Project

General

Profile

Flashing an application into a C123 phone

This tutorial explains how to flash one or multiple application(s) into C123 phone. Read carefully, otherwise you might brick your phone. Even if you follow this tutorial, you may brick your phone if you run into cable problem, weak battery or software fault. Also be sure to have another phone for unattended charging. The charger is supported, but if firmware crashes, battery might get overloaded. *Never charge unattended! *After flashing, the original firmware is gone, so be sure to save complete flash memory, if you want to restore original firmware in the future.

There will be three parts to be flashed:

  • the original Compal loader
  • the OSMOCOM menu (loads applications from flash into ram)
  • the application

Without the Compal loader, the phone is bricked.

The OSMOCOM menu will allow to start the application from any flash page other than page 0. It displays all applications it finds in flash (using a header, as described below). The cursor keys will select the application, the green button will start the application, the menu button (black button) will display flash location.

Memory

The memory is mapped as follows:

  • 0x000000-0x00ffff: Flash page 0
  • 0x010000-0x01ffff: Flash page 1
  • ... more Flash pages ...
  • 0x800000-0x83ffff: Ram

Our flash layout is:

  • 0x000000-0x001fff: Compal loader
  • 0x002000-0x00ffff: OSMOCOM menu
  • 0x010000-........: OSMOCOM application and storage

Note: The Compal loader and the OSMOCOM menu will be located in the same flash page!

preparations

Unlocking flash write of Osmocom loader

$ cd src/target/firmware/
$ edit Makefile

Enable the following compiler flags: (They are located at the bottom of the file.)

CFLAGS += -DCONFIG_FLASH_WRITE
CFLAGS += -DCONFIG_FLASH_WRITE_LOADER

Also you may want to allow the application to transmit, so enable TX supprt:

CFLAGS += -DCONFIG_TX_ENABLE

rebuilding the firmware

Now rebuild the firmware with write support enabled:

$ make clean
$ make

actual installation

Booting the phone / downloading loader to ram

$ cd src
$ host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor target/firmware/board/compal_e88/loader.compalram.bin

Briefly press the power-on button of your phone (short push, not like a regular phone boot!).
See osmocon for more informations.

You will get the following output:

Received PROMPT1 from phone, responding with CMD
read_file(target/firmware/board/compal_e88/loader.compalram.bin): file_size=18436, hdr_len=4, dnload_len=18443
Received PROMPT2 from phone, starting download
handle_write(): 4096 bytes (4096/18443)
handle_write(): 4096 bytes (8192/18443)
handle_write(): 4096 bytes (12288/18443)
handle_write(): 4096 bytes (16384/18443)
handle_write(): 2059 bytes (18443/18443)
handle_write(): finished
Received DOWNLOAD ACK from phone, your code is running now!
Received DOWNLOAD ACK from phone, your code is running now!

OSMOCOM Loader (revision osmocon_v0.0.0-1322-g43c588b-modified)
======================================================================
Running on compal_e88 in environment compalram
Found flash of 2097152 bytes at 0x0 with 2 regions

Now open another console and talk to the loader as described below:

Flashing the loader + menu

The OSMOCOM loader is located in ram. (see above) It will be used to write to flash. Because it runs in ram, it will allow accessing the flash.

The OSMOCOM menu cannot be flashed without erasing the original Compal loader, because both are located in the same flash page. We can only erase the complete page, not parts of it. The first thing we must do is save the original loader:

$ cd src
$ host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin

To test if flashing works, we will first flash the Compal and OSMOCOM menu to a wrong location. If flashing fails, we still have the Compal loader working on it's original location, and the phone is not bricked.

First erase page at 0x010000 and program the just saved compal_loader.bin and the OSMOCOM menu:

$ host/osmocon/osmoload funlock 0x010000 0x10000
$ host/osmocon/osmoload ferase 0x010000 0x10000
$ host/osmocon/osmoload fprogram 0 0x010000 compal_loader.bin
$ host/osmocon/osmoload fprogram 0 0x012000 target/firmware/board/compal_e88/menu.e88loader.bin

If all these steps will not produce any error output, you can start flashing the Osmocom loader to it's right place at page 0x000000:

$ host/osmocon/osmoload funlock 0x000000 0x10000
$ host/osmocon/osmoload ferase 0x000000 0x10000
$ host/osmocon/osmoload fprogram 0 0x000000 compal_loader.bin
$ host/osmocon/osmoload fprogram 0 0x002000 target/firmware/board/compal_e88/menu.e88loader.bin

Preparing an application

The OSMOCOM menu will search for applications starting at any flash page. In order to detect an application, a header is used. create the header as follows:

$ echo "highram:RSSI" >temp

In this case we created a header for the RSSI application and call that "RSSI". Now we append the highram image to be loaded by the OSMOCOM menu:

$ cat target/firmware/board/compal_e88/rssi.highram.bin >>temp

Flashing the "temp" file is only possible, if the number of byte are even. In case they are odd, add one byte:

$ ls -la temp
-rw-r--r-- 1 root root 83761 Sep 27 10:08 temp
$ echo >>temp
$ ls -la temp
-rw-r--r-- 1 root root 83762 Sep 27 10:08 temp

Now the application is ready to be flashed to any flash page. In case of RSSI application, it requires two pages of flash memory.

Flasing an application

In order to flash an application, you must check how large it is. You need to erase the amount of pages the firmware requires. You need to round it up to a multiple of 64k (one flash page).

In this example we will flash the RSSI firmware. It is between 64k and 128k, so we need at least two pages to erase:

$ host/osmocon/osmoload funlock 0x010000 0x20000
$ host/osmocon/osmoload ferase 0x010000 0x20000
$ host/osmocon/osmoload fprogram 0 0x010000 temp

Now we have flashed page 1 and page 2. In order to flash another application, you need to erase and flash page 3 or higher.

Testing

  • Power off your phone.
  • Disconnect the serial cable.
  • Turn it on (push power button), the OSMOCOM menu will appear and show available applications.
  • Use up/down keys or digits to select the application.
  • Press the green off-hook button, the application will be loaded to ram and is started.
    • Alternatively press the digit as shown in front of the application's name.