hi everybody,
i have GPS tracker TK102-2 on MT6260DA
some experement - connect to TXRX pad on board and use USB-COM ( on pl2032 ) converter
try "ATcommand Scaner" but only : at ata ath atz, all diferent comand return eRRors. but then i call to tracker it tell "+EAIC: 1, "my phone number", 145, 0, 1"

then send sms = no emotion...
ok im found what is means "+eaic" in this document https://drive.google.com/file/d/0B6iA3X50Dnp2OVZYU241SzBKYTA/view?usp=sharing

in this pdf mt6260 https://drive.google.com/file/d/0B6iA3X50Dnp2X1prTFJCM05jSm8/view?usp=sharing

try "com port scanner" and test all TXRX pin on second chip GSM module AIROHA AP5200 FEM for Dual-Band GSM/GPRS http://www.airoha.com.tw/webe/html/pro/index.aspx?kind=42&num=54&lv=2 but have only hex code. think im not rite scan it.... its not convert in to the ascii mode..... but information present.

yes and every time near 15min its turn to me 

F1: 0000 0000

V0: 0000 0000 [0001]
00: 1029 0002
01: 0000 0000
U0: 0000 0001 [0000]
G0: 0002 0000 [0000]
T0: 0000 0C73
Jump to BL

If you boot all the way to the OS, you can issue AT commands over the serial port just like you can by connecting through the USB port. So, I am not convinced that there is any advantage to wiring up a serial port to the bottom. Once the secret of going into bootloader mode is revealed, you can probably do all your reverse engineering without taking the watch apart.

This is as far as I have gotten so far:

I have wired up a 6 pin FTDI USB to serial cable to the test pins on the bottom. The 3.3v line connected to Vbat because the watch will not power without the battery. And of course RX,TX, and GND.

The watch will communicate on this port at 115200 baud. What comes up is the bootloader string, which then exits to the main application. I haven't figured out yet how to get it to stay in the bootloader.

This is the bootloader string:

F1: 0000 0000
V0: 0000 0000 [0001]
00: 0000 0000
U0: 0000 0001 [0000]
G0: 0002 0000 [0000]
T0: 0000 00C0
Jump to BL

Init Start
Init done, 0xe9f3688
Jump to ExtBL, 0x3460



~~~ Welcome to MTK Bootloader V005 (since 2005) ~~~
**===================================================**


Bye bye bootloader, jump to=0x10010368

Nothing more yet. Been out of the country for a bit and just got back. Unfortunately with the lack of a project in mind, I am not especially motivated. Playing around with the USB com-port it creates, I was able to make calls with it and answer a call. No modem negotiation though.

Its quite fragile, so I haven't soldered any wires to it yet until I have time to sit down and print some sort of frame for it. Have you discovered anything with yours?

Hey, I just bought this watch I couldn't resist the features/price ratio... I had to do it :) I've searched the web and nobody seems to be playing with this, you're the only post I came across. Any luck so far?

Nice work so far, glad to see i'm not the only one interested in this cheap watch phone. I see its been a few months did you ever make any more progress?

Have to say these are pretty cool.  I look forward to seeing what you come up with.

I have extracted the guts from the watch and am working on an alternate frame for it since the electronics and flex cabling is so delicate. Before I start dangling wires and power sources off from it, I want it to be secure. Among the pads on the bottom is a set of labeled RX and TX contacts so I am hoping it will provide some sort of debug console to poke around. Given that it has a SD socket, if I can get to a console, I should be able to convince it to dump the firmware to the SD card. This is necessary for any look at the firmware since I have been unable to find any update roms for it and in fact can't even find a website for the company. I did notice however that multiple manufacturers appear to make this very same watch. CNPGD just appears to be the cheapest by about $15.

I still don't know what I plan to do with it, but with a 1.5" OLED touchscreen, and Linux capable SoC with blueooth and GSM cellular, all for $38 I think this is worth hacking. Besides who ever needed an actual reason for hacking?

I admit that I am a bit disappointed that this doesn't seem to garner any interest. Hopefully as I make progress, it will get some attention. I put up a project page with pictures in the next couple days.

Well, apparently nobody has been messing around with these so I cracked mine open. It is using the MT6260 single chip cell phone (GSM, BT, USB, LCD controller) SoC. It had a hidden push button inside which I thought might be a reset switch or bootloader switch, but when pushed it does the same as the power switch. On the bottom side of the PCB is  several labeled contacts that look like it will give some access to playing around with it. Possibly a camera connector as well. I'll get some pictures later.

Even just figuring out the AT commands to make data connections or send/receive text messages makes it worth the $38, IMO. I tried several of the Nokia style commands for text messages but it just comes back with ERROR. My guess is that it either (hopefully) using a non-standard AT set or only implented the basic commands. If I can dump the firmware, this is easily determined.