LSX-blog

Feed Rss

【原创 】刷固件Layer1到手机FLASH(硬刷)

12.26.2013, Linux, osmocomBB, 破解, by .
开头:

注意:本文章并不是做GSM 嗅探必须的,平时我们刷机叫软刷是刷到内存里面的,断电就消失了,这个是硬刷,刷到flash里面的,断电不消失,开机就运行的。
本文章经过作者实测可行,这只是单个应用程序,官方还有多个应用程序菜单

这篇教程解释了怎样把应用程序刷到C118手机里面。你一定要仔细的阅读每一个细节,否则你的手机可能会变砖。即使你遵循本教程,您可能也会变砖,如果你遇到电缆问题,弱电池或软件故障,目前firmare还不支持电池充电功能。

总共需要三部分:
  1. 原bootloader,第一次刷我就把这个清空了,直接成砖了
  2. osmocom loader,这个是osmocom的loader
  3. 应用程序,这个可以是rssi,layer1 如果没有bootloader,手机就成砖了
内存布局:
  • 0x000000-0x00ffff: Flash page 0
  • 0x010000-0x01ffff: Flash page 1
  • … more Flash pages …
  • 0x800000-0x83ffff: Ram

osmocom flash 布局:
  • 0x000000-0x001fff: Compal loader
  • 0x002000-0x00ffff: OSMOCOM loader
  • 0x010000-……..: OSMOCOM application and storage

注意:C118 bootloader和OSMOCOM loader将位于同一flash页面!

准备工作

解锁 Osmocom loader 的flash write:
1
2
$ cd src/target/firmware/
$ edit Makefile
开启下面的编译选项:
1
2
CFLAGS += -DCONFIG_FLASH_WRITE
CFLAGS += -DCONFIG_FLASH_WRITE_LOADER
更改loader
1
2
3
4
5
6
7
8
9
10
11
12
13
14
diff --git a/src/target/firmware/apps/loader/main.c b/src/target/firmware/apps/loader/main.c
index 2ff6f9c..e488c98 100644
--- a/src/target/firmware/apps/loader/main.c
+++ b/src/target/firmware/apps/loader/main.c
@@ -438,6 +438,9 @@ static void key_handler(enum key_codes code, enum key_states state)
 		puts("Resetting due to keypress.\n");
 		device_reset();
 		break;
+	case KEY_MENU:
+		device_jump((void *)0x10000);
+		break;
 	default:
 		break;
 	}
编译
1
make

安装

引导手机到downloading 到RAM
1
2
$ cd src
$ host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor target/firmware/board/compal_e88/loader.compalram.bin

你将看到类似以下输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Received PROMPT1 from phone, responding with CMD
read_file(target/firmware/board/compal_e88/loader.compalram.bin): file_size=18436, hdr_len=4, dnload_len=18443
Received PROMPT2 from phone, starting download
handle_write(): 4096 bytes (4096/18443)
handle_write(): 4096 bytes (8192/18443)
handle_write(): 4096 bytes (12288/18443)
handle_write(): 4096 bytes (16384/18443)
handle_write(): 2059 bytes (18443/18443)
handle_write(): finished
Received DOWNLOAD ACK from phone, your code is running now!
Received DOWNLOAD ACK from phone, your code is running now!
 
OSMOCOM Loader (revision osmocon_v0.0.0-1322-g43c588b-modified)
======================================================================
Running on compal_e88 in environment compalram
Found flash of 2097152 bytes at 0x0 with 2 regions

现在打开另一个终端

装载loader

备份loader

1
2
$ cd src
$ host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin
测试flash:

首先我们将loader装载到错误的位置,如果失败,我们仍然还有原来的loader, 这样不会把手机搞成砖.

1
2
3
4
$ host/osmocon/osmoload funlock 0x010000 0x10000
$ host/osmocon/osmoload ferase 0x010000 0x10000
$ host/osmocon/osmoload fprogram 0 0x010000 compal_loader.bin
$ host/osmocon/osmoload fprogram 0 0x012000 target/firmware/board/compal_e88/loader.e88loader.bin

如果上面没有出现错误之类的,下面我们就开始动真格的了

1
2
3
4
$ host/osmocon/osmoload funlock 0x000000 0x10000
$ host/osmocon/osmoload ferase 0x000000 0x10000
$ host/osmocon/osmoload fprogram 0 0x000000 compal_loader.bin
$ host/osmocon/osmoload fprogram 0 0x002000 target/firmware/board/compal_e88/loader.e88loader.bin

装载应用程序

注意:在你把应用程序刷到手机里面你是要看一下你刷的应用程序的大小的,有多少你就清空多大的flash空间,我这里清空了64KB

1
2
3
$ host/osmocon/osmoload funlock 0x010000 0x20000
$ host/osmocon/osmoload ferase 0x010000 0x20000
$ host/osmocon/osmoload fprogram 0 0x010000 target/firmware/board/compal_e88/layer1.e88flash.bin

测试

  1. 关闭手机
  2. 断开串口线
  3. 打开手机,你会看见一个空白的蓝色屏幕,这时你可不要以为手机成砖了,我第一次以后我手机又牺牲了,吓死人了.
  4. 按 Menu 按钮,开始应用程序,这时就出现了.关于Menu按钮,其实就是左右上面键中间的那个圆的.

如何使用:

让手机处于关于状态,连接后各个模块及线路,确保能误别出来,模块CP2102,如图所示:

image

1
2
cd src
host/osmocon/osmocon -p /dev/ttyUSB0

然后开机,出现蓝色空白屏幕,接着按菜单键,就是那个圆点,出现如下图所示表示成功image

关于后面的步骤,就是其它的文章操作,一样了,就不多讲了.

【原创 】刷固件Layer1到手机FLASH(硬刷) 有 317 条回应

  1. I am genuinely happy to read this web site posts which includes tons of valuable data, thanks for providing these information.| а

    回复
  2. Hi there, I discovered your site by means of Google while searching for a related subject, your web site got here up, it looks good. I have bookmarked it in my google bookmarks. а

    回复
  3. Hurrah, that’s what I was seeking for, what a information! present here at this weblog, thanks admin of this website.| а

    回复
  4. I delight in, result in I discovered just what I was looking for. You’ve ended my 4 day lengthy hunt! God Bless you man. Have a great day. Bye| а

    回复
  5. I got this web page from my friend who shared with me about this web site and now this time I am browsing this web page and reading very informative posts here.| а

    回复
  6. I’m not sure where you’re getting your information, but great topic. I needs to spend some time learning more or understanding more. Thanks for fantastic information I was looking for this info for my mission.| а

    回复
  7. Painter And Decorator Gloucester
    38 Bruton Way
    Gloucester GL1 1DA, United Kingdom
    01452 223268

    回复
  8. I just want to mention I am just very new to blogging and truly enjoyed your web-site. Probably I’m planning to bookmark your blog . You definitely come with good article content. Thanks a lot for sharing your blog.

    回复
  9. Hi there, just became aware of your weblog via Google, and found that it’s really informative. I’m going to be careful for brussels. I’ll be grateful in case you proceed this in future. Numerous people might be benefited from your writing. Cheers!| а

    回复

发表评论

电子邮件地址不会被公开。 必填项已用*标注