Not work! - Firmware hacks
This topic was created by dogged .
Not work! - Firmware hacks
Couldn't think where else to post this.
I've decided to do something about my old Motorola RAZR V3xx.
I love this thing. The form factor is perfect. It's pocket size, it's damage resistant, it's HSDPA, it's easy to use, it never drops calls, it gets four days usage from its tiny battery without issue.
The only problem is the usual Motorola problem - the OS is dogshit.
So, i thought, I'm still a programmer. I can do embedded work, I do it all the time. Why not?
Why not? Because it's 2013 and there are no available resources to study from is why not. So. If any of you have any dim and distant memories or even better, current links on how MotoRazr v series phones actually worked - and I want to go much further than just skinning - could you let me know?
Re: Not work! - Firmware hacks
Looks like if it's not on XDAdevs then you're S.O.L. So roll up your sleeves and dive right on in...
Or buy a new phone! ;o)
I know you love you phone
But why bother? You'll spend a lifetime trying to get it right.
Why do you think the software is so crap? Well the programmers got bored, hated the phone and so, went down the pub and had a few beers. That's where you need to be...... Life is too short.
Some background info & suggestions
It runs a proprietary Motorola OS called P2K, IRC. AFAIK, there aren't a lot of hacks, although one way in might be bluetooth as I believe they used the BlueZ open source stack at the time.
You might see if you can get a USB data cable for it. Some platforms allow greater access through these connections (aka Sony Ericsson) which allowed people to hack the platform. I don't know it would do any good, but it's worth a try. In a similar vein, you might crack open the phone (or another working copy) and try to identify a JTAG header....
Also, see if you can download software updates. Sometimes you can unbundle these and modify them. A lot of old skool phone hacks were done this way, then flashed through USB data cables...
Finally, I know for a fact that the 'modem' (the part than handles communicating with the network) is a physically separate processor from the one running the OS. This was done for security reasons and specifically to make it MUCH harder to hack.
Overall, I would rate your chances of achieving anything meaningful as pretty low. The reason I say this is that, at the time that phone was new, I was at Motorola trying to get them to open it up so people could write apps and there were a LOT of technical barriers that made hacking it very, very difficult. That said, they did setup a dev site and there might have been some code up there, although I don't think it was for the P2K platform but for Brew (if anyone remembers that).
Re: Some background info & suggestions
There are a lot of differing accounts out there as to what's going on under the flip, as it were.
P2K5 (Pegasus 2005) is variously referred to as an OS or as a bootloader, while the actual meat of the thing is claimed to be either an S60 variant, a proprietary Verizon Symbian - unlikely as mine is GSM and works in the UK - or JUIX, a Motorola-proprietary linux contaminated with Java.
I agree that my chances are low but honestly, it's a form factor that shouldn't be wasted on the horrible crap it runs as stock.
Great hardware, grotty software
I used to have a PEBL. Lovely hardware; solid, elegant, felt nice in the hand, good battery life. The hinge mechanism in particular was genius. OTOH, Satan himself would have been ashamed to have admitted to designing the software.
I ran into the lead of the contract team who wrote the software for the PEBL once. Embarrassingly, I only found this out after ranting to him for twenty minutes about lousy mobile phone software, using the PEBL as exhibit A. But it was okay, because he agreed with every word I said --- apparently they were continually filing bugs upstream saying, "look, we implemented it the way you told us to, but this is awful". But they were all closed with WORKS AS INTENDED. There was absolutely no interest in Motorola about making the things usable.
I think I've still got it somewhere. I wouldn't have thought it was that different to the RAZR inside, so I'd be interested to know if you find anything out...
Re: Great hardware, grotty software
I worked as a field test engineer for Moto during this period, and the phrase WORKS AS INTENDED dredges up an old familiar sinking feeling...
I used to flash motos back in the day, sadly all the core boards/forums have now mostly gone i saw motohell was still rocking.
Not sure if it would be possible to unpack and stock firmware and start from there. I do remember people rocking firmwares with extra menu options in, but its a long way back and its a bit fuzzy now..
Personally i wouldnt bother, the great battery life came from the fact the cpu was pretty much as powerful as a casio solar powered calculator, the interface was a pos for a reason.
Personally i would just retire it back to the draw you found it in.
Strange co-incidence. I recently bought a new battery for my old V3, and fired it up.
I did flash it back when I got it, mainly to remove the vodafone crap. Motomodders.net I think was where the stuff was happening at the time.
Still has my poker games on it and a very playable galaxians - as well as being an excellent phone.
Also - it is a tank. :)
Problem is it refuses to charge now. Displays a message - Unable to charge. I will Have to charge the battery separately. Bummer.
Just sharing you enthusiasm for the phone though. It really is a gem. After not using it for five or six years just flipping it open to answer a call is a joy. And it's cool metal sleekness. Ahhhhhh.
*wanders off for some alone time*
@ deMangler - Re: charging RazR
A normal mini USB did not work to charge I remember.
Re: @ deMangler - charging RazR
Mine charged from USB as soon as Motorola's drivers were installed.
Re: @ deMangler - charging RazR
Thanks andreas koch for this:
have you tried
XDA-developers for some inspiration???
IIRC, having programmed user apps on the RAZR/PEBL/et al, some of them use a custom os (which Chris_Maresca said was P2K), and some of them run Qualcomm BREW, depending on which country it was bought in.
This is a great idea... I loved my RAZR v3, I'd probably still be using it now had someone not stolen it while I was at a concert...
I found a repair manual that suggests it's a 52MHZ ARM7 chip inside, but we could probably have guessed that. (http://www.ko4bb.com/Manuals/Motorola/Motorola_-_Razr_V3-repair-1.pdf, if it helps)
I haven't found anything else yet - other than the user guides I've come up short too.
Forgot the user guide link: https://motorola-global-en-uk.custhelp.com/app/answers/prod_answer_detail/a_id/91818/p/30,669,8503
Custom Firmware for this does exist. Can run elf files to do different things. I had to install one temporarily so that I could force it to unlock.
This is probably the best place :
http://modmymobile.com/forums/383-mod-your-p2k-moto presuming it is complete and the downloads work.
P2K can be tons of different things as well it defines the look not necessarily much else. (Think there is an article on this very site about its history).
Dunno about v3xx (Looked back only at the title). Could be completely different for all I know.
The old site I used was called modmymoto but seems now to point to that new one.
There is another app that strips the RSA before using RSD Lite
If you need do downgrade the bootloader for whatever reason with RSD Lite then you have to do the testpoint first. (Look for a phone unlocking site for the v3xx for the testpoint pic).
My RAZR v3 is my most recent phone. I must've bought it several years ago fr £30 on ebay.. The battery cover is held on by double-sided tape and the front screen displays fuzzy lines since I dropped it, but other than that it's great. It's 3G, and I can use it for net/email (Opera browser works great)-- what more does one need? It even fits in a small pocket.
I flashed it years ago with 'russotothemax' firmware. I seem to remember using various bits of software which I no longer have.
I think it might outlast me.
Re. phone "hacking"
Hi, I've got a broken V3 here if you want it for "research" purposes.
I also have an e-ink one which is locked to a UK phone company which doesen't work anymore.
Anyone have a use?
Kind regards, mailto Mother Alpha Norway Delta Orwell Lima Indigo Norway Echo at Cobalt Whiskey George Sierra Yemen dot Norway Echo Tango
Re: Re. phone "hacking"
Ahh, the irony of an AC posting his/her email address! ;)
and QPST (haven't got a link, there's probably something you could find on google . . .) which is a Phone software suite with quite a bit of oomph.
and see if there's any connection possible. Might be a start. Also the cable pinout is not a standard one but has a couple of resistors over some pins, it might not work with a 'normal' USB->miniUSB. It won't be an OTG cable either.
Pinout link is in an earlier post above.
Good old days
Ah I remember the days of tweaking the software on my Motorola Razr Maxx V6. The Maxx V6 ran the same or very similar software version to the V3xx so you may want to research modding the V6 to give you some inspiration.
