-
Notifications
You must be signed in to change notification settings - Fork 756
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firmware update #460
Comments
Are there some textual descrptions for kinect1.pcap kinect2.pcap kinect3.pcap? Which one should I look at? |
Sorry - the first kinect1.pcap is probably not very useful (lots of connect & disconnect events), kinect2 and kinect3 should in theory contain one full update process + some image streaming afterwards. |
I'm able to extract 5 firmware blobs. They seem to be signed. I think they are copyrighted code.
I transcribed the pcaps to readable commands https://gist.github.com/xlz/1d737766bb5a97f77475. (Values of firmware blobs, camera parameters, p0 tables are removed.) Basically it uses 0x04 command to upload a blob to certain firmware "segment", and once for each of 1,2,3,5,6 segments. Then uses 0x05 command to check status until certain success condition. It seems there will be port reset after each upload. I'm not sure who initiated this. Also Microsoft SDK checks firmware versions again and again, not sure of the meaning. There are two major issues about the firmware update feature:
|
Impressive work, as always. Is there a way to tell what architecture the firmware is for, e.g. for disassembly? I would assume that the firmware is part of KinectService; however, I didn't check for network traffic simultaneously. I'd also refrain from actually adding any firmware update capability to libfreenect2; at most, I would suggest to add a tool to manually poke at the Kinect using command 0x04. Did you see anything that might be a firmware download command? |
The firmware blobs are baked into This resource blob starts with 'INAM' and hence I call it INAM file. The following structure describes the header:
Firmware blob entry table follows the header:
Each firmware blob has following layout:
There are 7 firmware blobs with following details:
Files |
md5sums of the 5 blobs.
@sh0 See if you can map the uploaded segment number with fw0?. https://gist.github.com/xlz/ba98525d8f7b8472f2b9 |
I uploaded all relevant files here. Also here are the md5 sums for convenience:
|
Then the update mechanism should be Windows driver update. From my experience Windows will automatically install Kinect Runtime without asking for any EULA or licenses. The runtime is also here http://www.microsoft.com/en-us/download/details.aspx?id=44559. It looks like it has no EULA or licenses, so the user can just download and update that and extract firmware blobs without installing it.
I didn't see any. The transcribed commands are all the bulk transfers. There were no other bulk transfers. |
So firmware-0{1,2,3}.bin and {1,2,3}.bin have the same content for the first 0xf000 bytes. And firmware-0{5,6}.bin {5,6}.bin are the same. |
|
There are a few more questions:
|
Just speculation, but is it possible that blobs 0 and 4 are basically just backups? I.e. firmware is usually present in two copies, and one copy is preserved in case the update or signature check fails? |
@sh0 I think that is not two blobs. The second "Sign" is the code that checks the signature. |
@xlz All makes sense now, the second 'Sign' tag threw me off on a wild goose chase. |
Somewhat related, and maybe helpful for whipping up a couple of scripts: http://pythonarsenal.com/ |
KinectFirmwareUpdate.exe is a standalone tool in Kinect SDK <= v2.0_1406. It has this string:
This makes sense, because blob 0 really starts with "d3 f0 21 e3", a bootloader pattern. So Still, from what I see in KinectFirmwareUpdate.exe, the entire blobs are meant to be uploaded. Cutoff at 0xf000 bytes is really weird. Is it something with incomplete capturing, or KinectService.exe (which is a lot harder to look at than) does something different than KinectFirmwareUpdate.exe? |
Pseudocode for firmware upload ripped from KinectService.exe
|
It's entirely possible that the capture is cut short, for whatever reason. I may have missed some option for I'll also check if all firmware versions are now again the same on the updated cameras; IMHO this would indicate that blobs 0 and 4 are indeed backups that are then updated internally once the new firmware has booted successfully. |
Could someone share me the KinectFirmwareUpdate.exe standalone? |
does anyone know what is the latest firmware version and what are the features or improvements |
@mpatalberta Personally I think you should just use Windows to update the firmware. There is too much risk in doing it in a reverse engineered way to outweigh its worth. You can find the latest firmware version by downloading the official driver and unpacking it. |
Hello I work for a tech company and we are using the kinect sensors for some R&D work. Any information will be helpful, thank you in advance; 1)How can I find out what firmware our current kinect v2 sensors have? 2)What is the latest firmware version for the kinect v2 sensors out now? 3)How can I update a kinect v2 sensor that has an older firmware version with the latest version using a labtop with windows 7 professional? |
Protonect prints firmware version.
Check Microsoft.
You can't. You must use Windows 8 or later. |
Thank you. What is "protonect" and using a windows 8 system how can I update the firmware to a xbox one kinect with windows adapter? I couldnt find anyting on microsoft website for the latest version of firmware. Maybe I can call them? |
Protonect is the software which this issue tracker is about. I suggest you check a Microsoft support site. |
Hello, I also have a Kinect 1595 from China which I have connected to Win10 and updated using SDK. Xbox one shows for it now: 4.0.3917.0:257 Would it be helpful for you to if I do a capture of USB and TCP/whatever to get more insigts into the firmware update process? Is there a way to read out firmware from Kinect prior to or at best without an update? Regards! |
If you look the code layer that does the usb commication this has already been done.
