[Replicant] Report from CCC Camp 2019
Denis 'GNUtoo' Carikli
GNUtoo at cyberdimension.org
Wed Aug 28 22:54:36 UTC 2019
I went to the CCC Camp 2019 as suggested by Nlnet.
The way tickets are handled out makes it very hard to make sure you are
able to buy one. I was lucky so I managed to buy one, however
dllud (David Ludovino) and Grim Kriegor (Ricardo Cabrita) didn't manage
to buy some.
I did many things there. Not all were directly related to Replicant
- I had a discussion about free software on smartphones and Replicant
with Harald Welte and other people.
As I explained the path we took with Replicant 9, he mentioned that
the Lima and Panfrost drivers were starting to be usable so they
could be used in Replicant.
As I explained that the Replicant project didn't want to depend on
3D acceleration, he mentioned that not using the 3D acceleration
had an impact on battery life.
However for Replicant, not depending on 3D acceleration is
- 3D acceleration might not be available anymore on the devices we
want to support.
- Some devices with OMAP/DM370 SOCs (system on a chip) have a
PowerVR GPU. That GPU family will probably never work with free
software anytime soon or at all unless the the GPU vendor decides
to suddenly release the driver and firmware source code.
From that the conversation focus shifted on weather or not it would
make sense to support devices with an OMAP / DM370 System on a
He mentioned that some more work might be needed to improve the
power management on devices like the GTA04 and that it might not be
worth the time spent on it.
I personally think that it would still make sense to support this
device as the amount of work is probably not that big if we just
focus on adding the Android support and hope that some people would
continue to work improving the power management.
As the modem of that device is also supported in Ofono, it would
probably be possible to use the "oFono-based Java RIL for Android"
on Replicant 9 to add support for the GTA04 version A4 or newer.
The people involved in this talk were also really interested in
finally getting a working smartphone that had a free software
distribution and were planning to buy some Galaxy SIII, however I
pointed out that our work to port Replicant to Android 9 was not
finished yet and that it might be really interesting to also look at
the Librem 5 and the PinePhone once we add support for them.
When talking about the fact that we could use the "oFono-based Java
RIL for Android" to support such smartphones he pointed out that
oFono wasn't stable enough in the test infrastructure that is being
used at Sysmocom to test the Osmocom stack. This is because a very
small amount of bugs is able to invalidate all the test results.
However he pointed out that but that it might still be good enough for
a regular usage on a smartphone.
Practically speaking, if we would need that amount of reliability we
could just spend time fixing the bugs we encounter.
This is something we might need to take into account if we build a
test infrastructure for Replicant.
He also suggested that, for testing the modem isolation and usbguard,
using mPCIe USB adapters for phones like the librem5 and/or the
the PinePhone would be much more simple than trying to use the
GNU/Linux in the modem to do that as I intended to do before.
As for the modems that have GNU/Linux in them, I got the
confirmation that the system on a chip used were derived from
the Qualcomm smartphones system on a chip used on smartphones.
So if you have such modems, you have the equivalent of a smartphone
architecture in it (probably without microphones or other privacy
sensitive sensors). So it's probably also way too much work to get a
fully free software modem in theses.
- I also talked with Lynxis to understand where to get the information
on how to select hardware for a smartphone test setup. According to
him the power levels that are used are probably somewhere in one of
the 3GPP specifications. Once we have the specifications on the
transmission power and the receive power limits we could then select
the right attenuators to make a wired test setup.
- As Nicole Faerber (she is the CTO of Purism) had a presentation on
the Librem 5 named "A mobile phone that respects your freedom", I
managed to find her by attending the talk. After the talk I tried to
know more about what Purism intended to do with the nonfree DDR4
controller firmware that will be shipped in the Librem 5. She
answered that due to patent litigation threats Purism was not able to
replace it. As some people in the conversation pointed out that there
were some effort for other SOCs (system on a chip) it would probably
be up to the free software community to do it instead.
- Before that I also attended the talk right before "Fully Open, Fully
Sovereign mobile devices" as I forgot to check the abstract. I
already saw a recording of a very similar talk that took place at
Linux Conf Australia. I still asked about the freedom issues of the
- I also discussed very briefly with Joerg Reisenweber who is or was
involved in the Neo900 project.
The Neo900 was an attempt to build a smartphone that would have had a
free software bootloader.
However as many people were asking to use PayPal they ended up
accepting payment through it and then got into trouble because
at some point PayPal refused to let them withdrawals their money.
He told me that after that issue, they would have needed way more
people to preorder devices to make the project successful.
- I got a lot of help from Willem in reverse engineering a WiFi
firmware that is used on mobile devices.
The Aura H2O Edition 2 is an e-reader sold by Kobo, which has an
RTL8189PTY WiFi chip. As the firmware binary has been released under
the GPLv2 as part of the WiFi driver published for this device.
Since the firmware is very small (about 21k) and that the GPL remove
many of the legal constraints we would otherwise have if the firmware
was not under a free software license, it makes it a very interesting
He worked to identify the entry point and header format, functions,
etc. Before that I wasn't able to go that far as I'm not used to
reverse engineering binaries.
If the work is finished one day, and that the work can be used or
easily adapted on chips that can be bought at low quantity and put on
smartphones and/or tablets, and if some manufacturers like purism or
Pine64 use it we could get free software WiFi firmwares on mobile
devices like smartphones and tablets.
- In a conversation someone also told me that Labgrid was easier to
learn than Lava and had similar features, including the ability of
telling it to stop the tests to instead work remotely on the device.
- I also tested several Replicant smartphones on the CCC phone network.
The network was using AMR only for the GSM. Several networks were
bridged together (GSM, SIP, DECT, the external telephony network,
etc). Calls worked fine across different networks but SMS
bridging was not implemented.
I tested the network with several Replicant devices (I9300, I9100,
N7000) and it worked flawlessly both in the internal GSM network and
calling numbers from other networks (SIP, external telephony network)
also worked fine. I also activated 2G, 3G and the very experimental
4G on the web interface and the phone still worked fine.
- To do such experiment I bought several SIM cards. I've written to the
people in charge of the network to obtain the ADM1 keys to be able to
completely reprogram the SIM cards, and load JavaCard applications
in them, to be able to do further testing with Replicant. I'm not
sure if they have ADM1 keys, but they do have some keys that enable
to reconfigure the card at some level.
- People had tools to cut SIM cards, so I asked someone to cut my
mini-sim card that wasn't recognized in Replicant 6.0 (bug #1909) to
be able to also use it in the Galaxy SIII.
- There was a workshop on FOMU, which is an USB key with an FPGA in it.
People attending the workshop and installing the toolchain could get
one for free, as they expected the attended to do interesting thing
with it afterward.
As the device doesn't have a lot of free pins (4 + VCC + GND), and
that I am already involved in many other free software projects, I
didn't plan to do anything interesting for that device.
So when attending the workshop I instead convinced the organizers to
give me one for free, to add support for a free software FPGA
toolchain in Parabola. I also explained them that most of the work
was already done in the AUR (user repository) of the arch GNU/Linux
distribution, but that I needed it mainly for testing that it worked.
Thanks to that, all the required packages to compile and install HDL
designs are now in Parabola. A bit more work is needed to use stable
revisions and add support for RISC V toolchains that are relevant for
the tiny microcontroller that are made for such tiny FPGAs.
While I was at the workshop I also read the tutorial and asked about
recovering the FPGA. It turns out that the FPGA can be configured to
load its configuration from two different areas in flash. This
enables to have a section of the flash with a CPU and a bootloader
that can accept images to install on the second partition of the
flash. This way you do not need to have a working CPU and bootloader
in your FPGA design.
- I also asked how to identify connectors for an unpopulated serial
port connector on an ARM laptop (ecafe HD), as it's easier for me to
work with that than soldering wires and using glue. I was told that
the connector was to be ZIF. As that requires flex cables I asked if
there was a way to find another matching connector and I was told
that to find the right connector to solder, distributors websites can
filter on connector parameters. So I could do that to find potential
candidates and then I could simply print the datasheet in 1:1 and
look if it fit on the device should do the trick.
- I also had a discussion with someone organizing a cryptoparty there,
and I tried to push them toward suggesting more free software to
people. The issue was that some people were trying to force people to
use free software so because of that they focused less on free
software. In my opinion the best way would be to instead insist on
not forcing people to do things but to only enable people to
understand the consequences of their actions.
- There was a paper posted on various walls advertising a collect of
old mobile phones for giving it to protesters. However the paper said
it was to install signal. I tried to find the people behind that to
convince them that using signal was a bad idea as it depended on
nonfree software (Google Cloud Messaging (GCM), which is part of
google play services). However when I finally found somebody that
knew some thing about it, that person told me that a meeting already
took place about it and people already pointed out that it depended
on nonfree software. So I ended up explaining more in depth why
to that person as she didn't attend the meeting.
- As I've several SDR, I noticed strange things when using them (like a
spike on the middle of the frequencies in the waterfall). I was
pointed out to a conference recording that describes why this is the
case. The conference was called "Why Doesn't My Signal Look Like the
- I learned that the serval protocol didn't require an accurate clock
as it used its internal clock for the messages. Serval is a free
software Android application that enables calls and message without
having to rely on the infrastructure. It's interesting because on
Replicant, the clock is reset if you remove the battery, and also
because many WiFi access point completely lack a hardware clock.
- I also discussed with other people about Replicant and other things
but I don't remember well the conversations details.
- The fact that it's a camp enabled people to do many mind blowing art
installations. The downside of it is that it's more difficult to get
a regular amount of sleep, however if you put your tent in the quiet
area you can still manage limit the issue.
The previous GTA04 versions are prototypes and not many of them were
made. Supporting the A3 version would require to do extra work to
forward the audio between the modem and the main "sound card" as
this has to be done in software. Instead on other phones and on the
version >= A4 you typically need to configure the "sound
card" to route the audio between both instead.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Replicant