and positive side of the charging pcb (of course the lithium cell is completely disconnected). See pictures below, gnd is the middle pad whereas the positive pad is on the left. When doing so be careful not to heat or pierce the lithium battery, and afterwards put some tape to ensure electrical isolation: https://drive.google.com/file/d/0ByHQWL5Q6bSwOHVPNlV5T2ZyZndLZmwtMF9JQ2V0eH… https://drive.google.com/file/d/0ByHQWL5Q6bSwTGNfeUFOVFM5cldPNFZ3djMyMmlSNV… https://drive.google.com/file/d/0ByHQWL5Q6bSwUm9XUnBOcU5SRFg4T3VpNEFZOUFHaU… The result appears to work although strangely sometimes after unplugging the charger for some time and replugging it the microcontroller on the pcb will not wake up. However it does immediately wake up if I measure the current between the + and - output with a basic multimeter, but with the black probe on the + and the red probe on the - (other way does not work). There's probably something I'm missing here, but it's not that big a deal. Maybe this is caused by a quirk in the microcontroller, as I've tried the same procedure on a new compatible battery (branded "OTB", see http://pmcdn.priceminister.com/photo/926610349.jpg) and it doesn't have this problem, the microcontroller wakes up immediately and powers the phone. The voltage might be a bit too high, but the phone seems to work fine (firmware reports a full battery - also it gets slightly hotter). On Wed, Apr 23, 2014 at 3:05 PM, Christophe Devine < devinechristophe(a)gmail.com> wrote: > Tim, > > Following your advice, I disassembled a battery, and directly connected > the output of a 3.6v motorola charger to gnd and positive side of the > charging pcb (of course the lithium cell is completely disconnected). See > pictures below, gnd is the middle pad whereas the positive pad is on the > left. When doing so be careful not to heat or pierce the lithium battery, > and afterwards put some tape to ensure electrical isolation. > > The result appears to work although strangely sometimes after unplugging > the charger for some time and replugging it the microcontroller on the pcb > will not wake up. However it does immediately wake up if I measure the > current between the + and - output with a basic multimeter, but with the > black probe on the + and the red probe on the - (other way does not work). > There's probably something I'm missing here, but it's not that big a deal. > > Maybe this is caused by a quirk in the microcontroller, as I've tried the > same procedure on a new compatible battery (branded "OTB", see > http://pmcdn.priceminister.com/photo/926610349.jpg) and it doesn't have > this problem, the microcontroller wakes up immediately and powers the > phone. The voltage might be a bit too high, but the phone seems to work > fine (firmware reports a full battery). > > Christophe > > > On Thu, Apr 10, 2014 at 8:44 PM, Tim Ehlers <osmocom(a)ehlers.info> wrote: > >> On Thu, 10 Apr 2014, Max.Suraev(a)fairwaves.co wrote: >> >> I modified the mobile battery, removing the battery itself, and >>>> replacing it with a >>>> 3.7V AC-Adapter, so that I don't need the charging. >>>> >>> >>> Interesting - can you describe those modifications in more details? >>> Which adapter have you used? How did you connect it exactly? Some pics? >>> >> >> ohh, this is no "advanced" modification. I just read on the battery, that >> it outputs 3.7V, then I found for an ACDC-adapter, outputing 3.3V DC (this >> is enough, but the phone tells you that the battery is nearly empty if you >> boot the original firmware; but we use osmocom :). >> >> I openened the white plastic cover (or more correct, opened the sticker >> around the battery), removed the Li-ION battery from the little electronic >> parts and soldered the DC-adapter there instead. >> >> Cheers >> >> Tim >> >> >

11 years, 4 months

Mobile app crashing while making call

by Akib Sayyed

Guys I am trying to make call using mobile app but when i try to call it crashes here is report http://pastebin.com/nsdxLvPg -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

11 years, 4 months

arm-elf-gcc

by Ahmad Jan

While installing osmocom-bb, i came across the "building the source" section. It says in later part that: " If your GCC binary that produces ARM code is not called *arm-elf-gcc* you will need to invoke the following statement and provide the basename of the toolchain with the ending *-*" cd src make -e CROSS_TOOL_PREFIX=arm-OTHER_NAME- How can i find out that my GCC binary is called as *arm-elf-gcc *or something else?

11 years, 4 months

Error: no such instruction: `eor %edx,%r15d,%r15d,ror'

by Ahmad Jan

Hi... I m trying to install osmocom-bb using following link: http://bb.osmocom.org/trac/wiki/Software/GettingStarted First of all i installed the Dependencies for the host. Then for target dependencies, i build my own toolchain using following: http://bb.osmocom.org/trac/wiki/GnuArmToolchain This toolchain building processes ended up saying: "Build complete! Add /home/arslan/dir/install/bin to your PATH to make arm-elf-gcc and friends accessible directly." (i don't know building my own toolchain is necessary or not). Then i went back for building osmocom-bb There i came across getting and updating the source. But in building the source section, what it says is: " Compiling both the target and the host code will happen with the following command. It assumes that the *arm-elf-gcc* is* inside the current path.*" I didn't understand it as my current path is osmocom-bb and there is no arm-elf-gcc Can anyone tell me what does it mean? Anyways, i just ignored it and went on executing the following command cd src/ make So i ended up with an error saying: /home/arslan/osmocom-bb/src/target/firmware/include/asm/swab.h:32: Error: no such instruction: `eor %edx,%r15d,%r15d,ror' make[4]: *** [gsmtap_util.lo] Error 1 I tried to figure it out from Internet. It really didn't work out. M stuck at this point. Can anyone help me resolving this problem?

11 years, 4 months

Re: Accessing the firmware of osmocom-bb compatible phone

by msokolov＠ivan.Harhan.ORG

Ahmad Jan <e10007a(a)gmail.com> wrote: > But is this possible (using osmocom-bb) to modify phone's original > firmware, compile it and then reload it back in to the phone to work > according to modification? Sure, you can take a flash dump as I described, make patches to the firmware binary code with a hex editor, then flash the modified image back into the phone. But that is not what you are asking for, is it? It seems to me that what you are really after is the *source* for the original firmware of, say, Motorola C1xx, or Pirelli DP-L10, right? Well, the problem in this case is that I don't know of anyone who has a copy of such sources, and there is a strong possibility that, as happens regularly with most proprietary abandonware, these sources, which existed inside the walls of Compal and Foxconn almost a decade ago, may have been lost altogether, went to the great bit bucket in the sky. I am, however, pursuing a project seeking to put together a new firmware for Calypso-based "dumbphones" that would function just like the original proprietary fw, intended for using the phone "normally" as an everyday phone, unlike OsmocomBB which is intended for hacking and security research instead. FreeCalypso is the name of my project, and it's being developed in this Mercurial repository: https://bitbucket.org/falconian/freecalypso-sw FreeCalypso does not have its own mailing list or home page yet, unfortunately. VLR, SF

11 years, 5 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel