krx252525
commented
7 years ago Feel free to give me a slap in the face if I'm missing something obvious - I'm hoping you're not editing the hex files directly... 😬
Open krx252525 opened 7 years ago
krx252525
commented
7 years ago Feel free to give me a slap in the face if I'm missing something obvious - I'm hoping you're not editing the hex files directly... 😬
qba667
commented
7 years ago @keir-rex Let me know if you are still interested. Some help will be appreciated. I was never able to compile whole firmware from disassembly but I was working with chunks. Bacillary assembler for ARM M0+ compiled with GCC. And some python script to calculate checksum. The oryginal10 channel file created by Dave B. seems to be compiled from disassembly.
krx252525
commented
7 years ago Yeah, I'm still interested. Do you have a repo for tracking the firmware development?
qba667
commented
7 years ago @keir-rex I have no repo right now, possibly I will try to create it during weekend. Here you have method of your interest. As you can see most of settings are affecting 6ch only. To change it you have redefine model settings array to be able to store all new configuration.
int *createRadioPacket()
{
unsigned int v0; // r0@2
int v1; // r0@5
int *v2; // r1@5
signed int v3; // r2@5
unsigned int ch_index; // r4@11
unsigned int v5; // r7@19
__int16 *v6; // r5@19
int v7; // r0@19
unsigned int v8; // r1@20
int v9; // r0@25
unsigned int v10; // r0@25
int v11; // r0@27
int v12; // r1@27
int v13; // r0@32
int v14; // r0@38
int v15; // r0@41
int v16; // r0@48
int v17; // r0@55
int v18; // r0@57
int *tmpCH_1; // r0@59
int *tmpCH2; // r0@63
int *tmpCH3; // r0@67
int *tmpCH4; // r0@71
int *tmpCH5; // r0@75
int *tmpCH6; // r0@80
int ch_index2; // r5@86
int v26; // r0@90
int v27; // r7@90
int chValue; // r0@90
int v29; // r0@92
unsigned int v30; // r2@92
unsigned int v31; // r0@92
int v32; // r12@92
unsigned int v33; // r0@99
int v34; // r0@102
unsigned int v35; // r0@103
int v36; // r0@105
int v37; // r7@112
int v38; // r6@112
int v39; // r0@112
int v40; // r1@112
int v41; // r2@114
int v42; // r1@114
int v43; // r0@117
signed int v44; // r3@120
int modelPtr3; // r5@123
unsigned int modelPtrPlus9; // r6@123
int v47; // r1@126
int v48; // r0@126
int v49; // r1@127
int v50; // r2@127
int indexFrom0To3; // r6@133
int v52; // r4@134
unsigned int v53; // r3@134
unsigned int v54; // r0@135
int v55; // r1@136
unsigned int v56; // r7@138
int v57; // r0@139
unsigned int v58; // r0@146
int v59; // r5@149
int v60; // r0@149
int v61; // r5@151
int v62; // r0@151
unsigned int ch_index3; // r4@153
int modelNamePtr; // r7@153
int offset; // r6@154
int value; // r0@154
int v67; // r0@159
signed int ch6_tmp; // r0@164
signed int ch1_tmp; // r2@165
unsigned int v70; // r0@167
signed int ch6_tmp2; // r1@170
signed int ch1_tmp2; // r3@171
signed int ch2_tmp; // r3@173
signed int ch3_tmp; // r3@177
signed int ch4_tmp; // r3@181
signed int ch5_tmp; // r3@185
int modelSetPTR; // r5@193
int *result; // r0@193
int ch1_val; // [sp+0h] [bp-A0h]@133
int ch2_val; // [sp+4h] [bp-9Ch]@133
int ch3_val; // [sp+8h] [bp-98h]@133
int ch4_val; // [sp+Ch] [bp-94h]@133
int *ch5_val; // [sp+10h] [bp-90h]@133
int ch6_val; // [sp+14h] [bp-8Ch]@5
int ch_1; // [sp+18h] [bp-88h]@15
int ch_2; // [sp+1Ch] [bp-84h]@55
int *ch_3; // [sp+20h] [bp-80h]@55
int ch_4; // [sp+24h] [bp-7Ch]@55
int *ch_5; // [sp+28h] [bp-78h]@75
int ch_6; // [sp+2Ch] [bp-74h]@79
int modelPtrPlus32; // [sp+34h] [bp-6Ch]@25
int v92; // [sp+3Ch] [bp-64h]@19
int modelNamePlus64; // [sp+44h] [bp-5Ch]@11
int v94; // [sp+48h] [bp-58h]@55
int v95; // [sp+4Ch] [bp-54h]@57
int *v96; // [sp+50h] [bp-50h]@57
int v97; // [sp+54h] [bp-4Ch]@57
int v98; // [sp+58h] [bp-48h]@11
int pointerSettings; // [sp+5Ch] [bp-44h]@11
unsigned int v100; // [sp+64h] [bp-3Ch]@92
int v101; // [sp+68h] [bp-38h]@11
int studentMod1; // [sp+6Ch] [bp-34h]@11
int pointeSettingsAfterName; // [sp+70h] [bp-30h]@11
int v104; // [sp+74h] [bp-2Ch]@11
int trainerSW_1; // [sp+78h] [bp-28h]@11
int trainerMod; // [sp+7Ch] [bp-24h]@11
int studentMod2; // [sp+84h] [bp-1Ch]@11
if ( byte_20000145[0] )
{
v0 = someTimer - dword_20000150;
if ( someTimer - dword_20000150 >= 0x2EE0 )
{
dword_20000150 += 12000;
v0 -= 12000;
}
if ( v0 > (unsigned int)&unk_BB8 )
{
if ( v0 > (unsigned int)&off_2328 )
v0 -= 12000;
else
v0 = (unsigned int)&byte_1426[-v0 + 842];
}
v1 = sub_1E7A(10 * v0, 3u);
v2 = &ch6_val;
v3 = 3;
do
{
v2[1] = v1;
v2 += 2;
*v2 = v1;
--v3;
}
while ( v3 );
goto LABEL_152;
}
modelNamePlus64 = sub_2568();
studentMod1 = (unsigned __int8)studentMode;
studentMod2 = (unsigned __int8)studentMode;
trainerMod = (unsigned __int8)trainerMode;
ch_index = 0;
trainerSW_1 = (1 << trainerSW) & modelNamePlus64;
v98 = (unsigned __int8)stickModeSW;
v104 = 4 * (unsigned __int8)stickModeSW;
v101 = v104 + 56609;
pointerSettings = currModelNamePtr;
pointeSettingsAfterName = currModelNamePtr + 10;
do
{
if ( !studentMod2 && trainerMod && trainerSW_1 )
{
*(&ch_1 + ch_index) = dword_1FFFFCC0[ch_index];
goto LABEL_16;
}
v5 = *(&dword_20000F00 + ch_index);
v6 = &stickAdjustData[3 * ch_index];
v7 = (*((_BYTE *)v6 + 1) << 8) | *(_BYTE *)v6;
v92 = v7;
if ( v5 >= v7 )
{
v8 = (HIBYTE(stickAdjustData[3 * ch_index + 2]) << 8) | LOBYTE(stickAdjustData[3 * ch_index + 2]);
if ( v5 <= v8 )
{
