search

ZuwaiiVR / JBL-Charge-3-firmware

JBL Charge 3 Bluetooth speaker firmware stuff.
32 stars 1 forks source link

Firmware straight from the server (7.3.0) #1

Open Peax opened 5 years ago

Peax commented 5 years ago

My JBL Charge 3 came with fw 3.9.0. Perfect time for sniffing the network traffic before updating. Here's what the JBL Connet App was looking for :)

http://storage.harman.com/JBLConnectPlus/Charge3/Charge3_upgrade_index.xml (current fw version + MD5 + download link)

Mirror: Charge3_v7.3.0_20170907.zip Firmware file name: Charge3_v7.6.0_20190201.dfu MD5: 3efe3d138e599b8dc0e00bfd29834773

ZuwaiiVR commented 5 years ago

That's a nice found! I tried it aswell, but I assume'd they baked it in the App, I wanted to downgrade aswell which I couldn't find on the net.

Bodengriller commented 5 years ago

Many Thanx from me, too, you did a very great job!

I also have a Charge 3 and was very worried about the connect+ Update. I successfully flashed your FW3.4 back to my Boxes.

My Problem is, that it will brick if I change the Bluetooth-MAC by PSTool. You can flash the whole Image back to get the Box work again. But I wanna use 2 Boxes in Stereo-Mode with FW3.4 ... that's impossible if both boxes have the same MAC.

Do you have an idea, why it's impossible to change the MAC or do you even have a solution how to do it?

ZuwaiiVR commented 5 years ago

Hi Bodengriller,

In the PSR file there should be // PSKEY_BDADDR &0001 = 0000 0000 0000 0000

Replace the zero's with your PSKEY_BDADDR value, it should work. So far when I started to tinkering with the firmware on these devices, I backup them fully before updating/downgrading them.

No idea when you change the MAC address and it will brick, did you also tried a hard reset? (unplugging the battery)

Bodengriller commented 5 years ago

Hi Dnstje,

what I did: (0. Full BlueFlash-Backup of my own Box with FW 7.3.0 - that is a complete Backup of ALL Things what's in the Flash...including all parameters, also the Bluetooth-MAC-Address)

  1. I flashed your "rck_16unified_fl_bt4.1_27f_1501301250_ble_encr128 2015-01-30.xpv" which is a completley dump inkl. the Bluetooth-MAC-Address of YOUR box. (f8df-15-.....)
  2. I read out the Bluecore-Store via PSTool -> there I can see your original-Bluetooth-MAC.
  3. Tried to change this Address (PSKEY BTADDR) to MY original BT Adress (fca8-9a-.....) and set it
  4. Reboot the Charge 3
  5. Charge 3 never boot up anymore (even if I remove the Battery or anything)
  6. flash any BlueFlash-Dump-Backup (equal if I use yours or mine) via BlueFlash
  7. Charge 3 works fine again

So in your "rck_16unified_fl_bt4.1_27f_1501301250_ble_encr128 2015-01-30.psr" was originally // PSKEY_BDADDR &0001 = XXXX XXXX 0015 f8df ...I think you deleted this for privacy

But in your BluefFash-Dump-Files it's not deleted... And my problem is that I couldn't adjust your BT-MAC back to my own or anything else without bricking the Box.

In my opinion the PSR-File is only a config-Backup in plaintext ... the XPV-File is the whole "mashine-code-Dump" of the BluecoreChip The PSR-File (plaintext Store configuration Dump) has nothing to do with the XPV-File (Complete Flash/Memory Dump) ... or do I understand you wrong?

nirajshakya85 commented 4 years ago

Hi, Dnstje

It would be great if you can make a tutorial video on how to downgrade the firmware without getting hands into the motherboard. I saw your master which you showed messing up with the motherboard which is out of my skills.

So, my guess is like using software and running some commands to downgrade like any smartphone.