Pro L White Support

[hansemro]

HW info:

• Holtek HT32F52352 (Cortex-M0+)
• MXIC 25L4006E 4Mbit SPI Flash
• Macroblock MBI5042GP LED Driver

FW disassembly annotation: WIP @ https://github.com/hansemro/pok3r_re_firmware/tree/cmprolwhite

Tasks:

• [ ] Add photos
• [x] Add schematic: https://github.com/hansemro/re-masterkeys/tree/Pro_L_White/kicad/prol_white
• [x] Write firmware patch
  • [x] Find FW offset: 0x3200 (based off VTOR offset)
• [x] Patch pok3rtool: WIP fork https://github.com/hansemro/pok3rtool/tree/cooler-master-dev
  • [x] Add Pro L White VID/PID/IPID
    • [x] firmware mode : 2516:0047
    • [x] bootloader mode : 2516:0046
  • [x] version command
  • [x] setversion command
  • [x] reboot command
  • [x] bootloader command
  • [x] info command
    • [x] get version
    • [x] Holtek VID/PID: 04d9:0167
  • [x] dump command
  • [x] flash command
  • [ ] wipe command
• [x] Working firmware patch
• [x] Dump firmware
  • [ ] Annotate V1.08.00 FW: WIP @ https://github.com/hansemro/pok3r_re_firmware/tree/cmprolwhite/disassemble/cmprolwhite/v180
• [x] Dump bootloader @ 0x0
  • [ ] Annotate: WIP https://github.com/hansemro/pok3r_re_firmware/tree/cmprolwhite/disassemble/cmprolwhite/builtin
• [x] Dump bootrom @ 0x1f000000
  • [ ] Annotate: WIP @ https://github.com/hansemro/pok3r_re_firmware/tree/cmprolwhite/disassemble/cmprolwhite/bootrom
• [ ] Dump SPI flash
• [ ] QMK port
  • [x] working key matrix
  • [x] nKey Rollover
  • [x] working USB
  • [x] Hold Esc while plugging in usb to reboot to bootloader
  • [x] FN+Esc to reboot to bootloader
  • [x] MBI5042 LED matrix driver
    • [x] init
    • [x] flush
    • [x] set_color
    • [x] set_color_all
  • [ ] SPI flash driver

[hansemro]

Info command output:

$ ./pok3rtool -t prolrgb info --ok
Opened MasterKeys Pro L RGB
3000  12000000 56003100 2e003000 38002e00 30003000 0000ffff ffffffff ffffffff | ....V.1...0.8...0.0.............
3020  ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff | ................................
3040  ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff | ................................
3060  ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff 04008000 00030100 | ................................
3080  41000000 ffffffef 01000000 00000000 d9046701 ffffffff ffffffff ffffffff | A.................g.............
30a0  ffffffff ffffffff ffffffff ffffffff a55a1c00                            | .................Z..            
Version String: V1.08.00
a: 00800004
Version: 00010300
c: 00000041
d: efffffff
e: 00000001
f: 00000000
VID/PID: 04d9 0167
h: 001c5aa5
READ_400
0000  04000000 00000000 16254600 00000404 ffffffff 01000000 ffffffff 2e000000 | .........%F.....................
0020  0002e700 00024b42 30313933 00000000 ffffffff                            | ......KB0193........            
READ_3c00
0000  04000200                                                                | ....                            
true

[hansemro]

Setting custom version:

$./pok3rtool -t prolrgb version
Opened MasterKeys Pro L RGB
Version: V1.08.00
$ ./pok3rtool -t prolrgb --ok setversion V1.07.FF
Opened MasterKeys Pro L RGB
Old Version: V1.08.00
Reset to Bootloader
Writing Version: V1.07.FF
1
Reset to Firmware
true
$ ./pok3rtool -t prolrgb version
Opened MasterKeys Pro L RGB
Version: V1.07.FF

[hansemro]

Just realized that I have White model lol. Didn't even bother to check if it was RGB.

[hansemro]

Modified SVD: HT32F52342_52.svd.zip

SVD Source: https://web.archive.org/web/20220827045212/https://mcu.holtek.com.tw/pack/Holtek.HT32_DFP.1.0.41.pack

[hansemro]

I was able to dump bootloader and firmware with this updated patch:

FW offset 0x3200

        6260: ff 28           cmp        r0,#0xff
        6262: 05 d1           bne        0x00006270
        6264: 68 68           ldr        r0,[r5,#0x4]
        6266: 3c 21           movs       r1,#0x3c
        6268: 30 e0           b          0x000062cc
        626a: 00 bf           nop
        626c: 00 bf           nop
        626e: 00 bf           nop

Flashing patched firmware with patched pok3rtool worked without a hitch:

$ git clone https://github.com/hansemro/re-masterkeys -b Pro_L_White
$ cd re-masterkeys/binaries/Pro_L_White
$ pok3rtool -t prolwhite flash V1.09.00 ProLW_fw_patched.bin --ok
Opened MasterKeys Pro L White
Update Firmware: ProLW_fw_patched.bin
Reset to Bootloader
Current Version: V1.08.00
Firmware CRC D: 2519525c
Firmware CRC E: 4edec2ee
crc 3d198f21
sum e3f6fbbb
Current CRC: 3d198f21
Erase...
Write...
crc 4edec2ee
sum e400cc6d
New CRC: 4edec2ee
Writing Version: V1.09.00
Reset to Firmware
true
$ pok3rtool -t prolwhite dump bl_fw_dump.bin --ok
Opened MasterKeys Pro L White
Dump Flash
Out: bl_fw_dump.bin, 65520 bytes

[hansemro]

Added initial schematic drawing in KiCad: https://github.com/hansemro/re-masterkeys/tree/09ef6fb995ffd5092bbb7bde4db733936313a8f0/kicad/prol_white

[hansemro]

WIP QMK with MBI5042 demo:

https://user-images.githubusercontent.com/40348686/198546031-cec75729-407e-4fda-baa9-234bb24be269.mp4

Update:

qmk fork: https://github.com/hansemro/qmk_firmware/tree/prolwhite_dev

qmk fork with MBI5042 driver: https://github.com/hansemro/qmk_firmware/tree/prolwhite_mbi5042_test