if ( ch_index && ch_index != 1 && ch_index != 3 )
goto LABEL_39;
v9 = (HIBYTE(stickAdjustData[3 * ch_index + 1]) << 8) | LOBYTE(stickAdjustData[3 * ch_index + 1]);
modelPtrPlus32 = v9;
v10 = v9 - 80;
if ( v5 > v10 && v5 < modelPtrPlus32 + 80 )
{
v11 = modelPtrPlus32 - ((unsigned int)modelPtrPlus32 >> 3);
v12 = v5 >> 3;
LABEL_33:
v7 = v11 + v12;
goto LABEL_40;
}
if ( ch_index && ch_index != 1 && ch_index != 3 )
goto LABEL_39;
if ( v5 >= modelPtrPlus32 + 80 )
{
sub_1E5E((v5 - modelPtrPlus32 - 80) * (v8 - modelPtrPlus32 - 10), v8 - modelPtrPlus32 - 80);
v12 = modelPtrPlus32;
v11 = v13 + 10;
goto LABEL_33;
}
if ( ch_index && ch_index != 1 && ch_index != 3 || v5 > v10 )
{
LABEL_39:
v7 = v5;
goto LABEL_40;
}
sub_1E5E((modelPtrPlus32 - v5 - 80) * (modelPtrPlus32 - v92 - 10), modelPtrPlus32 - v92 - 80);
v7 = modelPtrPlus32 - v14 - 10;
}
else
{
v7 = (HIBYTE(stickAdjustData[3 * ch_index + 2]) << 8) | LOBYTE(stickAdjustData[3 * ch_index + 2]);
}
}
LABEL_40:
if ( ((HIBYTE(stickAdjustData[3 * ch_index + 1]) << 8) | LOBYTE(stickAdjustData[3 * ch_index + 1])) <= v7 )
v15 = sub_1E7A(
(v7 - ((*((_BYTE *)v6 + 3) << 8) | *((_BYTE *)v6 + 2))) * (_DWORD)dword_2710,
((*((_BYTE *)v6 + 5) << 8) | *((_BYTE *)v6 + 4)) - ((*((_BYTE *)v6 + 3) << 8) | *((_BYTE *)v6 + 2)));
else
v15 = sub_1E7A((v7 - v92) * (_DWORD)dword_2710, ((*((_BYTE *)v6 + 3) << 8) | *((_BYTE *)v6 + 2)) - v92)
+ 4294957296;
if ( ch_index < 4 )
{
if ( v98 == 1 || v98 == 3 )
v15 += 20 * *(_BYTE *)(*(_BYTE *)(v101 + ch_index) + pointeSettingsAfterName);
else
v15 -= 20 * *(_BYTE *)(*(_BYTE *)(v101 + ch_index) + pointeSettingsAfterName);
}
*(&ch_1 + ch_index) = v15;
v16 = v5 - byte_1FFFFD54[ch_index];
if ( v16 < 0 )
v16 = -v16;
if ( v16 > 300 )
{
byte_1FFFFD54[ch_index] = v5;
*(_DWORD *)&byte_20000148 = someTimer - 1;
dword_2000014C = 0;
}
LABEL_16:
++ch_index;
}
while ( ch_index < 6 );
if ( studentMod1 || !trainerMod || !trainerSW_1 )
{
v17 = v104 + 56593;
*(&v94 + *(_BYTE *)(v104 + 56593)) = ch_1;
*(&v94 + *(_BYTE *)(v17 + 1)) = ch_2;
*(&v94 + *(_BYTE *)(v17 + 2)) = (int)ch_3;
*(&v94 + *(_BYTE *)(v17 + 3)) = ch_4;
if ( v98 == 1 || v98 == 3 )
{
ch_1 = v94;
ch_2 = v95;
ch_3 = v96;
v18 = v97;
}
else
{
ch_1 = -v94;
ch_2 = -v95;
ch_3 = (int *)-(signed int)v96;
v18 = -v97;
}
ch_4 = v18;
}
tmpCH_1 = (int *)ch_1;
if ( ch_1 <= -10000 )
tmpCH_1 = (int *)-10000;
ch_1 = (int)tmpCH_1;
if ( (signed int)tmpCH_1 > (signed int)dword_2710 )
tmpCH_1 = dword_2710;
ch_1 = (int)tmpCH_1;
dword_1FFFFD7C[2] = tmpCH_1;
tmpCH2 = (int *)ch_2;
if ( ch_2 <= -10000 )
tmpCH2 = (int *)-10000;
ch_2 = (int)tmpCH2;
if ( (signed int)tmpCH2 > (signed int)dword_2710 )
tmpCH2 = dword_2710;
ch_2 = (int)tmpCH2;
