Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MD2017 support #789

Open
1 of 4 tasks
ghost opened this issue Jul 6, 2017 · 43 comments
Open
1 of 4 tasks

MD2017 support #789

ghost opened this issue Jul 6, 2017 · 43 comments
Assignees
@d235j

Comments

@ghost
Copy link

ghost commented Jul 6, 2017

Right now, I can write codeplugs (which means we can write codeplugs from Linux, running the TYT CPS in wine), and have been poking at the codeplug format. So far, it's all the same structures, everything is just shifted around for the larger memory. I also was able to fix a few minor issues (such as the DFU client crash when sending md380_custom(0xA2 0x01)).
https://github.com/mach327/md380tools/tree/md2017

Starter goals:
@ghost ghost self-assigned this Jul 6, 2017
@travisgoodspeed
Copy link
Owner

Excellent! I'll look into ordering one this week.

@ghost
Copy link
Author

ghost commented Jul 6, 2017
edited by ghost
Loading

Side note (put here for googlers) - the connector on the MD2017 is the same as on Motorola EX500, EX600, GP328, etc. Planet Headset knows it as the M5. Pryme knows it as the HYT x43. I know it is this connector because I now have an accessory meant for that group of Motorola radios that works great with the MD2017.
This was extremely frustrating to figure out, so hopefully I can save others some time - I believe it was W1IRA who first pointed out that connector, talking to the NEDECN group.

@KG5RKI
Copy link

KG5RKI commented Jul 6, 2017

I can wrap / unwrap firmware images for 2017 and flash them to the radio. Also can read/write the spi flash. I have the users DB working and most of the symbols ported to the 2017. I have yet to get the extra usb DNLOAD commands working for peek/poke but its all coming along. How can I help out?

@KG5RKI
Copy link

KG5RKI commented Jul 6, 2017

I use the stock updater utility to program firmware images to the 2017 as of now but I should be able to port the md380tools scripts to work without too much hassle

@KG5RKI
Copy link

KG5RKI commented Jul 6, 2017

I've got the encryption keystream that the 2017 / RT82 use

@ghost
Copy link
Author

ghost commented Jul 6, 2017
edited by ghost
Loading

@KG5RKI I'll be happy for pull requests, and I can also help merge, and/or port your C# to Python - whatever's easiest!
Where can I find the keystream for the MD2017 for wrapping and unwrapping firmware?

@KG5RKI
Copy link

KG5RKI commented Jul 6, 2017 via email

@KG5RKI
Copy link

KG5RKI commented Jul 6, 2017 via email

@KG5RKI
Copy link

KG5RKI commented Jul 6, 2017

https://www.facebook.com/groups/DMRTrack/permalink/438741133166655/

@ghost
Copy link
Author

ghost commented Jul 6, 2017

Credit is no problem - git has facilities for just such an occasion, and I'll make sure to note it in the code itself. Thank you for sharing!

@ghost
Copy link
Author

ghost commented Jul 6, 2017

Looks like a good group - makes me regret not having a facebook account. With your permission, I'll add it to the list of related communities in the README and wiki here?

@KG5RKI
Copy link

KG5RKI commented Jul 6, 2017 via email

@KG5RKI
Copy link

KG5RKI commented Jul 6, 2017

can you message me in google hangouts at [email protected]? If you have a md2017 I can send you my fw for the userDB.

@ghost
Copy link
Author

ghost commented Jul 6, 2017

Roger. I'm relatively new to git myself.
Hangouts: will do! Might be a half hour or so, replying on the fly.

@KG5RKI
Copy link

KG5RKI commented Jul 6, 2017

Still porting the symbols for the gps version of the radio, but so far the fw works on RT82 and md2017 with nonGPS.

@ghost
Copy link
Author

ghost commented Jul 6, 2017
edited by ghost
Loading

@KG5RKI check email, hangouts seems down

@ghost ghost mentioned this issue Jul 6, 2017
Closed
@ghost
Copy link
Author

ghost commented Jul 6, 2017
edited by ghost
Loading

I'll have some merged commits of Ty's MD2017 wrap/unwrap on my repo tomorrow (edit, maybe later), and if it works well I will push to master here.

@ghost
Copy link
Author

ghost commented Jul 16, 2017

Pushed changes to md380_fw.py to include @KG5RKI's work for the MD2017 shared above.