From: shevart75 <notifications@github.com>
Reply-To: OpenKinect/libfreenect2 <reply@reply.github.com>
Date: Monday, April 20, 2020 at 8:08 PM
To: OpenKinect/libfreenect2 <libfreenect2@noreply.github.com>
Cc: Pat Brown <Patrick.Brown@zebra.com>, Mention <mention@noreply.github.com>
Subject: Re: [OpenKinect/libfreenect2] Firmware update (#460)
[External Email]
Hello,
I have received an old 1520 model. Xbox one shows Kinect version: 4.0.3917.0:7
Is it the firmware version?
I also have a Kinect 1595 from China which I have connected to Win10 and updated using SDK. Xbox one shows for it now: 4.0.3917.0:257
Would it be helpful for you to if I do a capture of USB and TCP/whatever to get more insigts into the firmware update process?
Is there a way to read out firmware from Kinect prior to or at best without an update?
Regards!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_OpenKinect_libfreenect2_issues_460-23issuecomment-2D616874094&d=DwMCaQ&c=Qwsh1H-X9ypOoLLEcAIltQ&r=s3aTjjowuIOYrRraGZdX6w&m=AnCXEzr6_EyskP32vQyzfXi-puEky7yvwk-51XuW9uU&s=MV8Dm9_3i36sRxaMHMNSM-Qc0iRvDELcrR5x8n20BtM&e=>, or unsubscribe<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ABP2DIJXY5JZJHJIWTBTVODRNTPXVANCNFSM4BTZUT4A&d=DwMCaQ&c=Qwsh1H-X9ypOoLLEcAIltQ&r=s3aTjjowuIOYrRraGZdX6w&m=AnCXEzr6_EyskP32vQyzfXi-puEky7yvwk-51XuW9uU&s=9QwZ7khWEl13s6E-DOpCVdm89AUVms3Tl-pmn7c3apY&e=>.
…________________________________
- CONFIDENTIAL-
This email and any files transmitted with it are confidential, and may also be legally privileged. If you are not the intended recipient, you may not review, use, copy, or distribute this message. If you receive this email in error, please notify the sender immediately by reply email and then delete this email.
|
yes, but was the result satisfactory? |
Could someone summarize how to check the version, what are the missing features, and how to update the kinect? I honestly have no idea on what are the repercussions of using an older version. Thank you. |
Install the kinect v2 sdk then connect the Kinect v2 camera the firmware is automatically updated.
From: Carlos Garcia Saura <notifications@github.com>
Reply-To: OpenKinect/libfreenect2 <reply@reply.github.com>
Date: Monday, April 27, 2020 at 9:03 AM
To: OpenKinect/libfreenect2 <libfreenect2@noreply.github.com>
Cc: Pat Brown <Patrick.Brown@zebra.com>, Mention <mention@noreply.github.com>
Subject: Re: [OpenKinect/libfreenect2] Firmware update (#460)
[External Email]
Could someone summarize how to check the version, what are the missing features, and how to update the kinect? I honestly have no idea on what are the repercussions of using an older version. Thank you.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_OpenKinect_libfreenect2_issues_460-23issuecomment-2D619971880&d=DwMCaQ&c=Qwsh1H-X9ypOoLLEcAIltQ&r=s3aTjjowuIOYrRraGZdX6w&m=LDCrGWZEbNfYBArtbqm3_yQG35wJVG2RT1l0uEJvMBI&s=4k-6GZdu0bFkvzUOdSJz2MzbpT18hKX6mKzeD3eHBUU&e=>, or unsubscribe<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ABP2DIM3PXSVQ3222QMHJ2DROV7BVANCNFSM4BTZUT4A&d=DwMCaQ&c=Qwsh1H-X9ypOoLLEcAIltQ&r=s3aTjjowuIOYrRraGZdX6w&m=LDCrGWZEbNfYBArtbqm3_yQG35wJVG2RT1l0uEJvMBI&s=q_xoHxW0kz0_pcR6tSacbhMJ_9rLcyBYepoSD2l-zDI&e=>.
…________________________________
- CONFIDENTIAL-
This email and any files transmitted with it are confidential, and may also be legally privileged. If you are not the intended recipient, you may not review, use, copy, or distribute this message. If you receive this email in error, please notify the sender immediately by reply email and then delete this email.
|
Thank you Patrick! I will set up a windows VM and do it for all the Kinects just in case. Cheers! |
how to check the version without firmware update? |
The new azure kinect sdk contains some information on the process of updating the firmware can someone provide a link to where to get the KinectFirmwareUpdate.exe? |
We know now, that inside of kinect v2 there is Macronix MX25L25635F 256 MB serial flash (256Mbit = 32Mbyte) |
The main SoC chip is Microsoft X871141-001 which replaces the Prime Sense chip used in the first Kinect. it's from STMicroelectronics. |
So the firmware update is persistent and doesn't require the use of the Windows SDK every time? Is there a way to check what version we are on not within WIndows? |
literally just use the Protonect program bundled with this project:
|
WHAT YEAR IS IT??? Hah :D So yeah I'm an update behind. Still no way to update this from Linux?
|
well obviously there is no official way and the consensus seems to have been that it isn't worth the risk hacking a firmware update in. also it's 2024. |
Hi everyone, one of the features still missing from libfreenect2 is the firmware update. I had the opportunity to get an USB3 capture of an outdated Kinect v2 getting connected to an official SDK running on Windows 10 in a VM; I didn't have time so far to analyze it. If anybody is interested in digging into the raw PCAP files (which, in theory, should of course also include the firmware itself), I'm making them available here: http://floe.butterbrot.org/external/firmware_pcap/
/cc @xlz @marcan @qdot @christiankerl @larshg @sh0
The text was updated successfully, but these errors were encountered: