kopia lustrzana https://github.com/sq5bpf/k5prog
add option to change the firmware string sent during flashing, changed the default string sent to something that is accepted by all bootloaders
sq5bpf
rodzic
551d8a8cfe
commit
4817d020d1
42
README
42
README
|
|
@ -1,4 +1,4 @@
|
|||
k5prog - Quansheng UV-K5 EEPROM and flash programmer v0.6
|
||||
k5prog - Quansheng UV-K5 EEPROM and flash programmer v0.7
|
||||
(c) 2023 Jacek Lipkowski <sq5bpf@lipkowski.org>
|
||||
|
||||
This program can read and write the eeprom of Quansheng UV-K5.
|
||||
|
|
@ -49,6 +49,7 @@ cmdline opts:
|
|||
-Y increase "I know what i'm doing" value, to enable functionality likely to break the radio
|
||||
-D wait for the message from the radio flasher, print it's version
|
||||
-F flash firmware, WARNING: this will likely brick your radio!
|
||||
-M <ver> Set the firmware major version to <ver> during the flash process (default: *.01.23)
|
||||
-O offset of block to flash in hex (default: 0)
|
||||
-L length of file to flash in hex (default: all)
|
||||
-r read eeprom
|
||||
|
|
@ -175,41 +176,12 @@ Flasher version is: [2.00.06]
|
|||
etc... until all flash is writtem
|
||||
|
||||
|
||||
It is possible to overwrite only one flash block. Each block has 0x100 bytes
|
||||
size. The offset can be specified by the -O option, and the length by the -L
|
||||
option. The length is rounded up to the nearest block size.
|
||||
|
||||
For example program 0x300 bytes starting at offset 0xe000:
|
||||
|
||||
./k5prog -b k5_flash.raw -YYYYYY -F -L 0x300 -O 0xe000
|
||||
|
||||
Quansheng UV-K5 EEPROM programmer v0.5 (c) 2023 Jacek Lipkowski <sq5bpf@lipkowski.org>
|
||||
|
||||
"I know what i'm doing" value set to 6
|
||||
******** k5 command hexdump [obf_len:44 clear_len:36 crc_ok:1 **********
|
||||
## obfuscated ##
|
||||
|
||||
0x00002c |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
|
||||
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
|
||||
0x000000: ab cd 24 00 0e 69 34 e6 2f 93 0f 46 3d 66 85 0a ..$..i4./..F=f..
|
||||
0x000010: 24 44 16 8f 9a 6c 47 e6 1c bf 3d 70 0f 05 e3 40 $D...lG...=p...@
|
||||
0x000020: 27 09 e9 80 16 6c 14 c6 d1 6e dc ba '....l...n..
|
||||
## cleartext ##
|
||||
|
||||
0x000024 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
|
||||
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
|
||||
0x000000: 18 05 20 00 01 02 02 06 1c 53 50 4a 37 47 ff 0f .. ......SPJ7G..
|
||||
0x000010: 8c 00 53 00 32 2e 30 30 2e 30 36 00 34 0a 00 00 ..S.2.00.06.4...
|
||||
0x000020: 00 00 00 20 ...
|
||||
*****************
|
||||
Flasher version is: [2.00.06]
|
||||
Writing blocks from address 0xe000 until 0xe300
|
||||
*** FLASH at 0xe000 length 0x0100 result=1
|
||||
*** FLASH at 0xe100 length 0x0100 result=1
|
||||
*** FLASH at 0xe200 length 0x0100 result=1
|
||||
|
||||
|
||||
It is possible to set the flashed firmware version, which will be later
|
||||
checked by the bootloader. Currently this is set to *.01.23, which all
|
||||
known bootloaders will accept, but can be set explicitly to some firmware
|
||||
version like:
|
||||
|
||||
/k5prog -YYY -F -M '2.01.23' -b firmware.bin
|
||||
|
||||
|
||||
---- Compiling ----
|
||||
|
|
|
|||
27
k5prog.c
27
k5prog.c
|
|
@ -1,4 +1,4 @@
|
|||
/* Quansheng UV-K5 EEPROM programmer v0.6
|
||||
/* Quansheng UV-K5 EEPROM programmer v0.7
|
||||
* (c) 2023 Jacek Lipkowski <sq5bpf@lipkowski.org>
|
||||
*
|
||||
* This program can read and write the eeprom of Quansheng UVK5 Mark II
|
||||
|
|
@ -50,7 +50,7 @@
|
|||
#include <stdint.h>
|
||||
#include "uvk5.h"
|
||||
|
||||
#define VERSION "Quansheng UV-K5 EEPROM programmer v0.6 (c) 2023 Jacek Lipkowski <sq5bpf@lipkowski.org>"
|
||||
#define VERSION "Quansheng UV-K5 EEPROM programmer v0.7 (c) 2023 Jacek Lipkowski <sq5bpf@lipkowski.org>"
|
||||
|
||||
#define MODE_NONE 0
|
||||
#define MODE_READ 1
|
||||
|
|
@ -79,6 +79,9 @@
|
|||
#define DEFAULT_FILE_NAME "k5_eeprom.raw"
|
||||
#define DEFAULT_FLASH_NAME "k5_flash.raw"
|
||||
|
||||
/* the vendor flasher sends the firmware version like "2.01.23" */
|
||||
#define DEFAULT_FLASH_VERSION "*.01.23"
|
||||
|
||||
/* globals */
|
||||
speed_t ser_speed=B38400;
|
||||
char *ser_port=DEFAULT_SERIAL_PORT;
|
||||
|
|
@ -87,6 +90,8 @@ int mode=MODE_NONE;
|
|||
char *file=DEFAULT_FILE_NAME;
|
||||
char *flash_file=DEFAULT_FLASH_NAME;
|
||||
|
||||
char flash_version_string[8]=DEFAULT_FLASH_VERSION;
|
||||
|
||||
int write_offset=0;
|
||||
int write_length=-1;
|
||||
|
||||
|
|
@ -631,13 +636,17 @@ int wait_flash_message(int fd,int ntimes) {
|
|||
* unobfuscated firmware will have the version number in 16 bytes at 0x2000
|
||||
* probably these bytes are sent.
|
||||
*
|
||||
* currently this is hardcoded to 2.01.23
|
||||
* the vendor flasher sends the real version, something like 2.01.23
|
||||
* if we send a * as the first character, then all known bootloaders
|
||||
* will accept it
|
||||
*/
|
||||
int k5_send_flash_version_message(int fd) {
|
||||
int k5_send_flash_version_message(int fd,char *version_string) {
|
||||
|
||||
int r;
|
||||
struct k5_command *cmd;
|
||||
unsigned char uvk5_flash_version[]={ 0x30, 0x5, 0x10, 0x0, '2', '.', '0', '1', '.', '2', '3', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
|
||||
//unsigned char uvk5_flash_version[]={ 0x30, 0x5, 0x10, 0x0, '2', '.', '0', '1', '.', '2', '3', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
|
||||
unsigned char uvk5_flash_version[]={ 0x30, 0x5, 0x10, 0x0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
|
||||
strncpy ((char *)&uvk5_flash_version+4,flash_version_string,8);
|
||||
r=k5_send_buf(fd,uvk5_flash_version,sizeof(uvk5_flash_version));
|
||||
if (!r) return(0);
|
||||
|
||||
|
|
@ -745,6 +754,7 @@ void helpme()
|
|||
"-Y \tincrease \"I know what i'm doing\" value, to enable functionality likely to break the radio\n"
|
||||
"-D \twait for the message from the radio flasher, print it's version\n"
|
||||
"-F \tflash firmware, WARNING: this will likely brick your radio!\n"
|
||||
"-M <ver> \tSet the firmware major version to <ver> during the flash process (default: " DEFAULT_FLASH_VERSION ")\n"
|
||||
"-O \toffset of block to flash in hex (default: 0)\n"
|
||||
"-L \tlength of file to flash in hex (default: all)\n"
|
||||
"-r \tread eeprom\n"
|
||||
|
|
@ -827,7 +837,7 @@ void parse_cmdline(int argc, char **argv)
|
|||
* -Y (i know what i'm doing)
|
||||
*/
|
||||
|
||||
while ((opt=getopt(argc,argv,"f:rwWBp:s:hvDFYb:L:O:"))!=EOF)
|
||||
while ((opt=getopt(argc,argv,"f:rwWBp:s:hvDFYb:L:O:M:"))!=EOF)
|
||||
{
|
||||
switch (opt)
|
||||
{
|
||||
|
|
@ -856,6 +866,9 @@ void parse_cmdline(int argc, char **argv)
|
|||
case 'b':
|
||||
flash_file=optarg;
|
||||
break;
|
||||
case 'M':
|
||||
strncpy(flash_version_string,optarg,sizeof(flash_version_string)-1);
|
||||
break;
|
||||
case 'O':
|
||||
res=sscanf(optarg,"%x",&write_offset);
|
||||
if (res!=1) {
|
||||
|
|
@ -1037,7 +1050,7 @@ int main(int argc,char **argv)
|
|||
r=wait_flash_message(fd,10000);
|
||||
if (!r) exit(0);
|
||||
|
||||
k5_send_flash_version_message(fd);
|
||||
k5_send_flash_version_message(fd,flash_version_string);
|
||||
|
||||
for(i=write_offset; i<flash_max_addr; i+=UVK5_FLASH_BLOCKSIZE)
|
||||
{
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue