Thanks for Support

Ajay Fuloria ajay.fuloria at gmail.com
Tue Jul 26 20:21:36 UTC 2016 

Hi Mychaela,

At the outset I would like to thank you for taking out time to help me out.
The problem as you had identified was solved by the solution you gave.
Everything worked like a charm after changing the signature byte to "1004".

I have taken note of the "How to Report Bugs Effectively" FAQ and will try
and follow it henceforth. And I am just beginning in this field so sorry
for all the confusion that my mails might have caused.

I have been motivated to by your actions to contribute to the community
myself. Will keep an eye on where can I help.

I am also attaching one more firmware for Moto C123, this is also a 900 +
1800 MHz phone. The problem with this phone is that the osmocon application
works fine when I try and load layer1.highram.bin with chainload, but when
I try to load layer one or any other app using compalram.bin I am not able
to load it.

I do not have a flashdump with which the osmocon application works fine
with compalram and so I cannot try and find out what the problem is. But I
suspect that the bootloader/firmware version of this phone might also
differ from what you have seen in the wild till now.

The firmware of this Moto c123 can be found here : https://we.tl/rVLoGA9jQI

If you find out what the problem is please keep us updated.

Thank you for the help once again.

Regards,

Ajay




Hello everyone,
>
> Our most recent contributor Ajay has sent me the flash dump which he
> made from his C139 phone - the one he was having issues with - and
> this particular firmware version turns out to be quite remarkable in
> that it contains a boot code version with one significant difference
> from what we've been used to previously.  The firmware flash dump
> along with some commentary can be found here:
>
> ftp://ftp.freecalypso.org/pub/GSM/Compal/c139-india-boot1004.zip
>
> Remember the -c 1003 option to fc-loadtool which is needed when
> operating on C139/140 phones that have some official fw version in
> them, but not when operating on a C11x/12x phone or on a C139 that has
> FreeCalypso fw flashed?  Mot/Compal's official C139/140 boot code
> expects all serially downloaded code images to have some signature
> bytes at a rather incovenient location (about 15 KiB into the image,
> thus making it the minimum required image size); the "plain" version
> of compalstage (used when you specify just -h compal) is only 32 bytes,
> but the -c 1003 switches to a padded 15332 byte long version.
>
> So what are these required signature bytes then?  All C139/140 boot
> code versions seen prior to today expected these signature bytes to be
> "1003" (ASCII), hence that is the signature which has been supplied by
> all community tools that operate on these phones, both ours and
> Osmocom's.  But the boot code version contained in the firmware image
> sent by Ajay expects these signature bytes to be "1004" instead!
> Because both our fc-loadtool -h compal -c 1003 and Osmocom's
> osmocon -m c140xor send "1003" in the signature bytes, the result was
> that neither tool could gain bootloader access to Ajay's C139, just as
> if the bootloader had been locked down - even though it wasn't.  (The
> boot code in this fw version does include the provision for locking
> the bootloader, but Ajay's flash dump shows that the lock was NOT
> activated - thus it still stands that to this day not one EU band C1xx
> phone has ever been encountered in the wild with the bootloader locked
> down, only North American ones.)
>
> The solution: I have just pushed a change into the freecalypso-tools
> repository adding a new version of the compalstage binary that has the
> signature bytes set to "1004" instead of "1003".  You can either fetch
> and compile the latest code from Bitbucket (you'll need the ARM7
> toolchain in this case), or you can download the compalstage-1004.*
> files I posted here:
>
> ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/
>
> Either way, once you have compalstage-1004.bin installed, just specify
> -c 1004 instead of -c 1003 in the fc-loadtool command line, and it
> should work with both old and new C139/140 boot code versions.  The
> actual comparison check performed by that boot code is an inequality,
> thus sending "1004" should be good for all fw versions - thus the
> previous -c 1003 option is being kept only for backward compatibility
> with existing usage.
>
> For Ajay: now that we know that your previous fw version was unlocked,
> but there was a signature version incompatibility, I recommend that
> you reflash your phone back to its original state.  You should proceed
> as follows:
>
> 1. Download and install compalstage-1004.bin as above.
>
> 2. With a fully charged battery inserted, the serial cable connected
>    and the phone powered off (the state after removing and reinserting
>    the battery and NOT pressing the power button), run this command:
>
>    fc-loadtool -h compal -c 1004 /dev/ttyXXX
>
> 3. Press the red power button on the phone, and loadtool should gain
>    access.
>
> 4. Once at the loadtool> prompt, flash your original fw dump back into
>    the phone as follows:
>
>    flash erase-program-boot flashdump.bin 10000
>    flash erase 10000 3f0000
>    flash program-bin 10000 flashdump.bin 10000
>
> You told me off-list that your original goal was to turn the phone
> into a sniffer with the use of OsmocomBB tools; once you have restored
> your C139 to its original firmware, if you would like to use OsmocomBB
> tools with it, just edit osmocon.c and change the definition of
> phone_magic[] from "1003" to "1004".
>
> At this point a general reminder is in order.  Simon Tatham's FAQ
> "How to Report Bugs Effectively":
>
> http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
>
> Most of it is not too applicable to FreeCalypso, to Mot C1xx phones or
> to the present situation, but one part of it is very applicable: look
> for the section titled "So then I tried . . .".  Just like in Simon's
> FAQ, when you are dealing with the finicky and brickable Mot C1xx
> phones, you need to be an antelope and not a mongoose.  In Ajay's
> case, you saw that your C139 wasn't working either with OsmocomBB
> tools or with fc-loadtool, you assumed that the phone had a locked
> bootloader (a reasonable assumption under the circumstances in
> question, but it should have been treated as a hypothesis rather than
> a firm conclusion), and then once you successfully gained access via
> tfc139, you proceeded to the quite drastic step of reflashing the phone
> to a different firmware version - flashing a North American fw version
> into an EU band phone, no less!  In this case you acted very much like
> the mongoose in Simon Tatham's parable, and while you were very lucky
> in that you didn't actually brick your phone, such bricking is a very
> real possibility when acting like a mongoose.  Instead you should have
> acted like an antelope: made a flash dump with fc-loadtool after
> gaining access with tfc139, solicited advice on this list, and NOT
> initiated any flash write operations.  Again, you were lucky and your
> phone appears to be fully recoverable, but something to note for
> future reference, and for others reading the same.
>
> Happy hacking,
> M~
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 26 Jul 2016 08:26:38 +0100
> From: david at matthews.pm
> To: List for FreeCalypso community discussion
>         <community at freecalypso.org>
> Subject: Re: A new Mot C139/140 boot code version found in the wild
> Message-ID:
>         <
> 1355039477.55.1469517998257.JavaMail.tomcat at eurydice.default.davcmat.uk0.bigv.io
> >
>
> Content-Type: text/plain; charset=us-ascii
>
> hi Mychaela
>
> Sounds like there should be an amendment made to the howtos. Would simply
> changing
>
> fc-loadtool -h compal -c 1003 /dev/ttyUSB0
>
> to 1004 be adequate or maybe additional explanation is necessary?
>
> best wishes
>
> --
> David Matthews
> david at matthews.pm
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Community mailing list
> Community at freecalypso.org
> https://www.freecalypso.org/mailman/listinfo/community
>
>
> ------------------------------
>
> End of Community Digest, Vol 15, Issue 3
> ****************************************
>

More information about the Community mailing list