FreeCalypso > hg > fc-magnetite
comparison doc/C1xx-Howto @ 543:4f378f6c5efa
doc/C1xx-Howto: C155 support
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Wed, 07 Nov 2018 03:24:14 +0000 |
| parents | 9c5944d1bac5 |
| children | 9327935d8549 |
comparison
equal
deleted
inserted
replaced
| 542:b48e9892ee65 | 543:4f378f6c5efa |
|---|---|
| 14 | 14 |
| 15 Firmware flashing on Mot C1xx phones is accomplished through the headset jack | 15 Firmware flashing on Mot C1xx phones is accomplished through the headset jack |
| 16 via a special cable. There is no need to disassemble the phone in any way or | 16 via a special cable. There is no need to disassemble the phone in any way or |
| 17 to do any soldering or other hardware surgery, but you will need a host system | 17 to do any soldering or other hardware surgery, but you will need a host system |
| 18 to run the multitude of special software tools that are involved in the | 18 to run the multitude of special software tools that are involved in the |
| 19 procedure. You will need to begin by installing FreeCalypso host tools, and | 19 procedure. You will need to begin by installing FreeCalypso host tools: the |
| 20 the current version of the FC-to-C1xx xenotransplantation procedure (the | 20 current version of our FC-to-C1xx xenotransplantation procedure for the lower |
| 21 additions from the previous version are RF calibration data migration and | 21 C1xx subfamilies (the additions from the previous version are RF calibration |
| 22 battery charging configuration) requires the latest fc-host-tools-r9 release: | 22 data migration and battery charging configuration) requires fc-host-tools-r8 or |
| 23 | 23 later, or if you are working on a C155 or C156 phone, you will need our very |
| 24 ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/fc-host-tools-r9.tar.bz2 | 24 latest fc-host-tools-r9a release: |
| 25 | 25 |
| 26 You will also need the battery charging configuration files: | 26 ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/fc-host-tools-r9a.tar.bz2 |
| 27 | |
| 28 You will also need our battery charging configuration files: | |
| 27 | 29 |
| 28 https://bitbucket.org/falconian/fc-battery-conf | 30 https://bitbucket.org/falconian/fc-battery-conf |
| 29 | 31 |
| 30 Run 'make install' in the fc-battery-conf tree to add the battery charging | 32 Run 'make install' in the fc-battery-conf tree to add the battery charging |
| 31 configuration files to your FC host tools installation under /opt/freecalypso. | 33 configuration files to your FC host tools installation under /opt/freecalypso. |
| 55 conversion. To the best of our knowledge, all C11x/12x and C140 phones have | 57 conversion. To the best of our knowledge, all C11x/12x and C140 phones have |
| 56 900+1800 MHz bands, but C139 phones have been made in both versions. On the | 58 900+1800 MHz bands, but C139 phones have been made in both versions. On the |
| 57 phones that have passed through our hands so far, the first two digits of the | 59 phones that have passed through our hands so far, the first two digits of the |
| 58 IMEI have been 35 on 900+1800 MHz phones and 01 on 850+1900 MHz ones. | 60 IMEI have been 35 on 900+1800 MHz phones and 01 on 850+1900 MHz ones. |
| 59 | 61 |
| 60 * You need to know whether your phone has 2 MiB or 4 MiB flash. To the best of | 62 * For the lower C1xx subfamilies only: you need to know whether your phone has |
| 61 our knowledge, all C139/140 phones have 4 MiB flash, but C11x have been seen | 63 2 MiB or 4 MiB flash. To the best of our knowledge, all C139/140 phones have |
| 62 with both 2 MiB and 4 MiB flashes. The flash memory size will be autodetected | 64 4 MiB flash, but C11x have been seen with both 2 MiB and 4 MiB flashes. The |
| 63 by fc-loadtool as part of making the flash dump. | 65 flash memory size will be autodetected by fc-loadtool as part of making the |
| 66 flash dump. C155 and C156 phones have 8 MiB flash. | |
| 64 | 67 |
| 65 The Mother's method for keeping track of these per-phone bits of information is | 68 The Mother's method for keeping track of these per-phone bits of information is |
| 66 to create a separate directory for each phone with the IMEI as the directory | 69 to create a separate directory for each phone with the IMEI as the directory |
| 67 name; the flash dump and the RF calibration bits extracted from it will then | 70 name; the flash dump and the RF calibration bits extracted from it will then |
| 68 reside in that directory, while the IMEI is in the name of the directory itself. | 71 reside in that directory, while the IMEI is in the name of the directory itself. |
| 71 to run fc-loadtool to capture the flash dump. The phone needs to be off, but | 74 to run fc-loadtool to capture the flash dump. The phone needs to be off, but |
| 72 the battery needs to be present and have some charge in it; with the phone off, | 75 the battery needs to be present and have some charge in it; with the phone off, |
| 73 connect the serial cable between your host computer and the phone's headset | 76 connect the serial cable between your host computer and the phone's headset |
| 74 jack, and run fc-loadtool as follows: | 77 jack, and run fc-loadtool as follows: |
| 75 | 78 |
| 76 fc-loadtool -h compal -c 1004 /dev/ttyXXX | 79 C11x/12x: fc-loadtool -h compal /dev/ttyXXX |
| 80 C139/140: fc-loadtool -h compal -c 1004 /dev/ttyXXX | |
| 81 C155/156: fc-loadtool -h c155 /dev/ttyXXX | |
| 77 | 82 |
| 78 Change /dev/ttyXXX to the serial or USB-serial device corresponding to your | 83 Change /dev/ttyXXX to the serial or USB-serial device corresponding to your |
| 79 serial cable. The -c 1004 option (adds a little inefficiency which is required | 84 serial cable. With the serial cable connected, the phone in the powered-off |
| 80 for C139/140 phones) can be omitted if your phone is C11x/12x, but it is also | 85 state and the fc-loadtool process running and waiting for the phone, press the |
| 81 harmless to always add it. With the serial cable connected, the phone in the | 86 red power button on the phone - a momentary press is sufficient and recommended. |
| 82 powered-off state and the fc-loadtool process running and waiting for the phone, | |
| 83 press the red power button on the phone - a momentary press is sufficient and | |
| 84 recommended. | |
| 85 | 87 |
| 86 Once the phone boots the loadagent code fed to it serially by fc-loadtool and | 88 Once the phone boots the loadagent code fed to it serially by fc-loadtool and |
| 87 you land at the loadtool> prompt, issue the following command: | 89 you land at the loadtool> prompt, issue the following command: |
| 88 | 90 |
| 89 flash dump2bin flashdump.bin | 91 flash dump2bin flashdump.bin |
| 90 | 92 |
| 91 Given this command, fc-loadtool will autodetect whether your phone has 2 MiB or | 93 Given this command, fc-loadtool will autodetect whether your phone has 2 MiB or |
| 92 4 MiB flash, then make a dump of the complete content of this flash memory and | 94 4 MiB flash (for the lower C1xx subfamilies), then make a dump of the complete |
| 93 save it in a file named flashdump.bin in the current directory. When this | 95 content of this flash memory and save it in a file named flashdump.bin in the |
| 94 operation completes, exit the loadtool session with the exit command - it will | 96 current directory. When this operation completes, exit the loadtool session |
| 95 also cleanly power the phone off. | 97 with the exit command - it will also cleanly power the phone off. |
| 96 | 98 |
| 97 The next step is to extract the RF calibration values. Run a command of the | 99 The next step is to extract the RF calibration values. Run a command of the |
| 98 following form: | 100 following form: |
| 99 | 101 |
| 100 c1xx-calextr -b rfbin flashdump.bin <offset> | 102 c1xx-calextr -b rfbin flashdump.bin <offset> |
| 101 | 103 |
| 102 Change <offset> to 0x1FC000 if your phone has 2 MiB flash (the size of | 104 For the lower C1xx subfamilies, change <offset> to 0x1FC000 if your phone has |
| 103 flashdump.bin is 2097152 bytes) or 0x3FC000 if it has 4 MiB flash (the size of | 105 2 MiB flash (the size of flashdump.bin is 2097152 bytes) or 0x3FC000 if it has |
| 104 flashdump.bin is 4194304 bytes). The stdout scribbles from c1xx-calextr will | 106 4 MiB flash (the size of flashdump.bin is 4194304 bytes). For C155/156 the |
