Hacking ZTE-G S511, cheapest mobile phone at €7.50

From Technologia Incognita
Revision as of 16:12, 1 July 2013 by Amphack (talk | contribs) (If we can let this phone do our bidding, for €7.50 all kinds of applications could it be used for. First thing reverse the firmware)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Projects
Zte.jpg
Participants
Skills precise soldering of SMD, reverse engineering firmware, ARM assembly
Status Active
Niche Electronics
Purpose Use in other project

This phone got me thinking, you can get this including a prepaid sim card for €7,50 at the KIJKSHOP. It has a mp3 player, a sd card reader, and a micro-USB port to connect the headphones, as well as transfer files to the SD card (USB mode).

AFAIK now its possible to run the firmware from an external UART / serial feed. (you cannot flash the protected flash rom apparently, but there maybe ways around it, who knows). Its possible to read the flash and then disassemble with IDA PRO to see if anything can be done with it. would be nice to use this complete device with an extra board feeding it the firmware via UART and see if then a microcontroller can control some functions, (like dialing/sms-ing) on certain events, etc.

Nicest would be if of course the USB port could be used to interface and the whole thing could be reprogrammed this way to for instance perform a autonomous alarm system, tripwire whatever. Battery power limits the time (solar powering).

Basically the whole point was, €7,50, including battery, 5 euros of credit for a whole phone - worth to hack.

Hardware disassembly

DSC01325.JPG

It is based on the MT6251 Reference Phone (Sparrow51) Which is based on the ARM MT6251V.

It has a Macronix mx25u3235ezni 32M-BIT

It uses a RF7176 quad-band (GSM850/EGSM900/DCS1800/PCS1900) GSM/GPRS Class 12 compliant transmit module.

The LCD screen is a TXDT144CF 128x128 RGB 1,44"

Pages on MTK

Based China Phones briefing*** This thread describes everything to get the flash from the phone and hack it. I have made a seperate page to make sure that when this forum is taken down no information is lost.

plan

Ok i've figured out that according to this thread it is possible to UART(?) rx, tx and ground to pins on the board (figuring out which pins is simple with multimeter) and then feed the firmware from the serial port. Flashing the memory is not possible because the device is protected against that. But a very simple arduino? board or whatever which feeds the firmware could then control the GSM, mp3player, sd card etc.



With a based USB-to-serial converter a RS232-TTL level converter (12V to 3.3-5V) should not be necessery. The PL2303 already puts out 3.3-4 volt, actually it speaks about a pin that regulates the voltage level.


30 / 6 / 2013

my lack of soldering skills and general chaos have destroyed the phone. i need to find another one....



Some pages of possible interest

http://forum.gsmhosting.com/vbb/f312/____sagemjtagunlocker-support____-526394/ http://www.clones-chinois.com/index

Retrieved from "https://wiki.techinc.nl/index.php?title=Hacking_ZTE-G_S511,_cheapest_mobile_phone_at_€7.50&oldid=6789"