写在最前面,先知我YY下硬刷最好可能实现的功能:
1.把软件刷入flash,修改loader后,可以实现上电就自动运行程序;
2.硬刷后,程序自动起来,可以修改loader就行加密
3.硬刷后,有可能把osmocon cell 等软件整到windwos 省去虚拟机.操作方便...(这个是YY的,暂时还不知道....)
4.硬刷后,手机可以变成砖头.
5.刷机有风险,变砖头就损失20RMB,请慎重....哈哈!~
大家自己玩玩就好了,有啥问题就别找我麻烦了...哈哈哈~~
资料来源:
http://bb.osmocom.org/trac/wiki/flashing_new
1.flash layout & memory layout
The memory is mapped as follows:
0x000000-0x00ffff: Flash page
0x010000-0x01ffff: Flash page
... more Flash pages ...
0x800000-0x83ffff: Ram
Our flash layout is: 0x000000-0x001fff: Compal loader
0x002000-0x00ffff: OSMOCOM menu
0x010000-........: OSMOCOM application and storage
2.代码修改:
git branch
* master 请用这个分支;
$ cd src/target/firmware/
$ vim Makefile
CFLAGS += -DCONFIG_FLASH_WRITE
CFLAGS += -DCONFIG_FLASH_WRITE_LOADER
CFLAGS += -DCONFIG_TX_ENABLE 编译代码
make clean
make
3.下载一个loader程序到ram,为后面刷机程序提供一个平台.
cd src
host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor target/firmware/board/compal_e88/loader.compalram.bin
按开机.
终端打印如下:
root@ubuntu:/home/ll/osmocombb/testing/osmocom-bb/src/host/osmocon# ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin
got bytes from modem, data looks like: 2f /
got bytes from modem, data looks like: .
got bytes from modem, data looks like: 1b .
got bytes from modem, data looks like: f6 .
got bytes from modem, data looks like: ..A
got bytes from modem, data looks like: .
got bytes from modem, data looks like: @
Received PROMPT1 from phone, responding with CMD
read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=, hdr_len=, dnload_len=
got bytes from modem, data looks like: 1b .
got bytes from modem, data looks like: f6 .
got bytes from modem, data looks like: .
got bytes from modem, data looks like: .
got bytes from modem, data looks like: A
got bytes from modem, data looks like: .
got bytes from modem, data looks like: C
Received PROMPT2 from phone, starting download
handle_write(): bytes (/)
handle_write(): bytes (/)
handle_write(): bytes (/)
handle_write(): bytes (/)
handle_write(): bytes (/)
handle_write(): bytes (/)
handle_write(): bytes (/)
handle_write(): bytes (/)
handle_write(): bytes (/)
handle_write(): finished
got bytes from modem, data looks like: 1b .
got bytes from modem, data looks like: f6 .
got bytes from modem, data looks like: .
got bytes from modem, data looks like: .
got bytes from modem, data looks like: A
got bytes from modem, data looks like: .
got bytes from modem, data looks like: B
Received DOWNLOAD ACK from phone, your code is running now!
Received DOWNLOAD ACK from phone, your code is running now!
battery_compal_e88_init: starting up OsmocomBB Loader (revision osmocon_v0.0.0--ge6372a2-modified)
======================================================================
Running on compal_e88 in environment compalram
4.保留原始的loader
$ cd src
$ host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin 备份好这个 compal_loader.bin 文件.
5.为了避免把手机变成砖头先测试下是否可以读写flash.(请参照上面一步的办法把手机里面原始flash的数据备份一份,否则整坏以后,手机就不能复原了)
$ host/osmocon/osmoload funlock 0x010000 0x10000
$ host/osmocon/osmoload ferase 0x010000 0x10000
$ host/osmocon/osmoload fprogram 0x010000 compal_loader.bin
$ host/osmocon/osmoload fprogram 0x012000 target/firmware/board/compal_e88/menu.e88loader.bin
测试如果没有问题,我们就可以刷入loader了.
$ host/osmocon/osmoload funlock 0x000000 0x10000
$ host/osmocon/osmoload ferase 0x000000 0x10000
$ host/osmocon/osmoload fprogram 0x000000 compal_loader.bin
$ host/osmocon/osmoload fprogram 0x002000 target/firmware/board/compal_e88/menu.e88loader.bin
这里需要注意的
menu.e88loader.bin 这个是* jolly/menu branch才能有的.请自行下载编译.
funlock 每次开机后都需要做这个。
menu这个文件,就是类似一个菜单的东西.
6.把app程序刷入flash.
app刷入flash,需要利用第五步的menu程序.
menu程序识别app的方式:header + app
echo "highram:RSSI" >temp
cat target/firmware/board/compal_e88/rssi.highram.bin >>temp
temp文件必须是偶数长度
$ ls -la temp
-rw-r--r-- root root Sep : temp
$ echo >>temp
$ ls -la temp
-rw-r--r-- root root Sep : temp
刷app到flash:
$ host/osmocon/osmoload funlock 0x010000 0x20000
$ host/osmocon/osmoload ferase 0x010000 0x20000
$ host/osmocon/osmoload fprogram 0x010000 temp
注意刷入数据flash的范围
0x010000到0x200000,单位为0x10000;
7.余下来的操作:
Power off your phone.
Disconnect the serial cable.
Turn it on (push power button), the OSMOCOM menu will appear and show available applications.
Use up/down keys or digits to select the application.
Press the green off-hook button, the application will be loaded to ram and is started.
Alternatively press the digit as shown in front of the application's name.
刷机后的效果图,刷机确实成功了..不是YY的..
