Sylvain Munaut писал 01.10.2012 15:50:
- We're not the one that decide which chipset specs are leaked ...
Also, we had a complete working gsm stack example for that chipset as a guide (the specs are not always complete / correct / enough). There is nothing even closely like that for any of the newer chips that I know of.
Enter Galaxy S II GT-i9100.
- Most modern chipsets have cryptographic securities preventing the
loading of a custom baseband firmware on them.
For some reason, the baseband does not verify, well, anything. Both AP and BP have capabilites for checking the signature, but keys are zeroed. You can load whatever you want on the BP, dump RAM, etc. Sammy has omitted the NOR flash for the BP and used a RAM chip instead, hence the BP is "flashed" at every boot.
- 3G / 4G chipsets are _vastly_ more complicated. As it is for the
calypso there aren't that many people with the skills to work on the firmware, so for more complicated chipset the situation might be even worse.
For some reason, the baseband has been compiled with debugging info turned on. Prior to flipping any bit in any register it writes a textual description to the debug port, which is trivially accessible through USB. No soldering required.
- When you're experimenting with stuff that can brick / destroy your
phone (and I have a couple of dead ones ...), you don't want to do that on your brand new 600$ phone.
For some reason, the boot process is guided by the AP. Unless you do something really evil, you have completely zero chances of bricking your beloved $600 phone.
Cheers,
Sylvain
It's also a pretty nice cellphone.