Thread Tools
Apr 21, 2017, 02:30 AM
Registered User
Discussion

Upgrade MZ-24 Pro Issues (and more). Can we trust Graupner anymore?


Hello,

I am a fan and customer of Graupner from the eighties. I changed over to Futaba for some time and the last to years I returned to Graupner (Hott).
Firstly it was a MZ-18 and then a MZ-24.
Good radios, although I missed some features found in radios of the same and lower price range from other manufacturers (like custom voice messages, logic switches, autotrimming etc).
These features are very easy to be implemented from a software point of view and I was hoping that they would be available with upgrades in the future.
And then, Graupner released the MZ-24 Pro, with a new firmware which had all these features implemented.
I was thinking: "nice now they will upgrade also the MZ-18 and the MZ-24". Well, I was wrong... According to Graupner the MZ-18 had not the capability for the upgrade and the MZ-24 had a totally different design from the Pro and would need many changes and adaptations.

I opened the MZ-18 and the MZ-24. The pictures of the PCBs are attached.
What a surprise! They were the SAME. Same pcb, same microcontroller (not only same Family, but same Model with equal Memory, IOs, speed etc). Even the small pcbs where the knobs and the switches are attached are the same (see attachments). Someone could solder the switches and the knobs there and the MZ-18 would become a MZ-24 (from hardware point of view).

At December Graupner Germany announced that an upgrade for the MZ-24 is possible (but not for the MZ-18, which is the same hardware...), but the upgrade had to be done by the Graupner service. It sounded reasonable, because if the old and the Pro version have had different bootloaders, the change had to be done with specialized equipment by the service personel and not by a simple usb cable. The requested price also sounded reasonable. Somehow should the lost manhours been paid.
Then came Graupner USA with posts at RcGroups around Jan 2017, letting people know that there is a design of an upgrade solution in progress. A solution that could be done by the users at home. But this would need time. Reasonable. Is it? No, if the Bootloader had to be changed, there is no way to change it with a simple usb cable. A special programming cable attached directly at the microcontroller pins is needed to reprogram the memory.
My Conclusion: The Mz-24 (and the MZ-18) and the MZ-24 Pro have a compatible boot loader (if not the same). The upgrade proccess could be done from the beginning very easily (and non risky I would say) through the usb cable.

The big question is: Why said Graupner that it is a difficult and dangerous procedure that would need the development of new upgrade software? To justify the $50 when the new upgrade software is released.

Ok, someone could ask, "why took it so long to release the upgrade software if it is so easy?".

The answer is: It took not long at all. The software was ready a long time ago. The latest released version has a date of 20 February 2017 (see attached a screenshot of the zip file provided by graupner). And why didnt they release it earlier? Because they wanted to find a way to protect the software. It took such a long time because they wanted to sell the upgrade. It was a management decision from the very begining.

The fun will continue...
Last edited by fmav; May 24, 2017 at 02:40 AM.
Sign up now
to remove ads between posts
Apr 21, 2017, 07:46 AM
Registered User
Agustaoexfh's Avatar
So who should I trust then? Futaba?? LOL


Sent from my iPhone using Tapatalk
Apr 21, 2017, 10:47 AM
Registered User
TheBum's Avatar
And Jeti, who wants money for every new feature they add?
Apr 21, 2017, 12:19 PM
Registered User
Thats the final straw.... I'm going free flight!

Mark

p.s. just kidding. I am not unhappy with my Graupner equipment or their service.
Apr 21, 2017, 05:14 PM
Registered User
Part 2:
Then, a week ago Graupner released the Update. The update was not free as many expected, but had its price $50.
Is the price reasonable? Well, some say yes, some say no. I say no, for a simple reason. The update capability of the radio was advertised as an asset. "You buy the radio now, and in the future will come improvements and new features and the update can easily be done at home by the user" said (and still says ) Graupner for its products. We got used to see incomplete products from Graupner. For example the 3xg + 3A receivers. All the 3xg+3A receivers work the same as the simple 3xg receivers. Although they have accelerometers installed, the hardware is not supported by the software. If you buy now the Gr-12 3xG ($74.90) or the Gr-12 3xG+3A Vario ($99.90) is the same thing (except for the vario). Fortunately, the updates of the receivers and telemetry gear are (still) free (is this going to change?...). Unfortunately, the updates take long to be released and they are incomplete again (The V2 gyro software was released after more than a year and it still does not support the accelerometer in the hardware).

Nevertheless, although unhappy with this, I needed the new features of the Pro version, so I decided to pay the $50 to get the upgrade.
I watched the videos carefully (very carefully), inserted my RFID, paid through paypal and got my secret Key. Yes, my PERSONAL key. The key that was supposed to match only my transmitter with its unique RFID. Because its MY key and it belongs to me, and because Graupner sold it to me for $50, I have the right to publish it here. Besides, it is matched to my RFID only and this particular key could not be used by others.

So, Here it is:

RkEtQUEtQUEtQkQtMUUxNjAwNTIwMDE2MDA3MjAwNnNuS21wWm syS3lNVkNna2xMUk02SUQzVXh2bkh3TnIvMStqODNNekh6K0xJ ODhYQytQWC94TlRhM3MvWjR1VDExOHJnLzlmNjh0TEs1OFBnMH d3bWs0MG1GQVU5QT09

(to insert the key I had to type it with the keyboard character by character, because there are hidden characters in the string)

At first, I found the string a bit strange. 8-10 characters would be enough to encrypt the information. 169 ASCII characters? 169? In computer technology 169 is very very unusual. It could be 128, or 256. It could be even 192 but not 169. And this string comes from the 5 byte RFID? Interesting...
I previously said that I watched the tutorial videos from Graupner very carefully. Very very carefully. So I watched again the part of the video where the key code is been shown. Well, the quality of the videos is not very good, but one gets the idea...
Last edited by fmav; Apr 23, 2017 at 11:15 AM.
Apr 21, 2017, 10:49 PM
Registered User
Agustaoexfh's Avatar
Looks like another Spektrum or Futaba troll to me guys. Graupner..... Rocks!


Sent from my iPhone using Tapatalk
Apr 21, 2017, 11:31 PM
Registered User
Quote:
Originally Posted by Agustaoexfh
Looks like another Spektrum or Futaba troll to me guys. Graupner..... Rocks!


Sent from my iPhone using Tapatalk
You have done the update. Please, just compare your key with mine. Character by character. Do it and you will be surprised... (not only you, but everyone has done the update)
Apr 22, 2017, 11:30 AM
Registered User
Part 3:
The conclusion is: the individual keys that Graupner sents for the update, are not individual at all. They are the same. Everybody gets the same key. Regardless of the RFID of the radio the received key is the same. Do you know what this means? This means you download the upgrader software from the original GraupnerUSA product page of the MZ-24:
https://www.graupnerusa.com/Firmware...6.PRO.UPD.html from the Download Tab. The file is Transmitter_Firmware_Upgrader.zip and can be downloaded FREELY.

you run it, you provide your key (which is the always the same), and whoala... You have saved 50 bucks.
The best part is that the key (the one and only key) is preprogrammed to the upgrader software. This means that it works also offline. Graupner has no control over it and cannot change it.

What is the handicap? You will not get the faceplates and you loose the ability to use the Graupner support (besides the legal issues you might have, but ethics is another story)...

Ok, someone would ask: "and why are you pissed off with Graupner and ask yourself if you could trust Graupner?"
Simple answer: Besides that I paid $50 to find out this ridiculous protection, I ask myself: If Graupner is incompetent to do such a simple software protection procedure right, would they be competent to design reliable hardware and software? Their software protection procedure reminds me of some students or hobbyists works. What is with the hott protocol itself? Is it reliable? Is it encrypted right? Or is it an amateur project?
Graupner seems to be rushing to release incomplete hardware and inadequately tested firmware. Is it bad management decision taking, is it lack of engineering competence, is it lack of engineering stuff? Whatever it is, its released products are not always ready to be released. Also advertisement description of its products are misleading. You cannot sell the GR-18 3xG +3A (with 3 axis gyros and 3 axis accelerometers) and dont provide a simple level controlling for airplane flying. Or worst, you sell the GR-12 3xG and the "better" and more expensive GR-12 3xG+3A and in reality you sell the same product with the same capabilities.
Last edited by fmav; Apr 22, 2017 at 03:06 PM.
Apr 22, 2017, 11:42 AM
Registered User
Agustaoexfh's Avatar
Dude.... Go flog your Spektrum/Futaba crap somewhere else. Your preaching to the wrong crowd here !


Sent from my iPhone using Tapatalk
Apr 22, 2017, 12:43 PM
Registered User
Quote:
Originally Posted by Agustaoexfh
Dude.... Go flog your Spektrum/Futaba crap somewhere else. Your preaching to the wrong crowd here !


Sent from my iPhone using Tapatalk
Actually, I am the one who started the thread so typically you are the guest here...
You are free to participate and contribute to the discussion with arguments and facts. If you want to pray go to a church. ...dude...
Apr 25, 2017, 02:15 PM
Sailplane Mafia
gquiring's Avatar
Quote:
Originally Posted by fmav
Nevertheless, although unhappy with this, I needed the new features of the Pro version, so I decided to pay the $50 to get the upgrade.
I watched the videos carefully (very carefully), inserted my RFID, paid through paypal and got my secret Key. Yes, my PERSONAL key. The key that was supposed to match only my transmitter with its unique RFID. Because its MY key and it belongs to me, and because Graupner sold it to me for $50, I have the right to publish it here. Besides, it is matched to my RFID only and this particular key could not be used by others.

So, Here it is:

RkEtQUEtQUEtQkQtMUUxNjAwNTIwMDE2MDA3MjAwNnNuS21wWm syS3lNVkNna2xMUk02SUQzVXh2bkh3TnIvMStqODNNekh6K0xJ ODhYQytQWC94TlRhM3MvWjR1VDExOHJnLzlmNjh0TEs1OFBnMH d3bWs0MG1GQVU5QT09

(to insert the key I had to type it with the keyboard character by character, because there are hidden characters in the string)
This makes no sense what you are saying. If there are hidden characters in the string then why did you share your key here? It does not have these 'hidden' characters you mentioned. Based on the string you posted or what Graupner showed in the video there are no characters below dec 32 or greater than dec 127. If they did then you would not be able to copy/paste the key from the paypal/email confirmation.
Apr 25, 2017, 02:38 PM
Registered User
TheBum's Avatar
The solution is simple: sell your newly updated MZ-24 and get another brand of radio. Bitching and moaning about it will just piss off the loyal Graupner customers who appreciate the value they get for the money they spent.
Apr 25, 2017, 03:25 PM
Registered User
Quote:
Originally Posted by gquiring
This makes no sense what you are saying. If there are hidden characters in the string then why did you share your key here? It does not have these 'hidden' characters you mentioned. Based on the string you posted or what Graupner showed in the video there are no characters below dec 32 or greater than dec 127. If they did then you would not be able to copy/paste the key from the paypal/email confirmation.
The string I wrote has spaces (0x20 or 32d) that RCGroups forum software automatically adds. They have to be removed. If you just copy/paste the string, the spaces are also copied.
Apr 25, 2017, 05:07 PM
Sailplane Mafia
gquiring's Avatar
Quote:
Originally Posted by fmav
RkEtQUEtQUEtQkQtMUUxNjAwNTIwMDE2MDA3MjAwNnNuS21wWm syS3lNVkNna2xMUk02SUQzVXh2bkh3TnIvMStqODNNekh6K0xJ ODhYQytQWC94TlRhM3MvWjR1VDExOHJnLzlmNjh0TEs1OFBnMH d3bWs0MG1GQVU5QT09

(to insert the key I had to type it with the keyboard character by character, because there are hidden characters in the string)

