1. Flashing an application into a C123 phone
    1. Memory
    2. preparations
      1. Unlocking flash write of Osmocom loader
      2. Modifying the loader
      3. rebuilding the firmware
    3. actual installation
      1. Booting the phone / downloading loader to ram
      2. Flashing the loader
      3. Flasing an application
    4. Testing

Flashing an application into a C123 phone

This tutorial explains how to flash an application into C123 phone. Read carfully, otherwise you might brick your phone. Even if you follow this tutorial, you may brick your phone if you run into cable problem, weak battery or software fault. Also be sure to have another phone, because currently the firmare does not support battery charging.

There will be three parts to be flased:

  • the original Compal loader
  • the OSMOCOM loader
  • the application

Without the compal loader, the phone is bricked. The OSMOCOM loader will allow to start the application at flash page 1.

Memory

The memory is mapped as follows:

  • 0x000000-0x00ffff: Flash page 0
  • 0x010000-0x01ffff: Flash page 1
  • ... more Flash pages ...
  • 0x800000-0x83ffff: Ram

Our flash layout is:

  • 0x000000-0x001fff: Compal loader
  • 0x002000-0x00ffff: OSMOCOM loader
  • 0x010000-........: OSMOCOM application and storage

Note: The Compal loader and the OSMOCOM loader will located in the same flash page!

preparations

Unlocking flash write of Osmocom loader

$ cd src/target/firmware/
$ edit Makefile

Enable the following compiler flags: (They are located at the bottom of the file.) 

CFLAGS += -DCONFIG_FLASH_WRITE
CFLAGS += -DCONFIG_FLASH_WRITE_LOADER

Modifying the loader

In order to make the osmocom loader start the application, it must be modified. You will be able to press the Menu button to start the application after the loader starts. 

diff --git a/src/target/firmware/apps/loader/main.c b/src/target/firmware/apps/loader/main.c
index 2ff6f9c..e488c98 100644
--- a/src/target/firmware/apps/loader/main.c
+++ b/src/target/firmware/apps/loader/main.c
@@ -438,6 +438,9 @@ static void key_handler(enum key_codes code, enum key_states state)
 		puts("Resetting due to keypress.\n");
 		device_reset();
 		break;
+	case KEY_MENU:
+		device_jump((void *)0x10000);
+		break;
 	default:
 		break;
 	}

rebuilding the firmware

Now rebuild the firmware with write support enabled: 

$ make clean
$ make

actual installation

Booting the phone / downloading loader to ram

$ cd src
$ host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor target/firmware/board/compal_e88/loader.compalram.bin

Briefly press the power-on button of your phone (short push, not like a regular phone boot!). See osmocon for more informations.

You will get the following output: 

Received PROMPT1 from phone, responding with CMD
read_file(target/firmware/board/compal_e88/loader.compalram.bin): file_size=18436, hdr_len=4, dnload_len=18443
Received PROMPT2 from phone, starting download
handle_write(): 4096 bytes (4096/18443)
handle_write(): 4096 bytes (8192/18443)
handle_write(): 4096 bytes (12288/18443)
handle_write(): 4096 bytes (16384/18443)
handle_write(): 2059 bytes (18443/18443)
handle_write(): finished
Received DOWNLOAD ACK from phone, your code is running now!
Received DOWNLOAD ACK from phone, your code is running now!


OSMOCOM Loader (revision osmocon_v0.0.0-1322-g43c588b-modified)
======================================================================
Running on compal_e88 in environment compalram
Found flash of 2097152 bytes at 0x0 with 2 regions

Now open another console and talk to the loader as described below:

Flashing the loader

The OSMOCOM loader is located in ram. (see above) It will be used to flash itself. Because it runs in ram, it will allow accessing the flash. Later, the loader in flash can be used to start the application, as well as load other applications to ram, instead of the Compal loader.

The loader cannot be flashed without erasing the original Compal loader, because both are located in the same flash page. We can only erase the complete page, not parts of it. The first thing we must do is save the original loader: 

$ cd src
$ host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin

Test if flashing works, so we will first flash the Compal and Osmocom loader to a wrong location. If flashing fails, we still have the Compal loader working on it's original location, and the phone is not bricked.

First erase page at 0x010000 and program the just saved compal_loader.bin and the Osmocom loader: 

$ host/osmocon/osmoload funlock 0x010000 0x10000
$ host/osmocon/osmoload ferase 0x010000 0x10000
$ host/osmocon/osmoload fprogram 0 0x010000 compal_loader.bin
$ host/osmocon/osmoload fprogram 0 0x012000 target/firmware/board/compal_e88/loader.e88loader.bin

If all these steps will not produce any error output, you can start flashing the Osmocom loader to it's right place at page 0x000000: 

$ host/osmocon/osmoload funlock 0x000000 0x10000
$ host/osmocon/osmoload ferase 0x000000 0x10000
$ host/osmocon/osmoload fprogram 0 0x000000 compal_loader.bin
$ host/osmocon/osmoload fprogram 0 0x002000 target/firmware/board/compal_e88/loader.e88loader.bin

Flasing an application

In order to flash the application firmware, you must check how large it is. You need to erase the amount of pages the firmware requires. You need to round it up to a multiple of 64k (one flash page).

In this example we will flash the rssi firmware. It is between 64k and 128k, so we need at least two pages to erase: 

$ host/osmocon/osmoload funlock 0x010000 0x20000
$ host/osmocon/osmoload ferase 0x010000 0x20000
$ host/osmocon/osmoload fprogram 0 0x010000 target/firmware/board/compal_e88/rssi.e88flash.bin

Testing

  • Power off your phone.
  • Disconnect the serial cable.
  • Turn it on (push power button), the backlight will enlight.
  • Press the Menu button, the application will start.