Flash only bootloader? #37
Comments
|
Unfortunately, I don't believe it is possible to modify the flash with a debugger while flash protection is enabled. My method was to extract the firmware image from an updater exe, modify it to allow me to read from flash via the update protocol, use this to extract the bootloader code from flash, and then i could safely erase the flash and replace the bootloader. The good news is the many firmware updaters are mostly not layout-specific. If you didn't see it, there is a script that scrapes firmware images out of a long list of updater exes. For the Tab90 updater exe, here is the output I get. It looks like the one I have in this repo is 1.00.4. Where this script scrapes out the "US Layout" and "EU Layout" strings from the updater exe, there are also those 6 bytes that may identify the layout. I will try and get some more coherent info together. Out of curiosity, what are you trying to do? Do you want to patch changes directly into the Vortex firmware? |
|
Hello Charlie,
I want to follow your process for unlocking other Vortex keyboards on the Tab90m and try to port qmk_pok3r for it. Starting with the firmware patch to get the flash to be readable. But as I am usually working in C# or JavaScript this is a steep learning curve for me and I wanted to make sure I have a way to get the keyboard back to it's original state if I fail. But the ISO-DE Version comes with a firmware 1.00.06 that is not available anywhere. Currently I am still at the state of understanding how your create the firmware patch in the first place. You use your script to scrape/ decrypt the bin from of the updater, create the disassembly/symbols (with reassemble?) follow the instructions to see which bytes need to be patched and flash it, correct?
That is why I am asking. I am not sure about this yet. And the fact that the updater states that it contains the US Layout with Version 1.00.04 had me hesitate. The PCBs for both versions as well as the non-M Tab90 are definitely the same, they just get populated with switches in different positions. But while all the different pads for space work, it appears the pcb is also able to accommodate split spacebar layout, the pads for ANSI enter and for "| " do not work. As far as I can tell from PCB markings in pictures this should be true for the Tab75 as well, I have not found any good pictures of the Tab60. I have reached out to Vortex about the firmware 1.00.06 but have not heard back from them. |
Hey ChaoticEnigma,
I am currently trying to understand all the different parts of your project and want to thank you for making your findings public.
I would like to add support for the Tab90 because of its unique layout.
However the firmware for the Tab90M iso-de is reported as 1.00.6 by the updater and this can not be found anywhere online.
I could probably start and modify the US firmware that you have already added to this repository but this means I could never go back to the original firmware.
I have cloned this project and started with documenting the keyboard, I have a debugger ready and soldered a header to cn2.
Do you know if there is any way to skip the mass erase step and just overwrite the bootloader directly?
Alternatively I could start in an ANSI layout Tab90 and and work on that instead of risking iso Tab90 if I get stuck somewhere.
The text was updated successfully, but these errors were encountered: