Building a new totally free phone

Michael Spacefalcon msokolov at ivan.Harhan.ORG
Fri Aug 23 10:57:13 CEST 2013

joerg Reisenweber <joerg at> wrote:

> I invite you to visit me at my home

If you meant it seriously, you might as well give your address or GPS
coords (by unicast if you prefer) - but I highly doubt that you meant
it seriously.

> trying to force me to hand to you

Hand to me?  What me?  There is no "me" - I could be dead tomorrow and
absolutely *nothing* will change.  I have never, ever, ever asked any
of you "Open"moko bastards to give anything to "me".  Instead I have
merely voiced the demand that the materials be released freely to all
Humanity - with a capital 'H' - and yes, I have indeed contemplated
being the one to sacrifice my life in order for the remaining 7 billion
people on Earth to gain free unrestricted access to a working turnkey
GSM firmware package in the form of COFF objects with full symbolic
information - a format which any embedded software engineer worth his
or her salt should have no problem working with.

[FYI, there is a patch to GNU Binutils which enables objcopy and objdump
 to read TI's COFF.  The support isn't perfect, but it can easily be
 improved if need be - and I also invite you to grep for my name in the
 binutils ChangeLog files.]

> the MOST SECRIT SOURCES that everybody [...] had access to since ~2011.

The reference to "~2011" makes me suspect that you are talking about
the TSM30 version - it was indeed late 2011 when this code (first
released in 2004 apparently) became widely available once again - and
the latter happened because *I* had sent it to Cryptome on a CD-R.

And you know as well as I do (or would know at least, if you ever
actually *looked* at the modem code you're sitting on) that the TSM30
version is drastically different from what you got from TI as Om-Inc:
different RTOS (Nucleus vs. SOS), different code structure, different
flash file system, totally different hardware (ABB, RF and probably a
different Calypso variant), almost everything is different.  Heck, the
TSM30 code isn't even TI, it's Purple Labs, a company that bit the

OTOH, if you are talking about something *other* than the TSM30 code,
something that "everybody passing the idiot test" supposedly has
access to, why don't you try being transparent once for a change, and
actually post a URL?

> everybody passing the idiot test

Like anyone else, I have my own strengths and weaknesses.  What I'm
good at is designing and writing embedded software, and some hardware
too.  I've been doing it professionally since ~2000 (and as a hobby
long before that), and I make enough money doing it to support not
one, but two full households on my sole income - so I guess I probably
do it pretty well.  I do it on the hobby side of my life too, so you
can look at any of my projects and judge for yourselves.  Like this
one, for example:


I'm sending this email through the Internet connection served by that
SDSL modem designed and built by me: hardware, firmware and the logic
in the FPGA - not to mention all the reverse engineering that was
needed to get to this point.

But I have my weaknesses too.  I am NOT good with people, and I am NOT
good with finding information that is passed around in a "hush-hush"
manner.  I don't do *anything* "hush-hush": if I have or find something
that may potentially be of value to others, I announce it publicly and
openly, on the relevant mailing list.

I absolutely do not understand how someone can be like you.  I
absolutely do not understand how ANY human being (or so-called human
being) can be as cruel and callous as the three of you (JR, HW and PF).
It's one thing to be slow with releasing things on occasion.  I've been
slow with releasing my software many a time, mostly because of my
handicaps with modern technologies and my heavy use of seriously
ancient gear - as well as my fear and distrust of any servers or online
services other than my own.

But it's an *entirely* different thing when you are holding something
that someone else is very willing to DIE for, something that you could
easily share with the whole world at absolutely zero cost, risk, loss
or other detriment to you, and yet you STILL refuse to share.  It
absolutely baffles and boggles my mind that there are such cruel people
living on this planet, and *especially* in the so-called community of
so-called freedom and openness.

And because it is so totally incomprehensible to my mind how someone
can be like you, and be able to live with yourself while watching
someone else's life wither away because of your selfishness, I find
myself at a complete loss as to how one should interact with people
like you.

> And I even promise I won't call the police or any other officials. 

It doesn't matter whether you call them or not - I am still the most
wanted criminal in their eyes.

Your country is a police state, no different from the way it was in
WW II and just before, and I have no desire to go anywhere near it.
Unless, of course, I were to enter it in the same manner in which both
of my grandfathers did in 1944-45 (as part of the Red Army) - but then
I would need a lot more than just one of me...

> Rather I will do nothing but listening and laughing

Not gonna happen.  If I felt like exchanging my life for yours, the
bullet would pierce your skull before you can even utter a peep, let
alone laugh.

But I'm not sure if I want to do that after all.  I do have several
people who depend on me both financially and emotionally, for one
thing.  And my FTP site now does have two other TI source leaks
besides the TSM30: the LoCosto one and that strange MV100-0.1.rar.
Between these two, it *appears* that We the People have *some* source
for every module that forms a part of the firmware for the GTA0x GSM
modem or an equivalent feature phone.

