Re: Newer MTK chipsets
Hi DS, > So far I understand the requirements for an acceptable chip would be: > > - full code source, ideally with the revision history (git or otherwise) > - ability to program the fuses with a controlled signing key, or the > possibility of completely disabling the signing check > - full documentation for the chip: hardware registers, OS functions, .. > - lack of unnecessary ARM cores for running a smartphone OS like Android Yes, you've got it all summed up nicely. The "full documentation for the chip" bullet point also needs to include sufficient documentation for building boards with that chip, i.e., reference board schematics and PCB layout for the RF part. Naturally I am not holding my breath for something meeting all of these criteria to just show up from Qualcomm or MTK, but the fact that we do have such documentation and source code for the ancient 2G-only Calypso while no such sources or docs are available for anything newer gives me the continued justification to keep working on FreeCalypso and continue to promote/market our FC products. Yes, our greatest weakness at the moment is that we can only connect to GSM/2G networks, but for everyone who points this weakness out, I have this prepared canned response: We work with the very elderly Calypso chipset that only supports GSM/2G because all firmware semi-src leaks we have seen so far for newer 3G/4G-capable chipsets are just thin shims of source around a big mass of binary blobs, and are nothing like what we have for TI Calypso. Anyone who wants 3G or 4G, please find or obtain a firmware source for some newer 3G-capable chipset that would be no worse than what we have for TI's chipsets (at minimum we would need the full source for the dual-mode GSM+UMTS protocol stack and L1), and point us to that source. > Of course I may remember wrong, but I assumed OsmocomBB was based on the > classic method of white-room reverse-engineering, precisely to ensure the > produced code was free of bits from the TI leaks, and make the project > immune from possible legal threats. They've always readily admitted that they used the knowledge from the TSM30 source (no actual code reuse, but knowledge learned from studying the proprietary source leak) in order to learn how to talk to the DSP - the most critical part required in order to make the Calypso (or any other commercial GSM chipset) function as a GSM chip, as opposed to just a generic microprocessor taking button presses and putting characters on an LCD. However, the reality is that they used not only the TSM30 source as their source of knowledge for the most critical part of how to talk to the DSP, but also the L1 header files from the TCS211 semi-src - while they readily admit the former, they vehemently denied the latter when that subject came up. Why is it such an important distinction, why did they readily admit having used the TSM30 source leak but deny and cover up their use of knowledge that could have only come from the TCS211 semi-src version? The difference is that the TSM30 leak was published free to world (by a hero who chose to be identified as HispaPhreak) back in 2004, long before Openmoko or OsmocomBB, whereas the TCS211 semi-src targeting the correct chipset version (the one we have on the FCDEV3B and the one that both communities have been hacking on when we casually say "Calypso") only became available to unprivileged people like us in the fall of 2013, and prior to that date it was only available to the privileged inner circle of former Openmoko turned OsmocomBB core developers. Hence during the time between the founding of OsmocomBB (early 2010) and the full liberation of the TCS211 semi-src in the fall of 2013, the core people of OsmocomBB had a vested interest in denying and covering up the fact that they had access to and made absolutely critical use of a piece of leaked source which they were actively refusing to share with less privileged mere mortals like yours truly. The smoking-gun evidence that OsmocomBB people had access to this vital TCS211 semi-src and made critical use of it resides in the dsp_api.h and l1_environment.h header files under src/target/firmware/include/calypso in the osmocom-bb git repository, both dating from the 20100218 initial commit. I invite you to compare OsmocomBB's dsp_api.h against *our* l1_defty.h (based on TCS211), and likewise compare OsmocomBB's l1_environment.h against our l1_const.h, and draw your own conclusions. A few specific points of interest: * Near the beginning of OsmocomBB's dsp_api.h you will find this cutie: #if(L1_DYN_DSP_DWNLD == 1) #include "l1_dyn_dwl_defty.h" #endif Now the dynamic DSP patch download mechanism and its associated L1_DYN_DSP_DWNLD preprocessor symbol and l1_dyn_dwl_*.h header files exist only in TCS211 and LoCosto versions of TI's L1, and not in the TSM30 version - the latter contains no hint of any such thing,
Re: Newer MTK chipsets
Hi Serg, Thank you for your review. I have always assumed that the leaks available for the newer MTK chipsets are significantly inferior to what we have from TI, but because I live in a cave and don't pay attention to the outside world, I needed confirmation from someone who is more in touch with the outside world's current happenings. It was also important to get this confirmation from people like you and DS who are members of the FreeCalypso community. The problem with the people on other phone-related mailing lists (OsmocomBB, Replicant, Tinkerphones) is that they all engage in the cult of license worship, and religiously refuse to use any software that is practically free, but not legally free. Thus even if there were a complete 100% source leak of turnkey-functional modem firmware for some 3G/4G chipset, these license worshippers would refuse to use it (nothing except a lifetime-wasting from-scratch reimplementation would ever be good enough for them), and they would probably build a wall of silence and ostracism around the very existence of any such leak, so that I would never hear about it. Hence it is very important to have people like you and DS who are not license worshippers, who would not be averse to making as-is direct reuse of a leaked proprietary 3G/4G modem source if one were to turn up, and who keep their eyes open for any such leaks. > I have this board > https://www.kosagi.com/w/index.php?title=Fernvale_Main_Page based on MTK > chipset I could never understand why those people went to the trouble of designing and building this MT6260 board. It would be one thing if someone built an experimentation/development board around some 3G-capable chipset in the hope of liberating it, but MT6260 is 2G-only just like the Calypso. If you are only supporting GSM/2G and not 3G or 4G, why in the world would you want to throw away everything that OsmocomBB and FreeCalypso projects have accomplished over the years and restart from zero on a different chipset platform just for the sake of novelty?? I actually exchanged a few emails with Bunnie (one of the two key people behind Fernvale) back in early 2015, and he was telling me that Calypso is too old, that nobody supports it any more, that MT6260 was "hot these days" and hence it was a better platform in his opinion... Yet it apparently didn't matter to those guys that for TI's chipsets we have extensive source leaks and two successful projects (ours and OsmocomBB) that have working GSM functionality based on the available leaked sources and docs, whereas for MTK there is nothing but a big mass of binary libs... I just simply don't understand what these guys were (or still are) thinking. M~ ___ Community mailing list Community@freecalypso.org https://www.freecalypso.org/mailman/listinfo/community
Re: Newer MTK chipsets
Nope there is nothing you might be interested in those sources. I have this board https://www.kosagi.com/w/index.php?title=Fernvale_Main_Page based on MTK chipset and already done very extensive search of MTK firmware leaks. Most of those are sources are for OEM full of binary libs related to baseband. It is still possible to deblob some of them, but so far it is even less complete than you scored from TI. and BTW, I have seen this repo and few more. Operators are threatening to shut down 2G data networks, but so far there is a huge IoT and remote control market customer base who cannot or don't want to switch. I would think that we still have another 10 years or so. On Wed, Apr 19, 2017 at 12:50 AM, Mychaela Falconia < mychaela.falco...@gmail.com> wrote: > Hello FreeCalypso community, > > Someone just made a post to the OsmocomBB mailing list containing links > to a whole bunch of firmware source leaks for newer MTK chipsets which > supposedly support 3G/UMTS and 4G/LTE in addition to good old GSM/2G: > > http://lists.osmocom.org/pipermail/baseband-devel/2017-April/005194.html > > I personally am too heavily invested into the Calypso to even consider > looking at other chipsets, but as a community we do need to keep our > eyes somewhat open. However, I currently absolutely lack the time to > take even a cursory look at any of the MTK source leaks linked above, > hence I am inviting other members of our community to take that look. > > The basic question is: using these newer MTK source leaks, would it be > possible to build a libre modem board similar to our FCDEV3B, but with > support for 3G/UMTS and maybe even 4G/LTE in addition to GSM/2G? Are > these MTK sources complete enough to actually rebuild a working modem > firmware image from them? And what is the source vs. object mix > situation: do any of these leaks include real C source for the > dual-mode GSM+UMTS protocol stack and L1, or is it all in the form of > linkable binary objects/libs? > > Another issue is the hardware platform. It seems to me that the people > who are currently looking at the above-linked leaks and passing them > around are mostly hacking on Android phones, which is something I am > totally disinterested in. If someone manages