hackinator
19-02-2008, 09:21 AM
I'm coming to you as an old school (embedded) hardware hacker, who got stuck in the AMPS days as far as cell phones go. I've picked up a Kaiser as my first foray into the world of PDAs and smart phones in anticipation of the eventual porting of Linux to the device.
I've been lurking for a number of weeks now, and have seen many interesting things. Linux development seems to be on hold awaiting a commit of the Android SD card driver. (probably a wise choice) What I'd really like to do is to get started disassembling the radio firmware.
The radio core firmware seems the most interesting as I have seen Android devs mention that hardware can be "owned" by either the arm9 or the arm11. The Android devs have stated that their radio firmware "owns" nothing but the radio, but its obvious from the radio firmware thread that some of the released versions own the sound output while others don't. (See the ATT firmwares which break sound for the non-ATT roms) In order to use any devices owned by the arm9, (including the GSM and UMTS radios) we're going to have to talk to the radio firmware.
It appears that plenty of people have been working on the radio firmware, particularly with the goal of unlocking. Now that a freely available unlock has been released, whatever monetary value there was is gone. I'm disappointed that more technical information about the unlock has not been released. Since the public unlock released utilizes a modified radio, I thought I'd ask here and see if I could get more info on it. What routines have been identified so far, etc.
It may be a better idea to poke through the WinCE code to figure out how to communicate with the arm9, (Android devs say that its a shared memory interface) but I'll leave that to those that know more about WinCE. (I've had enough undocumented spaghetti code at work!)
My goals:
1) have some disassembling fun
2) help get Linux running with full HW support
3) crack the last bit of security and let people change the IMEI (Turks rejoice, you can buy a Kaiser on ebay! ATT, you don't get to charge extra just because there's a tiny keyboard!)
Thanks to anybody that posts info or points me to it! Keep up the good work everybody, HardSPL and the public unlock are awesome.
-The Hackinator
I've been lurking for a number of weeks now, and have seen many interesting things. Linux development seems to be on hold awaiting a commit of the Android SD card driver. (probably a wise choice) What I'd really like to do is to get started disassembling the radio firmware.
The radio core firmware seems the most interesting as I have seen Android devs mention that hardware can be "owned" by either the arm9 or the arm11. The Android devs have stated that their radio firmware "owns" nothing but the radio, but its obvious from the radio firmware thread that some of the released versions own the sound output while others don't. (See the ATT firmwares which break sound for the non-ATT roms) In order to use any devices owned by the arm9, (including the GSM and UMTS radios) we're going to have to talk to the radio firmware.
It appears that plenty of people have been working on the radio firmware, particularly with the goal of unlocking. Now that a freely available unlock has been released, whatever monetary value there was is gone. I'm disappointed that more technical information about the unlock has not been released. Since the public unlock released utilizes a modified radio, I thought I'd ask here and see if I could get more info on it. What routines have been identified so far, etc.
It may be a better idea to poke through the WinCE code to figure out how to communicate with the arm9, (Android devs say that its a shared memory interface) but I'll leave that to those that know more about WinCE. (I've had enough undocumented spaghetti code at work!)
My goals:
1) have some disassembling fun
2) help get Linux running with full HW support
3) crack the last bit of security and let people change the IMEI (Turks rejoice, you can buy a Kaiser on ebay! ATT, you don't get to charge extra just because there's a tiny keyboard!)
Thanks to anybody that posts info or points me to it! Keep up the good work everybody, HardSPL and the public unlock are awesome.
-The Hackinator