Thread: Discussion iMax B6 service menu
View Single Post
Old Nov 06, 2010, 02:54 AM
sp5 is offline
sp5
Find More Posts by sp5
sp5
Registered User
Joined Sep 2010
69 Posts
I'll one up you, tolyan23. I've completely reverse engineered the firmware. Here's what you need to "undo" the calibration (menu 1, the one-shot menu):

You need a copy of the firmware. You need an ISP adapter. (Hint: that link is for the "official" one. There are many that are cheaper.)

WARNING: This process will reflash your charger. This information is provided without any warranty, express or implied. When you brick your device, your only recourse is the ISP adapter.

Here's what I did:
  1. Download the current contents of flash and eeprom. The flash image will be larger. Open the flash contents in a hex editor. Look for english messages inside. Open the eeprom contents in a hex editor. Look for lots of FF's but a few values that are not.
  2. Carefully write down your existing calibration values. These are stored in the eeprom, at the following addresses:

    0x390: .word 0x1377
    0x392: .word 0x2644
    0x394: .word 0x1366
    0x396: .word 0x1338
    0x398: .word 0x1344
    0x39A: .word 0x12FB

    (Technically, they are stored big-endian while the entire system is little-endian. It's a bug.)
  3. Erase your flash and eeprom. Yup, you just bricked your device.
  4. Write a new flash image. If you write nothing to the eeprom, the device returns to its "factory" state, and you can recalibrate everything.
  5. Generate a new eeprom image with the values at 0x390 - 0x39B reset to 0xFF. (An empty eeprom is filled with 0xFF.) If you leave everything else in the eeprom untouched, you have successfully undone menu 1 calibration.
sp5 is offline Find More Posts by sp5
Reply With Quote