Hi Mychaela, At the outset I would like to thank you for taking out time to help me out. The problem as you had identified was solved by the solution you gave. Everything worked like a charm after changing the signature byte to "1004".
I have taken note of the "How to Report Bugs Effectively" FAQ and will try and follow it henceforth. And I am just beginning in this field so sorry for all the confusion that my mails might have caused. I have been motivated to by your actions to contribute to the community myself. Will keep an eye on where can I help. I am also attaching one more firmware for Moto C123, this is also a 900 + 1800 MHz phone. The problem with this phone is that the osmocon application works fine when I try and load layer1.highram.bin with chainload, but when I try to load layer one or any other app using compalram.bin I am not able to load it. I do not have a flashdump with which the osmocon application works fine with compalram and so I cannot try and find out what the problem is. But I suspect that the bootloader/firmware version of this phone might also differ from what you have seen in the wild till now. The firmware of this Moto c123 can be found here : https://we.tl/rVLoGA9jQI If you find out what the problem is please keep us updated. Thank you for the help once again. Regards, Ajay Hello everyone, > > Our most recent contributor Ajay has sent me the flash dump which he > made from his C139 phone - the one he was having issues with - and > this particular firmware version turns out to be quite remarkable in > that it contains a boot code version with one significant difference > from what we've been used to previously. The firmware flash dump > along with some commentary can be found here: > > ftp://ftp.freecalypso.org/pub/GSM/Compal/c139-india-boot1004.zip > > Remember the -c 1003 option to fc-loadtool which is needed when > operating on C139/140 phones that have some official fw version in > them, but not when operating on a C11x/12x phone or on a C139 that has > FreeCalypso fw flashed? Mot/Compal's official C139/140 boot code > expects all serially downloaded code images to have some signature > bytes at a rather incovenient location (about 15 KiB into the image, > thus making it the minimum required image size); the "plain" version > of compalstage (used when you specify just -h compal) is only 32 bytes, > but the -c 1003 switches to a padded 15332 byte long version. > > So what are these required signature bytes then? All C139/140 boot > code versions seen prior to today expected these signature bytes to be > "1003" (ASCII), hence that is the signature which has been supplied by > all community tools that operate on these phones, both ours and > Osmocom's. But the boot code version contained in the firmware image > sent by Ajay expects these signature bytes to be "1004" instead! > Because both our fc-loadtool -h compal -c 1003 and Osmocom's > osmocon -m c140xor send "1003" in the signature bytes, the result was > that neither tool could gain bootloader access to Ajay's C139, just as > if the bootloader had been locked down - even though it wasn't. (The > boot code in this fw version does include the provision for locking > the bootloader, but Ajay's flash dump shows that the lock was NOT > activated - thus it still stands that to this day not one EU band C1xx > phone has ever been encountered in the wild with the bootloader locked > down, only North American ones.) > > The solution: I have just pushed a change into the freecalypso-tools > repository adding a new version of the compalstage binary that has the > signature bytes set to "1004" instead of "1003". You can either fetch > and compile the latest code from Bitbucket (you'll need the ARM7 > toolchain in this case), or you can download the compalstage-1004.* > files I posted here: > > ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/ > > Either way, once you have compalstage-1004.bin installed, just specify > -c 1004 instead of -c 1003 in the fc-loadtool command line, and it > should work with both old and new C139/140 boot code versions. The > actual comparison check performed by that boot code is an inequality, > thus sending "1004" should be good for all fw versions - thus the > previous -c 1003 option is being kept only for backward compatibility > with existing usage. > > For Ajay: now that we know that your previous fw version was unlocked, > but there was a signature version incompatibility, I recommend that > you reflash your phone back to its original state. You should proceed > as follows: > > 1. Download and install compalstage-1004.bin as above. > > 2. With a fully charged battery inserted, the serial cable connected > and the phone powered off (the state after removing and reinserting > the battery and NOT pressing the power button), run this command: > > fc-loadtool -h compal -c 1004 /dev/ttyXXX > > 3. Press the red power button on the phone, and loadtool should gain > access. > > 4. Once at the loadtool> prompt, flash your original fw dump back into > the phone as follows: > > flash erase-program-boot flashdump.bin 10000 > flash erase 10000 3f0000 > flash program-bin 10000 flashdump.bin 10000 > > You told me off-list that your original goal was to turn the phone > into a sniffer with the use of OsmocomBB tools; once you have restored > your C139 to its original firmware, if you would like to use OsmocomBB > tools with it, just edit osmocon.c and change the definition of > phone_magic[] from "1003" to "1004". > > At this point a general reminder is in order. Simon Tatham's FAQ > "How to Report Bugs Effectively": > > http://www.chiark.greenend.org.uk/~sgtatham/bugs.html > > Most of it is not too applicable to FreeCalypso, to Mot C1xx phones or > to the present situation, but one part of it is very applicable: look > for the section titled "So then I tried . . .". Just like in Simon's > FAQ, when you are dealing with the finicky and brickable Mot C1xx > phones, you need to be an antelope and not a mongoose. In Ajay's > case, you saw that your C139 wasn't working either with OsmocomBB > tools or with fc-loadtool, you assumed that the phone had a locked > bootloader (a reasonable assumption under the circumstances in > question, but it should have been treated as a hypothesis rather than > a firm conclusion), and then once you successfully gained access via > tfc139, you proceeded to the quite drastic step of reflashing the phone > to a different firmware version - flashing a North American fw version > into an EU band phone, no less! In this case you acted very much like > the mongoose in Simon Tatham's parable, and while you were very lucky > in that you didn't actually brick your phone, such bricking is a very > real possibility when acting like a mongoose. Instead you should have > acted like an antelope: made a flash dump with fc-loadtool after > gaining access with tfc139, solicited advice on this list, and NOT > initiated any flash write operations. Again, you were lucky and your > phone appears to be fully recoverable, but something to note for > future reference, and for others reading the same. > > Happy hacking, > M~ > > > ------------------------------ > > Message: 2 > Date: Tue, 26 Jul 2016 08:26:38 +0100 > From: da...@matthews.pm > To: List for FreeCalypso community discussion > <community@freecalypso.org> > Subject: Re: A new Mot C139/140 boot code version found in the wild > Message-ID: > < > 1355039477.55.1469517998257.javamail.tom...@eurydice.default.davcmat.uk0.bigv.io > > > > Content-Type: text/plain; charset=us-ascii > > hi Mychaela > > Sounds like there should be an amendment made to the howtos. Would simply > changing > > fc-loadtool -h compal -c 1003 /dev/ttyUSB0 > > to 1004 be adequate or maybe additional explanation is necessary? > > best wishes > > -- > David Matthews > da...@matthews.pm > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Community mailing list > Community@freecalypso.org > https://www.freecalypso.org/mailman/listinfo/community > > > ------------------------------ > > End of Community Digest, Vol 15, Issue 3 > **************************************** > _______________________________________________ Community mailing list Community@freecalypso.org https://www.freecalypso.org/mailman/listinfo/community