Everything in one place , the guys have attempted something similar and alas bumped, too: http://lists.osmocom.org/pipermail/baseband-devel/2010-February/000038.html


All Nokia’s registers are re-mapped from orig OMAP specs.. Nokia did it on purpose as special order to Texas Instruments.

So we will have to blind-probe the memory addresses to find out all those right addressings.. As well as by disassembling current ARM apps.

But first, we have to make order in the kernel-mode application:
Do not use R* functions. To debug, try to output to file via CFile function, not RFile. And remove those STMFD LDMFD asm lines – they should not be there!

I have no time to update source and play with it for now, see you after X-Mas holidays, asking you to keep it updated here via comments 🙂

linomap, LINux on NOkia OMAP phones – kernel-mode dll BETA-0.02 is OUT in the open!

Now you can try to play around in the kernel-mode of your Nokia (not too newer, and not way older than the N70 model). It has been sucessfully compiled with Symbian S60 SDK 2nd Edition Feature Pack 2 and 3.

If you will run into the error: No rule to make: …/s60_2nd_sdk_fp3/epoc32/include/aknexslider.rsg
Simply create a file s60_2nd_sdk_fp3/epoc32/include/aknexslider.rsg and insert the following:


Currently only Symbian SDK experts and low-level embedded system programmers can play around with the source:
currently the code execution in kernel-mode dll crashes the whole system in most of the cases (the hack is used thanks to SERRGE; he used it in his overclocker for Linux on Siemens SX1)
SERRGE claims that if the whole system crashes, means the hack is working %) But HOW CAN WE DEBUG IT?

I found only one combination of assembler instructions which, when executed _both_, do not crash the phone.
In linomap/kmode-dll/src/library.cpp:

EXPORT_C TInt locltest_16 (void) (
    asm("STMFD SP!, {R0-R4,LR} ");
    asm("LDMFD SP!, {R0-R4,LR} ");
    return 0;

Download the source and read QUICKINSTALL:

Current version BETA-0.02 crashes the whole phone, during the moment it tries to perform a User:Beep(…) and to reset the LCD Display (any ideas how to perform a low-level beep in ASM on OMAP 1710?).

I’m not opening yet any sourceforge since this is a project at its toddler-stage – just a cry-out for your help to debug that kmode_dll instruction after instruction..

To follow the discussion in the russian forum where I mostly post (English translation by google):

The assembly code to load u-boot which we will have to integrate into our project and debug in kernel-mode to see if it works for Nokia is here by SERRGE:

The cards are on the table. Who’s in? 😉

I am currently working on porting Symbian 9 kernel’s (the source got open on October 22nd!) bootloader’s display controller source to try to clear the LCD – at least some debugging matters. But it looks tough so far..

This is an answer to Sandeep’s question. It came out not to be a short one, so I put it separately as a post. Read on 🙂

Is it possible? Well, depends on maaany IFs. Here are the most of them “briefly” 🙂

First of all, you have to be crazy enough to wanting to port Linux on a mobile phone, on which no-one else had tried before.

Linux kernel is a piece of code, and every mobile phone is a little clone of somewhat that resembles to an old IBM PC (or Mac or Solaris etc.) which is capable of executing pieces of code (that’s why your mobile phone works, doh! :))

Running Linux successfully on the phone depends on how openly the phone’s manufacturer has architectured it.

In the worst case, on your chosen mobile you can execute at a low-level in kernel-mode a piece of code to sum two numbers on the processor once you power on your gadget; but you’ll never be able to observe it, because neither keypad nor screen would work nor anything else would work!

_Putting it in a very simple words_: If all specifications are closed, and you still want Linux on your precious handy, you would have to collect all the drivers from every chip inside your phone (by unscrewing and googling what’s written on a chip on the board) and/or reverse engineer and write drivers on your own, then put everything together and have a Linux kernel modified on your name, then you can be enough called an ultra-craze 🙂

In the best case you can have a whole chosen distribution of Linux running on your handy, supporting all devices (screen, keypad, GSM, wifi, bluetooth, IR, USB etc)

We rarely end up on the best case, but we are fighting not to stuck in the worst one, by trying to find a Linux-friendly mobile phone.

Wiki your mobile phone(s) hardware specs. You will most of the time find out that the CPU is an ARM family processor, which is “good” because you can download an ARM compiled Linux image to add those two numbers for you..

If the internal chips of you mobile phone are wired together based on an open composition of hardware parts, such as TI OMAP (on Nokia N70, or a successful Linux on Siemens SX1), your future may be brighter.

Linux (kernel) is started when its kernel image is loaded into the memory and is being executed by the CPU.
To prepare (clear, reset) the system for booting an operating system kernel, then finally to put its image into RAM you need another software (a boot loader) to do this, and it needs to have sufficient privileges to run.

You can (somehow) make this software run either from the cold boot (startup) finding a way to flash (overwrite) the internal ROM, which normally contains a boot loader for your (hated:)) Symbian, Sony Ericsson OS, Windows Mobile or other OS.
Here is the point when you enter the system programming world: you have to know the ways to flash ROM — manufacturers try to protect it by all means for people/businesses not to tamper with their phones, — basically it’s again all about finding security holes..

If flashing ROM cannot be achieved, you need to see what you can do from within the running phone’s native operating system (I let alone the JTAG and soldering iron solutions for ultra-geeks 🙂 and do not describe them here)

If it is possible to develop software for your mobile phone in something lower-level than Java (Symbians SDK C++, C on Windows Mobile) and the executing code would have or would give your program (another security hole search..) the kernel-mode privileges, you can consider yourself lucky and start programming a boot loader, which would clean/resetCPU registers, display, memory and other ports away from the running OS, and then to load the kernel’s image bootloader (U-Boot, or other loaders) from a storage (SD card) into memory, and would make the processor to execute it, you can consider calling yourself a lucky Linux spawn-er.

This is not the end: U-Boot has to be compiled for your phone’s architecture, and internal hardware wiring, so it could continue resetting the system and loading the actual Linux kernel image into memory. U-Boot for OMAP exists (luckily), but still has undergone numerous patchworks by low-level system programmers, who were devoted to have Linux on the aforementioned Siemens SX1.

In any case if you are not an expert in this field, you need to build a network of support from the people in that area of low-level system programming, to help you out when you get stuck.

Good luck Linux freaks! 🙂

Thanks to sythenast from http://franz47root.wordpress.com/2007/07/27/linux-on-nokia-6630/ from him I have received the patched version of ubootloader (v1.42), which advances a step forward, and bumps into protected memory error. More information in the by-others section.

1 lil step forward

1 lil step forward

Ended up with a failed leave code, but has still surpassed the expectations:

  • ubootloader-1.5 started immediately from the MMC card upon switching the phone on
    • some magic autorun? on Nokia 6630 however this automatic boot did not start
    • I thought ubootloader would not start at all, because ubootloader was written for Symbian s60v1 (N70 is s60v2)

The output on screen:

Bootloader for SX1 v.1.5
E:\u-boot.bin opened
File size 17648
E:\uImage.bin opened
File size 0011674
Failed: leave code=-2

Press any key...

n70 screen

The ultimate goal: have Linux running on Nokia N70 (S60 series)
It is theoretically doable: look at the hardware specs.

The most tempting options however are NOT-doable:

  • Loading uBoot from Symbian, using files from Siemens SX1 linux project http://linux-on-sx1.wiki.sourceforge.net.
    Failed (see here how):

    • ubootloader-1.5 quit with leave code=-2. ubootloader is, unfortunately, a closed source, no documentations

    probably because:

    • This U-Boot is patched for the Siemens SX1
  • Flashing the U-Boot with JTAG directly into N70’s flash memory
    Would probably fail, because:

Possibly doable approaches could be:

  • Spying the USB communication when Nokia’s Firmware Updater is in action
  • Patching the U-Boot for N70 (referencing S60?, OMAP 1710?)
  • Decrypting the flash of BB5 in a way it was done with DCT4
    • will try the bb5.zip, hoping it will also decrypt, not only unlock this BB5 phone
  • Patching the flash memory according to this thread
  • Disassembling ubootloader

Suggestions from you — the community out there — are more than appreciated!