New DECT research / playground
Millenia (on the IT timescale) after deDECTed and about a decade after the now abandoned OsmocomDECT project, a group of people in and around Osmocom started to play with DECT again. There's no big plan, or no specific goal, other than getting more hands-on hack value with consumer DECT hardware, at its lowest levels.
It started with some innocent ringtone-hacking on a Gigaset C430 by manawyrm, followed by a much appreciated fix for the long-standing bug of Gigaset DECT phones radically over-charging (and eventually killing) their NiMH batteries (see Gigaset_C430_Hacking).
Initially, this required un-soldering and re-programming the SPI flash. After the debug UART was identified on the two test pads accessible from the battery compartment, manawyrm and tobleminer have figured out how to load code into the processor (see also ChipsUsed). Some initial related tools have been created and collected in the https://github.com/TobleMiner/dialog-sc14441-uart-boot repository. Using this you can execute your own code on the Gigaset C430, C300 and likely many other DECT phones using the Sitel (formerly NatSemi, now Renesas SC14xxx chipset family. Those who have had an eye on DECT for a longer time will recognize that this family of chips was also used in both the deDECTed as well as the OsmocomDECT CoA driver. It is also used in the Aastra/Mitel RFP base stations (see this OsmoDevCon2019 talk on RFP base stations and the 36C3 #mifail talk).
It's yet unclear where this will lead to. But it definitely is nice to see some people excited about playing with DECT devices again. If you want to follow developments in real-time, join us on the
#osmocom IRC channel on https://libera.chat/