Open arikon opened 6 months ago
When I connect CEN to GND for short time, I receive these errors
<- TX: BkLinkCheckCmnd()
<- TX: BkLinkCheckCmnd()
<- TX: BkLinkCheckCmnd()
<- TX: BkLinkCheckCmnd()
<- TX: BkLinkCheckCmnd()
<- TX: BkLinkCheckCmnd()
<- TX: BkLinkCheckCmnd()
-> RX (1): BkLinkCheckResp(value=0)
<- TX: BkCheckCrcCmnd(start=2097152, end=2097408)
-> RX (4): BkCheckCrcResp(crc32=2484401883)
Connected! Chip info: None / Flash ID: 00 00 00 / Protocol: BASIC_BEKEN
Reading 2097152 bytes from 0x0
Reading 4k page at 0x200000 (0.00%)
<- TX: BkFlashRead4KCmnd(start=2097152)
-> RX (4101): Check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=2097152, [...]
<- TX: BkCheckCrcCmnd(start=2097152, end=2101248)
-> RX (4): BkCheckCrcResp(crc32=1804650096)
Reading failure (Chip CRC value 946F398F does not match calculated CRC value 4687B26), retrying (attempt 0)
<- TX: BkFlashRead4KCmnd(start=2097152)
-> RX (4101): Check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=2097152, [...]
<- TX: BkCheckCrcCmnd(start=2097152, end=2101248)
-> RX (4): BkCheckCrcResp(crc32=1804650096)
Reading failure (Chip CRC value 946F398F does not match calculated CRC value 4687B26), retrying (attempt 1)
<- TX: BkFlashRead4KCmnd(start=2097152)
-> RX (4101): Check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=2097152, [...]
<- TX: BkCheckCrcCmnd(start=2097152, end=2101248)
-> RX (4): BkCheckCrcResp(crc32=1804650096)
Reading failure (Chip CRC value 946F398F does not match calculated CRC value 4687B26), retrying (attempt 2)
<- TX: BkFlashRead4KCmnd(start=2097152)
-> RX (4101): Check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=2097152, [...]
<- TX: BkCheckCrcCmnd(start=2097152, end=2101248)
-> RX (4): BkCheckCrcResp(crc32=1804650096)
Reading failure (Chip CRC value 946F398F does not match calculated CRC value 4687B26), retrying (attempt 3)
<- TX: BkFlashRead4KCmnd(start=2097152)
-> RX (4101): Check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=2097152, [...]
<- TX: BkCheckCrcCmnd(start=2097152, end=2101248)
-> RX (4): BkCheckCrcResp(crc32=1804650096)
I have never heard of this chip before. There's a pending update here: https://github.com/tuya-cloudcutter/bk7231tools/tree/feature/flash-refactor It should improve chip detection capability and allow some flashing operations even on unrecognized chips.
Please post the verbose output of running bk7231tools from this branch.
Reading flash in working on this branch:
% bk7231tools read_flash --device /dev/cu.wchusbserial110 --debug bk7238-entire-flash.bin
<- TX: BkLinkCheckCmnd()
-> RX (1): BkLinkCheckResp(value=0)
<- TX: BkCheckCrcCmnd(start=0, end=256)
-> RX (4): BkCheckCrcResp(crc32=2484401883)
Reading 4k page at 0x000000 (0.00%)
<- TX: BkFlashRead4KCmnd(start=0)
-> RX (4101): Check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=0, [...]
<- TX: BkReadRegCmnd(address=8388608)
-> RX (8): Check OK
-> RX (8): BkReadRegResp(address=8388608, value=29240)
<- TX: BkFlashReg24ReadCmnd(cmd=159)
-> RX (5): BkFlashReg24ReadResp(status=0, data0=133, data1=66, data2=21)
Connected! Chip info: BK7231N / Flash ID: 85 42 15 / Flash size: 0x200000 / Protocol: FULL
Reading 2097152 bytes from 0x0
Reading 4k page at 0x000000 (0.00%)
<- TX: BkFlashRead4KCmnd(start=2097152)
-> RX (4101): Check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=2097152, [...]
