写在最前面,先知我YY下硬刷最好可能实现的功能:
1.把软件刷入flash,修改loader后,可以实现上电就自动运行程序;
2.硬刷后,程序自动起来,可以修改loader就行加密
3.硬刷后,有可能把osmocon cell 等软件整到windwos 省去虚拟机.操作方便...(这个是YY的,暂时还不知道....)
4.硬刷后,手机可以变成砖头.
5.刷机有风险,变砖头就损失20RMB,请慎重....哈哈!~
大家自己玩玩就好了,有啥问题就别找我麻烦了...哈哈哈~~
资料来源:
http://bb.osmocom.org/trac/wiki/flashing_new
1.flash layout & memory layout
The memory is mapped as follows: 0x000000-0x00ffff: Flash page 0 0x010000-0x01ffff: Flash page 1 ... more Flash pages ... 0x800000-0x83ffff: Ram Our flash layout is: 0x000000-0x001fff: Compal loader 0x002000-0x00ffff: OSMOCOM menu 0x010000-........: OSMOCOM application and storage
2.代码修改:
git branch * master 请用这个分支; $ cd src/target/firmware/ $ vim Makefile CFLAGS += -DCONFIG_FLASH_WRITE CFLAGS += -DCONFIG_FLASH_WRITE_LOADER CFLAGS += -DCONFIG_TX_ENABLE 编译代码 make clean make
3.下载一个loader程序到ram,为后面刷机程序提供一个平台.
cd src host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor target/firmware/board/compal_e88/loader.compalram.bin 按开机.
终端打印如下:
root@ubuntu:/home/ll/osmocombb/testing/osmocom-bb/src/host/osmocon# ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin got 1 bytes from modem, data looks like: 2f / got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 3 bytes from modem, data looks like: 02 00 41 ..A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=32988, hdr_len=4, dnload_len=32995 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 4096 bytes (4096/32995) handle_write(): 4096 bytes (8192/32995) handle_write(): 4096 bytes (12288/32995) handle_write(): 4096 bytes (16384/32995) handle_write(): 4096 bytes (20480/32995) handle_write(): 4096 bytes (24576/32995) handle_write(): 4096 bytes (28672/32995) handle_write(): 4096 bytes (32768/32995) handle_write(): 227 bytes (32995/32995) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 03 . got 1 bytes from modem, data looks like: 42 B Received DOWNLOAD ACK from phone, your code is running now! Received DOWNLOAD ACK from phone, your code is running now! battery_compal_e88_init: starting up OsmocomBB Loader (revision osmocon_v0.0.0-1753-ge6372a2-modified) ====================================================================== Running on compal_e88 in environment compalram
4.保留原始的loader
$ cd src $ host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin 备份好这个 compal_loader.bin 文件.
5.为了避免把手机变成砖头先测试下是否可以读写flash.(请参照上面一步的办法把手机里面原始flash的数据备份一份,否则整坏以后,手机就不能复原了)
$ host/osmocon/osmoload funlock 0x010000 0x10000 $ host/osmocon/osmoload ferase 0x010000 0x10000 $ host/osmocon/osmoload fprogram 0 0x010000 compal_loader.bin $ host/osmocon/osmoload fprogram 0 0x012000 target/firmware/board/compal_e88/menu.e88loader.bin
测试如果没有问题,我们就可以刷入loader了.
$ host/osmocon/osmoload funlock 0x000000 0x10000 $ host/osmocon/osmoload ferase 0x000000 0x10000 $ host/osmocon/osmoload fprogram 0 0x000000 compal_loader.bin $ host/osmocon/osmoload fprogram 0 0x002000 target/firmware/board/compal_e88/menu.e88loader.bin
这里需要注意的
menu.e88loader.bin 这个是* jolly/menu branch才能有的.请自行下载编译.
funlock 每次开机后都需要做这个。
menu这个文件,就是类似一个菜单的东西.
6.把app程序刷入flash.
app刷入flash,需要利用第五步的menu程序.
menu程序识别app的方式:header + app
echo "highram:RSSI" >temp cat target/firmware/board/compal_e88/rssi.highram.bin >>temp
temp文件必须是偶数长度
$ ls -la temp -rw-r--r-- 1 root root 83761 Sep 27 10:08 temp $ echo >>temp $ ls -la temp -rw-r--r-- 1 root root 83762 Sep 27 10:08 temp
刷app到flash:
$ host/osmocon/osmoload funlock 0x010000 0x20000 $ host/osmocon/osmoload ferase 0x010000 0x20000 $ host/osmocon/osmoload fprogram 0 0x010000 temp
注意刷入数据flash的范围
0x010000到0x200000,单位为0x10000;
7.余下来的操作:
Power off your phone.
Disconnect the serial cable.
Turn it on (push power button), the OSMOCOM menu will appear and show available applications.
Use up/down keys or digits to select the application.
Press the green off-hook button, the application will be loaded to ram and is started.
Alternatively press the digit as shown in front of the application's name.
刷机后的效果图,刷机确实成功了..不是YY的..
