Re: Focus of development [was: IMEI changing kit for GTA02]

[Michael Spacefalcon]

Nick  wrote:

> Any more hints as to what "additional freedom enhancements" you have 
> planned?

* Pirelli DP-L10 has a bunch of extra chips supporting the WiFi/VoIP
  and camera functions, chips for which there are no docs.  I won't be
  using any chips without docs in my design.  The WiFi/VoIP function
  is something I have no interest in at all (thus no plan of providing
  any hw for that), and the first version won't have a camera either.

* The RF front end in my design will be quad-band; Pirelli is tri-band
  (2EU+1US) just like Om.  More GSM bands = freedom to travel to more
  parts of the world with the device.

* I plan on connecting the USB-serial chip (probably CP2102, same as
  Pirelli) to Calypso's MODEM UART, i.e., the more hw-capable out of
  the two.  In the existing Pirelli hw it is connected to the IrDA
  UART, i.e., the less capable one.  I would like to offer both RVTMUX
  and the traditional AT command interface over this USB-serial port,
  and TI's code wants to use the MODEM UART for CSD, not IrDA.
  (Pirelli's fw does not provide an AT command interface, only some
  proprietary i/f for their Weendoze PC software, built on top of TI's
  RVTMUX.)

HTH,
SF

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: Focus of development [was: IMEI changing kit for GTA02]

[Nick]

Quoth Michael Spacefalcon:
> Hence the solution is to build a new Free Dumb Phone that will be a
> semi-clone of this Pirelli DP-L10, with some additional freedom
> enhancements thrown in.

Any more hints as to what "additional freedom enhancements" you have 
planned?

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: Focus of development [was: IMEI changing kit for GTA02]

[Michael Spacefalcon]

openm...@pulster.de (Christoph Pulster) wrote:

> Besides legal issues, I miss the thanks to Michaels effords.

Thanks, I appreciate the change in attitude from this previous post
of yours:

: From: openm...@pulster.de (Christoph Pulster)
: To: community@lists.openmoko.org
: Subject: Re: Building a new totally free phone
: Date: 23 Aug 2013 11:54:00 +0200
:
: > just because something is illegal does NOT automatically mean that
: > it's bad
:
: Just because something is illegal does not prevent it to be crap.
: You are not interested to built helpful hardware, but enjoy your  
: erection being a self-called outlaw. Have fun with it, but no applaus  
: from my side.

For some reason that 2013-08-23 post is not visible in the web archive
at 
- perhaps your use of the word "erection" triggered some filter?

> but concerning technical effords, he was very  
> insistant and pushed it as far as writing a tool for easy change of IMEI  

Just in case it isn't already clear, that IMEI change kit came about
merely as a *side product* from my main work seeking to produce a
better-than-OsmocomBB totally free GSM phone firmware.  In TI's fw
architecture, the actual GSM code runs more or less as an "application"
on top of a quite rich RTOS environment, and getting this RTOS
environment (by which I mean not just Nucleus, but also RiViera, RVT,
FFS, ETM and other components) fully working and fully under our own
control is a prerequisite for tackling the actual GSM code.  This RTOS
environment just happens to include a full-featured Unix-like file
system (TIFFS), so naturally tools are needed to operate on this file
system.

The IMEISV is just one data item stored in TI's GSM device file system,
and because of its "forbidden fruit" status, a lot of people have been
asking for a way to edit it freely, hence it was quite natural to take
several FreeCalypso tools (written for the primary purpose of free GSM
fw development and debugging) and string them together into a very
hacky kit for editing the FFS on GTA01/02 modems.

> without having full access to NDA-infos.

The 4 TI source leaks on which my work is based are TSM30, LoCosto,
MV100 and Sotovik, in the order of discovery/liberation.  The real
thanks go to those who have brought all of these leaks out into the
public - as Comrade Stalin said, the country needs to know its heroes.

But in the case of TIFFS specifically, I didn't have a source for this
fw component until the MV100-0.1.rar find, and believe it or not, I
actually reverse-engineered that FFS format on my own (by staring at
hex dumps of flash read out of my GTA02 and Pirelli phones and
reasoning how one would implement a writable FFS given the physical
constraints of NOR flash) just a few days before I found that MV100
source leak!

