寫在最前面,先知我YY下硬刷最好可能實現的功能:
1.把軟件刷入flash,修改loader后,可以實現上電就自動運行程序;
2.硬刷后,程序自動起來,可以修改loader就行加密
3.硬刷后,有可能把osmocon cell 等軟件整到windwos 省去虛擬機.操作方便...(這個是YY的,暫時還不知道....)
4.硬刷后,手機可以變成磚頭.
5.刷機有風險,變磚頭就損失20RMB,請慎重....哈哈!~
大家自己玩玩就好了,有啥問題就別找我麻煩了...哈哈哈~~
資料來源:
http://bb.osmocom.org/trac/wiki/flashing_new
1.flash layout & memory layout
The memory is mapped as follows: 0x000000-0x00ffff: Flash page 0 0x010000-0x01ffff: Flash page 1 ... more Flash pages ... 0x800000-0x83ffff: Ram Our flash layout is: 0x000000-0x001fff: Compal loader 0x002000-0x00ffff: OSMOCOM menu 0x010000-........: OSMOCOM application and storage
2.代碼修改:
git branch * master 請用這個分支; $ cd src/target/firmware/ $ vim Makefile CFLAGS += -DCONFIG_FLASH_WRITE CFLAGS += -DCONFIG_FLASH_WRITE_LOADER CFLAGS += -DCONFIG_TX_ENABLE 編譯代碼 make clean make
3.下載一個loader程序到ram,為后面刷機程序提供一個平台.
cd src host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor target/firmware/board/compal_e88/loader.compalram.bin 按開機.
終端打印如下:
root@ubuntu:/home/ll/osmocombb/testing/osmocom-bb/src/host/osmocon# ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin got 1 bytes from modem, data looks like: 2f / got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 3 bytes from modem, data looks like: 02 00 41 ..A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=32988, hdr_len=4, dnload_len=32995 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 4096 bytes (4096/32995) handle_write(): 4096 bytes (8192/32995) handle_write(): 4096 bytes (12288/32995) handle_write(): 4096 bytes (16384/32995) handle_write(): 4096 bytes (20480/32995) handle_write(): 4096 bytes (24576/32995) handle_write(): 4096 bytes (28672/32995) handle_write(): 4096 bytes (32768/32995) handle_write(): 227 bytes (32995/32995) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 03 . got 1 bytes from modem, data looks like: 42 B Received DOWNLOAD ACK from phone, your code is running now! Received DOWNLOAD ACK from phone, your code is running now! battery_compal_e88_init: starting up OsmocomBB Loader (revision osmocon_v0.0.0-1753-ge6372a2-modified) ====================================================================== Running on compal_e88 in environment compalram
4.保留原始的loader
$ cd src $ host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin 備份好這個 compal_loader.bin 文件.
5.為了避免把手機變成磚頭先測試下是否可以讀寫flash.(請參照上面一步的辦法把手機里面原始flash的數據備份一份,否則整壞以后,手機就不能復原了)
$ host/osmocon/osmoload funlock 0x010000 0x10000 $ host/osmocon/osmoload ferase 0x010000 0x10000 $ host/osmocon/osmoload fprogram 0 0x010000 compal_loader.bin $ host/osmocon/osmoload fprogram 0 0x012000 target/firmware/board/compal_e88/menu.e88loader.bin
測試如果沒有問題,我們就可以刷入loader了.
$ host/osmocon/osmoload funlock 0x000000 0x10000 $ host/osmocon/osmoload ferase 0x000000 0x10000 $ host/osmocon/osmoload fprogram 0 0x000000 compal_loader.bin $ host/osmocon/osmoload fprogram 0 0x002000 target/firmware/board/compal_e88/menu.e88loader.bin
這里需要注意的
menu.e88loader.bin 這個是* jolly/menu branch才能有的.請自行下載編譯.
funlock 每次開機后都需要做這個。
menu這個文件,就是類似一個菜單的東西.
6.把app程序刷入flash.
app刷入flash,需要利用第五步的menu程序.
menu程序識別app的方式:header + app
echo "highram:RSSI" >temp cat target/firmware/board/compal_e88/rssi.highram.bin >>temp
temp文件必須是偶數長度
$ ls -la temp -rw-r--r-- 1 root root 83761 Sep 27 10:08 temp $ echo >>temp $ ls -la temp -rw-r--r-- 1 root root 83762 Sep 27 10:08 temp
刷app到flash:
$ host/osmocon/osmoload funlock 0x010000 0x20000 $ host/osmocon/osmoload ferase 0x010000 0x20000 $ host/osmocon/osmoload fprogram 0 0x010000 temp
注意刷入數據flash的范圍
0x010000到0x200000,單位為0x10000;
7.余下來的操作:
Power off your phone.
Disconnect the serial cable.
Turn it on (push power button), the OSMOCOM menu will appear and show available applications.
Use up/down keys or digits to select the application.
Press the green off-hook button, the application will be loaded to ram and is started.
Alternatively press the digit as shown in front of the application's name.
刷機后的效果圖,刷機確實成功了..不是YY的..
