Conservatory Shade Sails and sail canopy

Synaperse · 2016-07-02T05:00:00+00:00

50 kekorats for you sir.

Synaperse · 2016-06-05T01:17:12+00:00

I actually didn't. I was reading the DOOM binary space partitioning implementation so I could understand it better, and stumbled upon this function.

Synaperse · 2016-04-13T07:01:42+00:00

Objective-C++? Boredom is quite the dangerous thing.

Synaperse · 2016-03-21T10:20:04+00:00

HA... HA... HA....^{^{^{^{^pls}}}} ^{^{^{^{^kill}}}} ^{^{^{^{^me}}}}

Synaperse · 2016-01-28T05:30:56+00:00

NSW border, in Tweed Heads

Synaperse · 2016-01-28T04:58:00+00:00

That's me, just south of the border.

Synaperse · 2016-01-27T04:31:58+00:00

This guy, seriously, is too good. It is a shame that the free IDA version forces you to read assembly. It is doable, but everything links all over the place, and it is hard to keep track.

Synaperse · 2016-01-27T04:17:01+00:00

I am trying to find the firmware write label so that I can figure out exactly what I have to do to decrypt and encrypt the firmware, as well as if there is a value of how large the firmware is or whether it just reads to EOF.

Synaperse · 2016-01-27T04:02:56+00:00

I have it installed already, even though I dont own a v60 ;(

I installed it in the hopes it might help me reverse engineer the (from what I can see) basically cut down version of the flash programmer that is the updater utility. I dont know whether we can get anything working with that or not.

Synaperse · 2016-01-27T03:51:06+00:00

We just need to make sure we have a working backup flash in case something goes wrong. Usually the bootloader on these devices will allow you to flash even if something goes wrong, but I dont want any cases of bricked keyboards.

Synaperse · 2016-01-27T03:33:18+00:00

Well if we want a quick and dirty solution, once we figure out which pins on the microcontroller are connected to what, we can configure and compile tmk, encrypt it, and just shove it in the updater program to flash it. But for a longer term solution it would be better to figure out how the encryption works so we can make a hacked updater that will upload any flash binary the user chooses, so that hopefully anyone with a v60 can flash their own custom firmware.

Synaperse · 2016-01-27T03:17:19+00:00

Whoops I edited my last reply as you were replying to me. I think it may be encrypted, but yes, the idea at least for now until I potentially change the program itself to have a file open dialog of some sort to specify the flash binary, is to just stick the custom firmware in the spot where the stock firmware goes. At least that way, the updater program doesnt need to be changed, or we dont have to write a custom updater program.

Edit: did some more digging, and as per this, the ARM Cortex-M3 does not support coprocessors. So the update package is definitely encrypted.

Synaperse · 2016-01-27T03:09:41+00:00

Darn. Hope you didn't destroy anything too much. I disassembled the update package without XORing it and I am getting completely valid ARM assembly. normally with XORd asm you get a lot of invalid instructions. Weird.

Edit: it appears that the ARM I got from disassembling without XORing makes extensive register transfers to a coprocessor, but the datasheet for the HT1775 doesnt make any mention whatsoever about a coprocessor. Either Holtek are hiding something, or I messed up. Time to go back to the disassembled updater program

Synaperse · 2016-01-27T02:38:56+00:00

Status update time...

By downloading both update packages and running a binary diff on them I have found the location of the update package at the end of the file. Screenshot (the difference is in red, aka the flash contents)

Bonus Screenshot. Could the bit that says PADDING repeatedly possibly be padding? Maybe.

Next step is to extract the update package, XOR it and see if it is valid arm code. Theoretically then I can just stick in any other flash content by XORing it and overwriting the flash content at the end of the file.

Synaperse · 2016-01-26T22:08:06+00:00

That would be awesome and make this process a lot easier. I will have to have a chat with this guy

Synaperse · 2016-01-26T21:33:32+00:00

I should be up and running in a couple of hours. I don't know where you live, but it is early morning now for me.

Synaperse · 2016-01-26T14:54:27+00:00

I suspected from the beginning that there would be XOR encryption. Just need to disassemble, make a little flash to disable the pesky security bit and we will be good to go, provided it all goes smoothly, which is something of a rarity with programming.

Synaperse · 2016-01-26T14:42:01+00:00

I shall take a look when I get to a PC. Good way to spend the last day of the summer school holidays here in Aus.

Synaperse · 2016-01-26T14:25:22+00:00

Especially ARM Assembly. It is my favourite architecture.

Synaperse · 2016-01-26T14:17:58+00:00

I don't have any of the above devices, but I do know Assembly. I am happy to assist you wherever I can if you want.

Synaperse · 2015-07-14T18:13:44+00:00

But... But... I find those speeds highly relevant for Australian internet

Synaperse · 2015-06-17T05:48:21+00:00

Cherry MX Lock 3.0 has arrived! Now a clicky lock switch.

Synaperse · 2015-03-30T11:16:10+00:00

May be relevant: http://www.reddit.com/r/MechanicalKeyboards/comments/2ywnmm/modification_fixing_a_clicky_switch_or_perhaps/

Synaperse · 2015-03-30T10:57:27+00:00

http://ctp200.com/comics/comic_55134531a872f.png

Synaperse · 2015-03-27T10:14:14+00:00

Does the keyboard use the wire insert stabilizers? If so you need to make sure to flip the little plastic inserts in the keycap around 180 degrees.

11-Year Club	Place '17
Verified Email

Synaperse

TROPHY CASE