| 107 correct offset is 0x7E0000. The stdout scribbles from c1xx-calextr will | |
| 105 indicate which per-band calibration records it finds (from which you can tell | 108 indicate which per-band calibration records it finds (from which you can tell |
| 106 if the phone has 900+1800 MHz or 850+1900 MHz bands if you didn't have this | 109 if the phone has 900+1800 MHz or 850+1900 MHz bands if you didn't have this |
| 107 knowledge already), and a directory named rfbin will be created, containing the | 110 knowledge already), and a directory named rfbin will be created, containing the |
| 108 correct subtree of directories and files which will need to be uploaded into | 111 correct subtree of directories and files which will need to be uploaded into |
| 109 the new FreeCalypso flash file system (FFS) under /gsm/rf after the firmware | 112 the new FreeCalypso flash file system (FFS) under /gsm/rf after the firmware |
| 111 | 114 |
| 112 Selecting and building the desired firmware config | 115 Selecting and building the desired firmware config |
| 113 ================================================== | 116 ================================================== |
| 114 | 117 |
| 115 There is only one FC Magnetite firmware configuration for C11x/12x phones, but | 118 There is only one FC Magnetite firmware configuration for C11x/12x phones, but |
| 116 for the better C139/140 phones there are several to choose from. The following | 119 for the better C139/140 phones (or for C155/156) there are several to choose |
| 117 two configs are the currently recommended ones: | 120 from. The following two configs are the currently recommended ones: |
| 118 | 121 |
| 119 hybrid-vpm This config is available for both C11x/12x and C139/140 | 122 hybrid-vpm This config is available for all 3 C1xx subfamilies, although |
| 120 subfamilies, although the actual fw images are different | 123 the actual fw images are different for each. In this |
| 121 between the two. In this configuration the converted phone | 124 configuration the converted phone acts not as an end user phone, |
| 122 acts not as an end user phone, but as a voice pseudo-modem that | 125 but as a voice pseudo-modem that needs to be controlled by a |
| 123 needs to be controlled by a host computer via a serial cable to | 126 host computer via a serial cable to do anything interesting. |
| 124 do anything interesting. See the Voice-pseudo-modem article | 127 See the Voice-pseudo-modem article for more information. |
| 125 for more information. | 128 |
| 126 | 129 hybrid-ui-vo This config is available only for the C139/140 target, not for |
| 127 hybrid-ui-vo This config is available only for the C139/140 target, not | 130 the other two. This configuration includes the UI layers, thus |
| 128 C11x/12x. This configuration includes the UI layers, thus when | 131 when a C139/140 phone runs this firmware, it is able to function |
| 129 a C139/140 phone runs this firmware, it is able to function as | 132 as an untethered phone without a host computer connection. |
| 130 an untethered phone without a host computer connection. | |
| 131 However, please be warned that this proof-of-concept UI is | 133 However, please be warned that this proof-of-concept UI is |
| 132 nowhere close to being practically usable - see the | 134 nowhere close to being practically usable - see the |
| 133 Handset-goal article for more info. | 135 Handset-goal article for more info. |
| 134 | 136 |
| 135 Both of the above are hybrid configurations in that they use the new TCS3 | 137 Both of the above are hybrid configurations in that they use the new TCS3 |
| 140 new TCS3 source, not the old version of unknown origin. They are "voice only" | 142 new TCS3 source, not the old version of unknown origin. They are "voice only" |
| 141 configs in that CSD, fax and GPRS functions are disabled - these functions | 143 configs in that CSD, fax and GPRS functions are disabled - these functions |
| 142 cannot be made use of on Mot C1xx phones, and disabling them significantly | 144 cannot be made use of on Mot C1xx phones, and disabling them significantly |
| 143 reduces the weight of the firmware. | 145 reduces the weight of the firmware. |
| 144 | 146 |
| 145 For the C139/140 target (but not for C11x/12x), it is also possible to build | 147 For the C139 and C155 targets (but not for C11x/12x), it is also possible to |
| 146 some of the older configs that use the old binary blob version of the G23M PS | 148 build some of the older configs that use the old binary blob version of the |
| 147 component and the corresponding old versions of ACI, MFW and BMI on top of it - | 149 G23M PS component and the corresponding old versions of ACI, MFW and BMI on top |
| 148 however, those configuration are now officially deprecated except for only two | 150 of it - however, those configuration are now officially deprecated except for |
| 149 remaining use cases which do not apply to Mot C1xx targets, hence they are no | 151 only two remaining use cases which do not apply to Mot C1xx targets, hence they |
| 150 longer supported officially. | 152 are no longer supported officially. |
| 151 | 153 |
| 152 Thus we have a total of 3 possible build configurations, one for the C11x | 154 Thus we have a total of 4 possible build configurations, one for the C11x/12x |
| 153 target and 2 for the C139: | 155 target, 2 for C139/140 and 1 for C155/156: |
| 154 | 156 |
| 155 ./configure.sh c11x hybrid-vpm | 157 ./configure.sh c11x hybrid-vpm |
| 156 ./configure.sh c139 hybrid-vpm | 158 ./configure.sh c139 hybrid-vpm |
| 157 ./configure.sh c139 hybrid-ui-vo | 159 ./configure.sh c139 hybrid-ui-vo |
| 160 ./configure.sh c155 hybrid-vpm | |
| 158 | 161 |
| 159 See the Compiling article for more information on how to compile your own | 162 See the Compiling article for more information on how to compile your own |
| 160 firmware image in one of the above configurations. | 163 firmware image in one of the above configurations. |
| 161 | 164 |
| 162 If this is your first time converting a given C1xx phone from its original | 165 Bootloader change on the lower C1xx subfamilies |
| 166 =============================================== | |
| 167 | |
| 168 This section applies ONLY to C11x/12x and C139/140 subfamilies; it does NOT | |
| 169 apply to the C155/156 subfamily. | |
| 170 | |
| 171 If this is your first time converting a given lower-C1xx phone from its original | |
| 163 firmware to FreeCalypso (as opposed to updating from an earlier FC firmware | 172 firmware to FreeCalypso (as opposed to updating from an earlier FC firmware |
| 164 version), you will also need the compal-flash-boot-for-fc.bin bootloader image | 173 version), you will also need the compal-flash-boot-for-fc.bin bootloader image |
| 165 in addition to the main fw image you just built: | 174 in addition to the main fw image you just built: |
| 166 | 175 |
| 167 ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/compal-flash-boot-for-fc.bin | 176 ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/compal-flash-boot-for-fc.bin |
| 184 | 193 |
| 185 Once you have our compal-flash-boot-for-fc.bin image flashed in sector 0, you | 194 Once you have our compal-flash-boot-for-fc.bin image flashed in sector 0, you |
| 186 can then flash whichever FC firmware image you like at offset 0x10000 without | 195 can then flash whichever FC firmware image you like at offset 0x10000 without |
| 187 having to touch the dangerous boot sector. | 196 having to touch the dangerous boot sector. |
| 188 | 197 |
| 198 On C155/156 phones the situation is a little different: they are also brickable | |
| 199 with the Calypso boot ROM disabled, but Motorola's original bootloader on these | |
| 200 phones is significantly different from the one on the lower C1xx subfamilies, | |
| 201 and they use a different flash layout: the bootloader in the first 8 KiB sector, | |
| 202 unused flash space between 0x2000 and 0x20000, and the main fw image starting | |
| 203 at 0x20000. Our FC firmwares for the C155/156 target are built to be flashed | |
| 204 at 0x20000 just like Mot's official ones, and they are designed to receive | |
| 205 control from Mot's original bootloader on this target. | |
| 206 | |
| 189 Converting the phone to FreeCalypso fw | 207 Converting the phone to FreeCalypso fw |
| 190 ====================================== | 208 ====================================== |
| 191 | 209 |
