unknown firmware format

[ITman496]

Hey everyone,

I recently upgraded a Dragonlink airplane transmitter to a version 2 system.  They did this by sending me a new motherboard for it. (it only has one board anyway)  The reason they did this is because while it has a firmware upgrade port, (a serial port similar to how the arduino does it), it was early enough that the boot loader was not in place. So now I have a displaced, but fully functional main board.  I soldered on a ICSP header onto the pad on the board and was able to hook my usbtinyasp to it and detect the chip/fuses.

However they give the firmware in .dragon instead of .hex format.  I opened it up in a hex editor and it looks.. okay?  But when I try to write it with AVRDUDE (as it's an atmega328p) it says invalid file format -1 or something along those lines.

"avrdude auto detected as invalid format"

I tried changing the extension to .hex and it still does not work.

Can anyone look at this file who knows about hex files to atmega micro controllers, and see what's possibly missing that triggers the invalid format error?

https://dl.dropboxusercontent.com/u/4963246/TXCurrentAfter7April2012.dragon

[Psi]

The format you have there looks to be just raw hex values.
I have converted it to a binary file, just to see what it looks like but it looks random to me.
Usually with raw firmware you see repeating patterns and often text towards at the end of the file where data is kept, but i see none of that

So I'm 99% sure that file is encrypted.
That's what everyone does when releasing firmware for a commercial product to stop anyone (china) copying it.  The bootloader would have the decrypt key and decrypt that file before writing to flash.
So you would need an un-encrypted copy to write it yourself directly since you don't have the key.

Here's the binary version.
To program it you set AVRdude to raw mode,   that's... -U flash:w:file.hex:r
but i'm sure it's encrypted so it's not going to work.

[PA0PBZ]

Maybe you can read the firmware from the new board and then program it into the old one?

[Psi]

Might be worth a try, but 99% chance the lock bits are set to stop you doing just that.

Be very careful though, if you accidentally issue a 'chip erase' it will brick your working unit.

[ITman496]

Yeah, I'd rather not try to tear the firmware from the working unit, haha..

Would the software utility to reprogram the device over the serial connection help at all, or is the decryption taking place on the micro itself?  It's a visual basic program, to the point that it still has the visual basic logo in the taskbar..

I'll try flashing that raw code and tell you the results.

EDIT: no surprise.  No functionality.  Burned, though.  Also, these are the fuse bits:

L: 0xFF
H: 0xDE
E: 0x05

LB: 0x3F

[Psi]

Would the software utility to reprogram the device over the serial connection help at all, or is the decryption taking place on the micro itself?  It's a visual basic program, to the point that it still has the visual basic logo in the taskbar..

If the decrypt key was part of the flash utility it would be too easy to decompile and extract.
That's why they put it inside the bootloader.

[ITman496]

Ah, okay.  Thanks for the help anyway!  I figured it was encrypted or something..