***Mtk Based China Phones briefing***

S

Seth ☺☺☺☺

New member
Starting...

As someone with some experience in the embedded development field I will try to explain the procedure to successfully hook an MTK phone up to a computer. I make this work to be as thorough and logical as possible. My target is, provideing all who is interested about chinese mircale phones to make the best and safety action on MTK based phones. I hope you find this thread useful.
Let's begin.


Please dont post anything before my thread finished.

B.R
 
What are we dealing with?

My preferred way of looking at MTK based cell phones is that of looking at small ARM
based embedded platforms. The MTK baseband chips have 33-66 MHz ARM cores. They
come with 4-8 megabytes of SDRAM, and either a NOR or NAND flash for storage.


Q: Is it possible, in theory to run Android on these phones?
A: No. Android has much higher minimum requirements.

My target when interfacing with these phones is to read/write the contents of the flash chip, so we will focus on that for a bit.

The flash chip contains 2 things: the firmware and a file system section. The firmware of course is the program (OS) that works the phone. It handles user interface, communicates with all the attached devices (microSD card, camera, BT module, GSM module, etc..) it
 
Firmware


MediaTek sells a reference firmware platform to its licensees which they all use (after varying levels of modification). What this means is that all MediaTek firmwares are based on the same code base, and thus all MTK phones have similar, if not identical basic features. For example:basic UI code, such as language handling, input handling, and resource handling code will be the same. This is why a single MTK Firmware Editor can open almost all MTK firmwares, and successfully edit the resources contained within.




This reference platform comes with no support for external executables. All functionality is linked into the firmware at compile time, so adding new features or applications afterwards is infeasible, and without months of reverse engineering, by skilled developers, impossible.There are no such projects so at the time of writing there is no way to run outside code on the MTK platform (unless the firmware of interest has Java support, or NES emu compiled in).



Q: Can I add new apps to the phone?
A: No. (Unless your firmware has Java support or NES emu)
Q: Can I create my own apps that run natively on the phone
 
A number of firmwares MAY have several drivers compiled into them, with the right one being selectable from the Engineer Menu, so in some cases that may work. Also a model
 
File system



The file system section comes after the firmware on the flash chip. Different flashing solutions call it differently including FAT, FFS, NVRAM, System/User FS, etc..


This section contains several actual file systems (FAT12, FAT32) on top of a proprietary structured data store layer. I know of no software that can handle this top layer, so access to the file systems within is only possible through the phone itself for the time being. These file
systems contain all the data used by the firmware from system data like device driver settings, to user data like the phonebook, messages, or data account settings. When people refer to formatting a phone, they
 
Interface



There are usually at least 2 ways in which you can interface with an MTK phone. With the supplied data cable: through USB, through a 3.3v serial UART, and through BT.The grid below illustrates what you can do with each interface.






As you can see, you can
 
Direct COM Interface (slow)



This is where level shifters come into play: one example of an RS232 level shifter would be the MAX3232.







If you build the above schematic, and supply it 3-5 volts (Phone
 
USB Serial Interface



The serial ports on MTK phones support up to 460800 bits per second. But how can you take advantage of that with a PC? Through a USB Serial cable. Unlike regular PC serial ports USB Serial chips are capable of speeds of up to 921600 bits per second. The MTK phone will initiate communication at this speed, but it won
 
Another way for connection:
"The Multimeter method"



1. Plug your new connector into your phone, with solder pads/pins exposed
2. Put Multimeter into fault-check. (or if unavailable, then it
 
Flashing theory



After the connection has been established, flashing the phone happens the following way:
Phone is turned off.
Boot process is initiated on the PC in the flashing software. This continuously starts sending a certain byte out on the serial port.
The phone
 
Boxes


Flashing boxes are capable of opening the Security Zone before a full flash. No, let me rephrase that: The software that comes with flashing boxes is capable of opening the Security Zone before a full flash, allowing the full flashing of phones; this is actually one of the many
things that warrant their existence. Boxes are essentially hardware keys that protect the software that was coded for them, combined with USB Serial adapters. Some also include dynamic pin configuration and automatic pinout finding circuitry. They can cost several hundred USD, but come with support, cables for most MTK phones and flashing software. Some also provide firmware editing software, either in the basic package or as an addon for a fee. Qualities of these vary from box to box.



Flashing in practice, using MTK flashtool



MTK FlashTool is the
 
Full Flashing with MTK FlashTool



Full flashing, with no regard for the Security Zone, as discussed above, this will create bricked phone unless you continue with the the fullflash guide, have an image with an open Security Zone, or one with Security Zone protection disabled.
First open notepad (that
 
Thank you! Nice information!
It is really a nice post, its always great reading such posts, this post is good in regards of both knowledge as well as information. Thanks for the post
really great
general knowledge
 
Back
Top