zoukankan      html  css  js  c++  java
  • Osmocom-BB MOTO C118硬刷

    写在最前面,先知我YY下硬刷最好可能实现的功能:

    1.把软件刷入flash,修改loader后,可以实现上电就自动运行程序;

    2.硬刷后,程序自动起来,可以修改loader就行加密

    3.硬刷后,有可能把osmocon cell 等软件整到windwos 省去虚拟机.操作方便...(这个是YY的,暂时还不知道....)

    4.硬刷后,手机可以变成砖头.

    5.刷机有风险,变砖头就损失20RMB,请慎重....哈哈!~

    大家自己玩玩就好了,有啥问题就别找我麻烦了...哈哈哈~~

    资料来源:

    http://bb.osmocom.org/trac/wiki/flashing_new

    1.flash layout & memory layout

    The memory is mapped as follows:
    0x000000-0x00ffff: Flash page 0
    0x010000-0x01ffff: Flash page 1
    ... more Flash pages ...
    0x800000-0x83ffff: Ram
    Our flash layout is:
    
    0x000000-0x001fff: Compal loader
    0x002000-0x00ffff: OSMOCOM menu
    0x010000-........: OSMOCOM application and storage

    2.代码修改:

    git branch 
    * master 请用这个分支;
    $ cd src/target/firmware/
    $ vim Makefile
    CFLAGS += -DCONFIG_FLASH_WRITE
    CFLAGS += -DCONFIG_FLASH_WRITE_LOADER
    CFLAGS += -DCONFIG_TX_ENABLE
    
    编译代码
    make clean
    make

    3.下载一个loader程序到ram,为后面刷机程序提供一个平台.

    cd src
    host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor target/firmware/board/compal_e88/loader.compalram.bin
    按开机.

    终端打印如下:

    root@ubuntu:/home/ll/osmocombb/testing/osmocom-bb/src/host/osmocon# ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin 
    got 1 bytes from modem, data looks like: 2f  /
    got 1 bytes from modem, data looks like: 00  .
    got 1 bytes from modem, data looks like: 1b  .
    got 1 bytes from modem, data looks like: f6  .
    got 3 bytes from modem, data looks like: 02 00 41  ..A
    got 1 bytes from modem, data looks like: 01  .
    got 1 bytes from modem, data looks like: 40  @
    Received PROMPT1 from phone, responding with CMD
    read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=32988, hdr_len=4, dnload_len=32995
    got 1 bytes from modem, data looks like: 1b  .
    got 1 bytes from modem, data looks like: f6  .
    got 1 bytes from modem, data looks like: 02  .
    got 1 bytes from modem, data looks like: 00  .
    got 1 bytes from modem, data looks like: 41  A
    got 1 bytes from modem, data looks like: 02  .
    got 1 bytes from modem, data looks like: 43  C
    Received PROMPT2 from phone, starting download
    handle_write(): 4096 bytes (4096/32995)
    handle_write(): 4096 bytes (8192/32995)
    handle_write(): 4096 bytes (12288/32995)
    handle_write(): 4096 bytes (16384/32995)
    handle_write(): 4096 bytes (20480/32995)
    handle_write(): 4096 bytes (24576/32995)
    handle_write(): 4096 bytes (28672/32995)
    handle_write(): 4096 bytes (32768/32995)
    handle_write(): 227 bytes (32995/32995)
    handle_write(): finished
    got 1 bytes from modem, data looks like: 1b  .
    got 1 bytes from modem, data looks like: f6  .
    got 1 bytes from modem, data looks like: 02  .
    got 1 bytes from modem, data looks like: 00  .
    got 1 bytes from modem, data looks like: 41  A
    got 1 bytes from modem, data looks like: 03  .
    got 1 bytes from modem, data looks like: 42  B
    Received DOWNLOAD ACK from phone, your code is running now!
    Received DOWNLOAD ACK from phone, your code is running now!
    battery_compal_e88_init: starting up
    
    
    OsmocomBB Loader (revision osmocon_v0.0.0-1753-ge6372a2-modified)
    ======================================================================
    Running on compal_e88 in environment compalram

    4.保留原始的loader

    $ cd src
    $ host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin
    
    备份好这个 compal_loader.bin 文件.

    5.为了避免把手机变成砖头先测试下是否可以读写flash.(请参照上面一步的办法把手机里面原始flash的数据备份一份,否则整坏以后,手机就不能复原了)

    $ host/osmocon/osmoload funlock 0x010000 0x10000
    $ host/osmocon/osmoload ferase 0x010000 0x10000
    $ host/osmocon/osmoload fprogram 0 0x010000 compal_loader.bin
    $ host/osmocon/osmoload fprogram 0 0x012000 target/firmware/board/compal_e88/menu.e88loader.bin

    测试如果没有问题,我们就可以刷入loader了.

    $ host/osmocon/osmoload funlock 0x000000 0x10000
    $ host/osmocon/osmoload ferase 0x000000 0x10000
    $ host/osmocon/osmoload fprogram 0 0x000000 compal_loader.bin
    $ host/osmocon/osmoload fprogram 0 0x002000 target/firmware/board/compal_e88/menu.e88loader.bin

    这里需要注意的

    menu.e88loader.bin 这个是* jolly/menu branch才能有的.请自行下载编译.

    funlock 每次开机后都需要做这个。

    menu这个文件,就是类似一个菜单的东西.

    6.把app程序刷入flash.

    app刷入flash,需要利用第五步的menu程序.

    menu程序识别app的方式:header + app

    echo "highram:RSSI" >temp
    cat target/firmware/board/compal_e88/rssi.highram.bin >>temp

    temp文件必须是偶数长度

    $ ls -la temp
    -rw-r--r-- 1 root root 83761 Sep 27 10:08 temp
    $ echo >>temp
    $ ls -la temp
    -rw-r--r-- 1 root root 83762 Sep 27 10:08 temp

    刷app到flash:

    $ host/osmocon/osmoload funlock 0x010000 0x20000
    $ host/osmocon/osmoload ferase 0x010000 0x20000
    $ host/osmocon/osmoload fprogram 0 0x010000 temp

    注意刷入数据flash的范围

    0x010000到0x200000,单位为0x10000;

    7.余下来的操作:

    Power off your phone.

    Disconnect the serial cable.

    Turn it on (push power button), the OSMOCOM menu will appear and show available applications.

    Use up/down keys or digits to select the application.

    Press the green off-hook button, the application will be loaded to ram and is started.

    Alternatively press the digit as shown in front of the application's name.

    刷机后的效果图,刷机确实成功了..不是YY的..

  • 相关阅读:
    Pycharm使用
    解决TortoiseGit下载代码每次要输入用户名、密码
    GitLab创建项目
    【编码格式错误】SyntaxError: Non-UTF-8 code starting with
    C 位段,位域
    跳跃表 -- 随机平衡原理
    PHP 中的新语法 new static 是个啥意思?
    位运算之——按位与(&)操作——(快速取模算法)
    Redis Scan迭代器遍历操作原理(一)
    Redis Scan迭代器遍历操作原理(二)
  • 原文地址:https://www.cnblogs.com/k1two2/p/5296414.html
Copyright © 2011-2022 走看看