FreeCalypso > hg > fc-magnetite
comparison doc/C1xx-Howto @ 594:9327935d8549
doc/C1xx-Howto: various updates
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Sun, 17 Mar 2019 04:52:06 +0000 |
| parents | 4f378f6c5efa |
| children | 7ca17426c890 |
comparison
equal
deleted
inserted
replaced
| 593:d25f6e216566 | 594:9327935d8549 |
|---|---|
| 14 | 14 |
| 15 Firmware flashing on Mot C1xx phones is accomplished through the headset jack | 15 Firmware flashing on Mot C1xx phones is accomplished through the headset jack |
| 16 via a special cable. There is no need to disassemble the phone in any way or | 16 via a special cable. There is no need to disassemble the phone in any way or |
| 17 to do any soldering or other hardware surgery, but you will need a host system | 17 to do any soldering or other hardware surgery, but you will need a host system |
| 18 to run the multitude of special software tools that are involved in the | 18 to run the multitude of special software tools that are involved in the |
| 19 procedure. You will need to begin by installing FreeCalypso host tools: the | 19 procedure. You will need to begin by installing FreeCalypso host tools; the |
| 20 current version of our FC-to-C1xx xenotransplantation procedure for the lower | 20 current version as of this writing is fc-host-tools-r10: |
| 21 C1xx subfamilies (the additions from the previous version are RF calibration | 21 |
| 22 data migration and battery charging configuration) requires fc-host-tools-r8 or | 22 ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/fc-host-tools-r10.tar.bz2 |
| 23 later, or if you are working on a C155 or C156 phone, you will need our very | |
| 24 latest fc-host-tools-r9a release: | |
| 25 | |
| 26 ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/fc-host-tools-r9a.tar.bz2 | |
| 27 | 23 |
| 28 You will also need our battery charging configuration files: | 24 You will also need our battery charging configuration files: |
| 29 | 25 |
| 30 https://bitbucket.org/falconian/fc-battery-conf | 26 https://bitbucket.org/falconian/fc-battery-conf |
| 31 | 27 |
| 172 firmware to FreeCalypso (as opposed to updating from an earlier FC firmware | 168 firmware to FreeCalypso (as opposed to updating from an earlier FC firmware |
| 173 version), you will also need the compal-flash-boot-for-fc.bin bootloader image | 169 version), you will also need the compal-flash-boot-for-fc.bin bootloader image |
| 174 in addition to the main fw image you just built: | 170 in addition to the main fw image you just built: |
| 175 | 171 |
| 176 ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/compal-flash-boot-for-fc.bin | 172 ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/compal-flash-boot-for-fc.bin |
| 173 | |
| 174 (If you are working with a binary release package that has prebuilt firmware | |
| 175 images, the compal-flash-boot-for-fc.bin image is also included in the | |
| 176 package.) | |
| 177 | 177 |
| 178 Mot C1xx phones are brickable - because the Calypso boot ROM is disabled by PCB | 178 Mot C1xx phones are brickable - because the Calypso boot ROM is disabled by PCB |
| 179 wiring, the ability to reflash a phone with new firmware critically depends on | 179 wiring, the ability to reflash a phone with new firmware critically depends on |
| 180 there being a particular kind of boot code in flash sector 0 at all times - a | 180 there being a particular kind of boot code in flash sector 0 at all times - a |
| 181 particular kind of boot code that allows the boot process to be interrupted and | 181 particular kind of boot code that allows the boot process to be interrupted and |
| 301 | 301 |
| 302 If you have flashed a non-UI firmware version, the phone's LCD will remain dark | 302 If you have flashed a non-UI firmware version, the phone's LCD will remain dark |
| 303 as there is no LCD driver code in this firmware, but you will see trace output | 303 as there is no LCD driver code in this firmware, but you will see trace output |
| 304 in the rvinterf window, telling you that the fw is running. | 304 in the rvinterf window, telling you that the fw is running. |
| 305 | 305 |
| 306 Before you do anything else, you will need to run fc-fsio and initialize the | 306 Before you do anything else, you will need to run fc-fsio (run it without the |
| 307 aftermarket FFS for our firmware: | 307 -p option to have it connect to your already-running rvinterf process) and |
| 308 initialize the aftermarket FFS for our firmware: | |
| 308 | 309 |
| 309 fsio> format / | 310 fsio> format / |
| 310 fsio> mk-std-dirs | 311 fsio> mk-std-dirs |
| 311 fsio> set-imeisv fc XXXXXXXX-YYYYYY-ZZ (punctuation optional, place anywhere) | 312 fsio> set-imeisv fc XXXXXXXX-YYYYYY-SV (see following section for the details) |
| 312 fsio> set-rfcap dual-eu (if you have 900+1800 MHz hardware) | 313 fsio> set-rfcap dual-eu (if you have 900+1800 MHz hardware) |
| 313 or | 314 or |
| 314 fsio> set-rfcap dual-us (if you have 850+1900 MHz hardware) | 315 fsio> set-rfcap dual-us (if you have 850+1900 MHz hardware) |
| 315 | 316 |
| 316 then additionally: | 317 then additionally: |
| 334 fc-fsio write-charging-config take effect only on the next boot cycle of the | 335 fc-fsio write-charging-config take effect only on the next boot cycle of the |
| 335 firmware, i.e., until the next reboot after the write-charging-config operation, | 336 firmware, i.e., until the next reboot after the write-charging-config operation, |
| 336 the firmware won't charge the battery even if there is a charging power source | 337 the firmware won't charge the battery even if there is a charging power source |
| 337 plugged in. | 338 plugged in. |
| 338 | 339 |
| 340 Note regarding the IMEISV | |
| 341 ========================= | |
| 342 | |
| 343 The argument to the set-imeisv command in fc-fsio is a 16-digit IMEISV, not a | |
| 344 15-digit IMEI. The IMEI part of IMEISV (the first 14 digits) identifies the | |
| 345 physical hardware and is supposed to be immutable, whereas the two SV digits | |
| 346 are supposed to identify the software version, i.e., they are supposed to change | |
| 347 when the software version changes in a significant way. Motorola and Compal | |
| 348 did in fact use the SV digits as called for by the specs: their official | |
| 349 firmwares take the IMEI part of IMEISV from the factory-written per-unit vital | |
| 350 data records, and each fw version appends its own SV digits, different from one | |
| 351 version to the next. | |
| 352 | |
| 353 When a Mot C1xx phone runs FreeCalypso as opposed to one of Motorola's official | |
| 354 fw versions, we need our own SV to identify our firmware as being distinct from | |
| 355 any of Motorola's original versions. The convention established by the Mother | |
| 356 of FreeCalypso is that the SV for FreeCalypso on Mot C1xx should be set to 98. | |
| 357 | |
| 358 To transform the 15-digit IMEI of your Mot C1xx phone into the 16-digit IMEISV | |
| 359 to be entered in fc-fsio set-imeisv, perform the following two steps: | |
| 360 | |
| 361 1) Drop the Luhn check digit - it is not included in the IMEISV form; | |
| 362 2) Add -98 to the remaining 14 content digits of the IMEI from the previous | |
| 363 step. | |
| 364 | |
| 365 Exercising GSM functionality | |
| 366 ============================ | |
| 367 | |
| 339 After you've initialized your FFS as above, you should exit fc-fsio, and your | 368 After you've initialized your FFS as above, you should exit fc-fsio, and your |
| 340 next steps will depend on which fw configuration you are playing with. If it's | 369 next steps will depend on which fw configuration you are playing with. If it's |
| 341 the sans-UI pseudo-modem configuration, run fc-shell and try some AT commands: | 370 the sans-UI pseudo-modem configuration, run fc-shell and try some AT commands: |
| 342 | 371 |
| 343 AT+CMEE=2 -- enable verbose error responses | 372 AT+CMEE=2 -- enable verbose error responses |
| 344 AT+CFUN=1 -- enable radio and SIM interfaces | 373 AT+CFUN=1 -- enable radio and SIM interfaces |
| 345 AT+COPS=0 -- register to the default GSM network | 374 AT+COPS=0 -- register to the default GSM network |
| 375 | |
| 376 Once you are connected to a network, you can dial and answer voice calls with | |
| 377 ATD and ATA commands, and you can use GSM 07.05 AT commands to send and receive | |
| 378 SMS. You can also use the quite capable SMS tools included in the FC host tools | |
| 379 package. | |
| 346 | 380 |
| 347 When you are done, you can power the phone off by sending a 'poweroff' command | 381 When you are done, you can power the phone off by sending a 'poweroff' command |
| 348 through fc-shell, or you can kill rvinterf or unplug the serial cable and wait | 382 through fc-shell, or you can kill rvinterf or unplug the serial cable and wait |
| 349 for the firmware to power off by the keepalive timeout after some 15 to 20 s. | 383 for the firmware to power off by the keepalive timeout after some 15 to 20 s. |
| 350 | 384 |
| 373 (fc-rfcal-tools). This approach will yield superior results, but the | 407 (fc-rfcal-tools). This approach will yield superior results, but the |
| 374 requirement of having a CMU200 instrument which is itself properly calibrated | 408 requirement of having a CMU200 instrument which is itself properly calibrated |
| 375 and a cabling setup with the right adapters whose insertion loss at particular | 409 and a cabling setup with the right adapters whose insertion loss at particular |
| 376 GSM frequencies is precisely known makes this approach feasible only for | 410 GSM frequencies is precisely known makes this approach feasible only for |
| 377 professional FreeCalypso service shops, not for ordinary individual users. | 411 professional FreeCalypso service shops, not for ordinary individual users. |
| 412 | |
| 413 Restoring Motorola's original firmware | |
| 414 ====================================== | |
| 415 | |
| 416 If you have many phones of the same type, it is best to dedicate a particular | |
| 417 phone to FreeCalypso, as reflashing a phone back and forth is a royal pita. | |
| 418 However, if you have only one phone, then you don't have much choice except to | |
| 419 reflash it back and forth between Motorola's official fw and FreeCalypso, thus | |
| 420 instructions need to be provided. | |
| 421 | |
| 422 Restoring original fw on the lower C1xx subfamilies | |
| 423 --------------------------------------------------- | |
| 424 | |
| 425 Whether you are restoring the original fw version your phone came with or | |
| 426 flashing a different official fw version, you need to ensure that whichever fw | |
| 427 version you are flashing does not have its bootloader locked out. Examine your | |
| 428 fw image with a hex dump tool and look at the 4 bytes at location 0x2060. If | |
| 429 these 4 bytes are all FF, then you have an older fw version with no bootloader | |
| 430 locking capability - good. If these 4 bytes are 'DD DD DD DD' (0xDDDDDDDD | |
| 431 32=bit word), then your fw version does have bootloader locking capability, but | |
| 432 the lock is not activated. In this case you can still flash it, but you must | |
| 433 make sure that this 32-bit word at 0x2060 always remains equal to 0xDDDDDDDD, | |
| 434 otherwise your phone will be bricked. And finally if the 4 bytes at 0x2060 are | |
| 435 all zeros, then the bootloader lock is activated - DO NOT flash an image in | |
| 436 this state (you will brick your phone if you do), instead you need to patch | |
| 437 these 4 bytes to 0xDDDDDDDD with a hex editor and then flash the resulting | |
| 438 unlocked version. | |
| 439 | |
| 440 Once you have verified that your to-be-flashed fw image is safe, you can flash | |
| 441 it as follows: | |
| 442 | |
| 443 1) Get in with fc-loadtool: | |
| 444 | |
| 445 fc-loadtool -h compal -c 1004 /dev/ttyXXX | |
| 446 | |
| 447 The -c 1004 option is generally unnecessary if your phone runs FreeCalypso fw, | |
| 448 but it doesn't hurt to always include it - it only makes the fc-loadtool entry | |
| 449 process slower by about a second. | |
| 450 | |
| 451 2) Once you are at the loadtool> prompt, issue the following commands: | |
| 452 | |
| 453 if your phone is C139/140 or C11x/12x with 4 MiB flash: | |
| 454 | |
| 455 loadtool> flash erase-program-boot mot-fw-image.bin 0x10000 | |
| 456 loadtool> flash erase 0x10000 0x360000 | |
| 457 loadtool> flash program-bin 0x10000 mot-fw-image.bin 0x10000 0x360000 | |
| 458 | |
| 459 or if your phone is C11x/12x with 2 MiB flash: | |
| 460 | |
| 461 loadtool> flash erase-program-boot mot-fw-image.bin 0x10000 | |
| 462 loadtool> flash erase 0x10000 0x1E0000 | |
| 463 loadtool> flash program-bin 0x10000 mot-fw-image.bin 0x10000 0x1E0000 | |
| 464 | |
| 465 Restoring original fw on Mot C155/156 | |
| 466 ------------------------------------- | |
| 467 | |
| 468 On these phones the bootloader is separate from the main body of the firmware, | |
| 469 thus there is no need to reflash the dangerous boot sector (erase-program-boot) | |
| 470 when changing firmwares, whether changing between Motorola's official fw and | |
| 471 FreeCalypso or between different Mot fw versions. Simply get in with | |
| 472 fc-loadtool like this: | |
| 473 | |
| 474 fc-loadtool -h c155 /dev/ttyXXX | |
| 475 | |
| 476 and reflash the firmware like this: | |
| 477 | |
| 478 loadtool> flash erase 0x20000 0x7C0000 | |
| 479 loadtool> flash program-bin 0x20000 flash-backup.bin 0x20000 0x7C0000 |