One thing that bothers me about my Android phone is the opaque, closed-source baseband firmware ("radio" as it's often called here). Since the baseband is interposed between the OS and most hardware functions, its firmware presents a major unknown in the total security of the device.
It's unlikely that the source code for any of this baseband firmware is going to be released, and the open source OsmocomBB baseband is a long way off from supporting Android or the dominant Qualcomm chips. But I would settle for decompiling an existing baseband firmware image, so that I can start to understand some things about it's behavior, and perhaps compile modified versions.
Does anyone know where to begin with this? Many thanks.
I wish somebody participated in this with you. I need it also /
funkydaemon said:
One thing that bothers me about my Android phone is the opaque, closed-source baseband firmware ("radio" as it's often called here). Since the baseband is interposed between the OS and most hardware functions, its firmware presents a major unknown in the total security of the device.
It's unlikely that the source code for any of this baseband firmware is going to be released, and the open source OsmocomBB baseband is a long way off from supporting Android or the dominant Qualcomm chips. But I would settle for decompiling an existing baseband firmware image, so that I can start to understand some things about it's behavior, and perhaps compile modified versions.
Does anyone know where to begin with this? Many thanks.
Click to expand...
Click to collapse
Good idea. Although most probably it'll all be native C code compiled into binary form, not amenable to decompiling.
So you'd probably need a very good debugger and a system call tracing facility in strace.
I guess hell might also break loose because SIM encryption(?), voice encoders(?), network locking(?) and god knows how many of those proprietary tidbits may be sitting in there.
SIM encryption broken leading to duplication of SIMs and leading to smartcard encryption and open source tools to reprogram your credit cards with more money.
That's not hell. That's hell in a hand basket with us enjoying the ride
Keep us posted. It's guys like you who think outside the radio that gave us the TV
For Qualcomm based devices you need to decompile Hexagon code.
For other Intel XMM6260 etc based devices suffice IDA (ARM).
In both cases the raw binary blobs may be encrypted, but extractable from running machine.
I'm working on it, in a fashion, and am writing up a document compiling everything that has been done on cellphone radio hacking. I've not found much on baseband firmware; there's a lot of info out there but it's been tough to find amongst all the other hacking that has similar keywords. Currently most quality info around this subject involve an extra (and depending on desired features; expensive) bit of hardware and two open source software packages with their decencies. As the hardware is currently outside my budget ($300 for the best bang for buck) I'll be working on getting the software to recognize the hardware built in my Android devices. Provided that all goes well I should be able to read and write on the frequencies that the in-built hardware supports and hopefully, as I always get an identical device when getting one, read and write with my backup android device. Be warned if you decide to follow me down this path; there are laws restricting what non-licensed persons/companys can do on certain RF frequencies and this depends on where you live, I'm no expert only a person capable of reading lots of dry informative documents, provided I do achieve direct contact between devices this hack could (and likely will) fry one of my antennas so be warned you'll likely do the same :banghead: so do this on an old device that you don't care about before ever trying on something you use daily. With the warning out of the way lets get down to the quick version.
~~~~~~~~~~~~
Currently all the developing I've found educational has involved the before mentioned "expensive hardware" known as software defined radio, shortened to SDR, go a head and pop open a new tab and Google search either. You'll eventually find that cellphone manufacturers have likely already put these into many devices. You'll also hopefully find the two kickstarters, HackRF ~$300 and bladeRF ~$400, these are likely what I'll be saving up for; HackRF for sure as the next release will likely be able to send and receive at the same time instead of switching quickly between modes. If you dig deep enough you'll find a blog post from a hacker that plugged an Android into a much more expensive SDR and was able to place calls and send/receive text; the blog poster stated something to the effect that this was not a useful hack but I believe that it's a great proof of concept and totally worth another look. However, this hacker has also almost been sewed for some of the demonstrations with this kind of technology involving the capture and description of calls and texts so tread carefully.
The software I mentioned before boil down to GNU Radio and Open BTS; there's dependencies for each but all seem to be installable on Linux running on top of Android. Furthermore I see that someone (I'll edit your name in in a sec Edit: idcrisis ) previous mentioned wanting c or c++ support, GNU Radio uses these languages perhaps I can ask for some help when I get a little further in porting this to run without Linux in the middle so much? I think if we use the GPS to set the time then the signal shouldn't drift to much.
