Osmocombb
From HacDC Wiki
WIP
notes on using osmocombb to abuse feature phones. this is a work in progress. the above section label will be removed once complete.
Prereqs
Order
- get clean firmware image
- load osmocombb firmware (see this)
- do evil things
Get Clean Firmware Image
- start loader in ram (for c140 or c139)
$ osmocon -p /dev/ttyUSB0 -m c140xor target/firmware/board/compal_e86/loader.compalram.bin
- in a new window dump the firmware
$ osmoload memdump 0x000000 0x7fffff stock_flash.bin
- go get a cup of caffiene
Load OsmocomBB
- for reference: http://bb.osmocom.org/trac/wiki/flashing_new
- run the following in a terminal (it should not return):
$ $REPO/src/host/osmocon/osmocon -p /dev/ttyUSB0 -m c140xor target/firmware/board/compal_e86/loader.compalram.bin
- "Briefly press the power-on button of your phone (short push, not like a regular phone boot!)."
- see this for details of expected output
- If output is as expected, then continue
Load Loader
Load the "loader" into ram and
- in a new terminal run:
$ $REPO/src/host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin
- if success continue
Install Loader
Install the "loader" to flash.
- run:
host/osmocon/osmoload fprogram 0 0x012000 target/firmware/board/compal_e86/?loader.compalram.bin?