<- TX: BkCheckCrcCmnd(start=2097152, end=2101247)
-> RX (4): BkCheckCrcResp(crc32=4221011161)
Reading 4k page at 0x001000 (0.20%)
<- TX: BkFlashRead4KCmnd(start=2101248)
-> RX (4101): Check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=2101248, [...]
<- TX: BkCheckCrcCmnd(start=2101248, end=2105343)
-> RX (4): BkCheckCrcResp(crc32=3689778625)
Reading 4k page at 0x002000 (0.39%)
@kuba2k2 Writing to flash emits error:
% bk7231tools write_flash --device /dev/cu.wchusbserial110 --bootloader --debug bk7238-entire-flash.bin
<- TX: BkLinkCheckCmnd()
-> RX (1): BkLinkCheckResp(value=0)
<- TX: BkCheckCrcCmnd(start=0, end=256)
-> RX (4): BkCheckCrcResp(crc32=2484401883)
Reading 4k page at 0x000000 (0.00%)
<- TX: BkFlashRead4KCmnd(start=0)
-> RX (4101): Check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=0, [...]
<- TX: BkReadRegCmnd(address=8388608)
-> RX (8): Check OK
-> RX (8): BkReadRegResp(address=8388608, value=29240)
<- TX: BkFlashReg24ReadCmnd(cmd=159)
-> RX (5): BkFlashReg24ReadResp(status=0, data0=133, data1=66, data2=21)
Connected! Chip info: BK7231N / Flash ID: 85 42 15 / Flash size: 0x200000 / Protocol: FULL
Writing 2097152 bytes to 0x0
Trying to unprotect flash memory...
Traceback (most recent call last):
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/bin/bk7231tools", line 8, in <module>
sys.exit(cli())
^^^^^
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/lib/python3.12/site-packages/bk7231tools/__main__.py", line 626, in cli
args.handler(device, args)
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/lib/python3.12/site-packages/bk7231tools/__main__.py", line 470, in write_flash
for _ in device.program_flash(
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_hl_flash.py", line 133, in program_flash
self.flash_unprotect()
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_hl_flash.py", line 60, in flash_unprotect
raise ValueError(f"Flash ID not known: {flash_id.hex()}")
ValueError: Flash ID not known: 854215
@kuba2k2 SoC info is here: https://www.bekencorp.com/en/goods/detail/cid/42.html
@kuba2k2 SoC Datasheet is here: https://device.report/m/afb952eb395dfc21d38f7294dbbf7fd507288ffd43c3a8c81d2cc79bdf336bc4.pdf
Try adding the flash ID somewhere here: https://github.com/tuya-cloudcutter/bk7231tools/blob/feature/flash-refactor/bk7231tools/serial/cmd_hl_flash.py#L29 Like:
b"\x85\x60\x17": 2,
+ b"\x85\x42\x15": 2,
b"\xC2\x23\x14": 2,
@kuba2k2 New error
% bk7231tools write_flash --device /dev/cu.wchusbserial110 --bootloader --debug bk7238-entire-flash.bin
<- TX: BkLinkCheckCmnd()
-> RX (1): BkLinkCheckResp(value=0)
<- TX: BkCheckCrcCmnd(start=0, end=256)
-> RX (4): BkCheckCrcResp(crc32=2484401883)
Reading 4k page at 0x000000 (0.00%)
<- TX: BkFlashRead4KCmnd(start=0)
-> RX (4101): Check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=0, [...]
<- TX: BkReadRegCmnd(address=8388608)
-> RX (8): Check OK
-> RX (8): BkReadRegResp(address=8388608, value=29240)
<- TX: BkFlashReg24ReadCmnd(cmd=159)
-> RX (5): BkFlashReg24ReadResp(status=0, data0=133, data1=66, data2=21)
Connected! Chip info: BK7231N / Flash ID: 85 42 15 / Flash size: 0x200000 / Protocol: FULL
Writing 2097152 bytes to 0x0
Trying to unprotect flash memory...
<- TX: BkFlashReg8ReadCmnd(cmd=5)
-> RX (3): Check OK
-> RX (3): BkFlashReg8ReadResp(status=0, cmd=5, data0=4)
<- TX: BkFlashReg8ReadCmnd(cmd=53)
-> RX (3): Check OK
-> RX (3): BkFlashReg8ReadResp(status=0, cmd=53, data0=0)
<- TX: BkFlashReg16WriteCmnd(cmd=1, data=0)
-> RX (4): Check OK
-> RX (4): BkFlashReg16WriteResp(status=0, cmd=1, data=0)
<- TX: BkFlashReg8ReadCmnd(cmd=5)
-> RX (3): Check OK
-> RX (3): BkFlashReg8ReadResp(status=0, cmd=5, data0=4)
<- TX: BkFlashReg8ReadCmnd(cmd=53)
-> RX (3): Check OK
-> RX (3): BkFlashReg8ReadResp(status=0, cmd=53, data0=0)
Traceback (most recent call last):
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/bin/bk7231tools", line 8, in <module>
sys.exit(cli())
^^^^^
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/lib/python3.12/site-packages/bk7231tools/__main__.py", line 626, in cli
args.handler(device, args)
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/lib/python3.12/site-packages/bk7231tools/__main__.py", line 470, in write_flash
for _ in device.program_flash(
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_hl_flash.py", line 134, in program_flash
self.flash_unprotect()
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_hl_flash.py", line 65, in flash_unprotect
self.flash_write_sr(sr, size=sr_size, mask=mask)
File "/Users/arikon/projects/firefly/beken_freertos_sdk-3.0.70/tools/matter_factory_data_generate/.python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_ll_flash.py", line 59, in flash_write_sr
raise RuntimeError(
RuntimeError: Writing Status Register failed: wrote 0x0000, got 0x0004
Patch:
diff --git a/bk7231tools/serial/cmd_hl_flash.py b/bk7231tools/serial/cmd_hl_flash.py
index d78b075..efe0f92 100644
--- a/bk7231tools/serial/cmd_hl_flash.py
+++ b/bk7231tools/serial/cmd_hl_flash.py
@@ -23,6 +23,7 @@ class BK7231SerialCmdHLFlash(BK7231SerialInterface):
b"\x51\x40\x13": 1,
b"\x51\x40\x14": 1,
b"\x5E\x40\x14": 1,
+ b"\x85\x42\x15": 2,
b"\x85\x60\x13": 2,
b"\x85\x60\x14": 2,
b"\x85\x60\x16": 2,
@kuba2k2 Is it possible to make a quick fix here?
Sorry for pushing. I'm trying to decide which way to go on my working task — wait for fix here or continue to look for another options to work with bk7238 SoC.
BTW, thank you for your tool and for you help!
I don't know, really. Maybe instead of : 2
try using : 1
?
diff --git a/bk7231tools/serial/cmd_hl_flash.py b/bk7231tools/serial/cmd_hl_flash.py
index d78b075..cf5718d 100644
--- a/bk7231tools/serial/cmd_hl_flash.py
+++ b/bk7231tools/serial/cmd_hl_flash.py
@@ -23,6 +23,7 @@ class BK7231SerialCmdHLFlash(BK7231SerialInterface):
b"\x51\x40\x13": 1,
b"\x51\x40\x14": 1,
b"\x5E\x40\x14": 1,
+ b"\x85\x42\x15": 1,
b"\x85\x60\x13": 2,
b"\x85\x60\x14": 2,
b"\x85\x60\x16": 2,
@kuba2k2 It worked!
Also I needed to connect CEN to GND one-time.
diff --git a/bk7231tools/serial/cmd_hl_flash.py b/bk7231tools/serial/cmd_hl_flash.py index d78b075..cf5718d 100644 --- a/bk7231tools/serial/cmd_hl_flash.py +++ b/bk7231tools/serial/cmd_hl_flash.py @@ -23,6 +23,7 @@ class BK7231SerialCmdHLFlash(BK7231SerialInterface): b"\x51\x40\x13": 1, b"\x51\x40\x14": 1, b"\x5E\x40\x14": 1, + b"\x85\x42\x15": 1, b"\x85\x60\x13": 2, b"\x85\x60\x14": 2, b"\x85\x60\x16": 2,
@kuba2k2 It worked!
Also I needed to connect CEN to GND one-time.
That means your device only has a 1MiB flash. If you did a dump and it came out as 2MiB (because that's what it was told to do), you just have the same dump successively twice in the same file.
Nevermind, I misunderstood, thanks for the correction kubu2k2
Actually, no. 1<<0x15
is 0x200000, which is 2 MiB. : 1
/: 2
means 1 or 2 SR bytes, not flash size.
@kuba2k2 When are you planning to release this branch?
Can you share the stock firmware dump of that device? I need to add the bootloader parameters to bk7231tools first.
Also, I would need a ROM dump of that chip made with ltchiptool.
@kuba2k2 I've got another SoC Beken BK7238, with different flash ID: 85 20 15
I added it like this:
diff --git a/bk7231tools/serial/cmd_hl_flash.py b/bk7231tools/serial/cmd_hl_flash.py
index 1e6c322..045af62 100644
--- a/bk7231tools/serial/cmd_hl_flash.py
+++ b/bk7231tools/serial/cmd_hl_flash.py
@@ -23,6 +23,7 @@ class BK7231SerialCmdHLFlash(BK7231SerialInterface):
b"\x51\x40\x13": 1,
b"\x51\x40\x14": 1,
b"\x5E\x40\x14": 1,
+ b"\x85\x20\x15": 2,
b"\x85\x42\x15": 1,
b"\x85\x60\x13": 2,
b"\x85\x60\x14": 2,
But got this error trying to flash binary:
RuntimeError: Writing Status Register failed: wrote 0x4000, got 0x4007
How it could be fixed?
Also, I would need a ROM dump of that chip made with ltchiptool.
Could you provide a command, how to make it?
Can you share the stock firmware dump of that device? I need to add the bootloader parameters to bk7231tools first.
Do you need only a bootloader binary?
Could you DM me at https://telegram.me/arikon, I can provide you some. Can't post it here.
Patch:
diff --git a/bk7231tools/serial/cmd_hl_flash.py b/bk7231tools/serial/cmd_hl_flash.py
index 1e6c322..0ca1528 100644
--- a/bk7231tools/serial/cmd_hl_flash.py
+++ b/bk7231tools/serial/cmd_hl_flash.py
@@ -23,6 +23,7 @@ class BK7231SerialCmdHLFlash(BK7231SerialInterface):
b"\x51\x40\x13": 1,
b"\x51\x40\x14": 1,
b"\x5E\x40\x14": 1,
+ b"\x85\x20\x15": 1,
b"\x85\x42\x15": 1,
b"\x85\x60\x13": 2,
b"\x85\x60\x14": 2,
Result:
<- TX: BkLinkCheckCmnd()
<- TX: BkLinkCheckCmnd()
<- TX: BkLinkCheckCmnd()
-> RX (1): BkLinkCheckResp(value=0)
<- TX: BkSetBaudRateCmnd(baudrate=1500000, delay_ms=20)
-- UART: Changing port baudrate
-> RX (5): Response check OK
<- TX: BkCheckCrcCmnd(start=0x0, end=0x100)
-> RX (4): BkCheckCrcResp(crc32=0x9414F6DB)
<- TX: BkLinkCheckCmnd()
-> RX (1): BkLinkCheckResp(value=0)
Unknown bootloader CRC - 0x6BEB0924 - please report this on GitHub issues!
<- TX: BkCheckCrcCmnd(start=0x11000, end=0x11100)
-> RX (4): BkCheckCrcResp(crc32=0x21E082EF)
<- TX: BkLinkCheckCmnd()
-> RX (1): BkLinkCheckResp(value=0)
Reading 4k page at 0x011000 (0.00%)
<- TX: BkFlashRead4KCmnd(start=0x11000)
-> RX (4101): Response check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=0x11000, data=bytes(4096))
<- TX: BkReadRegCmnd(address=0x800000)
-> RX (8): Response check OK
-> RX (8): BkReadRegResp(address=0x800000, value=0x7238)
BK72xx connected - protocol: FULL, chip: BK7238, bootloader: None, chip ID: 0x7238, boot version: None
<- TX: BkFlashReg24ReadCmnd(cmd=0x9F)
-> RX (5): BkFlashReg24ReadResp(status=0, data0=0x85, data1=0x20, [...]
Connected! Chip info: BK7238 / Flash ID: 85 20 15 / Flash size: 0x200000 / Protocol: FULL
Writing 1253376 bytes to 0x0
Trying to unprotect flash memory...
