Re: Newer MTK chipsets

2017-04-20 Thread Mychaela Falconia
Hi DS,

> So far I understand the requirements for an acceptable chip would be:
>
> - full code source, ideally with the revision history (git or otherwise)
> - ability to program the fuses with a controlled signing key, or the
>   possibility of completely disabling the signing check
> - full documentation for the chip: hardware registers, OS functions, ..
> - lack of unnecessary ARM cores for running a smartphone OS like Android

Yes, you've got it all summed up nicely.  The "full documentation for
the chip" bullet point also needs to include sufficient documentation
for building boards with that chip, i.e., reference board schematics
and PCB layout for the RF part.

Naturally I am not holding my breath for something meeting all of
these criteria to just show up from Qualcomm or MTK, but the fact that
we do have such documentation and source code for the ancient 2G-only
Calypso while no such sources or docs are available for anything newer
gives me the continued justification to keep working on FreeCalypso
and continue to promote/market our FC products.

Yes, our greatest weakness at the moment is that we can only connect
to GSM/2G networks, but for everyone who points this weakness out, I
have this prepared canned response:

We work with the very elderly Calypso chipset that only
supports GSM/2G because all firmware semi-src leaks we have
seen so far for newer 3G/4G-capable chipsets are just thin
shims of source around a big mass of binary blobs, and are
nothing like what we have for TI Calypso.  Anyone who wants 3G
or 4G, please find or obtain a firmware source for some newer
3G-capable chipset that would be no worse than what we have
for TI's chipsets (at minimum we would need the full source
for the dual-mode GSM+UMTS protocol stack and L1), and point
us to that source.

> Of course I may remember wrong, but I assumed OsmocomBB was based on the
> classic method of white-room reverse-engineering, precisely to ensure the
> produced code was free of bits from the TI leaks, and make the project
> immune from possible legal threats.

They've always readily admitted that they used the knowledge from the
TSM30 source (no actual code reuse, but knowledge learned from studying
the proprietary source leak) in order to learn how to talk to the DSP -
the most critical part required in order to make the Calypso (or any
other commercial GSM chipset) function as a GSM chip, as opposed to
just a generic microprocessor taking button presses and putting
characters on an LCD.

However, the reality is that they used not only the TSM30 source as
their source of knowledge for the most critical part of how to talk to
the DSP, but also the L1 header files from the TCS211 semi-src - while
they readily admit the former, they vehemently denied the latter when
that subject came up.  Why is it such an important distinction, why
did they readily admit having used the TSM30 source leak but deny and
cover up their use of knowledge that could have only come from the
TCS211 semi-src version?

The difference is that the TSM30 leak was published free to world (by
a hero who chose to be identified as HispaPhreak) back in 2004, long
before Openmoko or OsmocomBB, whereas the TCS211 semi-src targeting
the correct chipset version (the one we have on the FCDEV3B and the
one that both communities have been hacking on when we casually say
"Calypso") only became available to unprivileged people like us in the
fall of 2013, and prior to that date it was only available to the
privileged inner circle of former Openmoko turned OsmocomBB core
developers.  Hence during the time between the founding of OsmocomBB
(early 2010) and the full liberation of the TCS211 semi-src in the
fall of 2013, the core people of OsmocomBB had a vested interest in
denying and covering up the fact that they had access to and made
absolutely critical use of a piece of leaked source which they were
actively refusing to share with less privileged mere mortals like
yours truly.

The smoking-gun evidence that OsmocomBB people had access to this
vital TCS211 semi-src and made critical use of it resides in the
dsp_api.h and l1_environment.h header files under
src/target/firmware/include/calypso in the osmocom-bb git repository,
both dating from the 20100218 initial commit.  I invite you to compare
OsmocomBB's dsp_api.h against *our* l1_defty.h (based on TCS211), and
likewise compare OsmocomBB's l1_environment.h against our l1_const.h,
and draw your own conclusions.

A few specific points of interest:

* Near the beginning of OsmocomBB's dsp_api.h you will find this cutie:

#if(L1_DYN_DSP_DWNLD == 1)
  #include "l1_dyn_dwl_defty.h"
#endif

Now the dynamic DSP patch download mechanism and its associated
L1_DYN_DSP_DWNLD preprocessor symbol and l1_dyn_dwl_*.h header files
exist only in TCS211 and LoCosto versions of TI's L1, and not in the
TSM30 version - the latter contains no hint of any such thing, 

Re: Newer MTK chipsets

2017-04-19 Thread Mychaela Falconia
Hi Serg,

Thank you for your review.  I have always assumed that the leaks
available for the newer MTK chipsets are significantly inferior to
what we have from TI, but because I live in a cave and don't pay
attention to the outside world, I needed confirmation from someone who
is more in touch with the outside world's current happenings.

It was also important to get this confirmation from people like you
and DS who are members of the FreeCalypso community.  The problem with
the people on other phone-related mailing lists (OsmocomBB, Replicant,
Tinkerphones) is that they all engage in the cult of license worship,
and religiously refuse to use any software that is practically free,
but not legally free.  Thus even if there were a complete 100% source
leak of turnkey-functional modem firmware for some 3G/4G chipset,
these license worshippers would refuse to use it (nothing except a
lifetime-wasting from-scratch reimplementation would ever be good
enough for them), and they would probably build a wall of silence and
ostracism around the very existence of any such leak, so that I would
never hear about it.

Hence it is very important to have people like you and DS who are not
license worshippers, who would not be averse to making as-is direct
reuse of a leaked proprietary 3G/4G modem source if one were to turn
up, and who keep their eyes open for any such leaks.

> I have this board
> https://www.kosagi.com/w/index.php?title=Fernvale_Main_Page based on MTK
> chipset

I could never understand why those people went to the trouble of
designing and building this MT6260 board.  It would be one thing if
someone built an experimentation/development board around some
3G-capable chipset in the hope of liberating it, but MT6260 is 2G-only
just like the Calypso.  If you are only supporting GSM/2G and not 3G
or 4G, why in the world would you want to throw away everything that
OsmocomBB and FreeCalypso projects have accomplished over the years
and restart from zero on a different chipset platform just for the
sake of novelty??

I actually exchanged a few emails with Bunnie (one of the two key
people behind Fernvale) back in early 2015, and he was telling me that
Calypso is too old, that nobody supports it any more, that MT6260 was
"hot these days" and hence it was a better platform in his opinion...
Yet it apparently didn't matter to those guys that for TI's chipsets
we have extensive source leaks and two successful projects (ours and
OsmocomBB) that have working GSM functionality based on the available
leaked sources and docs, whereas for MTK there is nothing but a big
mass of binary libs...  I just simply don't understand what these guys
were (or still are) thinking.

M~
___
Community mailing list
Community@freecalypso.org
https://www.freecalypso.org/mailman/listinfo/community


Re: Newer MTK chipsets

2017-04-19 Thread Serg l
Nope there is nothing you might be interested in those sources.

I have this board
https://www.kosagi.com/w/index.php?title=Fernvale_Main_Page based on MTK
chipset and already done very extensive search of MTK firmware leaks. Most
of those are sources are for OEM full of binary libs related to baseband.
It is still possible to deblob some of them, but so far it is even less
complete than you scored from TI.

and BTW, I have seen this repo and few more.

Operators are threatening to shut down 2G data networks, but so far there
is a huge IoT and remote control market customer base who cannot or don't
want to switch. I would think that we still have another 10 years or so.

On Wed, Apr 19, 2017 at 12:50 AM, Mychaela Falconia <
mychaela.falco...@gmail.com> wrote:

