First small steps toward free GSM firmware

Michael Spacefalcon msokolov at ivan.Harhan.ORG
Sun Nov 10 20:58:17 CET 2013

Wow, I went to bed after my last post, and when I got up this morning,
there had been a lively discussion between Norayr, Joerg and Nick!

As much as I would love to be proven wrong on this, I consider it
*very* unlikely that there is any functional defect in moko11 which
somehow gets magically fixed with my current leo2moko transitional
step.  There probably *are* bugs galore in TI's binary object libs
which contain the bulk of the GSM protocol stack, likely even buffer
overflow etc bugs which could be exploited by someone setting up a
rogue BTS and feeding control packets over the air containing things
which "shouldn't happen" - but if such bugs are present in moko11,
they are probably present in all versions of TI's TCS211 binary libs,
including the versions used in my current leo2moko port, hence we
don't have a fix for that malady yet.

The LoCosto source at does have the
GSM/GPRS protocol stack in full source form (aside from GPF, which
appears to have been distributed as binary libs even inside TI!), and
I do seek to replace our current blobs with this LoCosto version, but
before we can do that, I first need to go through the hellish process
of reintegrating all of the lower-level pieces (basically everything
under chipsetsw in the leo2moko source tree) into my Unix/gcc build
environment - and I'm just starting on that one, currently trying to
figure out why the RVT task is not emitting "system time" trace
messages every 20 s like it should...

In the meantime, the only gain which the community can get from my
leo2moko transitional step is the change from a black box to a glass
box: you can see all of the sources and binary objects from which I
have built my fw, the binary objects contain a good amount of symbolic
information making disassembly quite practical, and there is a map
file from the linker which shows what every byte in the final
flashable binary is for and what it corresponds to in the source.


More information about the community mailing list