<- TX: BkFlashReg8ReadCmnd(cmd=0x5)
-> RX (3): Response check OK
-> RX (3): BkFlashReg8ReadResp(status=0, cmd=0x5, data0=0x4)
<- TX: BkFlashReg8WriteCmnd(cmd=0x1, data=0x0)
-> RX (3): Response check OK
-> RX (3): BkFlashReg8WriteResp(status=0, cmd=0x1, data=0x0)
<- TX: BkFlashReg8ReadCmnd(cmd=0x5)
-> RX (3): Response check OK
-> RX (3): BkFlashReg8ReadResp(status=0, cmd=0x5, data0=0x7)
Traceback (most recent call last):
File "/Users/arikon/projects/firefly/burn/python-venv/bin/bk7231tools", line 8, in <module>
sys.exit(cli())
^^^^^
File "/Users/arikon/projects/firefly/burn/python-venv/lib/python3.12/site-packages/bk7231tools/__main__.py", line 626, in cli
args.handler(device, args)
File "/Users/arikon/projects/firefly/burn/python-venv/lib/python3.12/site-packages/bk7231tools/__main__.py", line 470, in write_flash
for _ in device.program_flash(
File "/Users/arikon/projects/firefly/burn/python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_hl_flash.py", line 125, in program_flash
self.flash_unprotect()
File "/Users/arikon/projects/firefly/burn/python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_hl_flash.py", line 66, in flash_unprotect
self.flash_write_sr(sr, size=sr_size, mask=mask)
File "/Users/arikon/projects/firefly/burn/python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_ll_flash.py", line 61, in flash_write_sr
raise RuntimeError(
RuntimeError: Writing Status Register failed: wrote 0x0000, got 0x0007
Patch:
diff --git a/bk7231tools/serial/cmd_hl_flash.py b/bk7231tools/serial/cmd_hl_flash.py
index 1e6c322..0ca1528 100644
--- a/bk7231tools/serial/cmd_hl_flash.py
+++ b/bk7231tools/serial/cmd_hl_flash.py
@@ -23,6 +23,7 @@ class BK7231SerialCmdHLFlash(BK7231SerialInterface):
b"\x51\x40\x13": 1,
b"\x51\x40\x14": 1,
b"\x5E\x40\x14": 1,
+ b"\x85\x20\x15": 2,
b"\x85\x42\x15": 1,
b"\x85\x60\x13": 2,
b"\x85\x60\x14": 2,
Result:
<- TX: BkLinkCheckCmnd()
<- TX: BkLinkCheckCmnd()
<- TX: BkLinkCheckCmnd()
-> RX (1): BkLinkCheckResp(value=0)
<- TX: BkSetBaudRateCmnd(baudrate=1500000, delay_ms=20)
-- UART: Changing port baudrate
-> RX (5): Response check OK
<- TX: BkCheckCrcCmnd(start=0x0, end=0x100)
-> RX (4): BkCheckCrcResp(crc32=0x9414F6DB)
<- TX: BkLinkCheckCmnd()
-> RX (1): BkLinkCheckResp(value=0)
Unknown bootloader CRC - 0x6BEB0924 - please report this on GitHub issues!
<- TX: BkCheckCrcCmnd(start=0x11000, end=0x11100)
-> RX (4): BkCheckCrcResp(crc32=0x21E082EF)
<- TX: BkLinkCheckCmnd()
-> RX (1): BkLinkCheckResp(value=0)
Reading 4k page at 0x011000 (0.00%)
<- TX: BkFlashRead4KCmnd(start=0x11000)
-> RX (4101): Response check OK
-> RX (4101): BkFlashRead4KResp(status=0, start=0x11000, data=bytes(4096))
<- TX: BkReadRegCmnd(address=0x800000)
-> RX (8): Response check OK
-> RX (8): BkReadRegResp(address=0x800000, value=0x7238)
BK72xx connected - protocol: FULL, chip: BK7238, bootloader: None, chip ID: 0x7238, boot version: None
<- TX: BkFlashReg24ReadCmnd(cmd=0x9F)
-> RX (5): BkFlashReg24ReadResp(status=0, data0=0x85, data1=0x20, [...]