dword_1FFFFD7C[3] = tmpCH2;
tmpCH3 = ch_3;
if ( (signed int)ch_3 <= -10000 )
tmpCH3 = (int *)-10000;
ch_3 = tmpCH3;
if ( (signed int)tmpCH3 > (signed int)dword_2710 )
tmpCH3 = dword_2710;
ch_3 = tmpCH3;
dword_1FFFFD7C[4] = tmpCH3;
tmpCH4 = (int *)ch_4;
if ( ch_4 <= -10000 )
tmpCH4 = (int *)-10000;
ch_4 = (int)tmpCH4;
if ( (signed int)tmpCH4 > (signed int)dword_2710 )
tmpCH4 = dword_2710;
ch_4 = (int)tmpCH4;
dword_1FFFFD7C[5] = tmpCH4;
tmpCH5 = ch_5;
if ( (signed int)ch_5 <= -10000 )
tmpCH5 = (int *)-10000;
ch_5 = tmpCH5;
if ( (signed int)tmpCH5 > (signed int)dword_2710 )
tmpCH5 = dword_2710;
ch_5 = tmpCH5;
dword_1FFFFD7C[6] = tmpCH5;
if ( ch_6 <= -10000 )
tmpCH6 = (int *)-10000;
else
tmpCH6 = (int *)ch_6;
ch_6 = (int)tmpCH6;
if ( (signed int)tmpCH6 > (signed int)dword_2710 )
tmpCH6 = dword_2710;
ch_6 = (int)tmpCH6;
dword_1FFFFD7C[7] = tmpCH6;
if ( studentMod1 )
goto LABEL_164;
ch_index2 = 0;
LABEL_90:
v26 = 4 * (((1 << *(_BYTE *)(pointerSettings + 14)) & modelNamePlus64) != 0) + pointerSettings + ch_index2;
trainerMod = v26;
v27 = 98 * *(_BYTE *)(v26 + 23) + 0x4000;
trainerSW_1 = 4 * ch_index2;
chValue = *(&ch_1 + ch_index2);
studentMod1 = chValue;
if ( chValue < 0 )
chValue = -chValue;
v29 = sub_1E7A(chValue << 15, (unsigned int)dword_2710);
v30 = 0x10000;
v100 = v29;
v31 = 0;
v32 = 0x8000 - v27;
v98 = v27 << 15;
do
{
if ( (((v98 + v32 * ((v31 + v30) >> 1) - v27 * ((v31 + v30) >> 1)) >> 15) * ((v31 + v30) >> 1)
+ v27 * ((v31 + v30) >> 1)
+ 0x4000) >> 15 >= v100 )
v30 = (v31 + v30) >> 1;
else
v31 = (v31 + v30) >> 1;
}
while ( v30 - v31 > 1 );
if ( v100 - ((((v98 + v32 * v31 - v27 * v31) >> 15) * v31 + v27 * v31 + 0x4000) >> 15) > ((((v98
+ v32 * v30
- v27 * v30) >> 15)
* v30
+ v27 * v30
+ 0x4000) >> 15)
- v100 )
v31 = v30;
v33 = 100
* ((((((0x8000 - v27) << 15) + v27 * v31 - (0x8000 - v27) * v31) >> 15) * v31 + (0x8000 - v27) * v31 + 0x4000) >> 15);
v34 = v33 * *(_BYTE *)(trainerMod + 15);
if ( v34 >= 0 )
v35 = v34 + 0x4000;
else
v35 = v34 - 0x4000;
v36 = sub_1E7A(v35, 0x8000u);
if ( studentMod1 < 0 )
v36 = -v36;
*(int *)((char *)&ch_1 + trainerSW_1) = v36;
while ( (unsigned int)++ch_index2 < 6 )
{
if ( !ch_index2 || ch_index2 == 1 || ch_index2 == 3 )
goto LABEL_90;
}
if ( (unsigned int)*(_BYTE *)(pointerSettings + 9) >= 2 )
ch_6 = sub_237C((int)ch_3, pointerSettings + 31);
if ( (unsigned int)*(_BYTE *)(currModelNamePtr + 9) >= 3 )
{
v37 = sub_A178(ch_1 * *(_BYTE *)(currModelNamePtr + 41), 100);
v38 = sub_A178(ch_2 * *(_BYTE *)(currModelNamePtr + 42), 100);
v39 = sub_A178(ch_6 * *(_BYTE *)(currModelNamePtr + 43), 100);
v40 = *(_BYTE *)(currModelNamePtr + 9);
if ( v40 == 3 )
{
ch_1 = v39 - v37;
v47 = v39 + v38;
v48 = v39 + v37;
ch_2 = v47;
}
else
{
if ( v40 != 4 )
{
v41 = v39 - (50203 * v38 >> 15);
v42 = v37 * (signed int)&dword_DD3C[30] >> 15;
ch_2 = v39 + v38;
ch_1 = v41 - v42;
ch_6 = v41 + v42;
goto LABEL_115;
}
v49 = v39 - v38 / 2;
v50 = 28378 * v37 >> 15;
ch_2 = v39 + v38;
ch_1 = v49 - v50;
v48 = v49 + v50;
}
ch_6 = v48;
}
LABEL_115:
if ( *(_BYTE *)(currModelNamePtr + 55) << 31 && (1 << *(_BYTE *)(currModelNamePtr + 56)) & modelNamePlus64 )
v43 = 200 * (*(_BYTE *)(currModelNamePtr + 57) - 50);
else
v43 = sub_237C((int)ch_3, currModelNamePtr + 45);
ch_3 = (int *)v43;
if ( *(_BYTE *)(currModelNamePtr + 9) && *(_BYTE *)(currModelNamePtr + 55) & 8 )
{
v44 = 0;
if ( (1 << *(_BYTE *)(currModelNamePtr + 44)) & modelNamePlus64 )
v44 = 1;
ch_5 = (int *)(200 * (*(_BYTE *)(currModelNamePtr + v44 + 58) - 50));
}
sub_2568();
modelPtr3 = currModelNamePtr;
modelPtrPlus9 = *(_BYTE *)(currModelNamePtr + 9);
if ( !*(_BYTE *)(currModelNamePtr + 9) || !(*(_BYTE *)(currModelNamePtr + 55) & 8) )
{
dword_1FFFFD7C[6] = createPacketsForCH7_10(*(_BYTE *)(currModelNamePtr + 60));
ch_5 = (int *)dword_1FFFFD7C[6];
}
if ( modelPtrPlus9 < 3 )
{
dword_1FFFFD7C[7] = createPacketsForCH7_10(*(_BYTE *)(modelPtr3 + 61));
ch_6 = dword_1FFFFD7C[7];
}
modelPtrPlus32 = modelPtr3 + 32;
ch1_val = ch_1;
ch2_val = ch_2;
ch3_val = (int)ch_3;
ch4_val = ch_4;
indexFrom0To3 = 0;
ch6_val = ch_6;
ch5_val = ch_5;
while ( 2 )
{
v52 = 4 * indexFrom0To3 + modelPtr3;
v53 = *(_BYTE *)(v52 + 62);
if ( !(v53 >> 7) )
goto LABEL_142;
v54 = v53 & 0xF;
if ( v54 >= 6 )
v55 = dword_1FFFFD7C[v54];
else
v55 = *(&ch1_val + v54);
v56 = (unsigned int)*(_BYTE *)(v52 + 62) << 25 >> 29;
if ( v55 < 0 )
{
v57 = *(_BYTE *)(v52 + 64) * v55;
if ( v57 >= 0 )
goto LABEL_147;
goto LABEL_146;
}
v57 = *(_BYTE *)(4 * indexFrom0To3 + modelPtr3 + 63) * v55;
if ( v57 < 0 )
{
LABEL_146:
v58 = v57 - 50;
goto LABEL_141;
}
LABEL_147:
v58 = v57 + 50;
LABEL_141:
*(&ch_1 + (v53 << 25 >> 29)) += sub_1E7A(v58, 0x64u);
*(&ch_1 + v56) += 200 * *(_BYTE *)(v52 + 65);
LABEL_142:
if ( (unsigned int)++indexFrom0To3 < 3 )
continue;
break;
}
if ( !*(_BYTE *)(modelPtr3 + 9) )
{
if ( !(*(_BYTE *)(modelPtrPlus32 + 23) & 4)
|| (v59 = sub_A178(ch_2 * *(_BYTE *)(modelPtr3 + 75) + ch_1 * *(_BYTE *)(modelPtr3 + 74), 100),
v60 = sub_A178(ch_2 * *(_BYTE *)(currModelNamePtr + 75) - ch_1 * *(_BYTE *)(currModelNamePtr + 74), 100),
ch_1 = v59,
ch_2 = v60,
!*(_BYTE *)(currModelNamePtr + 9)) )
{
if ( *(_BYTE *)(currModelNamePtr + 55) & 2 )
{
v61 = sub_A178(ch_2 * *(_BYTE *)(currModelNamePtr + 75) - ch_4 * *(_BYTE *)(currModelNamePtr + 74), 100);
v62 = sub_A178(ch_2 * *(_BYTE *)(currModelNamePtr + 75) + ch_4 * *(_BYTE *)(currModelNamePtr + 74), 100);
ch_2 = v61;
ch_4 = v62;
}
}
}
LABEL_152:
if ( !studentMode )
{
ch_index3 = 0;
modelNamePtr = currModelNamePtr;
modelNamePlus64 = currModelNamePtr + 64;
do
{
offset = 4 * ch_index3;
value = *(&ch_1 + ch_index3) + 20 * *(_BYTE *)(modelNamePtr + ch_index3 + 76);
*(&ch_1 + ch_index3) = value;
if ( value <= 4294957296 )
value = 4294957296;
*(int *)((char *)&ch_1 + offset) = value;
if ( value > (signed int)dword_2710 )
value = (int)dword_2710;
*(int *)((char *)&ch_1 + offset) = value;
if ( value >= 0 )
{
v67 = value * *(_BYTE *)(2 * ch_index3 + modelNamePtr + 83);
if ( v67 >= 0 )
{
LABEL_168:
v70 = v67 + 50;
goto LABEL_161;
}
}
else
{
v67 = value * *(_BYTE *)(2 * ch_index3 + modelNamePtr + 82);
if ( v67 >= 0 )
goto LABEL_168;
}
v70 = v67 - 50;
LABEL_161:
*(int *)((char *)&ch_1 + offset) = sub_1E7A(v70, 0x64u);
if ( *(_BYTE *)(modelNamePlus64 + 30) & (1 << ch_index3) )
*(int *)((char *)&ch_1 + offset) = -*(int *)((char *)&ch_1 + offset);
++ch_index3;
}
while ( ch_index3 < 6 );
}
LABEL_164:
ch6_tmp = 0xFFFFD120;
if ( ch_1 <= (signed int)0xFFFFD120 )
ch1_tmp = 0xFFFFD120;
else
ch1_tmp = ch_1;
ch6_tmp2 = 0x2EE0;
ch_1 = ch1_tmp;
if ( ch1_tmp <= 0x2EE0 )
ch1_tmp2 = ch1_tmp;
else
ch1_tmp2 = 0x2EE0;
ch_1 = ch1_tmp2;
dword_1FFFFDE0[0] = ch1_tmp2;
ch2_tmp = ch_2;
if ( ch_2 <= (signed int)0xFFFFD120 )
ch2_tmp = 0xFFFFD120;
ch_2 = ch2_tmp;
if ( ch2_tmp > 0x2EE0 )
ch2_tmp = 0x2EE0;
ch_2 = ch2_tmp;
dword_1FFFFDE4 = ch2_tmp;
ch3_tmp = (signed int)ch_3;
if ( (signed int)ch_3 <= (signed int)0xFFFFD120 )
ch3_tmp = 0xFFFFD120;
ch_3 = (int *)ch3_tmp;
if ( ch3_tmp > 0x2EE0 )
ch3_tmp = 0x2EE0;
ch_3 = (int *)ch3_tmp;
dword_1FFFFDE8 = ch3_tmp;
ch4_tmp = ch_4;
if ( ch_4 <= (signed int)0xFFFFD120 )
ch4_tmp = 0xFFFFD120;
ch_4 = ch4_tmp;
if ( ch4_tmp > 0x2EE0 )
ch4_tmp = 0x2EE0;
ch_4 = ch4_tmp;
dword_1FFFFDEC = ch4_tmp;
ch5_tmp = (signed int)ch_5;
if ( (signed int)ch_5 <= (signed int)0xFFFFD120 )
ch5_tmp = 0xFFFFD120;
ch_5 = (int *)ch5_tmp;
if ( ch5_tmp > 0x2EE0 )
ch5_tmp = 0x2EE0;
ch_5 = (int *)ch5_tmp;
dword_1FFFFDF0 = ch5_tmp;
if ( ch_6 > (signed int)0xFFFFD120 )
ch6_tmp = ch_6;
ch_6 = ch6_tmp;
if ( ch6_tmp <= 0x2EE0 )
ch6_tmp2 = ch6_tmp;
dword_1FFFFDF4 = ch6_tmp2;
modelSetPTR = currModelNamePtr;
dword_1FFFFDF8 = (int)createPacketsForCH7_10(*(_BYTE *)(currModelNamePtr + 141) & 0xF);
dword_1FFFFDFC = (int)createPacketsForCH7_10((unsigned int)*(_BYTE *)(modelSetPTR + 141) >> 4);
dword_1FFFFE00 = (int)createPacketsForCH7_10(*(_BYTE *)(modelSetPTR + 145) & 0xF);
result = createPacketsForCH7_10((unsigned int)*(_BYTE *)(modelSetPTR + 145) >> 4);
dword_1FFFFE04 = (int)result;
return result;
}@qba667 thanks for that - I can create a repo and invite you as an admin. I'll have some time over this weekend - I'm GMT what time zone are you in?
qba667
commented
7 years ago @keir-rex sounds good, have you any experience with disassembly? I am in GMT+1.
krx252525
commented
7 years ago @qba667 not really - this is going to be a steep learning curve. It'll be nice to see if we can apply some proper engineering principles and improve the agility and pace.
Anything in the way of resources, literature, pointers, and existing dev-environment you can provide would be appreciated!
qba667
commented
7 years ago @keir-rex same as it was mine. To do anything you will need debugger. I am using J-Link but STLink will be also fine. Toolchain is part of Kinetis Design Studio Integrated Development Environment. SDK for MKL16z (http://www.nxp.com/jp/products/software-and-tools/run-time-software/kinetis-software-and-tools/development-platforms-with-mbed/software-development-kit-for-kinetis-mcus:KINETIS-SDK)
Some resources about MCU http://javaarm.com/file/ARM/books/Cortex/The.Definitive.Guide.to.the.ARM.Cortex-M0_Joseph.Yiu_2011.pdf
ARM thumb http://www.keil.com/support/man/docs/armasm/armasm_dom1359731139853.htm http://www.embedded.com/electronics-blogs/beginner-s-corner/4024632/Introduction-to-ARM-thumb https://ece.uwaterloo.ca/~ece222/ARM/ARM7-TDMI-manual-pt3.pdf
Something about Reassembleable Disassembling https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-wang-shuai.pdf
Notepad++
And the most important part a lot of free time.
qba667
commented
7 years ago @keir-rex check here: https://github.com/qba667/FlySkyI6
Tof68
commented
7 years ago Subtrim and end-points for channels 7 to 10 should be realy great. It's almost necessary when using this channels with servos, even to drive accessories
Pecacheu
commented
7 years ago @qba667 I can't figure out how to compile the source code. I made an issue about it here.
krx252525
commented
7 years ago Apologies for not getting in touch for circa 5 months - I've not looked at my RC stuff since the weather here just isn't suited to it. I'm going to try put some time over the coming weeks.
kelvinpmr
commented
7 years ago @keir-rex hi man! Please! Do the endpoint for this ch7! ALL naza users Will be thx to you!
Hey @benb0jangles,
I'm wondering if there's a limitation preventing implementing subtrim for Aux channels 7-10?
If there's no limitation - would it be possible for you to provide the source from which you compiled and development tools/environment/methods? I'd like to get started hacking on the firmware and I'm sure I'm not the only person who would benefit from the subtrim on these channels.
Thanks,
Keir