But the problem is that what We the People currently have is in bits
and pieces, whereas what you are hoarding is a turnkey package that's
built for the correct hardware.  (And yes, I know that your version is
mostly binary objects - no need to repeat that - but those objects
still have to contain symbolic info to be linkable.)

The LoCosto leak is the most interesting one.  It is essentially the
same kind of package as what TI must have given to you: it consists of
a reference board design (schematics and PCB layout EDA files), a
decent set of hardware docs, a complete firmware package (a source +
object mix just like yours, except that this one is mostly source),
and docs for the firmware as well.  It would have been the Ultimate
Happiness were it not for one major flaw: it's for the wrong chipset.
This package targets LoCosto, one of Calypso's successors.  Whatever
the relative merits of the two chipsets in an abstract comparison, a
firmware package targeting LoCosto is of no direct benefit for building
new fw for existing phones based on the Calypso, and I really don't
feel like using LoCosto instead of Calypso for my own Free Dumb Phone
design either.

The good thing is that much of the code ought to be common between
Calypso and LoCosto (all of L23 and most of L1, for example), and in
many places the code still has preprocessor conditionals selecting
between LoCosto and several older chipsets (Calypso variants).  But it
is not a turnkey package for the Calypso by any means, and in quite a
few places where the code is totally different between Calypso and
LoCosto, only the latter version is present.

Now enter the strange MV100 code.  I found it when Googling for some
filenames taken from the LoCosto package, hoping to find an earlier
version of the code with more Calypso bits.  This one does contain the
BSP (drivers) and L1 for the Calypso, but it isn't a complete firmware
package - the GSM protocol stack is missing altogether, for example.

So what I'm doing now is reconstructing the firmware from pieces.  You
can see the current state of my work here:

I'm building it with gcc and binutils, just like OsmocomBB (not using
TI's proprietary compiler), I've got the customized toolchain in there,
and I've got my own (non-OsmocomBB) tools for loading code into the
Calypso as well as dumping and reprogramming flash etc - my version
works with the GTA02 and the Pirelli, but not the Compal phones.  For
the main GSM firmware, I've decided to use Nucleus as my foundation.
I could have used SOS from the TSM30 source instead, but because my
goal is to recreate something as close as possible to what you
(JR+HW+PF) are wrongfully withholding from us, I'm following the
general layout of TI's fw version, rather than Purple Labs.  Hence my
choice of Nucleus rather than SOS.

I've got the complete source for Nucleus, I've ported it to build with
gcc and binutils instead of the proprietary tools, and the Nucleus
demo app built in my freecalypso-sw framework now runs on my Pirelli
DP-L10.  It'll run on the GTA02 GSM modem too, but the debug output
goes to the IrDA UART (usb2serial chip on the Pirelli, headphone jack
on the GTA02), and I have yet to build the special cable to access
this headphone serial port on my GTA02.

The next step is to add the functional pieces from various leaked
sources, piece by piece.  Take the Calypso BSP (drivers) from the MV100
code, integrate it, get it to work.  Then the L1: the part specific to
the Rita RF would have to come from the MV100 version, and for those
pieces which appear in both MV100 and LoCosto versions, perform a
painstaking comparison.  Then port and integrate the RiViera and GPF
frameworks (abstraction layers on top of Nucleus), get them to work.
Then the GSM protocol stack - that one would have to come from the
LoCosto package, as the MV100-0.1.rar booty has none.  (I would want
to use the GSM stack from the LoCosto find rather than the TSM30
version, as the LoCosto version has dates in the same ballpark as the
Closedmoko fw, so there is a good chance that it's something close,
whereas the TSM30 version is noticeably older.)

Of course it's going to be a nightmarish job, integrating together
these disparate pieces coming from different source leaks corresponding
to far-separated points in TI's evolutionary history, and getting the
result to work - and using a different compiler to boot!  But I'm not
giving up - I see it as my life's work.

Needless to say, if someone else in the community is aware of other
leaked firmware versions (be they source or object) besides the three
that are already on (TSM30, LoCosto peek and MV100),
please post a URL!

If some mostly-binary version of Calypso GSM fw ever does get liberated
(be it the moko or some other unrelated version), it will serve
primarily as a guide.  The goal of the FreeCalypso project is to have
the complete fw image fully built from source with gcc and binutils
(plus other free tools on a Unix/Linux host), so no binary blobs will
ever get included directly as-is.  However, being able to examine some
existing fw version that matches the hardware of interest would
provide extremely valuable insight when it comes to selecting source
bits and pieces from the available source leaks, and configuring and
integrating them properly.  The number of required pieces for which no
fitting source is available from any of the leaks will be very small,
and for those few pieces it would be perfectly feasible to
disassemble a .o or two and rewrite new C code for that small piece.

But I will persevere no matter what.  Even if no one comes forth with
any new leaks, and I don't discover any more on my own (i.e., sticking
with just the 3 which We the People already have in the freely-
accessible, widely-announced state), I will still persevere with
piecing together the complete GSM firmware.  It may take longer and
the result may be of a lower quality than what would be possible with
full cooperation of others, but I'll do it anyway.


More information about the community mailing list