I'm using an app called Debian Kit to give me a flavor of Linux called Squeeze for testing the software. If you choose to try what I'm doing then make use of the readme that the developer wrote or the guide I wrote for general Linux on Android installation and interaction fund in my sig to get started. If you want access to the document I'm compiling then you'll want to PM me at this moment as the chances of hardware frying is high and I'll share a link to Google docs; I'll be releasing a full guide when I've figured out how to avoid damage.
Eventually I hope to port many of the functions in GNU Radio into an app that makes use of internal hardware. Currently I've found a few that make use of hardware plugged into Android through USB "on the go" or "host mode" just search "RTL SDR" in the app store and you'll see'em, but, currently nothing making use of internal hardware. If any are interested in joining forces and helping figure out how to do all this I'd be glad to offer any support I can.
Other things related to cellular antenna hacking other than the above mentioned software and hardware that I'm compiling into the same document. Well this is where we get into the parts I'm hitting the wall on. It looks like I'll have to get into Kernel modification as this is one of the things used to communicate between software and hardware. There's also the flashable files known as radios and I'll be digging further in how these files are modified.
Basically this is a very tough question to answer and has taken many months of reading, searching, and more reading to get this close bit if we all work together I know that we'll be able to modify how the antennas in our devices work.
Edit 01142014- Found a guide on reverse engineering embedded device firmware, the guide is on a router but as the chips in our phones are embedded perhaps the steps are similar
http://www.devttys0.com/2011/05/reverse-engineering-firmware-linksys-wag120n/
Sent from either my SPH-D700 or myTouch3gs or M470BSA
Guide for running Linux on Android that I'm writing:
http://forum.xda-developers.com/showthread.php?t=2240397
^^ NO! The embedded chips in the Linksys routers are MIPS based and not ARM like all our Androids. Very different, although technique is the same.
But thanks, for taking time to check up on all this.
Any updates ?
Hey Guys,
I'm looking into this, I've successfully extracted files from the OnePlus One's baseband, its running RtOS called REX, QC calls it AMSS.
Have a look at the thread here: http://forum.xda-developers.com/oneplus-one/general/discussion-hlos-reverse-engineering-t3292829
Waiting for the OsmocomBB update it projects
QCOM modem leaked sources.
Type in google/bing: "AU_LINUX_ANDROID_JB_MR1_RB1.04.02.02.050.116_msm8974_JB_MR1_RB1_CL3904528_release_AU"
Related
Good news guys!
Jerpelea announced the eminent release of Cyanogen RC2 for the X10.
http://forum.xda-developers.com/showpost.php?p=7370940&postcount=91
So to keep the dev only thread clean, please post your questions, problems or comments here.
Update 2010-07-28:
jerpelea said:
with actual state of spl it boots then crashes
you can play a lil with the new kernel included into package
build 0005
http://hotfile.com/dl/57983756/408a452/0005.rar.html
Click to expand...
Click to collapse
Great news and great work by the devs!
I think that this release will be internal i.e. devs only. We never got RC1 so why should we expect RC2?
you got that wrong guys
Froyo is ready in RC2 for X10 this is not equal to : "the bootloader is finally hacked"
So stay calm please
Regards
Bin4ry
Man i got excited for a minute there. Looks like back to waiting.
Sent from my X10i using the XDA mobile application powered by Tapatalk
Damn it!
Still good news that it'll be ready for when it does get hacked.
no more wet dreams.
ill stick it once it gets useful fr all...
its nice to see progress at least, I thought they hit a brick wall a couple days ago as they stopped posting in the dev thread. It may be a while till we see a bootloader hack thats friendly for us but its hard to determine since we're not devs. As I understand it, the actual ROM is partly ready but it'll have a number of bugs etc still and only devs who can actually load it on through manual code will be able to test it out I think. It may be that its actually just a virtual rom to be loaded onto the SDK under the same conditions as the x10 to be tested by the developers. I THINK. As I said I'm not a developer so take my words with a huge grain of salt because I might be completely wrong.
PLS Can we get a little more detailed information.
instigator008 said:
I think that this release will be internal i.e. devs only. We never got RC1 so why should we expect RC2?
Click to expand...
Click to collapse
PLS Can we get a little more detailed information.
If the RC2 will be ready tomorrow then it means that RC1 was launched on the device?
irkkso said:
PLS Can we get a little more detailed information.
If the RC2 will be ready tomorrow then it means that RC1 was launched on the device?
Click to expand...
Click to collapse
what is the meaning of rc1 and rc2
RC = Release Candidate
irkkso said:
PLS Can we get a little more detailed information.
If the RC2 will be ready tomorrow then it means that RC1 was launched on the device?
Click to expand...
Click to collapse
No no no... you got it all wrong.
RC2 is the latest release of CyanogenMod and work has been carried out on this to "Port" it over to the x10. There wasnt any point in working on RC1 if CM RC2 was out.
rc = release candidate
a software enters rc usually after testing phase(alpha-beta-etc...)....
j4mm3r said:
Good news guys!
Jerpelea announced the eminent release of Cyanogen RC2 for the X10.
http://forum.xda-developers.com/showpost.php?p=7370940&postcount=91
Click to expand...
Click to collapse
So Jerpelea made a edit on the post... which is something pretty much expected as the bootloader is not cracked. So my guess is that this is going to use the spl loader module to boot into the CM kernel which has been ported for X10? Just a guess...
Can somebody explain to people like me who are new on android what does the cyanogen mod, is it just a firmware ?
What is called "kernel" in android and is it "modable" and if yes, why would it be ?
The answers...
Vilam said:
Can somebody explain to people like me who are new on android what does the cyanogen mod, is it just a firmware ?
What is called "kernel" in android and is it "modable" and if yes, why would it be ?
Click to expand...
Click to collapse
Hi Vilam, those are interesting questions, let me see if I can address those to your satisfaction.
The term "firmware" being distinct from "software", in my view is rapidly loosing its ability to be distinguishable from the latter. Essentially it refers to those parts of the executable code on a computing machine which remains unmodifiable or rather "burned in" to the circuitry. With the advent of modern flash memory storage, which is rather malleable compared to the earlier variants which existed, it is rather easy to change and update the machine code which is stored therein.
In other words, you might still refer to firmware to be part of the "software" which runs on a computing device which is not modifiable at run-time. In terms of a smart phone (which are rapidly becoming general purpose computing devices anyways), the firmware forms the basis of the software execution environment which affords the so called "apps" to run and provide either ever so innovative and useful functions.
Coming around to the point about Cyanogen mod... its a combination of firmware and software (if you still want to make that distinction that is). It in conjunction with helper pieces of code like the bootloader et. all. can completely replace the components that your phone was originally shipped with. Since these are Android phones that we are talking about, Cyanogen is derived from the same code base that Google officially uses for their various releases of Android. It is important to note that Android is a mobile application and phone platform rather than something which can easily be classified as "firmware" or "software"
Next question of yours about the "kernel". Not knowing what your level of familiarity of Linux or its derivatives is... let just say that Android is essentially like a distribution (or distro) of Linux designed specifically to run on mobile devices. As is the case with other Linux distros, they are formed around a core known as the "kernel". The "kernel" forms the core of the operating system which provides a homogeneous execution environment for the execution of various applications, which are in-turn pieces of software which are designed to provide the functionality which can be useful to the end-user. So all the so-called "apps" require the kernel to provide some services which are abstracted out enough so that the application programmer does not need to care about the really really low level stuff that actually has to go down if you actually want your device to do something. Hence the application programmer concentrates on the "high level" stuff, which is the functions that are actually going to be useful to the end-user!!
Like all modern computing platform, Android is a layered architecture and the "kernel" forms one of the most inner most parts of it (hence the name "kernel").
The linux kernel running Android for the X10 is already modifiable. People have been successful in compiling software modules called "kernel modules" which can be added to a running kernel and add functionality to it (this of course requires super user privileges or "root" access on the phone).
With the future pointing towards the capability of running mods like Cyanogen and the likes, the possibilities of modding and hacking are endless. Cyanogen, like the original releases of Android from Google are completely open source, so one can tweak almost all aspects of the phone functions. The possibilities are only limited by ones own imagination.
PS: I think I had too much beer and it makes me practice my English composition skills... hic!
