Hi David, > Now I used these fc-loadtool commands to put the flash from the old stolen > model onto the new phone:- > > flash erase-program-boot my_c139.bin 10000 > flash erase 10000 360000 > flash program-bin 10000 my_c139.bin 10000 360000
Good, these commands you have used are indeed correct for use cases like yours - but these commands very deliberately do NOT rewrite the entire flash, instead they rewrite only the firmware portion of it. > But, to my surprise the IMEI has not changed - ie it's the same as before the > flash operation, It shouldn't be a surprise - your phone is behaving exactly as it should. You have rewritten the firmware portion of the flash while leaving the vital data area untouched; the vital data area of the flash which you thankfully didn't touch (thank all the gods that you didn't issue wrong loadtool commands and try to reflash that area) stores the IMEI (in some encrypted or obfuscated form apparently), factory RF calibration values and unknown other data. > whereas I expected it would now have the IMEI of the stolen phone. Why did you expect so? The behaviour you seemingly expected would occur only if you were to rewrite your *entire* phone flash with bits from a different phone - but doing so would be an extremely bad idea and should NEVER be done: * Transplanting RF calibration values from one phone to a different one will almost certainly put its radio operation officially out of compliance, as these RF parameters are calibrated per individual unit. In reality your chances of getting caught will be nil, and the degree of non-compliance may well be below the GSM 05.05 spec's very generous 2 dB tolerance, but doing a blind transplant of this sort would still be morally wrong and grounds for severe disapproval and censure from me. * The IMEI appears to be stored in some encrypted or obfuscated form, and I wasn't able to locate it in Compal's factory data records. TI had an example IMEI obfuscation scheme in which the IMEI is encrypted with DES, with the Calypso die ID used as the DES key, and this scheme has been adopted by Foxconn for Pirelli DP-L10. If Compal used the same scheme or some other in which the Calypso die ID is used as part of IMEI record decoding or verification, then a transplanted IMEI will be detected and rejected. Think of it as akin to organ transplant rejection - not fun. > So question - will I have the correct calibration figures for this hardware > - ie will those figures, like the IMEI, also have remained unchanged? Yes - if the loadtool commands you issued were indeed as you said, then you have only rewritten the firmware portion and not the vital data area of your phone flash, and you still have the correct calibration values and IMEI untouched. > Guessing not, as we pull those figures out of the flash dump. Not with loadtool commands which you cited - these rewrite only the fw portion and not the vital data sectors. Or maybe when you said "we pull those figures out of the flash dump", perhaps you were referring to the procedure for running FreeCalypso fw on these phones? In that case yes, we do extract RF calibration values out of the flash dump - but it must be the *correct* flash dump! You need to make a complete flash dump from your *current* phone, not the other specimen, and use it for FC installation purposes when the time comes. > Is the phone likely to behave badly with this "wrong" flash? *Would* it be likely to behave badly if you were to go counter to my instructions and transplant the vital data sectors? Most likely the error will be quite small, to where the altered RF operation would be wrong morally, but not practically. But if some bad boy were to carelessly transplant RF calibration values on his phone in blatant disregard of my instructions and admonitions, don't bring that phone to Themyscira, or I in my capacity as the High Priestess of Telecommunications for the Women's Republic of Themyscira will unleash the full wrath of our equivalent of FCC on you. :) > I saw that the software versions (from #02#) are identical but I guess that > is beside the point. There is the "base" SW version, and then FFE and LPE versions. Your base fw version may very well be the same, but FFE and/or LPE must be different in order to go from carrier branding to pure Motorola branding. Have you saved a complete flash dump from your current C139 phone in its original state prior to reflashing it? If you have, run the Unix strings command on it and grep for FFE and LPE strings. And if you haven't made and saved a flash dump first, then it was very irresponsible of you! You lucked out in that you haven't rewritten your vital data sectors with a transplant (or at least it appears so from your post), but if you had rewritten those sectors and didn't have a backup that can be restored, then that phone would have to be scrapped and physically destroyed, which would be unforgivable given that you need a rare EU-bands version of C139 and can't use a North American C139 phone of which I have a huge stash. M~ _______________________________________________ Community mailing list [email protected] https://www.freecalypso.org/mailman/listinfo/community
