Changes

Jump to navigation Jump to search
399 bytes added ,  05:51, 17 February 2018
Solved jhl mistery
Line 552: Line 552:  
=MCU firmware versions=
 
=MCU firmware versions=
   −
These reside in mcu-module .rodata, are uploaded to MCU register 0x05 and are usually 0x4003 bytes in size (the actual firmware is 0x4000 bytes preceeded by a 3 byte RL78 assembly opcode "<code>jhl</code>" (<code>or 0xffe68, #108</code>) to switch the I2C comms into flash write mode).
+
These reside in mcu-module .rodata, are uploaded to MCU register 0x05 and are usually 0x4003 bytes in size (the actual firmware is 0x4000 bytes preceeded by a 3 byte magic header "<code>jhl</code>") which switches the I2C comms into flash write mode. 
 +
Switching requires register 0x05 (at address <code>0xFFBA9</code>) to contain 0x6A ('<code>j</code>'), register 0x06 containing 0x68 ('<code>h</code>'), and writing 0x6C ('<code>l</code>') to register 0x07. The actual flashing sequence is only signaled (code at 0x3312-0x331A) when writing register 0x07, it's skipped otherwise. Register 0x07 gets written anyways, just the actual signaling is skipped if the conditions aren't met.
    
Before the upload could commence, WiFi interrupts are turned off via GPIO command 0x00020080(0, 0x40000), then after the upload completed, the sysmodule waits exactly one second for the MCU to reboot, then turns WiFi interrupts back on via <code>gpio:MCU</code> command 0x00020080(0x40000, 0x40000).
 
Before the upload could commence, WiFi interrupts are turned off via GPIO command 0x00020080(0, 0x40000), then after the upload completed, the sysmodule waits exactly one second for the MCU to reboot, then turns WiFi interrupts back on via <code>gpio:MCU</code> command 0x00020080(0x40000, 0x40000).
Trusted
225

edits

Navigation menu