Skip to content

siemens-mobile-hacks/pmb887x-emu

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

107 Commits
.github/workflows
.github/workflows
 
 
bsp @ 2f018ae
bsp @ 2f018ae
 
 
docs
docs
 
 
qemu @ c7b8272
qemu @ c7b8272
 
 
tools
tools
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
emu
emu
 
 

Repository files navigation

What is this?

This is hardware emulator for any boards with pmb8875/pmb8876 CPU. Mostly legendary Siemens phones.

Current state is very poor alpha with many bugs and most of unimplemented hardware. :)

Supported hardware

Phone CPU Emulator
BenQ-Siemens EL71 pmb8876 siemens-el71
BenQ-Siemens CF130 pmb8876 siemens-el71
BenQ-Siemens E71 pmb8876 siemens-e71
BenQ-Siemens C81 pmb8876 siemens-c81
BenQ-Siemens M81 pmb8876 siemens-m81
Siemens S75 pmb8876 siemens-s75

Prebuilded releases

For Windows you can download pmb887x-emu-windows.zip in releases: https://github.com/Azq2/pmb887x-emu/releases

Also, for windows required perl: https://strawberryperl.com/

For MacOS/Linux you must build itself. Unix way :)

Building

Linux

# Install dependencies (Ubuntu or Debian)
sudo apt-get install perl
sudo apt-get build-dep qemu

# Clone from GIT
git clone https://github.com/Azq2/pmb887x-emu
cd pmb887x-emu
git submodule update --init

# Configure and build
./tools/build.sh

Windows (building on Ubuntu 22.04 / 23.04)

# Install dependencies
sudo apt-get -y install meson mingw-w64 mingw-w64-tools mingw-w64-i686-dev mingw-w64-x86-64-dev mingw-w64-common

# ONLY FOR 22.04 LTS
wget http://mirrors.kernel.org/ubuntu/pool/universe/m/mingw-w64/mingw-w64-i686-dev_10.0.0-3_all.deb -O /tmp/mingw-w64-i686-dev.deb
wget http://mirrors.kernel.org/ubuntu/pool/universe/m/mingw-w64/mingw-w64-x86-64-dev_10.0.0-3_all.deb -O /tmp/mingw-w64-x86-64-dev.deb
sudo dpkg -i /tmp/mingw-w64-i686-dev.deb /tmp/mingw-w64-x86-64-dev.deb

# Clone from GIT
git clone https://github.com/Azq2/pmb887x-emu
cd pmb887x-emu
git submodule update --init

# Configure and build
./tools/build_win.sh
./tools/make_dist_win.sh # optional, for .zip with release

MacOS

# Install dependencies
brew install llvm libffi gettext glib pkg-config pixman ninja meson coreutils perl

# Clone from GIT
git clone https://github.com/Azq2/pmb887x-emu
cd pmb887x-emu
git submodule update --init

# Configure and build
./tools/build_osx.sh
./tools/make_dist_osx.sh # optional, for .tar.gz with release

How to use

You can use simple frontend called emu. It provide more simple interface for qemu and written in perl.

Just perl ./emu --help for all options. But not all options works now :)

Some useful examples:

  1. Running fullflash with default emulator OTP
perl ./emu --fullflash EL71.bin --device siemens-el71
  1. Running fullflash with your own ESN and IMEI
perl ./emu --fullflash EL71.bin --device siemens-el71  --siemens-esn=12345678 --siemens-imei=490154203237518
  1. Seeing EXIT's in USART console:
# First terminal
perl ./emu --fullflash EL71.bin --device siemens-el71 --usartd

# Second terminal
perl bsp/tools/usartd.pl NormalMode

Real world example

Let's assume you have fullflash. Of course, simple running commands from examples do not work :)

That's because Siemens mobile is paranoids and firmware has hardware binding.

And you have two ways:

  1. Recalculate keys in firmware using following steps: docs/recalc-siemens-fullflash.md

    Then run emulator like this:

    perl ./emu --fullflash EL71.bin --device siemens-el71

  2. Find original ESN and IMEI from your phone and run emulator like this:

    perl ./emu --fullflash EL71.bin --device siemens-el71  --siemens-esn=12345678 --siemens-imei=490154203237518

Once the emulator is running, you should first see BENQ-Siemens boot screen and then something like this: A screenshot of a running emulator

Don't worry, that's okay. :)

Currently the emulator does not support SIM card emulation.

If you would like to get past the "Insert your SIM card" screen, you will also currently need to apply a patch like this one https://patches.kibab.com/patches/details.php5?id=7116 to your fullflash file. This can be done using V_Klay.

Keyboard

You can press keys on the phone keyboard using your computer keyboard.

  • Soft keys: Left: F1, Right: F2. Send/Start Call: F3. End Call: F4.
  • Navigation (joystick): Arrow keys. Press navigation key: Enter.
  • Number keys and * are mapped to NUM-keys. # is mapped to Numpad /.

Full key mapping is defined in board.c.

Status

Works:

  • Just running :D

Implemented hardware:

  • TPU timer
  • GPTU (partial)
  • DMA AMBA PL080
  • EBU
  • STM
  • PLL
  • DIF
  • NVIC
  • PCL (partial)
  • SCU (partial)
  • RTC (very partial)
  • USART
  • I2C in master mode (only pmb8876)
  • KEYPAD
  • LCD panels: JBT6K71 / SSD1286
  • PMIC: Dialog D1601XX (stub)

Not working, but planned:

  • Synchronization with realword time. Currently clocks running on own "emulator" time.
  • SDcard emulation (PL180)
  • SIM emulatiom
  • Power off, pickoff/keys sound
  • Sound
  • Fixing detection of DCA-510 cable for working USART in Siemens firmwares
  • I2C for pmb8875

Not working and impossible:

  • Bluetooth / IrDa
  • USB

Not working and planned in far future:

  • GSM / Internet emulation

Planned SGold2 boards:

  • BenQ-Siemens SL75
  • BenQ-Siemens S68

About

Emulator for pmb887x mobile phones

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

13 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages