SIM800 firmware blob; FreeCalypso

[CRImier]

The default 2G modem on the ZeroPhone, SIM800L, runs a firmware on its Mediatek CPU - the firmware performs low-level GSM tasks, as well as interfaces through UART using AT commands. The firmware is updateable through the same UART interface - there are different firmwares available on the Internet, but all of them are closed-source. While the SIM800 does not have any access to RAM of the CPU, it is still running code that we can't trust, can't fix and can't improve.

There's already project named FreeCalypso that focuses on having a GSM modem with an open-source firmware. While the firmware isn't libre (due to the fact it is based on leaked copyrighted code), it certainly gives us freedom to work on any security and privacy concerns, as well as add our own functionality to the modem's firmware. They don't yet have a hardware offering available that would work as some kind of drop-in replacement for a SIM800 modem, but their development board could be hooked into a ZeroPhone more or less easily (although its PCB is significantly larger than the ZeroPhone itself).

There's also a PostmarketOS-driven effort to reverse-engineer and replace the bootloaders and baseband code on Mediatek-based GSM chips. It actually looks like a viable libre firmware option for SIM800 in ZeroPhone, as SIM800 is based on MT6261 and their efforts are targeting MT6260! So, it's possible that, after some point, this firmware could be used on SIM800 - however, that requires coordination and collaboration with the team doing the reverse-engineering work, thus I need to see whether there's a possibility to do so.

Notes:

• The SIM800L will be phased out of the ZeroPhone eventually, but we'll have the same problem with 3G/4G modems that would follow.
• SIM800 has the Embedded AT (EAT) programming mode. Its usage is not widespread, but there is some documentation about it - here's an appnote.

• 11 is about a SIM800 firmware update tool that would be useful for us to have.

[vogt31337]

Maybe have a look into: https://github.com/xobs/fernly Seems like bunny and xobs have started to reverse engineer the MTK6261/MTK6260 processor.

From "SIM800 Series_Bluetooth_Application Note_V1.07" Page 9:

MTK6260 platforms: SIM800, SIM800M64, SIM800H. MTK6261 platforms: SIM808, SIM800C, SIM800A, SIM800F. MTK6261_DS platforms: SIM800C-DS. MTK2503 platforms：SIM868, SIM868E.