Someone mentioned Russotothemax - that was a great piece of modded software :)
ModMyMoto was the website I used to use a lot back in the day :)
Another idea, potentially daft:
Might it possible to shoe-horn the internals of another phone (with a nicer OS) into the case of your RAZR V3, and hook em up the the V3's battery? Just a lateral thought!
Re: Another idea, potentially daft:
I have actually thought about that but as always, it's going to be all about the drivers. Second screen, keyboard, buttons on the side of the top-flip, that joypad-alike controller, not to mention the seperate nvidia gfx chip this thing has...
It's tempting but I can't really see it being feasible.
Designed by a designer from The University of Bradford, of all places :)
No wonder it was bullet proof.
Loved my old Razr V3... I tried the V8, wasn't the same... too much glossy glass.
Good old days ???
One could think you are talking about the 18th century. There's still a lot of stuff that can be downloaded at modmymobile.com. P2K Commander just got updated. The RAZR isn't dead yet. I got a V3i DG when it came out and it's as good as new.
still love my V3
I remember going thru handcompiling a special version of moto4lin to get access to the filesystem and upload a cutout of dillinja's "rinse it out propper" starting with the nokia-tideldum, modified with audacity and lame to get it into the right format. whenever my phone rings people look like "ew, that guy still has an old nokis", then the beat drops and I flip it open and their jaws drop :D
Re: still love my V3
I suspect that actually what happens is that your phone rings and nobody cares, then the beat drops and you flip it open, and they still don't care.
Just stopped by to drop a line of encouragement to the OP. All the clues I knew of as to where to get what there is to mod it, have already been posted by various gentlemen before me.
I could add that lately, in a space of some two months, I spotted two shops in the street actually *selling* the thing *brand new*. Not used--brand new in original wraps--in 2013!
still using my razr as phone as well
still remember having to handcompile a special moto4lin with patches to get access to the filesystem to upload a loop of john b's "bandwagon blues" starting with the nokia ringtone, making people look weird at me, but then the beat kicked in and I flipped my razr open like a boss :D
charging over usb works outofthebox on linux, just M$ needs some drivers. In current fedora versions I can even unlock the sim from the desktop if I boot it while attached...
Still use one as well.
Have seen many people go through many phones. Some of those massive clunky things out there today appear to have a lifespan of milliseconds, and forget about dropping it (mine has been dropped from pocket/waist height onto concrete/asphalt many more times than I can remember, not even a glitch in the screen).
Has some case damage but nothing major, still has 100% of its functionality. And OTB on Linux I've been able to have a working net connection in seconds without mods. Can do that and/or charge it over a standard mini USB on Linux. On Windows it won't charge, for some reason Windows drains the batter but am sure that's some funny driver issue.
Brought it for the net speed and so-called "voice dialing" (for motorbike use). The voice dialing was a big letdown (open phone, go to menu, go to sub menu, and so on and so on whereas my old Sony Ericson was "say special pre-recorded word (of your choice), then "Dial [person] [phone type] (eg "Dial Nick mobile"), but the net speed was better than I could get with a landline, and cheaper then too thanks to a screwup Vodafone had in their billing systems at the time). Still have it some 8yrs later, still works fine. Although there has been many many many many times I've been tempted to throw it from a high cliff overlooking the sea or something like that. Whoever designed the hardware did a great job. Whoever decided that the final software was suitable, well, see icon..
(Wish PTT had taken off - with a remote switch suitable for use with gloves, that would've been a great tool for motorcyclists :) )
Some places to look
Hey - I used to modify the living hell out of similar p2k phones. There is quite a lot you can do to improve the experience on them
In terms of what you will need:
RSD Lite v3.6 or newer - this is a Motorola internal tool used for software updates and fixing bricked phones
Flash&backup 3 or newer - similar to above but has more features but is more buggy. Useful to have both
P2ktools - will allow you to modify P2K's version of a registry or code groups toggling bits which enable and disable features.
Universal p2k drivers - I'd highly recommend these over any other driver they'll give you the least trouble.
The first thing you need to look into is 'removing RSA' from the phone - with RSA still enabled on there you arent going to be able to modify certain code groups. This is similar yet more complex than enabling root on Android. YOU MST DO THIS BEFORE FLASHING ANY RSA REMOVED MONSTERPACKS. Also once you're RSA removed you can't flash ROMs that aren't RSA removed.