@DL2MF
Copy link
Collaborator

DL2MF commented Jul 19, 2017

@travisgoodspeed Who can add some stock fw for MD2017/RT82 support to archive.org/download? I'd like to add 4 files (stock fw S003.031 S003.033, D003.031, D003.033) for my next pr to firmware_files.txt
If anyone has an account I'll send a link to the current firmware images.

@travisgoodspeed
Copy link
Owner

@d235j can take care of merging @DL2MF's MD2017 firmware images. We might need to specify a hardware model in addition to their version numbers, in case more MD380 firmware images are released.

@ispkorte
Copy link

https://dd1go.de/file.php?dir=RT82/&file=RT82-UV%28REC%29-D3.33.bin

https://dd1go.de/file.php?dir=RT82/&file=RT82-UV%28REC%29-D3.33.bin

https://dd1go.de/file.php?dir=MD-2017firmware/&file=TYT2017-UV%28GPS-REC%29-S3.31.bin

https://dd1go.de/file.php?dir=MD-2017firmware/&file=TYT2017-UV%28REC%29-D3.31.bin

@DL2MF
Copy link
Collaborator

DL2MF commented Jul 19, 2017
edited
Loading

@travisgoodspeed @ispkorte
I prefer we use public services for download archive, like for all other (except the last pr hosted from W2FBI) images. This is also the reason cause I didn't share them on my webservices.

Any suggest for the model identifier? Otherwise I'll name them MD2017_ in prefix to differ them from MD3x0/MD446 firmware versions and we continue using D/S for all versions for NonGPS/GPS like Tytera/Retevis also does for the genuine images (without adding GPS explicitly.

@KG5RKI
Copy link

KG5RKI commented Jul 19, 2017

FYI the donation is for DMR Track, not related to md380tools. The firmware images are hosted on facebook, not the server.

@ispkorte
Copy link

@travis , this is a public service ; no problem

@KG5RKI
Copy link

KG5RKI commented Jul 20, 2017

MD2017 Symbols

gfx_set_bg_color = 0x080249FD ;
gfx_set_fg_color = 0x08024369 ;

gfx_drawchar_pos = 0x08029BA5 ;

gfx_blockfill = 0x080249FD ;
gfx_drawtext7 = 0x0802E035 ;

gfx_select_font = 0x08029AD0 ;

md380_spiflash_read = 0x080439CB ;

md380_spiflash_write = 0x08043AB3 ;

md380_spiflash_security_registers_read = 0x08043E0D ;

md380_spiflash_disable = 0x08043A9B ;

md380_spiflash_enable = 0x08043A7F ;

md380_spiflash_wait = 0x08043A5D ;

md380_spi_sendrecv = 0x08043A11;

md380_spiflash_block_erase64k = 0x080437E9 ;

md380_spiflash_sektor_erase4k = 0x080437B5 ;

md380_OSMboxPost = 0x0803E711 ;

md380_OSMboxPend = 0x0803E5FB ;

md380_blockadr = 0x2001FB14 ;
md380_packetlen = 0x2001FB18 ;

md380_dfutargetadr = 0x20001228 ;
md380_dfu_target_adr = 0x20001228 ;

md380_dfu_state = 0x2001FE3F ;
md380_thingy2 = 0x2001FE40 ;

usb_upld_handle = 0x080D94BD ;
usb_dnld_handle = 0x080D8AC5 ;

usb_send_packet = 0x08079CF3 ;

md380_packet = 0x2001BD20 ;
md380_usbstring = 0x2001E554 ;

dmr_call_start = 0x0804C52B ;
dmr_before_squelch = 0x0804CADD ;
dmr_call_end = 0x0804D2E1 ;
dmr_CSBK_handler = 0x0804D845 ;
dmr_handle_data = 0x08050D83 ;

kb_keypressed = 0x2001FB64 ;
kb_row_col_pressed = 0x2001FCFE ;
kb_keycode = 0x2001FE30 ;
kb_handler = 0x0806E709 ;

gui_opmode3 = 0x2001FE4F ;

gui_opmode2 = 0x2001FDFC ;
gui_opmode1 = 0x2001FDFE ;
gui_opmode1_prev = 0x2001FDFD ;

m_cntr2 = 0x2001FCC8 ;
gfx_font_small = 0x080EB018 ;
gfx_font_norm = 0x080EB058 ;

MD2017 merge.py

merger.hookbl(0x08030D76, sapplet.getadr("rx_screen_blue_hook"), 0)
merger.hookbl(0x08030DF0, sapplet.getadr("rx_screen_blue_hook"), 0)

#merger.hookbl(0x080D8A20, sapplet.getadr("usb_upld_hook"), 0x080D94BC)  # Old handler adr.

