HobbyKing.com New Products Flash Sale
Reply
Thread Tools
Old Mar 24, 2012, 11:04 AM
Registered User
Joined Jun 2010
120 Posts
Bummer, can you try grabbing the other two sections? The config stuff might be interesting...
rcH4x0r is offline Find More Posts by rcH4x0r
Reply With Quote
Sign up now
to remove ads between posts
Old Mar 24, 2012, 11:15 AM
Registered User
Joined May 2011
656 Posts
Quote:
Originally Posted by rcH4x0r View Post
Bummer, can you try grabbing the other two sections? The config stuff might be interesting...
As I sad the config is usable: it contains the 12 model data, one for each 4k section.

The library part showed some differences, when I realized that I compared it to the original v0.0.5 library, but I upgraded to the customized one of mine!
So the library is the same, just contains the whole address range...
FDR_ is offline Find More Posts by FDR_
Reply With Quote
Old Mar 24, 2012, 12:47 PM
Better then Sliced Bread!
NorCalMatCat's Avatar
United States, CA, Arcata
Joined Oct 2011
2,650 Posts
Yes to go into DFU mode on Devo 8 you must hold EXT button while powering on, I will try the DFU utils and see what happens...
NorCalMatCat is offline Find More Posts by NorCalMatCat
Reply With Quote
Old Mar 25, 2012, 12:48 AM
Registered User
Atomic Skull's Avatar
Joined Dec 2011
3,260 Posts
Found an odd glitch with the Devo 8 with telemetry module upgrade. If you have the simulator cable hooked up to somthing and turn off the TX with it connected it'll say "saving" and beep, then go back to the main screen, then do the shutdown sequence again and repeat several times. Sometimes it shuts down after a few repeats and sometimes it just repeats endlessly or until you remove the cable.
Atomic Skull is offline Find More Posts by Atomic Skull
Reply With Quote
Old Mar 25, 2012, 01:00 AM
Better then Sliced Bread!
NorCalMatCat's Avatar
United States, CA, Arcata
Joined Oct 2011
2,650 Posts
Quote:
Originally Posted by Atomic Skull View Post
Found an odd glitch with the Devo 8 with telemetry module upgrade. If you have the simulator cable hooked up to somthing and turn off the TX with it connected it'll say "saving" and beep, then go back to the main screen, then do the shutdown sequence again and repeat several times. Sometimes it shuts down after a few repeats and sometimes it just repeats endlessly or until you remove the cable.
Mine does that with a lipo... could be USB is feeding a little extra voltage and triggering the same bug I get using a lipo (higher voltage then 4x1.5 aa's)
NorCalMatCat is offline Find More Posts by NorCalMatCat
Reply With Quote
Old Mar 28, 2012, 12:36 AM
Registered User
Joined May 2011
656 Posts
@rcH4x0r, @PhracturedBlue:
What's up guys? Still no DEVO 8?
FDR_ is offline Find More Posts by FDR_
Reply With Quote
Old Mar 28, 2012, 05:58 AM
Registered User
Joined Jun 2010
120 Posts
I just missed a delivery from Hong Kong (the postmen round here must be Ninjas), it could well be my Devo8. I guess I will find out tomorrow....

I was thinking about how to dump the (probable) Walkera boot loader, the obvious answer is to mod the FW to copy it to an external bus, actually copying it in the SPI flash might be best. Can you try an experiment? Change one of the strings in the FW (lots of "UTC-XX", they would make a good target), recalc the CRC and verify it runs? This will confirm there's nothing nasty in the bootloader....
rcH4x0r is offline Find More Posts by rcH4x0r
Reply With Quote
Old Mar 28, 2012, 06:36 AM
Registered User
Joined May 2011
656 Posts
Quote:
Originally Posted by rcH4x0r View Post
I just missed a delivery from Hong Kong (the postmen round here must be Ninjas), it could well be my Devo8. I guess I will find out tomorrow....

I was thinking about how to dump the (probable) Walkera boot loader, the obvious answer is to mod the FW to copy it to an external bus, actually copying it in the SPI flash might be best. Can you try an experiment? Change one of the strings in the FW (lots of "UTC-XX", they would make a good target), recalc the CRC and verify it runs? This will confirm there's nothing nasty in the bootloader....
OK, I will try...

There is an other rubber bone to chew: the CRC of the model data. I've tried all the known polynomials for the CRC-32 with no success. Tried the simple 32 bit word checksums and the Adler-32 algorithm too... Any idea?
FDR_ is offline Find More Posts by FDR_
Reply With Quote
Old Mar 28, 2012, 07:57 AM
Registered User
Joined Jun 2010
120 Posts
I dont have any data to look at

The FW is using the STM32's CRC hardware so you may want to take a look at this:

https://my.st.com/public/STe2ecommun...rentviews=2714
rcH4x0r is offline Find More Posts by rcH4x0r
Reply With Quote
Old Mar 28, 2012, 08:12 AM
Registered User
Joined May 2011
656 Posts
Quote:
Originally Posted by rcH4x0r View Post
I dont have any data to look at

The FW is using the STM32's CRC hardware so you may want to take a look at this:

https://my.st.com/public/STe2ecommun...rentviews=2714
Any downloadable model data will do, for example: http://www.walkera.com/cn/soft_up/Ge...0319113914.zip
It's a pure binary file, which will be loaded to a model data bank of the config section. The last 4 bytes are the CRC of some kind...

I have tried the polynomial and initial value mentioned there, and it didn't work...
I will examine their code later...

Edit: I have to try is it crucial at all, ie if I null it would it load?
FDR_ is offline Find More Posts by FDR_
Last edited by FDR_; Mar 28, 2012 at 08:54 AM.
Reply With Quote
Old Mar 28, 2012, 09:42 AM
Registered User
Joined Jun 2010
120 Posts
Works for me

unsigned int CRC32WideFast(unsigned int Crc, unsigned int Size, unsigned char *Buffer)
{
Size = Size >> 2; // /4

while(Size--)
{
static const unsigned int CrcTable[16] = { // Nibble lookup table for 0x04C11DB7 polynomial
0x00000000,0x04C11DB7,0x09823B6E,0x0D4326D9,0x1304 76DC,0x17C56B6B,0x1A864DB2,0x1E475005,
0x2608EDB8,0x22C9F00F,0x2F8AD6D6,0x2B4BCB61,0x350C 9B64,0x31CD86D3,0x3C8EA00A,0x384FBDBD };

Crc = Crc ^ *((unsigned int *)Buffer); // Apply all 32-bits

Buffer += 4;

// Process 32-bits, 4 at a time, or 8 rounds

Crc = (Crc << 4) ^ CrcTable[Crc >> 28]; // Assumes 32-bit reg, masking index to 4-bits
Crc = (Crc << 4) ^ CrcTable[Crc >> 28]; // 0x04C11DB7 Polynomial used in STM32
Crc = (Crc << 4) ^ CrcTable[Crc >> 28];
Crc = (Crc << 4) ^ CrcTable[Crc >> 28];
Crc = (Crc << 4) ^ CrcTable[Crc >> 28];
Crc = (Crc << 4) ^ CrcTable[Crc >> 28];
Crc = (Crc << 4) ^ CrcTable[Crc >> 28];
Crc = (Crc << 4) ^ CrcTable[Crc >> 28];
}

return(Crc);
}



void main()
{
unsigned char b[0x390];
FILE * f = fopen("Genius_CP.bin","r");
fread(b,1,0x390,f);
fclose(f);

printf("%08X\n",CRC32WideFast(0xFFFFFFFF, 0x38C, b));
}


GeniusCP file has CRC bytes 95F70E71

$ ./a.out
710EF795


BTW, the code to read these files is at 0x080279c6 (assuming a load address of 0x08004000)
rcH4x0r is offline Find More Posts by rcH4x0r
Reply With Quote
Old Mar 28, 2012, 09:44 AM
Registered User
Joined Jun 2010
120 Posts
>>Edit: I have to try is it crucial at all, ie if I null it would it load?

Try changing one "UTC" to "UTD", reflash and try it, please
rcH4x0r is offline Find More Posts by rcH4x0r
Reply With Quote
Old Mar 28, 2012, 09:58 AM
Registered User
Joined May 2011
656 Posts
Quote:
Originally Posted by rcH4x0r View Post
>>Edit: I have to try is it crucial at all, ie if I null it would it load?

Try changing one "UTC" to "UTD", reflash and try it, please
It has worked indeed!
I have to compare the algorithms...

Which firmware are you talking about? I don't see "UTC" in mine... (DEVO-8 Fw v0.7A.dfu)
FDR_ is offline Find More Posts by FDR_
Reply With Quote
Old Mar 28, 2012, 10:01 AM
Registered User
Joined Jun 2010
120 Posts
Right at the end of the file there's a block of "UTC-XX:00"

It seems any data that is checksummed uses the CRC hardware so this is quite a useful algorithm.
rcH4x0r is offline Find More Posts by rcH4x0r
Reply With Quote
Old Mar 28, 2012, 10:07 AM
Registered User
Joined May 2011
656 Posts
I don't see such. What is the file name?

I've got: you are in the 8S firmware! I have a simple DEVO 8...
FDR_ is offline Find More Posts by FDR_
Reply With Quote
Reply


Thread Tools

Similar Threads
Category Thread Thread Starter Forum Replies Last Post
Wanted Broken Walkera Devo and Spektrum tx itsmillertime Aircraft - General - Radio Equipment (FS/W) 1 Mar 20, 2012 04:37 AM
For Sale Walkera Devo 7 TX/Devo RX2625H Combo for sale Tom Z Aircraft - General - Radio Equipment (FS/W) 0 Oct 06, 2011 12:33 PM
For Sale Walkera Devo 7 TX/Devo RX2625H Combo for sale Tom Z Aircraft - Electric - Helis (FS/W) 0 Oct 05, 2011 11:38 AM
Discussion New Walkera Devention Devo 12 TX w/ Touch-Screen hobbypartz Radios 2 May 08, 2011 11:38 PM
Discussion New Walkera Devention Devo 12 TX w/ Touch-Screen hobbypartz XHeli 0 May 05, 2011 11:19 PM