Results 1 to 6 of 6

Thread: MTK Chinese CPU detailed study [learn everything about MTK]

          
  1. #1
    Super Moderator GSM_Update's Avatar
    Join Date
    Aug 2010
    Posts
    2,467
    Thanks
    56
    Thanked 187 Times in 130 Posts

    Default MTK Chinese CPU detailed study [learn everything about MTK]

    As for start
    As someone with some experience in the embedded development field I will try to explain the procedure to successfully hook an MTK phone up to a computer. I make this work to be as thorough and logical as possible. My target is, provideing all who is interested about chinese mircale phones to make the best and safety action on MTK based phones. I hope you find this thread useful.
    Let's begin.

  2. The Following 3 Users Say Thank You to GSM_Update For This Useful Post:


  3. # ADS
    Circuit advertisement
    Join Date
    Always
    Posts
    Many
     

  4. #2
    Super Moderator GSM_Update's Avatar
    Join Date
    Aug 2010
    Posts
    2,467
    Thanks
    56
    Thanked 187 Times in 130 Posts

    Default what we are dealing with MTK CPU?

    My preferred way of looking at MTK based cell phones is that of looking at small ARM
    based embedded platforms. The MTK baseband chips have 33-66 MHz ARM cores. They
    come with 4-8 megabytes of SDRAM, and either a NOR or NAND flash for storage.


    Q: Is it possible, in theory to run Android on these phones?
    A: No. Android has much higher minimum requirements.

    My target when interfacing with these phones is to read/write the contents of the flash chip, so we will focus on that for a bit.

    The flash chip contains 2 things: the firmware and a file system section. The firmware of course is the program (OS) that works the phone. It handles user interface, communicates with all the attached devices (microSD card, camera, BT module, GSM module, etc..) it’s the central piece of program.

  5. The Following 2 Users Say Thank You to GSM_Update For This Useful Post:


  6. #3
    Super Moderator GSM_Update's Avatar
    Join Date
    Aug 2010
    Posts
    2,467
    Thanks
    56
    Thanked 187 Times in 130 Posts

    Default MTK (MediaTek) firmware

    MediaTek sells a reference firmware platform to its licensees which they all use (after varying levels of modification). What this means is that all MediaTek firmwares are based on the same code base, and thus all MTK phones have similar, if not identical basic features. For example:basic UI code, such as language handling, input handling, and resource handling code will be the same. This is why a single MTK Firmware Editor can open almost all MTK firmwares, and successfully edit the resources contained within.




    This reference platform comes with no support for external executables. All functionality is linked into the firmware at compile time, so adding new features or applications afterwards is infeasible, and without months of reverse engineering, by skilled developers, impossible.There are no such projects so at the time of writing there is no way to run outside code on the MTK platform (unless the firmware of interest has Java support, or NES emu compiled in).



    Q: Can I add new apps to the phone?
    A: No. (Unless your firmware has Java support or NES emu)
    Q: Can I create my own apps that run natively on the phone’s CPU?
    A: No.



    Usually release firmwares come compiled with a specific set of drivers for the target hardware configuration. Different model phones will not have the same type of LCD display, FM tuner chip, BT chip, camera(s) etc.. But there’s no guarantee that same model phones, manufactured on different dates do either. Indeed same model phones manufactured just a few weeks (or days) apart can have different hardware. It is because of this that 5 different firmware versions of Model X could have been release not because of firmware improvements/bugfixes, but because the hardware in the phone has changed and new drivers were required.



    What this also means is that most of the time trying to “upgrade” the firmware on these phones will result in bricking, or the loss or malfunction of an attached device (display, camera(s), BT, etc.)



    For example: White screen, black screen, no screen, after flashing, but hearing the phone play the startup chime is because the phone’s display is either different, or connected differently in hardware, and the driver in the firmware we’ve flashed isn’t able to handle it. Similarly, loss of camera support, or malfunctioning keys are all symptoms of this.

  7. The Following 2 Users Say Thank You to GSM_Update For This Useful Post:


  8. #4
    Super Moderator GSM_Update's Avatar
    Join Date
    Aug 2010
    Posts
    2,467
    Thanks
    56
    Thanked 187 Times in 130 Posts

    Default Identifying mtk firmwares by version

    A number of firmwares MAY have several drivers compiled into them, with the right one being selectable from the Engineer Menu, so in some cases that may work. Also a model’s hardware configuration may be stagnant, because of an overabundance of the parts used in the original design, in this case upgrading would be feasible, and likely worth it. Sadly however, this is not the case most of the time. It is because of this, and other factors that I’ll talk about
    later, that it is HIGHLY recommended to ALWAYS BACK UP the FULL flash image, that was originally on the phone. 5-10 minutes of annoyance, can save you hours/days of frustration.


    Q: Can I use firmwares from other MTK phones? They have features I want.

    A: 90% chance the phone won’t even start. 100% it won’t work entirely right.

    Q: Can I upgrade the firmware version on my phone?

    A: You can try, but ALWAYS BACK UP the original flash content, as it’s
    unlikely that you’ll get the desired outcome.




    Identifying firmwares by version


    MTK firmwares have a so called, version code, that when entered will output the firmware version of the phone. You can find a set of these in Appendix A, but the most common ones are *#8375#, and *#4853*#


    The phone should immediately display the version screen once you enter the correct code.You should not need to press anything else. If it does not, then you’re not trying the right code for your phone. It is also likely, that your phone has a code that isn’t in the Appendix, as one of the first things some firmware developers seem to do is change these to a random value.When entering these codes you will get a version string (ex.: A6V2.2.2) and a Build Time(ex.:2007/12/04 18:31)


    Now you might think that checking just one of these would be enough to identify the firmware, and you would be wrong. The two firmwares below are different, and the hardware of the two phones doesn’t match. So flashing one of these to a phone that had the other one on
    it originally, will produce a white screen, and unusable phone.

    * A6V2.2.2 - [BUILD TIME: 2007/12/04 18:31]
    * A6V2.2.2 - [BUILD TIME: 2007/12/18 14:46]

    This can also happen the other way around with Build Times being identical and version strings being different. It is my experience that comparing both string and build time is sufficient to discern firmware versions, but I usually read back the first 10kilobytes of the firmware from the phone and compare it with the version I have on file, just to make sure.

  9. The Following 2 Users Say Thank You to GSM_Update For This Useful Post:


  10. #5
    Super Moderator GSM_Update's Avatar
    Join Date
    Aug 2010
    Posts
    2,467
    Thanks
    56
    Thanked 187 Times in 130 Posts

    Default MTK (MediaTek) CPU file system

    File system



    The file system section comes after the firmware on the flash chip. Different flashing solutions call it differently including FAT, FFS, NVRAM, System/User FS, etc..


    This section contains several actual file systems (FAT12, FAT32) on top of a proprietary structured data store layer. I know of no software that can handle this top layer, so access to the file systems within is only possible through the phone itself for the time being. These file
    systems contain all the data used by the firmware from system data like device driver settings, to user data like the phonebook, messages, or data account settings. When people refer to formatting a phone, they’re referring to these file systems. Formatting as with formatting file systems on regular PC hard disks, or flash drives erases all data stored in these file systems. Upon starting the phone after a format it will recreate all of its needed files inside these file
    systems, and fill them with hardcoded defaults. This includes all calibration data, and device driver settings. Contrary to popular belief formatting these file systems without backing up is anything but safe. As hardcoded defaults can differ from factory set values, so there could beseveral things that you’re influencing by letting the phone use the hardcoded defaults. It is best to back up the FAT of each phone that passes through your hands, as they’re only a small portion of the flash content so it takes about 15-30 seconds, and once again: You may be saving yourself from lots of frustration in the long run. What you should keep in mind about the file system is that IMEI, and personal data are also stored here, so you may want to think twice about publishing your firmwares with FAT included, because of the privacy issue. Also if the people who end up using your firmware are ignorant to these facts, they could end up
    making several phones that use the same IMEI (Yours!). Which depending on carrier, may result in banning the IMEI from the network, instantly rendering all phones that use it, inoperable, or another case, where a phone with said IMEI is reported stolen.



    Supposing you have 10 phones with the same firmware, you download the firmware from Phone #1 modify it with an editor, save a Full Image then flash said image onto Phones #2- #10. You now have 10 phones with the SAME IMEI. What you should’ve done is either back up the file systems from all the phones and write the originals back after the full flash, or if possible, patch-flashed your phones. (This means flashing only the parts you wish to modify and leaving the rest of the flash chip intact, this isn’t always possible.)



    Another thing to keep in mind is that there could be factory protections that use the file system. For example the PSN protection: in this protection form, a serial code generated from a unique hardware ID is stored in a file on the file system. If you flash a full image from one of these phones onto another, even if they’re the same version, the target phone will start up with “Register Mercury” And will STOP FUNCTIONING after a few weeks. If you haven’t backed up the file system of such a phone you essentially have a phone that needs a file system reformat every few weeks to start up, or in other words, a phone that can’t be sold. Few repair boxes can fix PSN, and they’re expensive. So once again: The thing to keep in mind is to ALWAYS HAVE A BACKUP. Best is to have full backups, but at the very least, if you already have a full backup for the specific firmware version on the phone, you should still take that 1 minute to back up the file systems from all the phones. You just may be thanking yourself later.



    Q: What should I back up?

    A: At least 1 full backup per fw version, and the file systems section for each phone.

  11. The Following User Says Thank You to GSM_Update For This Useful Post:


  12. #6
    Super Moderator GSM_Update's Avatar
    Join Date
    Aug 2010
    Posts
    2,467
    Thanks
    56
    Thanked 187 Times in 130 Posts

    Default MTK (MediaTek) CPU Interface

    There are usually at least 2 ways in which you can interface with an MTK phone. With the supplied data cable: through USB, through a 3.3v serial UART, and through BT.The grid below illustrates what you can do with each interface.






    As you can see, you can’t access the flash chip with the supplied USB Data Cable. You will need to buy an interface for the Serial UART of the phone if you wish to access it. This is unfortunate, but there’s no way around it. But wait, you say. Your phone has a COM Port in the USB Menu, so surely you could use that. You could not. The usb virtual UART cannot be active at the time it would be needed to boot and flash the phone, as it is only active while the firmware’s running.
    The RS/EIA232 Serial UART (or commonly just: serial port) is a very common interface supported by almost every computing platform in the world. Older PCs have COM Ports for example. Those would be an example. Most microcontrollers have either software or hardware based UARTs (universal asynchronous receiver/transmitter). Serial ports require at the minimum 3 wires to work. One Tx(that the device transmits on) one Rx(that the device receives on) and the ground. There are however differences in electrical specifications, and supported data transfer rates. The MTK platform is a 3.3v based system. That means that that most everything in the phone is running off 3.3volts that is generated by a voltage regulator connected to the 3.7v battery. The maximum voltage for logical HIGH states is 3.3volts. The serial port works at 3.3volts as well. On the other hard, a PC’s serial port works at 12volts. You do not wish to connect a 3.3volt system to a 12 volt system directly.

  13. The Following 3 Users Say Thank You to GSM_Update For This Useful Post:



LinkBacks (?)

  1. 01-20-2012, 04:58 AM
  2. 10-26-2010, 11:26 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •