HobbyKing.com New Products Flash Sale
Reply
Thread Tools
Old Apr 03, 2012, 07:05 PM
Registered User
Joined Jan 2012
682 Posts
Quote:
Originally Posted by rcH4x0r View Post
Eh? We already know you can mod the FW & it still runs, not sure how you can brick anything.
My only thought was whether any of the code after 08004000 was actually used by the bootloader. So wiping the 08004000 data COULD result in bricking. I didn't say it was likely, but I also have no backup should something happen.
Quote:
Build a landing zone - lots of NOPs (or whatever in ARM world) and put the dump code at the end, CPU jumps into NOPs then runs into your payload, it doesn't matter where it jumps to

If you prefer you can always write to SPI flash and dump using DFU tool...
That is a good idea. Then anyone can dump their bootloader rather than needing some specialized hardware. I need to find a compiler tool-chain for working with the STM32. I haven't actually compiled anything for ARM for many years now.
PhracturedBlue is offline Find More Posts by PhracturedBlue
Reply With Quote
Sign up now
to remove ads between posts
Old Apr 03, 2012, 07:11 PM
Registered User
Joined Jun 2010
120 Posts
If it depends on code outside the bootloader then it's a _very_ poor bootloader. Of course, this is Walkera we are talking about so anything is possible

Codesourcery or YAGARTO are what you need
rcH4x0r is offline Find More Posts by rcH4x0r
Reply With Quote
Old Apr 03, 2012, 11:06 PM
Registered User
OnceAFly's Avatar
Singapore, Singapore
Joined Oct 2011
847 Posts
Quote:
Originally Posted by FDR_ View Post
I guess he meant the rx firmware should be new! So according to him there might be different versions of the rx801...
Oh! That's suck...think i got the old rx fw on both of them...
OnceAFly is offline Find More Posts by OnceAFly
Reply With Quote
Old Apr 04, 2012, 11:06 AM
Registered User
Joined Jan 2012
682 Posts
I forgot how much programming these ARM uC sucks compared to the simler AVR or PIC I more often work with. The ST Standard Library is pretty non-intuitive to me.

Anyhow, I got Sourcery installed, figured out how to change the ROM address, and used this as a starting point (It makes programming feel a lot more like other microcontrollers):
http://wiki.seabright.co.nz/wiki/HelloSTM32.html
But ran out of time before I got a chance to install it to the tx after modifying it to use PA13. Hopefully I'll get to it tonight.

As for copying the bootloader into the SPI Flash, do you know if the bootloder screen is stored there? It would seem that it probably is, and I wouldn't want to break the bootloader by overwriting the image with code. I suppose the model-memory may be a safer place to start. We only need 0x4000 bytes.
PhracturedBlue is offline Find More Posts by PhracturedBlue
Reply With Quote
Old Apr 04, 2012, 05:36 PM
Better then Sliced Bread!
NorCalMatCat's Avatar
United States, CA, Arcata
Joined Oct 2011
2,650 Posts
The bootloader screen is stored in the library I believe...
NorCalMatCat is offline Find More Posts by NorCalMatCat
Reply With Quote
Old Apr 04, 2012, 10:19 PM
Registered User
Joined Jan 2012
682 Posts
Well that was interesting.

I created a simple firmware which should have toggled the TMS/TCK pins based on the link above. I changed the address offset to 08004000, shortened the vector table to 5 entries, filled a couple thousand bytes with NOP followed by a jump to the reset_vector

I loaded it via dfuse-util (compiled with dfuse support). Everything seemed to load fine, but when I shut off the Tx, it wouldn't power down, instead going into an infite reboot loop back to the programming menu (reset->programming menu->reset). powering back on put it back at the programming menu. pulling the battery finally shut it off, and when I plugged it back in, it stayed off. but turning on the Tx immediately entered the programming mode (without me pressing the Ext key)

I tried to flash back the Devo 0.7 firmware using dfuse-util, but while it said successful, the tx behaved exactly the same (reboot loop on power off, and right to programming mode when powered on)

I then tried to program using the DFuse Demo on Windows (programming both the FW and Lib). Same thing.

I downloaded the DEVO programming software, and tried that (FW and Lib), and this time the Tx behaved properly on powerdown and powered up as normal.

I'm not sure if it was a timing issue, where reprogramming multiple times with the other software would have been sufficient, or if there was something special about the DEVO software, but it gave me a bit of a scare..

Next I may try hacking my code into the real DEVO firmware somewhere in the middle and see if i can get it to execute.
PhracturedBlue is offline Find More Posts by PhracturedBlue
Reply With Quote
Old Apr 04, 2012, 10:26 PM
Registered User
United Kingdom, Bristol
Joined Aug 2008
1,774 Posts
Quote:
Originally Posted by PhracturedBlue View Post
Well that was interesting.

I created a simple firmware which should have toggled the TMS/TCK pins based on the link above. I changed the address offset to 08004000, shortened the vector table to 5 entries, filled a couple thousand bytes with NOP followed by a jump to the reset_vector

I loaded it via dfuse-util (compiled with dfuse support). Everything seemed to load fine, but when I shut off the Tx, it wouldn't power down, instead going into an infite reboot loop back to the programming menu (reset->programming menu->reset). powering back on put it back at the programming menu. pulling the battery finally shut it off, and when I plugged it back in, it stayed off. but turning on the Tx immediately entered the programming mode (without me pressing the Ext key)

I tried to flash back the Devo 0.7 firmware using dfuse-util, but while it said successful, the tx behaved exactly the same (reboot loop on power off, and right to programming mode when powered on)

I then tried to program using the DFuse Demo on Windows (programming both the FW and Lib). Same thing.

I downloaded the DEVO programming software, and tried that (FW and Lib), and this time the Tx behaved properly on powerdown and powered up as normal.

I'm not sure if it was a timing issue, where reprogramming multiple times with the other software would have been sufficient, or if there was something special about the DEVO software, but it gave me a bit of a scare..

Next I may try hacking my code into the real DEVO firmware somewhere in the middle and see if i can get it to execute.
Thanks for taking the risk.

Quote:
Originally Posted by itsmillertime View Post
Where's the donate button?
Would it be good idea start thinking about doing this? Your taking the risk at your own $ Might be better to spread that risk with others .
I'm in and sure others would be too.

7000+ views there's interest in this.
SadSack is offline Find More Posts by SadSack
Reply With Quote
Old Apr 04, 2012, 10:34 PM
Registered User
Joined Jan 2012
682 Posts
Personally, I have no interest in donations, this is just a hobby for me, and taking money would make me feel beholden to working on this, which would take all the fun out of it. The only thing I really risked was that I may have needed to do a full-wipe and either start work on a from-scratch firmware or wait until someone else downloaded the bootloader. I can't speak for anyone else of course, but for me, just playing around with this thing with the hope of making something really cool is enough
PhracturedBlue is offline Find More Posts by PhracturedBlue
Reply With Quote
Old Apr 04, 2012, 10:37 PM
Registered User
United States, TN, Memphis
Joined Dec 2011
871 Posts
Quote:
Originally Posted by PhracturedBlue View Post
Personally, I have no interest in donations, this is just a hobby for me, and taking money would make me feel beholden to working on this, which would take all the fun out of it. The only thing I really risked was that I may have needed to do a full-wipe and either start work on a from-scratch firmware or wait until someone else downloaded the bootloader. I can't speak for anyone else of course, but for me, just playing around with this thing with the hope of making something really cool is enough
Well I'm too dumb to do it and have no qualms about "tipping" (that better?) you guys that can. I'll be very happy when I can bind spektrum micro rx's with my Devo 10.
itsmillertime is online now Find More Posts by itsmillertime
Reply With Quote
Old Apr 05, 2012, 12:44 AM
Registered User
Joined Jan 2012
682 Posts
Well, I think I was able to get my code to load without causing an infinite reboot. I did it by embedding it in a real firmware image and recalculating the CRC. I'm not sure if it was because I'm now using the DEVO programmer, if my dfu container wasn't quite right, or if it is because I left most of the firmware code intact. Of course the code didn't actually run as expected, but that is probably me not getting all the right incantations to enable the GPIO properly. I also had no issue swapping back to the default firmware, so I guess if I can figure out what is wrong with my code, I should be able to make more progress.
PhracturedBlue is offline Find More Posts by PhracturedBlue
Reply With Quote
Old Apr 05, 2012, 02:20 AM
Registered User
Joined May 2011
657 Posts
Quote:
Originally Posted by PhracturedBlue View Post
Well that was interesting.

I created a simple firmware which should have toggled the TMS/TCK pins based on the link above. I changed the address offset to 08004000, shortened the vector table to 5 entries, filled a couple thousand bytes with NOP followed by a jump to the reset_vector

I loaded it via dfuse-util (compiled with dfuse support). Everything seemed to load fine, but when I shut off the Tx, it wouldn't power down, instead going into an infite reboot loop back to the programming menu (reset->programming menu->reset). powering back on put it back at the programming menu. pulling the battery finally shut it off, and when I plugged it back in, it stayed off. but turning on the Tx immediately entered the programming mode (without me pressing the Ext key)

I tried to flash back the Devo 0.7 firmware using dfuse-util, but while it said successful, the tx behaved exactly the same (reboot loop on power off, and right to programming mode when powered on)

I then tried to program using the DFuse Demo on Windows (programming both the FW and Lib). Same thing.

I downloaded the DEVO programming software, and tried that (FW and Lib), and this time the Tx behaved properly on powerdown and powered up as normal.

I'm not sure if it was a timing issue, where reprogramming multiple times with the other software would have been sufficient, or if there was something special about the DEVO software, but it gave me a bit of a scare..

Next I may try hacking my code into the real DEVO firmware somewhere in the middle and see if i can get it to execute.
Wow, congrats!

That is the most common sw "bug" in the DEVO land, that the tx restarts after turning off. It happens when a simple DEVO 8 gets the firmware of the 8S, or even happens when someone uses some lipos. After all the power switch is not a real one but only a software switch...
FDR_ is offline Find More Posts by FDR_
Reply With Quote
Old Apr 05, 2012, 06:41 AM
Registered User
United Kingdom, Bristol
Joined Aug 2008
1,774 Posts
That's a fair comment and i have no wish to remove the FUN from this but i'm open to helping.
SadSack is offline Find More Posts by SadSack
Reply With Quote
Old Apr 05, 2012, 07:53 AM
Registered User
Joined Jul 2008
775 Posts
I dont know who else to ask. it seems if anyone would know the answer to this question then you guys would.
The UP-02 is now available at hobbyone.hk. If you have no idea what this is then I will tell you. Walkera made updates available for all radios. I have a Devo 7 and went to their website to download the new updates. In their update software there was a .pdf that had said "to update your Devo 7 you will need the UP-02 dongle" I loooked in my Minicp rtf box with Devo7 and there is no UP-02!
I contacted Walkera and there reply was " the dongle will be available soon". I could not believe they had a update available but no way to use it. 3-10-12 is when I emailed Walkera, they just responded today.

So here is the new dongle


Its going to cost 16.00 + 18.77 for for the cheapest shipping rate to Michigan according to hobbyone.hk site!. I would think the official updater dongle should be free or a little cheaper.

So instead of paying 34.77 to update my devo 7, can i use something other then the official UP-02 updater dongle? Also, it seems Walkera has a Sim dongle called UB-001, the stereo end/trs has only 1 black ring, The UP-01 has 2 black rings on the mini 3.5mm cable end.
mescalinedream is offline Find More Posts by mescalinedream
Last edited by mescalinedream; Apr 05, 2012 at 07:59 AM.
Reply With Quote
Old Apr 05, 2012, 08:53 AM
Team WarpSquad
Japan, Tokyo
Joined Jun 2011
2,997 Posts
Quote:
Originally Posted by mescalinedream View Post
So instead of paying 34.77 to update my devo 7, can i use something other then the official UP-02 updater dongle? Also, it seems Walkera has a Sim dongle called UB-001, the stereo end/trs has only 1 black ring, The UP-01 has 2 black rings on the mini 3.5mm cable end.
The best idea would seem to be for us to buy one between 30 of us and then just pay a dollar and postage to the next person on the list...
or to all contribute a dollar to someone who can reverse engineer it and make a $5 dollar clone.

It also now seems like the one biggest reason *NOT* to buy a DEVO 7 and to get a 6,8,10 or 12 instead.
thwaitm is offline Find More Posts by thwaitm
Reply With Quote
Old Apr 05, 2012, 08:58 AM
Registered User
Joined May 2011
657 Posts
Quote:
Originally Posted by mescalinedream View Post
...
Its going to cost 16.00 + 18.77 for for the cheapest shipping rate to Michigan according to hobbyone.hk site!. I would think the official updater dongle should be free or a little cheaper.

So instead of paying 34.77 to update my devo 7, can i use something other then the official UP-02 updater dongle? Also, it seems Walkera has a Sim dongle called UB-001, the stereo end/trs has only 1 black ring, The UP-01 has 2 black rings on the mini 3.5mm cable end.
I would simply wait while others have it in stock. At least the shipping cost will be cheaper...
FDR_ is offline Find More Posts by FDR_
Reply With Quote
Reply


Thread Tools

Similar Threads
Category Thread Thread Starter Forum Replies Last Post
Wanted Broken Walkera Devo and Spektrum tx itsmillertime Aircraft - General - Radio Equipment (FS/W) 1 Mar 20, 2012 05:37 AM
For Sale Walkera Devo 7 TX/Devo RX2625H Combo for sale Tom Z Aircraft - General - Radio Equipment (FS/W) 0 Oct 06, 2011 01:33 PM
For Sale Walkera Devo 7 TX/Devo RX2625H Combo for sale Tom Z Aircraft - Electric - Helis (FS/W) 0 Oct 05, 2011 12:38 PM
Discussion New Walkera Devention Devo 12 TX w/ Touch-Screen hobbypartz Radios 2 May 09, 2011 12:38 AM
Discussion New Walkera Devention Devo 12 TX w/ Touch-Screen hobbypartz XHeli 0 May 06, 2011 12:19 AM