MTK and Infineon-based phones

Hi, I spent a few hours today looking at CCC presentations and osmocom code. Good and interesting work! I have a couple of questions... This is my first experience with GSM phones reverse engineering, so sorry if I am wrong, but it seems to be quite difficult for me to obtain four Calypso-based phones (yes, I know I can order them from webshop for a few euros, but I will need more of them if my experiments are successfull). On the other hand, I have access to very cheap phones using Infineon PMB7880 (C166 + DSP) or MTK (ARM9) chipsets. Currently, I do have some information (datasheet&code) for MTK platform, and I see there is implementation of "secondary bootloader" for these phones, but no layer1 yet. I also have very basic documentation of Infineon SoC, plus I have knowledge of the C166 code and I can very easily play with it (reverse engineer firmware & assemble my own code). Is it feasible to create layer1 implementation for Infineon and/or MTK? Is there anyone willing to help with this? Here are my additional questions related to the above question: - Is there any documentation of mask-rom bootloader for Infineon C166 core? - At this moment I do not understand how does the DSP on the PMB7880 work, if RF part is accessible from both DSP and C166 or just the DSP. - How is it with Infineon DSP code, is it present in flash memory, or is it ROM-only thing? Anyone has the code dump? - Is anyone (who has experience with Calypso layer1) willing to help with implementing the same on Infineon or MTK platform? - If anyone has any resources for these two plaforms, I would be grateful if you can send them to me. I will add that I have spent many many nights disassembling car control units using Infineon/Siemens C166 core (since 2002?), so Infineon platform is very attractive for me (the flash is only 2MB for some phones, it's easy to read code, etc...). Thanks, Martin