> Hello FreeCalypso community,
>
> Someone just made a post to the OsmocomBB mailing list containing links
> to a whole bunch of firmware source leaks for newer MTK chipsets which
> supposedly support 3G/UMTS and 4G/LTE in addition to good old GSM/2G:
>
> http://lists.osmocom.org/pipermail/baseband-devel/2017-April/005194.html
>
> I personally am too heavily invested into the Calypso to even consider
> looking at other chipsets, but as a community we do need to keep our
> eyes somewhat open.  However, I currently absolutely lack the time to
> take even a cursory look at any of the MTK source leaks linked above,
> hence I am inviting other members of our community to take that look.
>
> The basic question is: using these newer MTK source leaks, would it be
> possible to build a libre modem board similar to our FCDEV3B, but with
> support for 3G/UMTS and maybe even 4G/LTE in addition to GSM/2G?  Are
> these MTK sources complete enough to actually rebuild a working modem
> firmware image from them?  And what is the source vs. object mix
> situation: do any of these leaks include real C source for the
> dual-mode GSM+UMTS protocol stack and L1, or is it all in the form of
> linkable binary objects/libs?
>
> Another issue is the hardware platform.  It seems to me that the people
> who are currently looking at the above-linked leaks and passing them
> around are mostly hacking on Android phones, which is something I am
> totally disinterested in.  If someone manages to replace or free the
> baseband on an MTK Android phone, more power to them, but such a
> project would be totally useless to me personally, as I principally
> refuse to put an Android phone in my purse.  Instead the only kind of
> phone I desire to have in my purse is a voice-only dumbphone.
>
> Calypso is ideal for my needs, but the problem is that the uncaring
> network operators are threatening to shut down their GSM/2G networks
> because the total number of people in the world who actually desire
> GSM/2G is fewer than 10, and the rest of the sheeple only want 4G+.
> Thus my ideal voice-only dumbphone would support all of 2G, 3G and 4G,
> but with an inverted network search preference order: always prefer 2G
> networks when any 2G service is available, look for 3G networks only
> when there is no 2G, and connect to 4G/LTE only as a last resort when
> both 2G and 3G have been shut down - and when going into 4G/LTE mode,
> use it *only* for VoLTE and not support any LTE Internet data services,
> i.e., disable the latter as an act of protest against the mainstream
> priorities.
>
> In order to build something like the above, we would need a 3G/4G-capable
> modem chip that is just a modem by itself (like what you would see
> inside a USB stick modem product), as opposed to an AP+modem combo
> made for running Android.  Hence we would need to find a non-AP-combo
> modem chip from MTK (or Qualcomm MDM or whatever) with 3G/4G
> capabilities for which we could build firmware from the available
> leaked sources, *and* for which we can obtain sufficient hardware
> documentation so we can build our own board like we did with FCDEV3B.
>
> At this point I hand the above ideas over to the community.  On my end
> I wish to fully finish the FCDEV3B project before I will take any look
> at all at any of the newer chipsets, and it will probably be another
> 2-3 months to bring the FCDEV3B to a state which I would consider to
> be fully complete.  But in the meantime, someone else can start
> looking at possible candidates for a newer chipset.
>
> Hasta la Victoria, Siempre,
> Mychaela aka The Mother
> ___
> Community mailing list
> Community@freecalypso.org
> https://www.freecalypso.org/mailman/listinfo/community
>
___
Community mailing list
Community@freecalypso.org
https://www.freecalypso.org/mailman/listinfo/community


Re: Newer MTK chipsets

2017-04-19 Thread Mychaela Falconia
Hi DS,

Thanks for taking a look at this newer MTK stuff.

> note there's no information on wether a signature check is enforced
> by the modem loader like what is done in modern SoC.

I am not too worried about this aspect, as my interest is strictly in
making our own hardware starting from bare chips like we've done with
FCDEV3B, as opposed to hacking various complete devices made by one
unworthy mainstream manuf or another.

My understanding of the commonplace SoC restricted boot mechanisms is
that typically there are OTP fuses on the die in which the device
manuf programs a hash of their public key, and once these fuses have
been programmed, the restricted bootloader will only accept signed
code images verifiable with a public key that matches the fused hash.

But it is my understanding that the signing keys are typically
controlled by the manufacturers of complete devices, rather than the
makers of bare chips, thus if *we* act in the role of the complete
device manuf, buying bare chips on the Chinese grey market like we've
done with the Calypso, then we can make our FreeMTK phone/modem
products only accept firmware images signed by *us*, or leave the
fuses unprogrammed, in which case the chip would presumably accept any
code image.

Instead what I see as the biggest problem would be finding a suitable
chip to use.  It appears that everyone else is only interested in
those disgusting Android slab phones, and the only MTK chipsets people
talk about are the ones with built-in bazillion-core application
processors, the ones that are only suitable for building those darned
Android slab phones and nothing else.  Instead the kind of MTK chip I
am looking for would be one that is just a modem, *without* the
bazillion-core Android part, or alternatively a dumbphone-oriented
chip in which the same single low-end ARM core performs both modem
protocol stack and dumbphone UI functions, i.e., the same thing as TI
Calypso & LoCosto and MT6260 (MTK's 2G-only dumbphone chip), but with
3G/UMTS capability in addition to GSM/2G.  I have not been able to
find any information on the latter kind of MTK chips so far, but they
surely must exist.  Has anyone else found anything in this direction?

> From a quick glance those repositories contain the modem in precompiled
> form, a set of .a files provided by mediatek along with a set of headers.