Thank you very much for this clear explaination !
Please let me explain in newbie wordings. This is for ppl who can't understand what's going on at all.
1. A firmware likes an OS, if not exactly is. Windows, Linux, DOS, OS X are all OS. In android phone, there is merely one OS, which is Android.
2. Android is Linux.
3. Linux has a kernel, which is the main program. Without this, your machine can't run. On top of kernel, there is other software (movie player/web browser). Kernel + other software = distro (distribution).
4. Windows has different distro like Home, Professional, Ultimate... Linux has also different distro, so does android. One of them is CyanogenMod. The other could be Xperia X10 original.
5. Android is open source, so everyone can mod it. But that does also means someone can remove functions from it, one of them is Sony Ericsson, which locks your Xperia X10 for professional use.
6. While it is easy for us to upgrade Windows XP to Windows 7. It is difficult to install OS X from Windows XP. This is the same case for Android, it is easy to upgrade our Xperia X10, but it is not that easy to install CyanogenMod. There are honorable person working on this issue.
7. Why CyanogenMod? Because it is faster or it does not lock function like original Sony distro.
8. Just like installing OS X on regular PC, installing CyanogenMod may brick your machine. Much worse, Sony will definitely don't get your X10 repaired. So think if you need that extra function.
Hi all,
I've tried different modems and know that they effect dramatically on battery life and reception. I also know that the "best" modem is individual and a trial-and-error approach is needed.
Still, is there a documentation somewhere about each modem's features? For example the Nexus kc1 modem (if I'm not mistaken) has the ability to switch to 2G to save power when the phone is idle. I'm wondering which ICS modems (CM9) for the S2 have this feature, for example. Also some modems are reported to work better at certain ranges, etc.
Thanks
Sent from my GT-I9100 using XDA
Subscribed.
Perhaps this thread could & should be under a more general forum?
I'm thinking exactly the same thing.
I'm wondering what the limitations are. I have a feeling some very interesting things could be done with the modem.
http://androidforums.com/galaxy-s2-...3246-extract-radio-modem-tar-md5-package.html
For one, perhaps the polling time to the base station could be increased to save battery, and then put back to the original setting. There might be a standard that companies have against this, there might be a hardware limitation or possibly it's just badly documented right?
Another one could be broadcasting something completely different, or... receiving something you're not supposed to receive... scanning for other mobiles even. It could get quite disruptive.
No idea why not much talk on this... or perhaps we just need the right words to search for?
I can find related talk but nothing on the stack itself:
http://androidforums.com/galaxy-s2-international-all-things-root/489457-latest-i9100-modems.html
Samsung modems come as pre-compiled .bin files and Samsung never releases change logs with modems or ROMs so it's difficult to say what changes between releases. As far as I know, given the proprietary nature of the code it isn't possible (either technically, legally or both) to decompile the modem files and look at the code so any reviews would be purely based on observation of signal strengths and data speeds, also I don't think it's possible to modify them in any way, at least I have never seen anything that suggests a dev has tried.
Modems are black boxes. Documentation ? Bwaaahahahahahaha There's no such thing. Apart from real world tests people on here/elsewhere have done to compare connectivity/data speeds.
Always good to see a bit of maniacal laughter MB.
----------------------
GTI9100 KK5
Hehe ;-) Some of things people expect around here make me laugh.
I mean, documentation. From Samsung ? *****, please. Given how they play hardball with sources they're not going to give us documentation for proprietary code anytime soon.
aceofclubs said:
Always good to see a bit of maniacal laughter MB.
----------------------
GTI9100 KK5
Click to expand...
Click to collapse
Samsung release documentation it not only is read by guys that understand but also every idiot with a SGS2 . They will soon start posting asking for themed modems .
jje
Well I guess this is in the Samsung forum but also I'm thinking it would be nice to know just a little about modems... even just what the API allows would be nice.
As for going deeper it seems that yes, there is no company allowing full access:
"Although its philosophy is somewhat similar to that of Openmoko, GeeksPhone does not publish hardware specifications for its devices beyond a data sheet. Another difference is that GeeksPhone aims to provide a stable device suitable for everyday use and capable of competing with other commercial devices on the market. The GeeksPhone One ships with an Android version which has undergone quality tests and passed Android Open Source Project (AOSP) Code Compliance certification, allowing it to include closed-source Android components and participate in Android Market.
About emerging competitor Synapse-Phones's strategy to offer smartphones with customizable hardware, Rodrigo Silva-Ramos stated that GeeksPhone had tried the same, but found it impossible. He noted, however, that the existence of a competitor confirmed the viability of the company's business model.[10]
Click to expand...
Click to collapse
jago25_98 said:
Well I guess this is in the Samsung forum but also I'm thinking it would be nice to know just a little about modems... even just what the API allows would be nice.
As for going deeper it seems that yes, there is no company allowing full access:
Click to expand...
Click to collapse
The cm team would be on top of this I suspect.
Maybe they have commented their source code. Never looked but worth a shot.
----------------------
GTI9100 KK5
There are many explanations that people will tell you to the answer to the "what is a kernel?" Like this great one from Omnicide
Spoiler
Omnicide said:
The best way i seen it put was, think of the kernel as the engine and the rom as the body of the car. The body of the car (rom) just makes the car look nice and user friendly. Now when we talk about the engine (kernel) simply put red lining the engine will get you to go fast but burn gas. Keeping the rev down low will make you run slower but saving lots of gas. Thats just one way to look at it, rpms being the cpu.
Click to expand...
Click to collapse
or this great one from androidcentral.com
Spoiler
What is a kernel? If you spend any time reading Android forums, blogs, how-to posts or online discussion you'll soon hear people talking about the kernel. A kernel isn't something unique to Android -- iOS and MacOS have one, Windows has one, BlackBerry's QNX has one, in fact all high level operating systems have one. The one we're interested in is Linux, as it's the one Android uses. Let's try to break down what it is and what it does.
Android devices use the Linux kernel, but it's not the exact same kernel other Linux-based operating systems use. There's a lot of Android specific code built in, and Google's Android kernel maintainers have their work cut out for them. OEMs have to contribute as well, because they need to develop hardware drivers for the parts they're using for the kernel version they're using. This is why it takes a while for independent Android developers and hackers to port new versions to older devices and get everything working. Drivers written to work with the Gingerbread kernel on a phone won't necessarily work with the Ice Cream Sandwich kernel. And that's important, because one of the kernel's main functions is to control the hardware. It's a whole lot of source code, with more options while building it than you can imagine, but in the end it's just the intermediary between the hardware and the software.
When software needs the hardware to do anything, it sends a request to the kernel. And when we say anything, we mean anything. From the brightness of the screen, to the volume level, to initiating a call through the radio, even what's drawn on the display is ultimately controlled by the kernel. For example --when you tap the search button on your phone, you tell the software to open the search application. What happens is that you touched a certain point on the digitizer, which tells the software that you've touched the screen at those coordinates. The software knows that when that particular spot is touched, the search dialog is supposed to open. The kernel is what tells the digitizer to look (or listen, events are "listened" for) for touches, helps figure out where you touched, and tells the system you touched it. In turn, when the system receives a touch event at a specific point from the kernel (through the driver) it knows what to draw on your screen. Both the hardware and the software communicate both ways with the kernel, and that's how your phone knows when to do something. Input from one side is sent as output to the other, whether it's you playing Angry Birds, or connecting to your car's Bluetooth.
It sounds complicated, and it is. But it's also pretty standard computer logic -- there's an action of some sort generated for every event. Without the kernel to accept and send information, developers would have to write code for every single event for every single piece of hardware in your device. With the kernel, all they have to do is communicate with it through the Android system API's, and hardware developers only have to make the device hardware communicate with the kernel. The good thing is that you don't need to know exactly how or why the kernel does what it does, just understanding that it's the go-between from software to hardware gives you a pretty good grasp of what's happening under the glass. Sort of gives a whole new outlook towards those fellows who stay up all night to work on kernels for your phone, doesn't it?
. You probably didn't get it at all, so let me tell you what a kernel is in about 15 words. A kernel is "what makes the phone work, and with out it the phone will not function."
I don't want to be thanked for this, thank omnicide, and androidcentral.com for the great explanations.
~~~~~~~~~~~~~~~~~~~~~
Samsung galaxy s2
Rom: Jedi knight 6
kernel: Jedi kernel 2
~~~~~~~~~~~~~~~~~~~~~
And you thought celebrities weren't smart! =P
A kernel is a ring master who commands hardware and software.. Like it takes input from hardware and feeds to software and vice versa..
sent from cyanmobile powered Beni
I hope this is the right forum. I have a generic A13 Chinese tablet but I'm having difficulty tracking down the firmware I need to flash it. There are no markings on the back to indicate manufacturer and the space on the board where the ID is supposed to be found is blank. I took some pictures of the main board, maybe you guys will see an identifying marker that I missed.
http://i.imgur.com/YPRnVDx.jpg
http://i.imgur.com/axRkExe.jpg
http://i.imgur.com/YD7a8za.jpg
http://i.imgur.com/fzrzS7s.jpg
CriticalComposer said:
I hope this is the right forum. I have a generic A13 Chinese tablet but I'm having difficulty tracking down the firmware I need to flash it. There are no markings on the back to indicate manufacturer and the space on the board where the ID is supposed to be found is blank. I took some pictures of the main board, maybe you guys will see an identifying marker that I missed.
http://i.imgur.com/YPRnVDx.jpg
http://i.imgur.com/axRkExe.jpg
http://i.imgur.com/YD7a8za.jpg
http://i.imgur.com/fzrzS7s.jpg
Click to expand...
Click to collapse
The issue you will find is that there isn't a way to get the firmware. These types of devices are hacked together devices. Half of them are set up to lie about the hardware and source code and default firmware are almost never released.
Are you experienced at all with TOM building? Perhaps you could start out with the android source code and start from scratch building a ROM that has the drivers necessary for the components that you can find.
Sent from my Super Computer (1976) with Tap Tap Talkolution
This is a bit disheartening to hear. I haven't done any work with TOM building. The closest I've ever done is modifying a stock rom and making it installable in recovery. I have been trying random Q88 firmwares with the Phoenix Card Utility. I have the device booting now at least but none that I have tested thus far have the proper touchscreen driver. I guess I could use one of these firmwares as a starting point. What would be a good resource for learning how to build a ROM and how to discover which drivers I need?
CriticalComposer said:
This is a bit disheartening to hear. I haven't done any work with TOM building. The closest I've ever done is modifying a stock rom and making it installable in recovery. I have been trying random Q88 firmwares with the Phoenix Card Utility. I have the device booting now at least but none that I have tested thus far have the proper touchscreen driver. I guess I could use one of these firmwares as a starting point. What would be a good resource for learning how to build a ROM and how to discover which drivers I need?
Click to expand...
Click to collapse
Google has its own building community and there are some great tut in this site as well.
The issue most roms are facing is that the drivers to these devices are almost never available. They tend to be hacked drivers that violate one copyright or another so they are never available to the public.
You might be able to find something on a China based site where they deal more with knock offs then we do here.
zelendel said:
Google has its own building community and there are some great tut in this site as well.
The issue most roms are facing is that the drivers to these devices are almost never available. They tend to be hacked drivers that violate one copyright or another so they are never available to the public.
You might be able to find something on a China based site where they deal more with knock offs then we do here.
Click to expand...
Click to collapse
Thanks for the quick replies. Guess it's time to do some research.
First off, sorry if this is redundant... I thought I had found the information I was looking for but I can't seem to locate it again. I have an autopumpkin double din unit in my vehicle. I have a couple of off-brand low end tablets, and some android boxes on my TVs. I was hoping to potentially build from source an AOSP image for my autopumpkin unit with a newer version of android on it - or perhaps an android for TV build. I was reading through thread after thread after thread about the building and flashing of new images. What I am wondering is this: when it comes to off brand vendors, often android will show a build for something like rk3188 chipset for example. Is there anything I can or need to salvage from the existing build in order to replace it with a build that isn't the same? I get it - with things like any custom apps used for interfacing to hardware - like a radio tuner app etc would likeyl have to be found or salvaged. sorry if my wording isn't very good.... but I am looking to potentially build a new android rom for something that isn't really being actively supported anymore... to extend the life of the hardware. I am looking for information on anything in terms of how to get anything proprietary off the existing image or filesystem in order to allow the device to actually boot....