Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Abnormalities After Replacing the MCU #137

Open
losehu opened this issue Aug 12, 2024 · 6 comments
Open

Abnormalities After Replacing the MCU #137

losehu opened this issue Aug 12, 2024 · 6 comments

Comments

@losehu
Copy link

losehu commented Aug 12, 2024

After I replaced the MCU in my K5 and flashed the Quansheng bootloader and firmware, I found that the screen displayed stripes upon startup and the device became unusable. I am quite puzzled by this. Could it be that there is encryption in the bootloader targeting specific MCUs?

I have confirmed that both the bootloader and firmware are from Quansheng, and they worked perfectly fine before I replaced the MCU. I purchased the MCU from the official DP32G030 store.

What's even more puzzling is that when I flashed third-party firmware, the device was able to boot and function, but there were still some anomalies. For example, the battery level starts at 0 upon booting and gradually increases to the normal level.

The image shows the startup screen when using Quansheng's bootloader and firmware, while the video demonstrates the battery level anomaly caused by using third-party firmware.

IMG_1793

8.12.mp4

If you have any suggestions, I would greatly appreciate them!
@losehu
Copy link
Author

losehu commented Aug 12, 2024

IMG_1794
https://m.tb.cn/h.gl2EaRTow3WnVsB?tk=4b6T3eUIjfB

this is my new MCU

@losehu
Copy link
Author

losehu commented Aug 12, 2024

When I use the DualTachyon firmware, the device operates normally without the startup screen glitch.

@amnemonic
Copy link
Owner

It is most probably caused by counterfeit algorithm and involving QS digital signautre stored in NVRAM.
Read more about it here: #107 (comment)

tl;dr : Don't play with UART 0x516 command. It is for factory reserved use. It aims to set a digital signature -involving unique "CPU Id" and QS keys- into a hidden area of the CPU to the 3rd NVRAM block, to prevent counterfeiting.
If ever, I'm actually cooking a mod to disable and remove all the nasty bits.

@losehu
Copy link
Author

losehu commented Aug 12, 2024

To address the issue of black and white horizontal stripes on the screen, I reverse-engineered the Quansheng firmware and set 0x170A to 1(in pictures) ,which ensures that the checksum always returns true. However, I still have new issues:

  • Why does the battery voltage reading become abnormal after I replace the MCU with a blank one and flash third-party firmware?
  • Why doesn't the bootloader I wrote myself work properly on the new MCU?
  • Related encryption algorithms and whether there is more detailed information about the NVR area

After I replaced the MCU in my K5 and flashed the Quansheng bootloader and firmware, I found that the screen displayed stripes upon startup and the device became unusable. I am quite puzzled by this. Could it be that there is encryption in the bootloader targeting specific MCUs?

I have confirmed that both the bootloader and firmware are from Quansheng, and they worked perfectly fine before I replaced the MCU. I purchased the MCU from the official DP32G030 store.

What's even more puzzling is that when I flashed third-party firmware, the device was able to boot and function, but there were still some anomalies. For example, the battery level starts at 0 upon booting and gradually increases to the normal level.

The image shows the startup screen when using Quansheng's bootloader and firmware, while the video demonstrates the battery level anomaly caused by using third-party firmware.

I sincerely appreciate for ur suggestions!
camphoto_351212254
camphoto_1297389768

@amnemonic
Copy link
Owner

I'm not sure about other questions but regarding this one:

Why does the battery voltage reading become abnormal after I replace the MCU with a blank one and flash third-party firmware?

I think it also can be related to NVR as in translated datasheet we can read:

64KB FLASH is used as program storage area, with 2KB NVR area and 64KB MAIN area. The NVR area is mainly used to store some data specific to our company, such as factory code information, TRIM data, and product configuration information.

so probably ADC setting (which are used when measuring battery voltage) may be wrong when NVR isn't correct. To "properly" replace MCU and use stock firmware you would need to know what looks the factory test procedure and use UART command 0x0516 to write proper calibration data.

@losehu
Copy link
Author

losehu commented Aug 13, 2024

I received a demo program for the DP32G030, and I observed that there are operations related to reading from and writing to the NVR area into registers. Could this be related?
b789e49f097068e307e305314f2a826f

Regarding the NVR data, I noticed in the datasheet that this should be pre-configured by the MCU manufacturer, not set by Quansheng. Is this correct? If so, why does Quansheng need to modify the NVR area?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amnemonic @losehu