Products > Other Equipment & Products

Jabe UD-1200 vs. Jabe UD-1200 PRO vs. JBC CD-2SQE - need Firmware for UD-1200

<< < (31/33) > >>

DavidAlfa:
I'd say we upload all the firmwares here.
After all, it can only be used in these stations!

DavidAlfa:
I found the way to switch the language!
Hold both arrow buttons down, turn on the station, count 2 seconds, then quickly release the buttons and hold OK until the screen shows up.

FYI, the screen uses the same command set as a PCF8814.
I also found the logo locations and format! There're two of them (For each language).
They can be found by searching these patterns (Use HxD):

English:

--- Code: ---00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 E0 E0 20 E0 E0 20 E0
--- End code ---

Chinese:

--- Code: ---00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 A0 20 20 20
--- End code ---

Note down the offsets where the pattern starts.

Make a 128x64 monochrome BMP in Paint or whatever, then upload it here: https://javl.github.io/image2cpp/
- Tick "Invert image colors".
- Draw mode: "Vertical - 1bit per pixel".
- Click "Download as binary".
You should get a file sized exactly 1KB.

Open it in HxD, copy everything, open the fw file, go to the offset position, right-click over it and press Control+B (Paste writing).

Save and flash!

DavidAlfa:
Got it! It's hardcoded in a cpu instruction, after patching it effectively unlocks 130W.

I spent about 8 hours reverse-engineering this, so I'll post the Ghidra project for everyone, it would be a waste to simply forget it.
It has plenty of functions and variables identified, I also added the entire memory map by hand!
The menu has also been analyzed and commented.
Everything is made of pure bitmaps, there aren't text strings anywhere.





Limit patch:


Defaults patch:


Attaching the firmwares, it includes original 245, 210 and modded 210 for 130W (Newer FW version).

If you flash this: The EEPROM is not important, if you're having issues simply erase it.

JimKnopf:
@DavidAlfa Fantastic!

You are great! I am very impressed. Very cool.

DavidAlfa:
The v3.02.04 fw is included in the file, so give it a try!

Can you post a image comparing the transformers?
Because the one from the 210 has a a very obvious "30W" label on it!

I know, you won't put that power for more than 10-20 seconds at most, it'll be in the stand or flying in the air most of the time, 130W is only applied for very short peaks.

Finally: There's no need to remove the stm32, I connected it like this and I could perform the attack, extract the firmware and program without issues.
It was solely powered by the Rpi Zero pin.


--- Quote from: JimKnopf on April 02, 2024, 08:10:40 pm ---The T-210 handle is not recognized when R41 is soldered.

--- End quote ---
It did for me, using the UD-1200 FW.
I accidentally plugged the 210 instead the 245 and went peach orange in just 3 seconds...
Are you 100% sure R41 is 2K2?

I didn't try with the 210 fw.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod