写在最前面,先知我YY下硬刷最好可能实现的功能:

1.把软件刷入flash,修改loader后,可以实现上电就自动运行程序;

2.硬刷后,程序自动起来,可以修改loader就行加密

3.硬刷后,有可能把osmocon cell 等软件整到windwos 省去虚拟机.操作方便...(这个是YY的,暂时还不知道....)

4.硬刷后,手机可以变成砖头.

5.刷机有风险,变砖头就损失20RMB,请慎重....哈哈!~

大家自己玩玩就好了,有啥问题就别找我麻烦了...哈哈哈~~

资料来源:

http://bb.osmocom.org/trac/wiki/flashing_new

1.flash layout & memory layout

The memory is mapped as follows:

0x000000-0x00ffff: Flash page

0x010000-0x01ffff: Flash page

... more Flash pages ...

0x800000-0x83ffff: Ram

Our flash layout is:

0x000000-0x001fff: Compal loader

0x002000-0x00ffff: OSMOCOM menu

0x010000-........: OSMOCOM application and storage

2.代码修改:

git branch

* master 请用这个分支;

$ cd src/target/firmware/

$ vim Makefile

CFLAGS += -DCONFIG_FLASH_WRITE

CFLAGS += -DCONFIG_FLASH_WRITE_LOADER

CFLAGS += -DCONFIG_TX_ENABLE

编译代码

make clean

make

3.下载一个loader程序到ram,为后面刷机程序提供一个平台.

cd src

host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor target/firmware/board/compal_e88/loader.compalram.bin

按开机.

终端打印如下:

root@ubuntu:/home/ll/osmocombb/testing/osmocom-bb/src/host/osmocon# ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin

got  bytes from modem, data looks like: 2f  /

got  bytes from modem, data looks like:   .

got  bytes from modem, data looks like: 1b  .

got  bytes from modem, data looks like: f6  .

got  bytes from modem, data looks like:     ..A

got  bytes from modem, data looks like:   .

got  bytes from modem, data looks like:   @

Received PROMPT1 from phone, responding with CMD

read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=, hdr_len=, dnload_len=

got  bytes from modem, data looks like: 1b  .

got  bytes from modem, data looks like: f6  .

got  bytes from modem, data looks like:   .

got  bytes from modem, data looks like:   .

got  bytes from modem, data looks like:   A

got  bytes from modem, data looks like:   .

got  bytes from modem, data looks like:   C

Received PROMPT2 from phone, starting download

handle_write():  bytes (/)

handle_write():  bytes (/)

handle_write():  bytes (/)

handle_write():  bytes (/)

handle_write():  bytes (/)

handle_write():  bytes (/)

handle_write():  bytes (/)

handle_write():  bytes (/)

handle_write():  bytes (/)

handle_write(): finished

got  bytes from modem, data looks like: 1b  .

got  bytes from modem, data looks like: f6  .

got  bytes from modem, data looks like:   .

got  bytes from modem, data looks like:   .

got  bytes from modem, data looks like:   A

got  bytes from modem, data looks like:   .

got  bytes from modem, data looks like:   B

Received DOWNLOAD ACK from phone, your code is running now!

Received DOWNLOAD ACK from phone, your code is running now!

battery_compal_e88_init: starting up

OsmocomBB Loader (revision osmocon_v0.0.0--ge6372a2-modified)

======================================================================

Running on compal_e88 in environment compalram

4.保留原始的loader

$ cd src

$ host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin

备份好这个 compal_loader.bin 文件.

5.为了避免把手机变成砖头先测试下是否可以读写flash.(请参照上面一步的办法把手机里面原始flash的数据备份一份,否则整坏以后,手机就不能复原了)

$ host/osmocon/osmoload funlock 0x010000 0x10000

$ host/osmocon/osmoload ferase 0x010000 0x10000

$ host/osmocon/osmoload fprogram  0x010000 compal_loader.bin

$ host/osmocon/osmoload fprogram  0x012000 target/firmware/board/compal_e88/menu.e88loader.bin

测试如果没有问题,我们就可以刷入loader了.

$ host/osmocon/osmoload funlock 0x000000 0x10000

$ host/osmocon/osmoload ferase 0x000000 0x10000

$ host/osmocon/osmoload fprogram  0x000000 compal_loader.bin

$ host/osmocon/osmoload fprogram  0x002000 target/firmware/board/compal_e88/menu.e88loader.bin

这里需要注意的

menu.e88loader.bin 这个是* jolly/menu branch才能有的.请自行下载编译.

funlock 每次开机后都需要做这个。

menu这个文件,就是类似一个菜单的东西.

6.把app程序刷入flash.

app刷入flash,需要利用第五步的menu程序.

menu程序识别app的方式:header + app

echo "highram:RSSI" >temp

cat target/firmware/board/compal_e88/rssi.highram.bin >>temp

temp文件必须是偶数长度

$ ls -la temp

-rw-r--r--  root root  Sep  : temp

$ echo >>temp

$ ls -la temp

-rw-r--r--  root root  Sep  : temp

刷app到flash:

$ host/osmocon/osmoload funlock 0x010000 0x20000

$ host/osmocon/osmoload ferase 0x010000 0x20000

$ host/osmocon/osmoload fprogram  0x010000 temp

注意刷入数据flash的范围

0x010000到0x200000,单位为0x10000;

7.余下来的操作:

Power off your phone.

Disconnect the serial cable.

