A crowdfunding campaign to build a free baseband

[Spacefalcon the Outlaw]

Paul Sokolovsky <pmiscml at gmail.com> wrote:

> Just to clarify, when I'm talking about "current hardware", I mean
> hardware on which current off-the-shelf products are made, not 4G and
> other stuff completely uninteresting to (freedom?) starving people in
> Africa.

OK, fine, so you meant MTK and Spreadtrum rather than Qualcomm.
Doesn't change much: I do not know of any site where one can download
a complete firmware source (as in real source, not objects, see below)
for an MTK or Spreadtrum chip, a source comparable to what we already
have for TI chipsets.

> Wait, dude, so you have documentation and you still do that "reverse
> engineering"? Then you either wasting your time or availability of
> documentation is overrated.

We (I and the rest of Humanity through my FTP site) have the
documentation and reference firmware source code for TI's chipsets.
What we don't have full documentation for is what any given specific
handset vendor (Compal/Motorola or Foxconn/Pirelli) did in their
specific design, their peripherals outside the chipset, and their own
ad hoc changes to the firmware.

I have to reverse-engineer the latter because of lack of funds to
build my own phone starting with just the chips.  If someone were to
donate a very large amount of money, I would gladly and immediately
stop all reverse engineering and switch to forward engineering instead,
i.e., ignore all pre-existing handset designs from Compal, Foxconn etc
and produce my own instead, one in which *I* choose which peripheral
components to use, and choose those that are readily available with
full docs.

But the crowdfunding campaign isn't going too well, so I have to have
a backup plan.  I want a phone in my purse that runs free firmware,
and I will not settle for anything else.  If the community is not
interested in funding the development of new hardware, I have to
satisfy my personal goal in an alternate way: take one of the already
existing historical handsets, and run my own free firmware on it.
This approach requires reverse-engineering all of the unnecessary junk
that Foxconn or Compal added on top of the core chipset and reference
firmware (an effort that could be completely avoided if instead we had
the funds to take the track of building our own handset), but this
"wasteful" RE approach doesn't require any money, only my own time and
labor on which I place no limits.

> If Qualcomm is that bad, let them be. World is big, there're other
> "villains" to look at. Mediatek churns out mobile chipsets like sh%t,
> [...]
> In China, leaking is something like a normal part of business process -
> vendors are not yet ready to just release their stuff, but hurry to
> leak before their competitors did.

Then please point me to a downloadable copy of a reference firmware
source (with a fully functional GSM protocol stack in full source form)
for any MTK chip.  We have it for TI:

http://scottn.us/downloads/peek/TCS3.2_N5.24_M18_V1.11_M23BTH_PSL1_src/

(The original ZIP from which the above was expanded is on my FTP site.)

> I can't believe you missed the fun of
> http://www.bunniestudios.com/blog/?p=4297 .

Missed?  I saw that post and corresponded with Bunnie about his project
months ago.  And here are some points you may have missed:

* Bunnie's project is primarily about using MT6260 as a general purpose
  SoC for non-GSM applications, and they don't seem to have much
  confidence in *ever* being able to exercise the GSM part of it;

* Judging from Bunnie's description of the reverse eng he had to do,
  the amount of documentation he was able to scavenge (and he does
  speak Chinese unlike me) is far less than what we have for TI;

* Here is the only leaked "source" for this chip in question which
  I am aware of:

ftp://ftp.ifctf.org/pub/GSM/MTK/

I urge you to download the listing files before you burn my server
bandwidth on a 2+ GiB tarball, but let me give you a spoiler: the
entirety of the GSM radio protocol stack from the bottom to the top is
in binary blobs (object libraries for linking), and the only part that
is given as C source is the "MMI", which is their sexist term for the
User Interface.

> But available a lot (but then
> not all, but that's apparently the case with TI stuff either).

With TI's stuff we got about 95% of the total.  The spots where the
original source is missing and I had to resort to RE to fill the gaps
were few and far in between.

The part which I miss the most is TI's reference PCB layout for their
Leonardo board from 2003.  I wasn't able to find it anywhere, and the
chances of finding it now (12 y later) are slim to none.  We can copy
Openmoko's PCB layout instead, but I don't have the means to RE an
8-layer PCB myself, hence I would need to send it to a professional
shop.  I was given an estimate of $6000, which seems reasonable to me
for that kind of a job, but that is more than I can personally afford
at the moment - hence the crowdfunding campaign.

> Also, let me know if you plan to act on suggestion to add more
> diversified perks - I'd be happy to forward your announcement to more
> lists, but most people will only look at the campaign once, so if they
> don't see something right away to make them act, they never look back.

I just added a new perk: anyone who contributes $500 can get a Mot C139
reflashed with our free firmware, i.e., almost instant gratification,
much sooner than waiting for the project to design and build our own
handset.

SF