Fernvale is an open-source development platform for the Mediatek MT6260.
It was also specifically designed to make reverse engineering easier.
It is available on the sysmocom web-shop
- There is a simple bootloader/interactive shell called fernly which can also be used for reverse engineering.
- There is a downstream port to Nuttx which is bootable but provides limited features
- There is a downstream OsmocomBB port which has a bootable layer1 image that doesn't support any of the GSM hardware yet.
|External memory||Fernly Nuttx|
|GSM, GPRS||None yet|
|LCD||Fernly , Nuttx|
Apr 22 2018 - layer1 firmware has stubbed out implementations for mediatek/fernvale. layer1/main blinks the big LED on fernvale and fernly usb serial is ported so that debug messages are possible. See my mtk-layer1 branch on github.
Feb 13 2018 - fixed up Makefile.mtk so that both SciphoneDreamG2 and Fernvale firmwares build. An LED blink firmware is working on Fernvale but the loader_mtk firmware no longer seems to work on the SciphoneDreamG2.
- port Layer1bin - unrznbl is working on this currently
- create library from osmocom-bb to be used in NuttX layer1 app (hopefully very little copying of code into nuttx tree)
- port Mobile to NuttX
Very few people are working on it1, and because of that progress have been very slow.
1 See This blog post for more background on the issue.
References and documentation¶
- https://postmarketos.org/blog/2018/04/14/lowlevel/ : Article on porting OsmocomBB to the Fernvale
- https://kosagi.com/w/index.php?title=Fernvale_Main_Page : Fernvale hardware documentation
- https://kosagi.com/forums/ : Kosagi forums: they have a section on the Fernvale
- https://www.bunniestudios.com/blog/?p=4297 : Blog post on the initial hardware and software reverse engineering
- https://xobs.io/fernvale-the-path-not-taken/ : Blog post on the initial software reverse engineering
- There was a talk at the 31c3 about the Fernvale. video slides
- Nuttx's mt6260_tdma.h seem to contain some information on the GSM part