| 192 If you are starting with an unhacked C1xx phone running one of the official | 210 If you are starting with an unhacked C1xx phone running one of the official |
| 193 firmware versions, the procedure for flashing and bringing up FreeCalypso for | 211 firmware versions, the procedure for flashing and bringing up FreeCalypso for |
| 201 in the middle of the xenotransplantation procedure. | 219 in the middle of the xenotransplantation procedure. |
| 202 | 220 |
| 203 * Get in with fc-loadtool just like you did when you made the dump of your | 221 * Get in with fc-loadtool just like you did when you made the dump of your |
| 204 phone's flash memory for backup and RF calibration data extraction. | 222 phone's flash memory for backup and RF calibration data extraction. |
| 205 | 223 |
| 206 * Once you are in with fc-loadtool, i.e., at the loadtool> prompt, reflash the | 224 * If you are operating on a C11x/12x or C139/140 phone, reflash the boot sector |
| 207 boot sector with the FreeCalypso version: | 225 with our FreeCalypso version: |
| 208 | 226 |
| 209 loadtool> flash erase-program-boot compal-flash-boot-for-fc.bin | 227 loadtool> flash erase-program-boot compal-flash-boot-for-fc.bin |
| 228 | |
| 229 DO NOT flash compal-flash-boot-for-fc.bin into C155/156 phones, it is ONLY | |
| 230 for the lower C1xx subfamilies! | |
| 210 | 231 |
| 211 * To flash whichever FreeCalypso firmware image you would like to play with, | 232 * To flash whichever FreeCalypso firmware image you would like to play with, |
| 212 execute the flashing script which the fw build system produced along with the | 233 execute the flashing script which the fw build system produced along with the |
| 213 actual image: | 234 actual image: |
| 214 | 235 |
| 215 loadtool> exec flash-script | 236 loadtool> exec flash-script |
| 216 | 237 |
| 217 * Erase the flash sectors to be used for the FFS (flash file system) by | 238 * Erase the flash sectors to be used for the FFS (flash file system) by |
| 218 FreeCalypso firmwares; the specific command depends on whether your phone has | 239 FreeCalypso firmwares; the specific command depends on whether your phone has |
| 219 2 MiB or 4 MiB flash. On 2 MiB flash phones: | 240 2 MiB, 4 MiB or 8 MiB flash. On 2 MiB flash phones: |
| 220 | 241 |
| 221 loadtool> flash erase 0x1C0000 0x30000 | 242 loadtool> flash erase 0x1C0000 0x30000 |
| 222 | 243 |
| 223 Or on 4 MiB flash phones: | 244 Or on 4 MiB flash phones: |
| 224 | 245 |
| 225 loadtool> flash erase 0x3C0000 0x30000 | 246 loadtool> flash erase 0x3C0000 0x30000 |
| 247 | |
| 248 Or on 8 MiB flash C155/156 phones: | |
| 249 | |
| 250 loadtool> flash erase 0x700000 0xD0000 | |
| 226 | 251 |
| 227 * Exiting fc-loadtool cleanly will cause it to power off the phone: | 252 * Exiting fc-loadtool cleanly will cause it to power off the phone: |
| 228 | 253 |
| 229 loadtool> exit | 254 loadtool> exit |
| 230 | 255 |
| 318 AT+CMEE=2 -- enable verbose error responses | 343 AT+CMEE=2 -- enable verbose error responses |
| 319 AT+CFUN=1 -- enable radio and SIM interfaces | 344 AT+CFUN=1 -- enable radio and SIM interfaces |
| 320 AT+COPS=0 -- register to the default GSM network | 345 AT+COPS=0 -- register to the default GSM network |
| 321 | 346 |
| 322 When you are done, you can power the phone off by sending a 'poweroff' command | 347 When you are done, you can power the phone off by sending a 'poweroff' command |
| 323 through fc-shell, or you can kill rvinterf and wait for the firmware to power | 348 through fc-shell, or you can kill rvinterf or unplug the serial cable and wait |
| 324 off by the keepalive timeout after some 15 to 20 s. | 349 for the firmware to power off by the keepalive timeout after some 15 to 20 s. |
| 325 | 350 |
| 326 If you are playing with the UI demo firmware, after you have initialized your | 351 If you are playing with the UI demo firmware, after you have initialized your |
| 327 FFS, you can power the phone off with the power button, insert a SIM, power it | 352 FFS, you can power the phone off with the power button, insert a SIM, power it |
| 328 back on and play with the primitive UI. | 353 back on and play with the primitive UI. |
| 329 | 354 |