Matthias Apitz  wrote:

> I use my GTA02 FR as my daily phone, running a SHR from 2012. I have no
> other cellphone [...]
> i.e. I _highly_ depend on working phone features (call, SMS).
> And IMHO this should be our primary focus for an OpenSource cellphone,

Just in case I haven't already made it fully clear, that is exactly
the focus of my work.  The IMEI change kit was/is merely a byproduct
made by stringing together the tools which were written and are needed
for main GSM fw development.

> because my FR sometimes fails in accepting calls, often fails in
> receiving SMS, not always works up from suspend, the people I call are
> blaming me for my poor voice, etc.

With the current leo2moko firmware, I am quite confident that the GSM
modem in the FR works the way it should, no major flaws.  The fw in
question does have a bunch of binary blobs in it, making it very hard
to modify some things until we deblob it, but even these blobs are in
the form of COFF objects with full symbolic information, parsable with
the objdump utility from GNU Binutils built with the needed patch, so
while having very limited ability to modify them at the present
moment, we can still examine these blobs with a high level of
transparency.  And as you can probably guess, I have already examined
these blobs quite extensively, and hence have a high level of
confidence in the quality of the fw.

So with the modem no longer being the black box which automatically
takes the blame for any and all problems with phone functionality, the
finger of suspicion now points at the Linux application processor
software on the FR.

In my opinion, the problems which reduce the usability of the FR as an
everyday cellphone stem from the unnecessary complexity of the Linux
AP.  If all I want is a cellphone for making and receiving phone calls
(plus SMS), why in the heck should I have to deal with the enormous
extra complexity of a Linux computer built into that phone?

As some may remember, which I first joined this mailing list in the
fall of 2011, just before I got sidetracked for 2y to deal with the
"Closedmoko" muck, my intent was to write a Linux-from-scr

Re: IMEI changing kit for GTA02

[Dr. H. Nikolaus Schaller]

Am 19.02.2014 um 12:21 schrieb Christoph Pulster:

> Hi,
> 
> its nice to see, outlaw Michael's activities cause some life in this  
> list.
> 
> @Nikolaus: damn to UK laws, Michael is providing a tool to change IMEI,  
> no more no less. Besides legal issues, I miss the thanks to Michaels  
> effords.

For something that has no use case? And that I don't need?

> Of course he wrote a lot strange/non tolerable things in this  
> list in the past, but concerning technical effords, he was very  
> insistant and pushed it as far as writing a tool for easy change of IMEI  
> without having full access to NDA-infos.

The spirit of Openmoko is to *build* open devices. Because big companies
have the tendency to keep things closed.

And yes we know that we have quite some limitations to reach this goal.

But it was never about *breaking* into devices ignoring NDAs and laws.
For breaking into devices I can buy an iPhone and do a Jailbreak. Or any
Android device and enable root access.

I would applaud if he manages to build his own modem and firmware
from scratch (or based on OsmocomBB) *and* gets FCC and R&TTE and
whatever approvals are needed. That would better bring us forwards than
patching firmware for some legacy chipset (designed 10 years ago).

Or more useful would be if someone would write firmware for the Marvell
chipset or the PowerVR SGX from the scratch.

-- hns

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[Matthias Apitz]

El día Wednesday, February 19, 2014 a las 01:44:04PM +0100, joerg Reisenweber 
escribió:

> ... 
> So let's sum up: you find a carefully selected fake IMEI, switch your phone 
> to 
> that, insert that new SIM you just purchased for 10 bucks at a gas station 
> where you popped up disguised as Benjamin Franklin and registered it in 
> internet under Benjamin's identity to enable it, then you do one phonecall 
> and 
> discard the SIM immediately after call. Right?
> 
> Better use a phonebooth! ;-)

Yes, and better let's spend our efforts in real phone features and
stability.

matthias
-- 
Matthias Apitz   |  /"\ ASCII Ribbon Campaign: www.asciiribbon.org
E-mail: g...@unixarea.de |  \ / - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ |   X  - No proprietary attachments
phone: +49-170-4527211   |  / \ - Respect for open standards

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[joerg Reisenweber]

On Wed 19 February 2014 12:21:00 Christoph Pulster wrote:
> Hi,
> 
> its nice to see, outlaw Michael's activities cause some life in this
> list.
> 
> @Nikolaus: damn to UK laws, Michael is providing a tool to change IMEI,
> no more no less. Besides legal issues, I miss the thanks to Michaels
> effords. Of course he wrote a lot strange/non tolerable things in this
> list in the past, but concerning technical effords, he was very
> insistant and pushed it as far as writing a tool for easy change of IMEI
> without having full access to NDA-infos.
> 
> 
> @Joerg: "changing IMEI...will not improve your privacy, au contraire"
> please explain this to me again.
> If I buy a Openmoko and use a non-registered prepaid card with it,
> change the IMEI before first usage, who can track my real ID ?
> 
> Christoph

I knew this will come up again. We had been through all this a month or two 
ago. Whatever...:

who can track you? everybody who already tracked you and noticed you did a 
call before to same far end number from roughly same geo-location. When you do 
TWO calls to TWO (normal) numbers, not even geo-location is needed (unless 
both numbers are of the class "gets 50 calls per day").
And so far we didn't even consider any implications from fingerprinting of your 
mobile equipment's GSM stack and physical transceiver. Buzzword nmap "guess 
OS" to give you an idea of how that works.

Honestly, changing your IMEI doesn't mean you magically get invisible, you 
rather stand out as one of maybe 5 guys in your wider area - read town, 
country - using a *new* fake IMEI. Even when you change your IMEI (and discard 
your SIM and get a new one) after every single call you do, you will stand out 
even more as THE only guy who is known to do that in your whole country.

Then add on top true eavesdropping on calls and speaker recognition.

And when things go really haywire, you pick a "random" IMEI that's actually 
already in use by somebody else, or is blacklisted.

Oh, and make sure you did pay your SIM with real money, not any credit card or 
whatever.


So let's sum up: you find a carefully selected fake IMEI, switch your phone to 
that, insert that new SIM you just purchased for 10 bucks at a gas station 
where you popped up disguised as Benjamin Franklin and registered it in 
internet under Benjamin's identity to enable it, then you do one phonecall and 
discard the SIM immediately after call. Right?

Better use a phonebooth! ;-)


cheers
jOERG
-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
(alas the above page got scrapped due to resignation(!!), so here some 
supplementary links:)
http://www.georgedillon.com/web/html_email_is_evil.shtml  
http://www.nonhtmlmail.org/campaign.html
http://www.georgedillon.com/web/html_email_is_evil_still.shtml
http://www.gerstbach.at/2004/ascii/ (German)


signature.asc
Description: This is a digitally signed message part.
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[Boudewijn]

On 19-2-2014 10:39, Paul Wise wrote:

On Wed, Feb 19, 2014 at 5:19 PM, Dr. H. Nikolaus Schaller wrote:


what is "semi-legal"?

I assume that means it is illegal in some parts of the world and not
in others. For example illegal in the UK, not illegal in Michael's
micronation.
Hmmm... By that definition there's at once a whole lot of legalities in 
a grey "semi-legal" area :-P


Boudewijn

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[joerg Reisenweber]

On Wed 19 February 2014 11:26:49 Nick wrote:
> On Wed, Feb 19, 2014 at 10:19:12AM +0100, Dr. H. Nikolaus Schaller wrote:
> > According to http://www.legislation.gov.uk/ukpga/2002/31/section/1 it is
> > a full (not semi) offence with up to 5 years in prison in the UK.
> > 
> > And even possessing such a tool isn't allowed:
> > 
> > http://www.legislation.gov.uk/ukpga/2002/31/section/2
> 
> Eugh. What a horrible piece of legislation. What *should* happen is
> that it should be repealed now that mobile phone theft is far less
> than it was when it was drafted, and known abuses of surveillance
> are far higher. I have precisely zero faith in anything like that
> happening, particularly in the UK.
> 
> Although, reading section 1(3)(b) of the first legislation, it looks
> like it's legal if the manufacturer permits it in writing. So someone
> at OM should say "yeah, sure, whatever", which would make us a
> little safer ;)

If that makes you feel better:
yeah, sure, whatever
OM nor me can allow or forbid anything you do to your phone, and I consider 
changing of IMEI reasonably safe from a technical perspective.

I however again want to emphasize the absolute lack of any point in changing 
IMEI. It will not improve your privacy, au contraire it will make you light up 
in their surveillance like a pink Zebra in savanna.
When you need to have privacy, don't use GSM! Use a phonebooth instead! Use 
coins, not a phone card!

/j
-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
(alas the above page got scrapped due to resignation(!!), so here some 
supplementary links:)
http://www.georgedillon.com/web/html_email_is_evil.shtml  
http://www.nonhtmlmail.org/campaign.html
http://www.georgedillon.com/web/html_email_is_evil_still.shtml
http://www.gerstbach.at/2004/ascii/ (German)


signature.asc
Description: This is a digitally signed message part.
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: Focus of development [was: IMEI changing kit for GTA02]

[Nick]

On Wed, Feb 19, 2014 at 10:55:05AM +0100, Matthias Apitz wrote:
> I use my GTA02 FR as my daily phone, running a SHR from 2012. I have no
> other cellphone (if I do not count the Nokia of my son or the Nokia of
> my wife), i.e. I _highly_ depend on working phone features (call, SMS).
> And IMHO this should be our primary focus for an OpenSource cellphone,
> because my FR sometimes fails in accepting calls, often fails in
> receiving SMS, not always works up from suspend, the people I call are
> blaming me for my poor voice, etc.

I'd recommend you give qtmoko a try. I used to run SHR, but have
found qtmoko more reliable. It still occasionally screws up (failing
to unsuspend [though this looks like it's fixed in the new version],
and once failing to make outgoing calls), but in general it's a
pretty good experience. Plus it's actually maintained.

> Maybe others have other focus, because they use whatever iPhone or
> Android for phone features and are more interested in such hacks. I do
> not (without underestimating the intelectual work).

This has always been a community interested in hacks ;)

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[Nick]

On Wed, Feb 19, 2014 at 10:19:12AM +0100, Dr. H. Nikolaus Schaller wrote:
> According to http://www.legislation.gov.uk/ukpga/2002/31/section/1 it is a 
> full (not semi) offence with up to 5 years in prison in the UK.
> 
> And even possessing such a tool isn't allowed:
> 
> http://www.legislation.gov.uk/ukpga/2002/31/section/2

Eugh. What a horrible piece of legislation. What *should* happen is
that it should be repealed now that mobile phone theft is far less
than it was when it was drafted, and known abuses of surveillance
are far higher. I have precisely zero faith in anything like that
happening, particularly in the UK.

Although, reading section 1(3)(b) of the first legislation, it looks
like it's legal if the manufacturer permits it in writing. So someone
at OM should say "yeah, sure, whatever", which would make us a
little safer ;)

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[Matthias Apitz]

Hello,

I use my GTA02 FR as my daily phone, running a SHR from 2012. I have no
other cellphone (if I do not count the Nokia of my son or the Nokia of
my wife), i.e. I _highly_ depend on working phone features (call, SMS).
And IMHO this should be our primary focus for an OpenSource cellphone,
because my FR sometimes fails in accepting calls, often fails in
receiving SMS, not always works up from suspend, the people I call are
blaming me for my poor voice, etc.

Maybe others have other focus, because they use whatever iPhone or
Android for phone features and are more interested in such hacks. I do
not (without underestimating the intelectual work).

Thanks

matthias

-- 
Sent from my FreeBSD netbook

Matthias Apitz, , http://www.unixarea.de/ f: +49-170-4527211
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[Paul Wise]

On Wed, Feb 19, 2014 at 5:19 PM, Dr. H. Nikolaus Schaller wrote:

> what is "semi-legal"?

I assume that means it is illegal in some parts of the world and not
in others. For example illegal in the UK, not illegal in Michael's
micronation.

-- 
bye,
pabs

http://wiki.openmoko.org/wiki/User:PaulWise

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[Dr. H. Nikolaus Schaller]

Am 19.02.2014 um 09:09 schrieb Christoph Pulster:

> Michael, this is great work !  AFAIK this is the first toolkit allowing  
> easy change of IMEI, impressive.
> The applaus is very limited here, it seems most people left are hardcore  
> Linux/FOSS geeks which do not understand the concept of your semi-legal  
> activities...

what is "semi-lega"l? Lawyers will tell you more...

According to http://www.legislation.gov.uk/ukpga/2002/31/section/1 it is a full 
(not semi) offence with up to 5 years in prison in the UK.

And even possessing such a tool isn't allowed:

http://www.legislation.gov.uk/ukpga/2002/31/section/2

So, please go to the UK and tell them that it is semi-legal.

In Germany it appears there is no special law but it is discussed (google for 
it) that it can be punished like replacing the licence plate
or the serial number of a car. So you have been warned.

Here some text in German written by a Lawyer (Status 2006 - may have changed): 
http://web.archive.org/web/20120427042949/http://www.heise.de/mobil/artikel/Rechtliches-zu-Eingriffen-ins-Handy-226035.html

-- hns
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[rhn]

On 19 Feb 2014 09:09:00 +0100
openm...@pulster.de (Christoph Pulster) wrote:

> Michael, this is great work !  AFAIK this is the first toolkit allowing  
> easy change of IMEI, impressive.
> The applaus is very limited here, it seems most people left are hardcore  
> Linux/FOSS geeks which do not understand the concept of your semi-legal  
> activities...
> 
> from my side, BIG thanks !
> Chris
> 
> ___
> Openmoko community mailing list
> community@lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community


I'm impressed - I didn't think Michael would have gotten to that point.
For me, it would be super nice if IMEI changed at evey SIM change as I'm not 
very comfortable with the tracking aspect of cellular.
If my FR still worked, I'd have tried it for sure.

Cheers,
rhn

PS. I wonder how many government tracking programs have I just been subscribed 
to.

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[Michael Spacefalcon]

joerg Reisenweber  wrote:

> I have no idea, I took care about GSM firmware only much later. But I think
> until the point in time when I was able to contract Dieter Spaar for OM, there
< been significantly less knowhow about all that stuff inside OM than what you
> demonstrate here.

Hehe.  It looks like my effective taking of the stewardship of this
modem firmware is not such a bad thing for the community after all. :)
Or at least for what's left of the FR user community...

I wonder though how Dieter acquired that knowhow back in the day - did
he previously work for some other modem or dumbphone manufacturer that
used TI chipsets?  Or maybe even for TI-Berlin (former Condat GmbH) or
somesuch?

> And the whole stuff been even temporarily considered
> lost forever, thanks to reformatting of a laptop HDD (iirc).

Ouch!

> Also see bug # 666 which got fixed in moko5 but evidently the patched lib
> TI provided for that got dropped for no reason in later fw versions,
> until Dieter noticed that and included it again in Moko9-Beta1

Stories like this make me wonder how many other bugs of similar nature
might still be lurking in those closed binary libs.  That is one of
the reasons why I seek to produce a "hybrid" Calypso fw by combining
the RTOS environment / drivers / BSP pieces from the TCS211 source
(the one leo2moko was built from) with the GSM stack source from the
LoCosto find - it will give us a fully functional modem fw without any
binary blobs!

Whoever originally liberated the TCS3.2 (LoCosto) source which I found
at  in 2013-05 (through a Google
search!) is a real hero.  If it wasn't for this leak, the only C source
we would have had for the core GSM stack would have been the TSM30
version from 2003, i.e., a definite backward step from the TCS211
version given in binary form to FIC, Foxconn (Pirelli DP-L10) and a
bunch of others in the 2007 time frame.

VLR,
SF

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[joerg Reisenweber]

On Sat 08 February 2014 01:54:44 Michael Spacefalcon wrote:
> joerg Reisenweber  wrote:
> > you recall that single line I actually censored?
> 
> http://people.openmoko.org/joerg/calypso_moko_FW/all_version__CHANGELOG.txt
> 
> line 60, I assume.

Yes, that one.


> 
> > (Must have been the only time
> > in my life I did this) In the changelogs, around moko5 or something.
> 
> Considering the time proximity between this hack and the moko5->moko6
> change in which you (not you personally, but the company) went backward
> from the sensible approach (used in most other TI-based products too)
> of storing configuration items in FFS to the non-sensible approach of
> hard-coding them in the fw, let me make a guess: the crappy Weendoze-
> only host tools for development and production which TI gave you (for
> FFS programming in this case) were unreliable, and you were looking
> for a way to avoid needing to do any FFS programming through the RVTMUX
> interface (TI's official way) at all.  Of course the IMEI is one item
> which can't be hard-coded in the fw, and if you didn't want to (or
> couldn't) use the "proper" RVT/ETM-based method of programming, then
> you had to hack in some other way, such as a special AT command.
> 
> But I assume that the issues with TI's production testing and
> programming tools must have been solved in time for GTA02A7 mass
> production, as my unit came with a /pcm/IMEI (IMEISV really) setting
> which cannot be programmed via that AT@SC hack, only via the proper
> RVT/ETM channel.
> 
> I also find it cute that all mass-produced GTA02 units (at least the 4
> that have been liberated so far: mine, David's, Norayr's and Giacomo's)
> came with a few files in FFS (/pcm/CGM[IMR]) which are not used by any
> of your fw's from moko6 onward, only by moko5 - surely flashing a GTA02
> back to moko5 is NOT recommended (I even remember seeing admonitions
> somewhere to never do that), yet those files seem to be there just to
> support those people who might do that...  Wasn't it your inability to
> write these strings into FFS reliably that made you go back to hard-
> coding them?
> 

I have no idea, I took care about GSM firmware only much later. But I think 
until the point in time when I was able to contract Dieter Spaar for OM, there 
been significantly less knowhow about all that stuff inside OM than what you 
demonstrate here. After Sean Chiang left, the domain had nobody savvy how to 
handle all that, iirc. And the whole stuff been even temporarily considered 
lost forever, thanks to reformatting of a laptop HDD (iirc). Also see bug #666 
which got fixed in moko5 but evidently the patched lib TI provided for that got 
dropped for no reason in later fw versions, until Dieter noticed that and 
included it again in Moko9-Beta1


> > It actually been a weird "secret" AT command to change the IMEI, it
> > claimed in changelogs that it had some really weird formula to add
> > birthday^5 to old IMEI or sth and append that to the new IMEI, for
> > "authentication" - and it never worked afaik.
> 
> So I assume we are in agreement then that this "secret" AT@SC command
> is NOT recommended for use?

Yes, definitely. I think this command never really worked. And for obvious 
reasons it never been tested thoroughly, I guess.

When I had to tinker with calypso IMEI I'd probably rather resort to your 
tools than try this command or ti_tat

/j
-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
(alas the above page got scrapped due to resignation(!!), so here some 
supplementary links:)
http://www.georgedillon.com/web/html_email_is_evil.shtml  
http://www.nonhtmlmail.org/campaign.html
http://www.georgedillon.com/web/html_email_is_evil_still.shtml
http://www.gerstbach.at/2004/ascii/ (German)


signature.asc
Description: This is a digitally signed message part.
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[Michael Spacefalcon]

joerg Reisenweber  wrote:

> you recall that single line I actually censored?

http://people.openmoko.org/joerg/calypso_moko_FW/all_version__CHANGELOG.txt

line 60, I assume.

> (Must have been the only time
> in my life I did this) In the changelogs, around moko5 or something.

Considering the time proximity between this hack and the moko5->moko6
change in which you (not you personally, but the company) went backward
from the sensible approach (used in most other TI-based products too)
of storing configuration items in FFS to the non-sensible approach of
hard-coding them in the fw, let me make a guess: the crappy Weendoze-
only host tools for development and production which TI gave you (for
FFS programming in this case) were unreliable, and you were looking
for a way to avoid needing to do any FFS programming through the RVTMUX
interface (TI's official way) at all.  Of course the IMEI is one item
which can't be hard-coded in the fw, and if you didn't want to (or
couldn't) use the "proper" RVT/ETM-based method of programming, then
you had to hack in some other way, such as a special AT command.

But I assume that the issues with TI's production testing and
programming tools must have been solved in time for GTA02A7 mass
production, as my unit came with a /pcm/IMEI (IMEISV really) setting
which cannot be programmed via that AT@SC hack, only via the proper
RVT/ETM channel.

I also find it cute that all mass-produced GTA02 units (at least the 4
that have been liberated so far: mine, David's, Norayr's and Giacomo's)
came with a few files in FFS (/pcm/CGM[IMR]) which are not used by any
of your fw's from moko6 onward, only by moko5 - surely flashing a GTA02
back to moko5 is NOT recommended (I even remember seeing admonitions
somewhere to never do that), yet those files seem to be there just to
support those people who might do that...  Wasn't it your inability to
write these strings into FFS reliably that made you go back to hard-
coding them?

When I made leo2moko from TI's standard Leonardo baseline, I had to
add a bit of extra code to display these CGMI/CGMM strings with some
extra wrapping around them.  If one were to run TI's totally "vanilla"
code on a GTA0x modem with this "MokoFFS" factory programming,
something in their ATI layer gets confused because apparently it
expects the strings to be wrapped in angle brackets, but the strings
featured in /pcm/CGM[IMR] in factory-programmed MokoFFS don't have
those angle brackets.

Oh well, history is what it is.

> It actually been a weird "secret" AT command to change the IMEI, it claimed
> in changelogs that it had some really weird formula to add birthday^5 to old
> IMEI or sth and append that to the new IMEI, for "authentication" - and it
> never worked afaik.

So I assume we are in agreement then that this "secret" AT@SC command
is NOT recommended for use?

Anyone who needs to change their IMEI for some good reason (because
they need to be ultra-anonymous when going from one disposable prepaid
SIM to another, or because they need to use some GSM network that
wrongfully blocks their FR's factory IMEI) should use the kit I have
just published.  This method does work - I've tested it on
T-Mobile USA :-).

VLR,
SF

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: IMEI changing kit for GTA02

[joerg Reisenweber]

On Fri 07 February 2014 22:25:23 Michael Spacefalcon wrote:
> Hello fellow freedom lovers,
> 
> I have just released the first version of the kit that allows a Neo
> Freerunner user to set his/her IMEISV to any value of his/her choice.
> Download it here:
> 
> ftp://ftp.ifctf.org/pub/GSM/GTA02/ffs-edit-kit-r1.tar.bz2
> 
> Operating instructions are inside the tarball.  The way in which this
> kit works is completely independent of what firmware version you have
> in flash: it can be moko11, leo2moko, or even blank or corrupt flash.
> (Just like with fc-loadtool, the chain starts with Calypso's on-die
> boot ROM, i.e., the wonderful hardware unbricking feature TI gave us
> in this baseband chip, similar in principle to FR's NOR U-Boot which
> is extra hardware just for unbricking.)
> 
> Please also note that many vendors' "standard" proprietary firmwares
> include undocumented AT commands for setting the IMEI, and as my
> experiments indicate, moko11 appears to be one of them:
> 
> ftp://ftp.ifctf.org/pub/GSM/hacks/imei-hacks-r1.tar.gz
> 
> However, I do not recommend using that AT@SC command, as the half-baked
> implementation does not make the proper distinction between IMEI and
> IMEISV, and the last 16th digit of the complete IMEISV (which is what
> the modem actually uses and sends over the air) ends up being set to a
> "random" value that is an artifact of the obfuscation scheme.
> 
> As an example, the original factory IMEI of the GTA02 I use for FC
> development is 35465101-961584-0; the original factory programming of
> the complete IMEISV is 35465101-961584-00.  However, if one uses that
> AT@SC hack to change it, it is then impossible to revert the complete
> IMEISV back to this original setting using the same AT@SC command!  If
> one feeds the correct obfuscated AT@SC string for setting
> 35465101-961584-0, the full IMEISV gets set to 35465101-961584-01
> instead of the original factory 35465101-961584-00.
> 
> In contrast, the FFS editing kit linked above allows you to set all 16
> digits of the IMEISV to whatever you choose; the kit provides the
> mechanism and you decide on the policy for what the SV digits should be.
> 
> However, considering that those with a desire to play with their IMEIs
> would probably find an AT command much more convenient than the rather
> cumbersome (albeit powerful) XRAM-agent-based mechanism presented in
> my current kit, I plan on making a new version of leo2moko that will
> include a new AT command for setting the IMEISV.
> 
> I will not be replicating the obfuscated AT@SC command, instead it
> will be a different AT command that sets all 16 digits explicitly and
> works without any obfuscation.  The syntax I propose is:
> 
> AT+SIMEISV="1234567890123456"
> 
> If anyone has an argument for a different syntax, please speak up now.
> 
> Viva la Revolucion,
> SF


you recall that single line I actually censored? (Must have been the only time 
in my life I did this) In the changelogs, around moko5 or something.

It actually been a weird "secret" AT command to change the IMEI, it claimed in 
changelogs that it had some really weird formula to add birthday^5 to old IMEI 
or sth and append that to the new IMEI, for "authentication" - and it never 
worked afaik.

cheers
jOERG
-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
(alas the above page got scrapped due to resignation(!!), so here some 
supplementary links:)
http://www.georgedillon.com/web/html_email_is_evil.shtml  
http://www.nonhtmlmail.org/campaign.html
http://www.georgedillon.com/web/html_email_is_evil_still.shtml
http://www.gerstbach.at/2004/ascii/ (German)


signature.asc
Description: This is a digitally signed message part.
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

IMEI changing kit for GTA02

[Michael Spacefalcon]

Hello fellow freedom lovers,

I have just released the first version of the kit that allows a Neo
Freerunner user to set his/her IMEISV to any value of his/her choice.
Download it here:

ftp://ftp.ifctf.org/pub/GSM/GTA02/ffs-edit-kit-r1.tar.bz2

Operating instructions are inside the tarball.  The way in which this
kit works is completely independent of what firmware version you have
in flash: it can be moko11, leo2moko, or even blank or corrupt flash.
(Just like with fc-loadtool, the chain starts with Calypso's on-die
boot ROM, i.e., the wonderful hardware unbricking feature TI gave us
in this baseband chip, similar in principle to FR's NOR U-Boot which
is extra hardware just for unbricking.)

Please also note that many vendors' "standard" proprietary firmwares
include undocumented AT commands for setting the IMEI, and as my
experiments indicate, moko11 appears to be one of them:

ftp://ftp.ifctf.org/pub/GSM/hacks/imei-hacks-r1.tar.gz

However, I do not recommend using that AT@SC command, as the half-baked
implementation does not make the proper distinction between IMEI and
IMEISV, and the last 16th digit of the complete IMEISV (which is what
the modem actually uses and sends over the air) ends up being set to a
"random" value that is an artifact of the obfuscation scheme.

As an example, the original factory IMEI of the GTA02 I use for FC
development is 35465101-961584-0; the original factory programming of
the complete IMEISV is 35465101-961584-00.  However, if one uses that
AT@SC hack to change it, it is then impossible to revert the complete
IMEISV back to this original setting using the same AT@SC command!  If
one feeds the correct obfuscated AT@SC string for setting
35465101-961584-0, the full IMEISV gets set to 35465101-961584-01
instead of the original factory 35465101-961584-00.

In contrast, the FFS editing kit linked above allows you to set all 16
digits of the IMEISV to whatever you choose; the kit provides the
mechanism and you decide on the policy for what the SV digits should be.

However, considering that those with a desire to play with their IMEIs
would probably find an AT command much more convenient than the rather
cumbersome (albeit powerful) XRAM-agent-based mechanism presented in
my current kit, I plan on making a new version of leo2moko that will
include a new AT command for setting the IMEISV.

I will not be replicating the obfuscated AT@SC command, instead it
will be a different AT command that sets all 16 digits explicitly and
works without any obfuscation.  The syntax I propose is:

AT+SIMEISV="1234567890123456"

If anyone has an argument for a different syntax, please speak up now.

Viva la Revolucion,
SF

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community