# keyboard
merger.hookbl(0x0806CE92, sapplet.getadr("kb_handler_hook"));

dmr_call_start_hook_list = [0x804C3DC, 0x0804BE34, 0x804BE0C, 0x804BDA6]
for adr in dmr_call_start_hook_list:
    merger.hookbl(adr, sapplet.getadr("dmr_call_start_hook"))
	
gfxblockfill = [
    0x0800CAA6,
    0x0800CAB2,
    0x0800CABE,
    0x0800CACA,
    0x0800CADE,
    0x0800CAEA,
    0x0800CAF6,
    0x0800CB02,
    0x0800CB0E,
    0x0800CB28,
    0x0800CB4E,
    0x0800CB5A,
    0x0800CB6E,
    0x0800CC4E,
    0x0800CC5A,
    0x0800CC66,
    0x0800CC78,
    0x0800CC96,
    0x0800CCA2,
    0x0800CCB6,
    0x0800CD4C,
    0x0800CD58,
    0x0800CD64,
    0x0800CDDC,
    0x0800CDE8,
    0x0800CDF4,
    0x0800CE00,
    0x0800CE14,
    0x0800CE20,
    0x0800CE34,
    0x0800CE40,
    0x0800CE54,
    0x0800CECA,
    0x0800D258,
    0x0800D28A,
    0x0800D450,
    0x0800D45C,
    0x0800D4C0,
    0x0800D5EC,
    0x0800D5F8,
    0x0800D604,
    0x0800D610,
    0x0800D722,
    0x0800D72E,
    0x0800D73A,
    0x0800D746,
    0x0800D7FA,
    0x0800D87A,
    0x0800D886,
    0x0800D892,
    0x0800D89E,
    0x0800DB3A,
    0x0800DC82,
    0x0800DC9C,
    0x0800DCA8,
    0x0800DCF8,
    0x0800DD04,
    0x0800DD10,
    0x0800DFF2,
    0x0800E27E,
    0x0800E292,
    0x0800E29E,
    0x0800E2AA,
    0x0800E2B6,
    0x0800E558,
    0x0800E5CE,
    0x0800E5DC,
    0x0800E5E8,
    0x0800E5F4,
    0x0800E608,
    0x0800E6E2,
    0x0800E74C,
    0x0800E774,
    0x0800E90C,
    0x0800E920,
    0x0800E92C,
    0x0800E938,
    0x0800E944,
    0x0800ECBE,
    0x0800ECCC,
    0x0800EE84,
    0x0800EF9C,
    0x0800F074,
    0x0800F0DE,
    0x0800F0EC,
    0x0800F1E4,
    0x0800F2CE,
    0x0800F3C6,
    0x0800F702,
    0x0800F71C,
    0x0800F75E
]
for adr in gfxblockfill:
    merger.hookbl(adr, sapplet.getadr("gfx_blockfill_hook"))

#this is only about half of the gfxblockfill, need to add the rest

@KG5RKI
Copy link

KG5RKI commented Jul 20, 2017

ported all the usb related symbols but the usb hooks are still not working. Probably just forgot something stupid, but the code is a bit different so something might have changed slightly

@moos3
Copy link

moos3 commented Jan 3, 2018

Has there been any progress on this?

@KG5RKI
Copy link

KG5RKI commented Jan 3, 2018 via email

@hb9gfx
Copy link

hb9gfx commented Mar 22, 2018

Any news/progress on MD-2017 toolz?

@Wferr
Copy link

Wferr commented Jun 3, 2018

Any way I could help out with porting? Still working on reading codeplugs?

@ghost
Copy link
Author

ghost commented Jun 3, 2018

@Wferr No work done yet on reading codeplugs.
It should look almost identical to reading a codeplug from the MD-380, just more data.
Pull requests are always welcome - it looks like just about everybody has been busy lately with other projects and day jobs, including me, but I still have a few hours a week to work on this stuff.

