💾 Archived View for sherwood.at › projects › phoneOs.gmi captured on 2021-12-04 at 18:04:22. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
Project cancelled until some magician can get me the hardware documentation on a propriatary phone.
I'm tired of Android and too cheap to buy an iphone. I want to be able to trust my phone. I want to learn how a device actually works.
I've decided to make my own phone OS for the Nokia 6300 4g.
I found it. Fairly recenty release, has wifi and bluetooth connectivity.
Hey remember me saying that I was gonna take this project back up? I was wrong, this stuff is inpenetrable for me. I have no clue what approach to take without documentation.
I'm not capable of reverse engineering this, at least within my lifetime. Unless by some stroke of luck I'll get my hands on the documentation, this project is dead.
Over the past couple of weeks I've been putting in some small effort, but it all came back to this issue. I sent out some emails but never got a response. It was fun to start working on this project and attempting to get some grasp on how to code for such a platform, but the last week(s) have been kinda rough. It used to get me pumped to work on something that aligns with my principles, on my own terms. But 10 weeks of 0 progress... kills that motivation.
I'm gonna pick this project back up again. The hardware layer stumped me, and i still feel lost. But I have hardware access to the device. In theory I can reverse engineer the hardware. It'll just take longer...
Walter has way more experience working with hardware, and he gave me some advice.
Gotta ork it.
Found out about binwalk. running it on the 8k.mbn file gave me this output.
DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 ELF, 32-bit LSB executable, ARM, version 1 (SYSV) 4680 0x1248 Certificate in DER format (x509 v3), header length: 4, sequence length: 1192 5876 0x16F4 Certificate in DER format (x509 v3), header length: 4, sequence length: 952 6832 0x1AB0 Certificate in DER format (x509 v3), header length: 4, sequence length: 901 194568 0x2F808 Unix path: /dev/icbcfg/boot 196920 0x30138 Unix path: /dev/icbcfg/boot 237280 0x39EE0 XML document, version: "1.0" 243876 0x3B8A4 SHA256 hash constants, little endian 247276 0x3C5EC CRC32 polynomial table, little endian
I've heard that firehose comunicates via XML, so this might contain an XML definition.
Coworkers declaring me crazy for working on this project. They may be right. But sometimes you gotta 'ork' it. Idk how it works, but i think it'll work, so it WILL work (Eventually)
Arnoud mentioned that the drivers would be very hard. I do agree with him. Did find an SDK for the specific video chip in there. Still need one for the DSP.
Come to think of it. I have no idea how the radio works.
Progress! The mbn file is used to talk to the EDL on the phone itself. The XML format only describes the binary that we put on the phone. That binary is a secondary bootloader, which will be used to actually launch the OS.
Luckely, the primary boot loader (PBL) is stored in ROM. Since the PBL implements firehose, I cannot fuck up the primary bootloader. So in case the flash goes wrong, I can still try again.
To reset the EDL state on the phone i'd have to disconnect the battery.
So QDL on the aur seems to work. Need to figure out how to use it though.
Seems as if I can flah .mbn files onto the phone via the Download mode.
But to flash my own firware, i'd need to reverse engineer the mdn format.
To get a mbn file i'd need to pull it off the phone.
Not quite sure if i'm using the right search terms tough.
Found this site: edl.bananahackers.net which claims to have an mbn file. Tomorrow i'll test using qdl + that mbn file. Gotta find out how to pull the installed OS.
I underestimated this bigtime. I need more than just a ARM-A7 spec + some willpower. Zig will take care of most of it. SoC just adds more .pdf's to read, i'll get trough those eventually. Main worry now is how to talk to the hardware, and how to run my own code.
I can get into EDL (Emergency DownLoad mode)