This part is definitely a bummer.  For as long as there are GSM/2G
networks still operating, our FreeCalypso phones and modems are still
leagues ahead of everyone else in terms of user freedom and
empowerment, as we have the full source as opposed to blobs for the
GSM+GPRS protocol stack and L1.  But if T-Mobile USA shuts down their
GSM/2G services in my neck of the woods (they are the last remaining
GSM/2G network over here) and I lack the economic means to relocate to
some third-world village where I could set up my own GSM cell without
anyone noticing it, then we may have to look into building a 3G-capable
device for which our "free" firmware would only be a thin shim around
a big mass of binary blobs... :-(

M~
___
Community mailing list
Community@freecalypso.org
https://www.freecalypso.org/mailman/listinfo/community


Re: Newer MTK chipsets

2017-04-19 Thread Das Signal
Hi Mychaela,

>From a quick glance those repositories contain the modem in precompiled
form, a set of .a files provided by mediatek along with a set of headers.
I have not tried to recompile the modem but build scripts as well as the
gcc 4.6.2 toolchain appears to be present. The object files within the .a
are not stripped so in theory one could gain a good understanding of the
modem, perhaps also make modifications either by patching the ARM code,
or by decompiling/recompiling an object file. There seems to also be a
nice set of tools for debugging/logging. So it does look promising, but
note there's no information on wether a signature check is enforced
by the modem loader like what is done in modern SoC.

--DS
___
Community mailing list
Community@freecalypso.org
https://www.freecalypso.org/mailman/listinfo/community


Newer MTK chipsets

2017-04-18 Thread Mychaela Falconia
Hello FreeCalypso community,

Someone just made a post to the OsmocomBB mailing list containing links
to a whole bunch of firmware source leaks for newer MTK chipsets which
supposedly support 3G/UMTS and 4G/LTE in addition to good old GSM/2G:

http://lists.osmocom.org/pipermail/baseband-devel/2017-April/005194.html

I personally am too heavily invested into the Calypso to even consider
looking at other chipsets, but as a community we do need to keep our
eyes somewhat open.  However, I currently absolutely lack the time to
take even a cursory look at any of the MTK source leaks linked above,
hence I am inviting other members of our community to take that look.

The basic question is: using these newer MTK source leaks, would it be
possible to build a libre modem board similar to our FCDEV3B, but with
support for 3G/UMTS and maybe even 4G/LTE in addition to GSM/2G?  Are
these MTK sources complete enough to actually rebuild a working modem
firmware image from them?  And what is the source vs. object mix
situation: do any of these leaks include real C source for the
dual-mode GSM+UMTS protocol stack and L1, or is it all in the form of
linkable binary objects/libs?

Another issue is the hardware platform.  It seems to me that the people
who are currently looking at the above-linked leaks and passing them
around are mostly hacking on Android phones, which is something I am
totally disinterested in.  If someone manages to replace or free the
baseband on an MTK Android phone, more power to them, but such a
project would be totally useless to me personally, as I principally
refuse to put an Android phone in my purse.  Instead the only kind of
phone I desire to have in my purse is a voice-only dumbphone.

Calypso is ideal for my needs, but the problem is that the uncaring
network operators are threatening to shut down their GSM/2G networks
because the total number of people in the world who actually desire
GSM/2G is fewer than 10, and the rest of the sheeple only want 4G+.
Thus my ideal voice-only dumbphone would support all of 2G, 3G and 4G,
but with an inverted network search preference order: always prefer 2G
networks when any 2G service is available, look for 3G networks only
when there is no 2G, and connect to 4G/LTE only as a last resort when
both 2G and 3G have been shut down - and when going into 4G/LTE mode,
use it *only* for VoLTE and not support any LTE Internet data services,
i.e., disable the latter as an act of protest against the mainstream
priorities.

In order to build something like the above, we would need a 3G/4G-capable
modem chip that is just a modem by itself (like what you would see
inside a USB stick modem product), as opposed to an AP+modem combo
made for running Android.  Hence we would need to find a non-AP-combo
modem chip from MTK (or Qualcomm MDM or whatever) with 3G/4G
capabilities for which we could build firmware from the available
leaked sources, *and* for which we can obtain sufficient hardware
documentation so we can build our own board like we did with FCDEV3B.

At this point I hand the above ideas over to the community.  On my end
I wish to fully finish the FCDEV3B project before I will take any look
at all at any of the newer chipsets, and it will probably be another
2-3 months to bring the FCDEV3B to a state which I would consider to
be fully complete.  But in the meantime, someone else can start
looking at possible candidates for a newer chipset.

Hasta la Victoria, Siempre,
Mychaela aka The Mother
___
Community mailing list
Community@freecalypso.org
https://www.freecalypso.org/mailman/listinfo/community