to replace or free the > baseband on an MTK Android phone, more power to them, but such a > project would be totally useless to me personally, as I principally > refuse to put an Android phone in my purse. Instead the only kind of > phone I desire to have in my purse is a voice-only dumbphone. > > Calypso is ideal for my needs, but the problem is that the uncaring > network operators are threatening to shut down their GSM/2G networks > because the total number of people in the world who actually desire > GSM/2G is fewer than 10, and the rest of the sheeple only want 4G+. > Thus my ideal voice-only dumbphone would support all of 2G, 3G and 4G, > but with an inverted network search preference order: always prefer 2G > networks when any 2G service is available, look for 3G networks only > when there is no 2G, and connect to 4G/LTE only as a last resort when > both 2G and 3G have been shut down - and when going into 4G/LTE mode, > use it *only* for VoLTE and not support any LTE Internet data services, > i.e., disable the latter as an act of protest against the mainstream > priorities. > > In order to build something like the above, we would need a 3G/4G-capable > modem chip that is just a modem by itself (like what you would see > inside a USB stick modem product), as opposed to an AP+modem combo > made for running Android. Hence we would need to find a non-AP-combo > modem chip from MTK (or Qualcomm MDM or whatever) with 3G/4G > capabilities for which we could build firmware from the available > leaked sources, *and* for which we can obtain sufficient hardware > documentation so we can build our own board like we did with FCDEV3B. > > At this point I hand the above ideas over to the community. On my end > I wish to fully finish the FCDEV3B project before I will take any look > at all at any of the newer chipsets, and it will probably be another > 2-3 months to bring the FCDEV3B to a state which I would consider to > be fully complete. But in the meantime, someone else can start > looking at possible candidates for a newer chipset. > > Hasta la Victoria, Siempre, > Mychaela aka The Mother > ___ > Community mailing list > Community@freecalypso.org > https://www.freecalypso.org/mailman/listinfo/community > ___ Community mailing list Community@freecalypso.org https://www.freecalypso.org/mailman/listinfo/community
Re: Newer MTK chipsets
Hi DS, Thanks for taking a look at this newer MTK stuff. > note there's no information on wether a signature check is enforced > by the modem loader like what is done in modern SoC. I am not too worried about this aspect, as my interest is strictly in making our own hardware starting from bare chips like we've done with FCDEV3B, as opposed to hacking various complete devices made by one unworthy mainstream manuf or another. My understanding of the commonplace SoC restricted boot mechanisms is that typically there are OTP fuses on the die in which the device manuf programs a hash of their public key, and once these fuses have been programmed, the restricted bootloader will only accept signed code images verifiable with a public key that matches the fused hash. But it is my understanding that the signing keys are typically controlled by the manufacturers of complete devices, rather than the makers of bare chips, thus if *we* act in the role of the complete device manuf, buying bare chips on the Chinese grey market like we've done with the Calypso, then we can make our FreeMTK phone/modem products only accept firmware images signed by *us*, or leave the fuses unprogrammed, in which case the chip would presumably accept any code image. Instead what I see as the biggest problem would be finding a suitable chip to use. It appears that everyone else is only interested in those disgusting Android slab phones, and the only MTK chipsets people talk about are the ones with built-in bazillion-core application processors, the ones that are only suitable for building those darned Android slab phones and nothing else. Instead the kind of MTK chip I am looking for would be one that is just a modem, *without* the bazillion-core Android part, or alternatively a dumbphone-oriented chip in which the same single low-end ARM core performs both modem protocol stack and dumbphone UI functions, i.e., the same thing as TI Calypso & LoCosto and MT6260 (MTK's 2G-only dumbphone chip), but with 3G/UMTS capability in addition to GSM/2G. I have not been able to find any information on the latter kind of MTK chips so far, but they surely must exist. Has anyone else found anything in this direction? > From a quick glance those repositories contain the modem in precompiled > form, a set of .a files provided by mediatek along with a set of headers. This part is definitely a bummer. For as long as there are GSM/2G networks still operating, our FreeCalypso phones and modems are still leagues ahead of everyone else in terms of user freedom and empowerment, as we have the full source as opposed to blobs for the GSM+GPRS protocol stack and L1. But if T-Mobile USA shuts down their GSM/2G services in my neck of the woods (they are the last remaining GSM/2G network over here) and I lack the economic means to relocate to some third-world village where I could set up my own GSM cell without anyone noticing it, then we may have to look into building a 3G-capable device for which our "free" firmware would only be a thin shim around a big mass of binary blobs... :-( M~ ___ Community mailing list Community@freecalypso.org https://www.freecalypso.org/mailman/listinfo/community