At first, I found the string a bit strange. 8-10 characters would be enough to encrypt the information. 169 ASCII characters? 169? In computer technology 169 is very very unusual. It could be 128, or 256. It could be even 192 but not 169. And this string comes from the 5 byte RFID? Interesting...
I previously said that I watched the tutorial videos from Graupner very carefully. Very very carefully. So I watched again the part of the video where the key code is been shown. Well, the quality of the videos is not very good, but one gets the idea...
I watched the video, but I don't agree on what you are stating. The video has a different key than yours, so it's not the same key for everyone. Yes some characters are the same but if you compare each letter they are not the same. Here is a video grab of their Youtube video, you can clearly see your key does not match the video.
Apr 26, 2017, 03:34 PM
Registered User
Yes, actually you have right they are not the same. Before I published the code because I could not see every character from the video clearly, I asked several people who have done the upgrade to compare their keys to mine. Five answered and all have said that the keys matched. Well, it seems that the keys didnt match exactly and they didnt look very carefully. I apologize for this. I was wrong.

But I will continue a discussion on the upgrade procedure trying to explain how it is performed.
At first I was really confused when I discovered that the keys are the same (Now I know it was not the case). Why hasnt Graupner used a simple password generation algorithm for protecting its software.
Then I did a usb (serial port actually) dump of the communication between the computer and the radio. If a valid key has been entered, the computer asks something to the radio and the radio answers. This is a so called identification procedure. This procedure runs in the boot flashing code of the radio.
In the screenshot you can see this communication. The radio sends information about its Firmware version (2021 in hex 07E5, you can see it in reversed order as E5 07) , its productname (Mz-24proHoTT), the manufacturer (Graupner) etc. But the radio sends no information about the RFID code. In comparison I attach a screenshot of the identification procedure of the MZ-18 (they have the same bootflasher version 2001). They are the same except of the Firmware Version, the Productname and the product code (16007200 in hex 20 40 F4). No rfid info either.

So this was the difficulty to make a safe upgrade procedure. Thats why Graupner Germany made the upgrade only in house.

Thats why it was for me easy to believe that there is only one key. Because there is no way to check the rfid of the radio. For the upgrade program every radio is the same.

Well, actually nobody has come out yet to confirm that he has made a succesful upgrade with my code. I checked the code that gquiring gives from the video and when I try to upgrade my (already upgraded) radio, it PASSES the key test and it says that my radio is already upgraded and it stops. If the radio was not yet upgraded, there would be two possibilities:
1) It continues with the upgrade normally until it finishes, or 2) the upgrade program sends another command to the radio requesting its rfid. Apparently if this second possibility is true, then it means that the new version 1.052 that graupner made as a preparation version, was made exactly for this. To give the ability to the radio to send to the Upgrader software the rfid for further checking, because in earlier versions this was not possible. This ability is at the application firmware and not at the boot flasher firmware which cannot be changed (at least not by the user). In this case the upgrader checks the rfid (after a first pass of the key) and it rejects the code if this is not correct. This does make sense and in that case Graupner has actually made a protected upgrade procedure and I apologize for stating the opposite.

But because the possibility 1 could also be true, if somebody has tried my key and had success, please report it to me with a pm. I am really curious...


Quick Reply
Message:

Thread Tools

Similar Threads
Category Thread Thread Starter Forum Replies Last Post
News Graupner mz-24 Pro 12 Channel 2.4G.HZ HoTT Transmitter Michael Heer Radios 158 Jul 22, 2018 11:40 AM
Discussion mz-24 to mz-24 PRO Firmware Upgrade Graupner USA Graupner OPENHOBBY 118 May 21, 2018 06:00 PM
Discussion new Graupner/SJ rc control "mz-24 Pro" Alexandreij Radios 48 Jan 08, 2017 06:01 AM
Discussion Can a Graupner MZ-24 Transmitter be used with racing sims? slowstr Graupner OPENHOBBY 3 Jul 09, 2016 06:05 PM