Unlock & Talk: Open Source Bootloader & Modem

During the early years of cell phones, lifespan was mainly limited by hardware (buttons wearing out, dropping phones, or water damage), software is a primary reason that phones are replaced today. Upgrades are often prompted by dissatisfaction with a slow phone, or manufacturers simply stopping updates to phone software after a few years at best. [Oliver Smith] and the postmarketOS project are working to fix the update problem, and have begun making progress on loading custom software onto cellphone processors and controlling their cellular modems.

Since [Tom Nardi] introduced Hackaday readers to postmarketOS, the team has made progress on compiling a standard bootloader for MediaTek System-on-Chip (SoC) processors. Many Android phones use the MIT-licensed Little Kernel as the base of their bootloader and then apply custom closed-source modifications. [McBitter] has worked to eliminate this closed-source code by porting Little Kernel to the MT6735P used in the Coolpad Modena 2. By understanding the modifications MediaTek used for this particular SoC, the postmarketOS team hopes to use their modified, open-source Little Kernel bootloader with other MediaTek-based devices. While progress has been difficult and attempts at using emulators to probe bootloader memory have failed, [McBitter] was able to decode the DRAM configuration settings by searching for a leaked portion of the configuration strings. Now that he can set up the DRAM, there should be few barriers to running Little Kernel.

OsmocomBB running on Fernvale Development Board, blinking.

The second feature they’re working on is the cellular modem, which presents serious security risks as a peripheral running a secondary operating system. While an open source replacement for this operating system has been developed, called OsmocomBB, it was designed for a defunct TI modem. Using the Fernvale development boards from [Bunnie Huang], [unrznbl] has been working to port OsmocomBB’s lowest hardware-interface layer to Fernvale. [unrznbl] has accomplished everyone’s favorite first project, blinking LEDs, and has moved on to using a USB bootloader to run OsmocomBB via a PC. Once all of OsmocomBB uses the Fernvale hardware, you will be able to use all 2G voice and data features, and eliminate the PC by managing the modem from the OS kernel.

A disclaimer: don’t expect this to replace your main phone anytime soon. The MediaTek SoC’s they are working with are not commonly used in US cell phones and are primarily found in the low-end or international market. Second, OsmocomBB is only able to handle 2G connections, which are being phased out in many parts of the world. So more work will need to be done to enable connections using 3G and higher.

If you want to help out, postmarketOS is looking for help. If you’re interested in similar projects, we’ve featured cell phones built from FR4, the Particle Electron to have IoT anywhere with a cell connection, and using smartphones in robots.

13 thoughts on “Unlock & Talk: Open Source Bootloader & Modem

  1. “Upgrades are often prompted by dissatisfaction with a slow phone, or manufacturers simply stopping updates to phone software after a few years at best.”

    Or, as I see it, the updates are the cause of the slow phone!
    It seems with every “update” my phone takes longer to boot or execute applications.
    It is not hard to imagine that these updates are trying to push us into dissatisfaction and onto a newer “faster” (for now) phone (with even more spyware).

    1. “The MediaTek SoC’s they are working with are not commonly used in US cell phones and are primarily found in the low-end or international market. ”

      Which may be just alright with me. After my current phone wears out/breaks down, I’m seriously considering a low-end phone as a replacement. Hopefully, it will have less room for spyware applications.

        1. Do you really expect everybody to run around with a VR headset in the future? Worse than today’s “smombies” (smartphone zombies)? No, for sure not. I would not call it satisfying to percept the world only through a display. And equally I don’t like using headphones, I don’t like this amount of “shielding” from my surroundings.
          And if you just think how “popular” users of google glass were soon after it’s emergence, then you have to understand, that this is not the future.

    2. Nathan’s laws of software:
      1) Software always expands to fit whatever container it is stored in.
      ..
      3) People buy new hardware because the software requires it.

      We’re feeling the hit harder than before because mobile hardware is improving so rapidly, so the software is expanding faster. An 8 year old computer is still serviceable while a 6 year old phone is likely unusable with the latest software.

  2. “Once all of OsmocomBB uses the Fernvale hardware, you will be able to use all 2G voice and data features, and eliminate the PC by managing the modem from the OS kernel.”

    Isn’t quite accurate. Read the blog post for full details.

    In order to eliminate the PC we will need port osmocom-bb layer1 to the nutt-x OS. Thankfully Bunnie and Xobs already ported the basics with fernvale-nuttx so we need to port over osmocom-bb layer1 and mobile software to fernvale-nuttx.

    1. ancient? it’s even antediluvian, I work on it in the early 2000’s
      Given what is needed for 3G and 4G (IP license and testing tools), I guess we poised to 2g only for OSS.

  3. It’s not impossible to find US band GSM based MediaTek phones. I’ve got one here that has already had to have it’s stock OS blown out due to a built-in Trojan.

    Which I suppose isn’t a great recommendation! Still. The learning that went into breaking down the OS distribution files and rebuilding them, sans-Trojan, was good fun.

  4. It would be nice to see an open source 3G cellular radio effort for all those people in countries where GSM isn’t a thing anymore (or where it wont be a thing anymore in the near future). Of course that would mean finding a chipset that has all the hardware for 3G and that can be reverse engineered at the hardware level…

    1. Imo hobbyists should just leapfrog 3G and go from 2G GSM to LTE.
      LTE is less complex than 3G and things like srsLTE, YateBTS and openairinterface exist.
      So the implementations exist and are more modern and faster.

      Almost all current cellphones still support GSM as it is still very widely deployed in the world.

    1. What problem do they have, that they need new firmware? Software does not wear out like bearings or brake pads. So a digital picture frame should more likely need a new battery after some time than any new software.

      A digital picture frame does not even pose a security risk, as nobody (sane) connects it to public networks. But probably this is not true any more because people now try to connect any shit to the internet.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.