Gigaset Debug Adaptor Production

Manufacturing handset hacking hardware

A photograph of a small PCB
tSYS and Manawyrm designed a neat debug adaptor to conveniently tap into the internal UART of Gigaset DECT phones. “I should get some of those made” I thought. So I did. It’s a super cute tiny PCB which takes the place of the 2xAAA batteries and provides power and connection to the phone’s internal UART via USB.

Wait, DECT phones? Like wireless landline phones?

Yeah, hackercamps/cons like EMF and Chaos Communication Congress tend to have a DECT network which everyone uses to give each other missed calls/occasionally get through only to not be able to hear anything over the extremely loud techno.

Uh okay sure, but why would you want one of these?

Look, the type of people who enjoy using arguably outdated technology to communicate with one another are also often the type of people who enjoy reverse engineering shit. Because hackers, ok?

What can I do with it?

Hook a Gigaset handset up to a computer and access the internal UART as a USB serial device. At the time of writing, reverse engineering efforts are in early stages but tSYS and Manawyrm also built a UART Bootloader which allows read/write access to the flash chip on the device for dumping/reprogramming of firmware. This has been used to add custom MIDI ringtones and tweak battery charging parameters to better suit NiMH cells.

Where can I get one?

Order one from the wlcx industries webshop!

Tested Handsets

  • Gigaset C430H (designed for this)
  • Gigaset CL390H (works fine, has shallower pads so adaptor sticks out and requires holding in)

Getting started

  • git clone https://github.com/TobleMiner/dialog-cr16c-uart-boot
  • Stick the adaptor in the phone, then plug in USB
  • The phone should power up!
  • python -m venv .venv
  • source .venv/bin/activate
  • pip install pyserial
  • python host/dialogtool.py chip_id
  • This should print some stuff, talk to the phone and eventually print a chip id!
  • You can now dump the firmware with python host/dialogtool.py read_flash fw.bin!
  • Have fun…

Troubleshooting

  • If your handset isn’t powering up with the debug adaptor in:
    • Try making sure the battery contacts are contacting properly - you can bend the metal contacts on the adaptor slightly with a pair of pliers
    • Try inserting the adaptor with the usb disconnected, then plugging in the USB.
  • I’m on MacOS and it doesn’t seem to be working properly
    • Yep, I saw this when testing too. I’m pretty sure that this is due to the MacOS CP2102 (usb serial) driver not handling setting the DTR/RTS lines properly. There’s some discussion about it in various places. My best advice is “use linux, sorry”.