本文提供了详细的硬刷教程,包括如何修改代码、编译程序、下载loader到RAM、备份原始loader、测试读写FLASH、刷入loader及应用程序等内容。
写在最前面,先知我YY下硬刷最好可能实现的功能:
1.把软件刷入flash,修改loader后,可以实现上电就自动运行程序;
2.硬刷后,程序自动起来,可以修改loader就行加密
3.硬刷后,有可能把osmocon cell 等软件整到windwos 省去虚拟机.操作方便...(这个是YY的,暂时还不知道....)
4.硬刷后,手机可以变成砖头.
5.刷机有风险,变砖头就损失20RMB,请慎重....哈哈!~
大家自己玩玩就好了,有啥问题就别找我麻烦了...哈哈哈~~
资料来源:
http://bb.osmocom.org/trac/wiki/flashing_new
1.flash layout & memory layout
The memory is mapped as follows: 0x000000-0x00ffff: Flash page 0 0x010000-0x01ffff: Flash page 1 ... more Flash pages ... 0x800000-0x83ffff: Ram Our flash layout is: 0x000000-0x001fff: Compal loader 0x002000-0x00ffff: OSMOCOM menu 0x010000-........: OSMOCOM application and storage
2.代码修改:
git branch * master 请用这个分支; $ cd src/target/firmware/ $ vim Makefile CFLAGS += -DCONFIG_FLASH_WRITE CFLAGS += -DCONFIG_FLASH_WRITE_LOADER CFLAGS += -DCONFIG_TX_ENABLE 编译代码 make clean make
3.下载一个loader程序到ram,为后面刷机程序提供一个平台.
cd src host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor target/firmware/board/compal_e88/loader.compalram.bin 按开机.
终端打印如下:
root@ubuntu:/home/ll/osmocombb/testing/osmocom-bb/src/host/osmocon# ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin got 1 bytes from modem, data looks like: 2f / got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 3 bytes from modem, data looks like: 02 00 41 ..A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=32988, hdr_len=4, dnload_len=32995 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 4096 bytes (4096/32995) handle_write(): 4096 bytes (8192/32995) handle_write(): 4096 bytes (12288/32995) handle_write(): 4096 bytes (16384/32995) handle_write(): 4096 bytes (20480/32995) handle_write(): 4096 bytes (24576/32995) handle_write(): 4096 bytes (28672/32995) handle_write(): 4096 bytes (32768/32995) handle_write(): 227 bytes (32995/32995) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 03 . got 1 bytes from modem, data looks like: 42 B Received DOWNLOAD ACK from phone, your code is running now! Received DOWNLOAD ACK from phone, your code is running now! battery_compal_e88_init: starting up OsmocomBB Loader (revision osmocon_v0.0.0-1753-ge6372a2-modified) ====================================================================== Running on compal_e88 in environment compalram
4.保留原始的loader
$ cd src $ host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin 备份好这个 compal_loader.bin 文件.
5.为了避免把手机变成砖头先测试下是否可以读写flash.(请参照上面一步的办法把手机里面原始flash的数据备份一份,否则整坏以后,手机就不能复原了)
$ host/osmocon/osmoload funlock 0x010000 0x10000 $ host/osmocon/osmoload ferase 0x010000 0x10000 $ host/osmocon/osmoload fprogram 0 0x010000 compal_loader.bin $ host/osmocon/osmoload fprogram 0 0x012000 target/firmware/board/compal_e88/menu.e88loader.bin
测试如果没有问题,我们就可以刷入loader了.
$ host/osmocon/osmoload funlock 0x000000 0x10000 $ host/osmocon/osmoload ferase 0x000000 0x10000 $ host/osmocon/osmoload fprogram 0 0x000000 compal_loader.bin $ host/osmocon/osmoload fprogram 0 0x002000 target/firmware/board/compal_e88/menu.e88loader.bin
这里需要注意的
menu.e88loader.bin 这个是* jolly/menu branch才能有的.请自行下载编译.
funlock 每次开机后都需要做这个。
menu这个文件,就是类似一个菜单的东西.
6.把app程序刷入flash.
app刷入flash,需要利用第五步的menu程序.
menu程序识别app的方式:header + app
echo "highram:RSSI" >temp cat target/firmware/board/compal_e88/rssi.highram.bin >>temp
temp文件必须是偶数长度
$ ls -la temp -rw-r--r-- 1 root root 83761 Sep 27 10:08 temp $ echo >>temp $ ls -la temp -rw-r--r-- 1 root root 83762 Sep 27 10:08 temp
刷app到flash:
$ host/osmocon/osmoload funlock 0x010000 0x20000 $ host/osmocon/osmoload ferase 0x010000 0x20000 $ host/osmocon/osmoload fprogram 0 0x010000 temp
注意刷入数据flash的范围
0x010000到0x200000,单位为0x10000;
7.余下来的操作:
Power off your phone.
Disconnect the serial cable.
Turn it on (push power button), the OSMOCOM menu will appear and show available applications.
Use up/down keys or digits to select the application.
Press the green off-hook button, the application will be loaded to ram and is started.
Alternatively press the digit as shown in front of the application's name.
刷机后的效果图,刷机确实成功了..不是YY的..
扫一扫
1601
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
