Products > Other Equipment & Products
Jabe UD-1200 vs. Jabe UD-1200 PRO vs. JBC CD-2SQE - need Firmware for UD-1200
DavidAlfa:
I'd say we upload all the firmwares here.
After all, it can only be used in these stations!
DavidAlfa:
I found the way to switch the language!
Hold both arrow buttons down, turn on the station, count 2 seconds, then quickly release the buttons and hold OK until the screen shows up.
FYI, the screen uses the same command set as a PCF8814.
I also found the logo locations and format! There're two of them (For each language).
They can be found by searching these patterns (Use HxD):
English:
--- Code: ---00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 E0 E0 20 E0 E0 20 E0
--- End code ---
Chinese:
--- Code: ---00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 A0 20 20 20
--- End code ---
Note down the offsets where the pattern starts.
Make a 128x64 monochrome BMP in Paint or whatever, then upload it here: https://javl.github.io/image2cpp/
- Tick "Invert image colors".
- Draw mode: "Vertical - 1bit per pixel".
- Click "Download as binary".
You should get a file sized exactly 1KB.
Open it in HxD, copy everything, open the fw file, go to the offset position, right-click over it and press Control+B (Paste writing).
Save and flash!
DavidAlfa:
Got it! It's hardcoded in a cpu instruction, after patching it effectively unlocks 130W.
I spent about 8 hours reverse-engineering this, so I'll post the Ghidra project for everyone, it would be a waste to simply forget it.
It has plenty of functions and variables identified, I also added the entire memory map by hand!
The menu has also been analyzed and commented.
Everything is made of pure bitmaps, there aren't text strings anywhere.
Limit patch:
Defaults patch:
Attaching the firmwares, it includes original 245, 210 and modded 210 for 130W (Newer FW version).
If you flash this: The EEPROM is not important, if you're having issues simply erase it.
JimKnopf:
@DavidAlfa Fantastic!
You are great! I am very impressed. Very cool.
DavidAlfa:
The v3.02.04 fw is included in the file, so give it a try!
Can you post a image comparing the transformers?
Because the one from the 210 has a a very obvious "30W" label on it!
I know, you won't put that power for more than 10-20 seconds at most, it'll be in the stand or flying in the air most of the time, 130W is only applied for very short peaks.
Finally: There's no need to remove the stm32, I connected it like this and I could perform the attack, extract the firmware and program without issues.
It was solely powered by the Rpi Zero pin.
--- Quote from: JimKnopf on April 02, 2024, 08:10:40 pm ---The T-210 handle is not recognized when R41 is soldered.
--- End quote ---
It did for me, using the UD-1200 FW.
I accidentally plugged the 210 instead the 245 and went peach orange in just 3 seconds...
Are you 100% sure R41 is 2K2?
I didn't try with the 210 fw.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version