'Roms' for these phones were called 'monster packs' back then so that's what you're looking for.
To get it into flashing mode you need to get it Into its bootloader.
- QUICKLY before it auto-starts, press the * and # keys SIMULTANEOUSLY, and HOLD them while pressing the Red Power Button. So it's pressing a total of 3 buttons at the same time. Your phone will 'blink' a greyish background, then some strange numbers and words will appear. Your phone is now in bootloader mode. Make sure that it says "Connection Type: USB", else you're doing it wrong, try again.
There is still a site that has the old Motorola forums running - check out http://modmymoto.com/
Any questions or anything shoot me an email at email@example.com
Re: Some places to look
If anyone else is also interested in this project, I found the following site - http://www.7900novadrive.com/v3/v3x.htm
Towards the bottom there's a four-part guide to modding the V3x, which is P2K rather than P2K05 but still a really great resource for anyone who wants to know the terms people were using back then.
This is great stuff, thank you.
HSDPA is the problem
I originally saw the headline which refers to a RAZR V3, for which the modern 2G replacement is the Motorola GLEAM+ released last year.
But HSDPA support is the problem as the GLEAM+ doesn't do that. There's are pitifully few handsets with those specs in recent years, the LG GD580 (2010) and Sony Ericsson T707 (2009) are just about available still and have similar specs.
If you want battery longevity while sticking with a more modern Motorola, the upcoming Moto Xphone is rumoured to have a very large battery pack..
V3XX was the parent phone to the V1100, designed in Basingstoke 7 years ago. Development was hell, but still fine phones.
No more to add but reminiscence. Was a hardware bod on that phone.
Re: Motorola UK
The phone where Moto missed a trick IMO was the cancelled E1120. A great looking 3G phone from 2005 which was way ahead of most of the competition. What did we get instead? About a million different versions of the RAZR..
Re: Motorola UK
Their OS policy was a disaster too, in 2006, they had at least 7 different OSes in development. Only thing they knew was that Synergy wasn't it...
What various people have said is true, you'd have to get around the RSA piece, and then you'd only really be able to flip a few settings on/off, replace some graphics.
The "packs" as mentioned would let you add some JARs/apps etc, but without the relevant tools to build your own, you may be on a hard slog. "Coding" for yourself (which is what I implied from your post) would be next to impossible without the full build chain and signing tools. The AP and BP processors (the BP especially) were immensely well locked down. I worked with some of the guys who worked on BP security on later phones, and the High Assurance Boot (HAB) was 'nicely done'. Not sure if the V3xx used eFuses, but if they did, I suspect it will block your intents....
You also don't want to have to play with the awful 'fun' that was the Clearcase configspec, multiple (very large!) VOBs. *shivver*
Anything involving the word "Clearcase" automatically excludes "fun".
Although I do wonder if the new all Googly Moto might be friendly if approached for some toolchain help.
I was working on site (actually, the same project where I met the PEBL UI guy, go figure) with an unrelated customer who was using Clearcase for their ghastly train-wreck of a mobile phone OS.
A noop build and flash would take 45 minutes. That was the minimum time that every build/test/debug cycle would take. Turns out that at least half of this was fetching all the libraries out of Clearcase over 100MB ethernet, three times.
Every few days an email would go round asking people to make sure that their antivirus software was up-to-date. Turns out this was because the Clearcase repositories were mounted as Windows volumes, and were mutable. So if a virus (and the place was riddled with them) tried to infect an executable it found there, the change would be automatically checked into their VCS.
Said mobile phone company eventually canned the project, the operating system, the staff, and (I think) the entire sodding *building* because it was all so awful.
Can't be any worse than my e-reader which frequently crashed when resizing a PDF.
I mean come on, how can they release a device that has such an obvious flaw?
Memo to self:- carry around a microSD full of "technical documents" just for testing such things BEFORE
spaffing £££ on a borked device that will annoy me enough to melt it with Thermite(tm) .... !
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Storagebod Oh no, RBS has gone titsup again... but is it JUST BAD LUCK?