Turn it on (push power button), the OSMOCOM menu will appear and show available applications.

Use up/down keys or digits to select the application.

Press the green off-hook button, the application will be loaded to ram and is started.

Alternatively press the digit as shown in front of the application's name.

刷机后的效果图,刷机确实成功了..不是YY的..

Osmocom-BB MOTO C118硬刷的更多相关文章

  1. 刷固件Layer1到手机FLASH(硬刷)

    开头: 注意:本文章并不是做GSM 嗅探必须的,平时我们刷机叫软刷是刷到内存里面的,断电就消失了,这个是硬刷,刷到flash里面的,断电不消失,开机就运行的. 本文章经过作者实测可行,这只是单个应用程 ...

  2. Moto C118 基于 Osmocom-BB 和 OpenBTS 搭建小型GSM短信基站

    此文章PDF文档下载地址:点击下载 0x00 写在前面 大家应该都听说过摩托罗拉C118配合Osmocom-BB实现GSM网络下的短信拦截功能吧,在14年左右新出了一种玩法就是Osmocom-BB的s ...

  3. 三极管的妙用之C118自动刷机

    首先咱们要搞清楚咱们自动刷机的原理,不谈修改固件那么高深的东西,简单的就是控制开机键. 使用继电器来控制基本上算是上个世纪的想法吧,之前博主也做过,做出来的感觉其实也很不错,就像是一个收藏品.因为继电 ...

  4. Sony Z1 flashtool 刷机笔记

    第一次硬刷,(相较于recovery的卡刷)差点变成无限重启..记录一些关键步骤: 1 unlock bootloader http://developer.sonymobile.com/unlock ...

  5. E6全部刷机包

    此版本号基于R533_G_11.11.10P_GSZMCAUT679DA01B_LP064DA_T679DA_S005_E001_P002_R001_G004_1FF.sbf制作耳机接听或挂机正常内置 ...

  6. 电脑机器刷BIOS

    http://www.51nb.com/forum/viewthread.php?tid=934570&page=1#pid13765036 [原创]hp笔记本刷新bios失败后真的可以恢复吗 ...

  7. Hasse神舟笔记本卡logo解决,刷BIOS方法,教你修复神船

    我的电脑是神舟战神K660E i7 d7的,前两天装Windows10,Ubuntu,MAC OS Mojave,PE 一堆操作,使用bootice重建uefi引导,结果在前几天,我删了一个重复的ue ...

  8. LinuxE2系统刷机后OSCAM安装与读卡器设置

    我也属于E2小白,最近才开始玩这个系统.从dinobot 4k+,到H7s,在到H5,各种E2机器都买了.刚开始入手的时候,怎么这么麻烦?慢慢的发现,烧新,玩E2也是一种乐趣,只不过最近困扰我的刷机后 ...

  9. GSM Sniffing入门之硬件篇

    3个月前,听朋友介绍得知OsmocomBB项目.此前一直以为GSM Sniffing需要价格昂贵的专用设备,但osmocomBB的上手成本:一个25元左右的手机,外加一根USB转TTL的串口线,着实让 ...

随机推荐

  1. Show()和ShowDialog()

    show()仅仅是显示出来窗口界面而已```也就是和你执行的结果在同一窗口显示```所显示的窗口可以在后台运行```而showDialog()是一个对话框窗口界面```执行结果以新窗口界面出现```不 ...

  2. 5.6 WebDriver API实例讲解(31-35)

    31.判断页面元素是否存在 public static void testElementExist(){ driver.get("http://www.sogou.com"); t ...

  3. 第四周 更新Scrum站立会议

    项目名称:连连看游戏(C#) 小组名称:4Boys 小组成员:武志远.李权.张金生.张政 站立会议内容 昨天完成的: 1.张金生主要介绍了自己完成了游戏界面 2.武志远主要负责查阅关于技术方面的资料, ...

  4. Linux服务器下用svn创建多个项目

    (1): 创建svn仓库路径        mkdir  -p  /opt/svn/project1        mkdir -p   /opt/svn/project2        svnadm ...

  5. c/c++----网站及其后门(CGI应用程序)

    C/C++学习到这儿,结合自己曾经学过的javasweb知识,现在让我们来看看,如何做一个CGI程序吧! 首先了解一下啥子叫CGI  :CGI全称是“公共网关接口”(Common Gateway In ...

  6. cf------(round 2)A. Winner

    A. Winner time limit per test 1 second memory limit per test 64 megabytes input standard input outpu ...

  7. 继承多态绕点 Java篇

    上一篇把C#语言的继承,多态里的特殊的情况做了一下总结,其实那一部分代码都是从Java翻译过去的,今天来总结一下Java在这种情况下是怎么调用的. 上一篇我们说的是:1.多态,只在多态系里方法调用,很 ...

  8. 一致性哈希算法——算法解决的核心问题是当slot数发生变化时,能够尽量少的移动数据

    一致性哈希算法 摘自:http://blog.codinglabs.org/articles/consistent-hashing.html 算法简述 一致性哈希算法(Consistent Hashi ...

  9. boost 源码编译 的 Makefile.am写法备份

    include $(top_srcdir)/common.mk bin_PROGRAMS= lib_LIBRARIES= lib_LTLIBRARIES= lib_LTLIBRARIES+=libSt ...

  10. ecshop数据库取数据

    取出所有数据: test_getAll(); function test_getAll() { global $db; $sql = "SELECT user_id, user_name, ...