Nokia 3310 firmware hacking

This article is part of a larger project to build a multi-purpose board that can replace a Nokia 3310’s mainboard.

Some history

A long time ago, (I felt like) I was the coolest kid on the block, with my heavily modified Nokia 3310. A thriving community existed with the purpose of reverse engineering Nokia DCT3 phone firmwares, creating from the simplest mods like changing a few bitmaps to writing a full alternative open source firmware, aka Project MADos. Yes, I was “cooking ROMs” before it was cool.


This is what I’m talking about:

As the years passed, everyone got new phones and these projects got abandoned. While I was writing this article and working on my project, I looked back at the iconic websites of that era to find myself in a ghost city full of dilapidated buildings. blacksphere.tk is now just a black page. nokiafree.org attempted to renew itself providing recent Nokia news, but got abandoned early this year (but still kept the awesome forum archive). g3gg0.de, the website of one of the legendary hackers that put a lot of effort on the reverse engineering, lost a lot of the old content in an update and stopped updating his blog in 2013. Most of the links point to dead websites, and it’s getting harder to find copies of the tools and firmware images. I’ll upload some later.

Nokia firmware

A 3310 phone has a very simple memory mapping:
0x200000 – 0x340000 firmware
0x340000 – 0x3D0000 PPM
0x3D0000 – 0x400000 EEPROM
and the PPM is what I’m looking for: it stores all the localization data (strings and operator list), fonts, ringtones and bimaps. PPMEdit is a nice piece of software to edit and export that data.

Bitmaps

ppmedit2
On the Bitmaps window, you can find and edit all the images and export them as single .bmp files. So I just have to convert them to store the data on an external eeprom because the Trinket board that I’m using doesn’t provide enough memory to store all that stuff. The PCD8544 display stores the data in this order:

lcdmemoryso I’ll just pre-align the data in a way that will not require any further processing by the MCU, that will just have to read and forward it. I played a while to see if I could directly connect the SPI MOSI from the eeprom to the MISO of the display, to save buffering and time during transfer, but this would increase complexity a lot if I wanted to access the display from the MCU too so I’ll leave this exercise for another time.
You can find the C# code I wrote to handle this conversion in my github.

The fonts

ppmedit1
Preparing the fonts is  a bit harder, as they are exported with a custom file format. It’s not complicated at all, and I’m working on a tool to prepare that data for easy access too, but that’s not quite ready yet. As the display memory is arranged in six 8bit-high rows, it’s very easy to use the small fonts. Putting fonts between the rows or using the large/bold one (13px high) will require a lot of effort and CPU power, so I won’t implment it now. Ladyada’s library does it and eats up 35% of the flash available, and I can’t afford it right now! :)

2 thoughts on “Nokia 3310 firmware hacking”

  1. Ciao Mastro, ho trovato questo tuo blog girando.
    Mi interesserebbe sapere che interfaccia hai per flashare il nokia 3310.
    Avevo fatto nel 2014 un Dejan con la porta parallela ma non và piu e non riesco piu a connetterlo.
    Mi daresti una mano? Grazie :)

    1. Ciao! Usavo una seriale e fbus, ma era mille anni fa… Non ricordo molto :)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.