I have writing MD-2017 firmware working as of a few days ago, need to merge it upstream.

@OE4AMW
Copy link

OE4AMW commented Aug 6, 2018

Hi,
I bought a MD-2017 (my first DMR radio) and would like to help porting the md380toolz.
@mach327 , @KG5RKI : Is the current state (toolz as well as firmware) available for download?

@ghost
Copy link
Author

ghost commented Aug 7, 2018

@KG5RKI has a full setup for the MD2017, including ported application code.
He's friendly, get in touch and talk a bit. I previously started to help port his stuff back to this repo, but I got overwhelmed with work and school and flaked out on him, and just haven't had the spare cycles since.

We (md380tools) have codeplug writing to the MD2017, and I have firmware writing to the MD2017. Right now, I don't remember if I merged that up to this repo entirely - I might not have.

@OE4AMW
Copy link

OE4AMW commented Aug 14, 2018

@mach327 : based on your branch 'md2017', I started work on reading codeplug (I put it in a separate function).
However, after the first 256k read from radio, the codeplug (downloaded with CPS1.22) contains 16 bytes that look like a DFU-Suffix. At the moment I hardcoded those bytes, as I was not able to figure out how to calculate the CRC. Do you have any ideas regarding that?

@ghost
Copy link
Author

ghost commented Aug 16, 2018
edited by ghost
Loading

@OE4AMW I haven't looked at your code yet, but if it's CRC32, try the Python binascii.crc32() and see if it gives you the same output. I can poke at it too, if you like - maybe this weekend or so.

@OE4AMW
Copy link

OE4AMW commented Aug 16, 2018

I tried already using dfu_suffix.crc() - but I haven't figured out which parts of the codeplug need to be taken into account for CRC calculation. (Neither 0..0x4022D, nor 0+rdt-header..0x4022D returns the checksum that CPS 1.22 reads out ...)
It anyhow looks strange for me that the DFU-suffix is at 0x4022D (of the .rdt) - and not at the end of the file ...

@AnthonyRinaldi
Copy link

My embedded dev experience leaves much to be desired, but is there anything I can do to help with this effort? Just got a 2017 and I'm itching to get TYToolz on there!

@KG5RKI
Copy link

KG5RKI commented Aug 28, 2018 via email

@OE4AMW
Copy link

OE4AMW commented Sep 1, 2018

What I wanted to achieve, is to read a RDT from the radio, that can be edited in the Tytera CPS software (which works under Linux using wine, but without USB-functionality).
There are 16 bytes in the RDT (starting at x4022D) that look like a DFU suffix - but the as I figured out (at least in my case), the CRC part of the DFU suffix always have the same values - so I hardcoded them for now.
I just committed a version ( https://github.com/OE4AMW/md380tools/tree/md2017 ) that successfully read a RDT-file from the radio. The header is now static as well (serial-number, device-id, hardware-versions are blank), but that does not bother the Tytera-software - It loads and edits the RDT file successfully.
As I do not have a MD380, I copied added the functionality for MD2017 into a new function of md380_dfu.py - so this shouldn't cause any harm. However, I had to add one line in DFU.py - maybe someone with a MD380 can test whether it breaks anything. If not, maybe the "starter goals" 2 and 3 are finished as well ...

@Wferr
Copy link

Wferr commented Nov 11, 2018

There is a discord server with beta firmwares by @KG5RKI If anyone is interested/wants download links. https://discord.gg/EHY78Uz

@Wferr
Copy link

Wferr commented Jan 31, 2019

The firmware by @KG5RKI is now open source at https://github.com/KG5RKI/RT82Toolz if that helps add support for the MD2017/RT82

@Scytie
Copy link

Scytie commented Feb 19, 2019

I am now able the build the rt82 firmware. python has to be python2 and than
"make image_2017_GPS"
or
"make image_2017_nonGPS" does the job

@n1trux
Copy link

n1trux commented Nov 21, 2020

You can look at https://github.com/DaleFarnsworth-DMR/editcp by @dalefarnsworth-dmr for inspiration, they have made some progress as well in that direction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@d235j d235j

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests