Suspect Bricking : There is a query at the last

Mychaela Falconia mychaela.falconia at gmail.com
Sun Jul 24 18:22:51 UTC 2016


Hi Ajay,

> The command was :
> flash erase-program-boot c139-unlocked-fw.bin 2000
> And this command completed successfully.

You need to have a clearer mental picture of what you are seeking to
accomplish...  What you are doing here is not merely "unlocking" your
phone, but reflashing it to a different firmware image.  The firmware
image referenced in the Compal-unlock document you are following
(c139-unlocked-fw.bin inside c139-unlocked-fw.zip on the FTP site) is
intended specifically for North American C139 units, i.e., for
1900+850 MHz hardware units.  But it seems to me that you are probably
operating in a world region where the GSM bands are 900 & 1800 MHz, so
I am guessing that the C139 you are working with is likely a
900+1800 MHz hardware unit.  You also said that you "do not want to
brick this phone as they are not easily available" - this statement
also makes me suspect that you are probably working with a 900+1800 MHz
phone, as North American C139s (1900+850 MHz) are still plentifully
available on ebay.

If you have a 900+1800 MHz variant of the C139 that came with a locked
bootloader such that you could only get in via tfc139, but not directly
with fc-loadtool, this is a first for our community: I have never
encountered such a phone before, and I don't think any of our other
regulars have come across one either - to date the malicious bootloader
lock has been found only on North American phones.  But the provision
for a possible bootloader lock does exist across the entire C1xx family,
so it is certainly possible.  If your phone is indeed a 900+1800 MHz
C139 that came with a locked bootloader, perhaps you could upload your
flash dump somewhere and post a link?

But back to what you are seeking to accomplish by "unlocking" your
phone: what is your actual end goal in this exercise?  If you are
seeking to play with one of our own FreeCalypso firmwares (either
FreeCalypso Citrine or tcs211-c139), you don't need to flash a
different (unlocked) version of Mot/Compal's official firmware first,
you can proceed directly to flashing whichever fw you are actually
interested in once you are at the loadtool> prompt.  The "unlocking"
(really reflashing to a different fw version) instructions in the
Compal-unlock article you've been following are intended for those who
seek to use their C139 as an "end user" phone, running one of
Mot/Compal's official firmwares, as our own FreeCalypso ones are still
nowhere close to being end-user-usable at the present, but would like
to run a different "official" fw version than the one your phone came
flashed with.

Again, please explain what it is you seek to do with your C139, and
then I'll be able to tell you how to get there.

> The cable connection seemed good simply because I could make a flash dump
> of my phones inbuilt flash.

There are two data-carrying wires in a PC-to-phone serial cable: one
carries data from the PC to the phone, the other carries data in the
other direction.  When you are dumping flash content, there is just
one command being sent from the PC to loadagent running on the phone,
and then the bulk data flow is strictly from the phone to the PC.  But
when you are writing to flash, there is heavy data flow in both
directions: each individual flash write command (writing up to 256
bytes at a time) is sent from the PC to loadagent running on the phone
and echoed back, and the echo has to match - that's the integrity
check.  Therefore, if the wire that carries data from the PC to the
phone is making a poor connection, you may get through the flash dump,
but fail when programming the new image.

The official FreeCalypso recommendation is that you email George at
UberWaves (uberwaves at gmail.com) and order one of his serial cables: he
makes the best phone serial cables that are officially certified for
use with FreeCalypso.  Just ask him for a FreeCalypso serial cable.

> Now I see that you have mentioned to flash program-bin starting at offset
> 0x10000 while the the doc says to use
>
> flash program-bin 2000 c139-unlocked-fw.bin 2000
>
> I am a bit confused and do not want to brick this phone as they are not
> easily available... so please let me know which command to use now.

What I meant is that you should modify the command as follows:

flash program-bin 10000 c139-unlocked-fw.bin 10000

Flash sector 0 on these phones contains both the boot code (the first
0x2000 bytes out of 0x10000) and the first 0xE000 bytes of the main fw
image.  The instructions in the Compal-unlock article are correct when
you are doing everything in one go, starting with the
flash erase-program-boot operation, but if you are not repeating that
step (and you should never repeat it needlessly, as it's the dangerous
step), then you are flashing starting at 0x10000 rather than 0x2000.

If you do the above, you will complete what you started out with
before your flash program operation failed: you will have reflashed
your phone to the "unlocked" image I've been using on my North American
C139 units.  But I don't know whether or not this fw image will work
on 900+1800 MHz hardware units.  Again, please clarify your actual end
goal(s).

M~


More information about the Community mailing list