Re: Newer MTK chipsets
Hi Mychaela, >From a quick glance those repositories contain the modem in precompiled form, a set of .a files provided by mediatek along with a set of headers. I have not tried to recompile the modem but build scripts as well as the gcc 4.6.2 toolchain appears to be present. The object files within the .a are not stripped so in theory one could gain a good understanding of the modem, perhaps also make modifications either by patching the ARM code, or by decompiling/recompiling an object file. There seems to also be a nice set of tools for debugging/logging. So it does look promising, but note there's no information on wether a signature check is enforced by the modem loader like what is done in modern SoC. --DS ___ Community mailing list Community@freecalypso.org https://www.freecalypso.org/mailman/listinfo/community
Newer MTK chipsets
Hello FreeCalypso community, Someone just made a post to the OsmocomBB mailing list containing links to a whole bunch of firmware source leaks for newer MTK chipsets which supposedly support 3G/UMTS and 4G/LTE in addition to good old GSM/2G: http://lists.osmocom.org/pipermail/baseband-devel/2017-April/005194.html I personally am too heavily invested into the Calypso to even consider looking at other chipsets, but as a community we do need to keep our eyes somewhat open. However, I currently absolutely lack the time to take even a cursory look at any of the MTK source leaks linked above, hence I am inviting other members of our community to take that look. The basic question is: using these newer MTK source leaks, would it be possible to build a libre modem board similar to our FCDEV3B, but with support for 3G/UMTS and maybe even 4G/LTE in addition to GSM/2G? Are these MTK sources complete enough to actually rebuild a working modem firmware image from them? And what is the source vs. object mix situation: do any of these leaks include real C source for the dual-mode GSM+UMTS protocol stack and L1, or is it all in the form of linkable binary objects/libs? Another issue is the hardware platform. It seems to me that the people who are currently looking at the above-linked leaks and passing them around are mostly hacking on Android phones, which is something I am totally disinterested in. If someone manages to replace or free the baseband on an MTK Android phone, more power to them, but such a project would be totally useless to me personally, as I principally refuse to put an Android phone in my purse. Instead the only kind of phone I desire to have in my purse is a voice-only dumbphone. Calypso is ideal for my needs, but the problem is that the uncaring network operators are threatening to shut down their GSM/2G networks because the total number of people in the world who actually desire GSM/2G is fewer than 10, and the rest of the sheeple only want 4G+. Thus my ideal voice-only dumbphone would support all of 2G, 3G and 4G, but with an inverted network search preference order: always prefer 2G networks when any 2G service is available, look for 3G networks only when there is no 2G, and connect to 4G/LTE only as a last resort when both 2G and 3G have been shut down - and when going into 4G/LTE mode, use it *only* for VoLTE and not support any LTE Internet data services, i.e., disable the latter as an act of protest against the mainstream priorities. In order to build something like the above, we would need a 3G/4G-capable modem chip that is just a modem by itself (like what you would see inside a USB stick modem product), as opposed to an AP+modem combo made for running Android. Hence we would need to find a non-AP-combo modem chip from MTK (or Qualcomm MDM or whatever) with 3G/4G capabilities for which we could build firmware from the available leaked sources, *and* for which we can obtain sufficient hardware documentation so we can build our own board like we did with FCDEV3B. At this point I hand the above ideas over to the community. On my end I wish to fully finish the FCDEV3B project before I will take any look at all at any of the newer chipsets, and it will probably be another 2-3 months to bring the FCDEV3B to a state which I would consider to be fully complete. But in the meantime, someone else can start looking at possible candidates for a newer chipset. Hasta la Victoria, Siempre, Mychaela aka The Mother ___ Community mailing list Community@freecalypso.org https://www.freecalypso.org/mailman/listinfo/community