Connected! Chip info: BK7238 / Flash ID: 85 20 15 / Flash size: 0x200000 / Protocol: FULL
Writing 1253376 bytes to 0x0
Trying to unprotect flash memory...
<- TX: BkFlashReg8ReadCmnd(cmd=0x5)
-> RX (3): Response check OK
-> RX (3): BkFlashReg8ReadResp(status=0, cmd=0x5, data0=0x4)
<- TX: BkFlashReg8ReadCmnd(cmd=0x35)
-> RX (3): Response check OK
-> RX (3): BkFlashReg8ReadResp(status=0, cmd=0x35, data0=0x40)
<- TX: BkFlashReg16WriteCmnd(cmd=0x1, data=0x4000)
-> RX (4): Response check OK
-> RX (4): BkFlashReg16WriteResp(status=0, cmd=0x1, data=0x4000)
<- TX: BkFlashReg8ReadCmnd(cmd=0x5)
-> RX (3): Response check OK
-> RX (3): BkFlashReg8ReadResp(status=0, cmd=0x5, data0=0x7)
<- TX: BkFlashReg8ReadCmnd(cmd=0x35)
-> RX (3): Response check OK
-> RX (3): BkFlashReg8ReadResp(status=0, cmd=0x35, data0=0x40)
Traceback (most recent call last):
File "/Users/arikon/projects/firefly/burn/python-venv/bin/bk7231tools", line 8, in <module>
sys.exit(cli())
^^^^^
File "/Users/arikon/projects/firefly/burn/python-venv/lib/python3.12/site-packages/bk7231tools/__main__.py", line 626, in cli
args.handler(device, args)
File "/Users/arikon/projects/firefly/burn/python-venv/lib/python3.12/site-packages/bk7231tools/__main__.py", line 470, in write_flash
for _ in device.program_flash(
File "/Users/arikon/projects/firefly/burn/python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_hl_flash.py", line 125, in program_flash
self.flash_unprotect()
File "/Users/arikon/projects/firefly/burn/python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_hl_flash.py", line 66, in flash_unprotect
self.flash_write_sr(sr, size=sr_size, mask=mask)
File "/Users/arikon/projects/firefly/burn/python-venv/lib/python3.12/site-packages/bk7231tools/serial/cmd_ll_flash.py", line 61, in flash_write_sr
raise RuntimeError(
RuntimeError: Writing Status Register failed: wrote 0x4000, got 0x4007
How it could be fixed?
I don't think I know.
Could you provide a command, how to make it?
I see you use bk7231tools directly. To make a ROM dump (or any other kind of firmware dump), install pip install ltchiptool
and then run ltchiptool flash read bk72xx rom filename.bin
.
Do you need only a bootloader binary?
A whole firmware dump would help, but if you can't share it, the bootloader itself will do too. If you read from 0x0 to 0x11000 you will get the bootloader only.
Can't post it here.
You can, just pack it into a ZIP file.
@kuba2k2 Here are all the bootloaders I have, not only for bk7238.
Here is rom.
ltchiptool flash read --rom bk72xx bk7238-rom.bin
Are these bootloaders taken from some SDK? They look like they don't come from a flash chip of the BK7238.
If you could dump the bootloader (it might be a bit different than the ones from SDK) it would be helpful.
Are these bootloaders taken from some SDK?
@kuba2k2 Yes.
They look like they don't come from a flash chip of the BK7238.
bootloader_bk7238_uart1_v1.0.14.bin
this one for bk7238 and used as is during the firmware build process.
You can use this one. And other bootloaders to add support for them, if you like.
@kuba2k2 Here is dumped from flash bootloader:
PS: You were right, it is different from the one from SDK.
@kuba2k2 Could you tell, please, is it possible to add support for BK7238 to bk7231tools
?
It supports Bk7238 already, you've been able to flash a few devices before.
@kuba2k2 Okay =) Is it possible to add support for BK7238 with different flash? Do you need more info / artifacts for that?
If what you've tried doesn't work, then you either modified the wrong file (e.g. your changes weren't installed in the version you tested) or the flash chip requires something different. I can't possibly test every flash chip ever made.
You can, however, try ltchiptool-ft232-flasher, which can connect to BK72xx using an FT232 adapter. You first need to install the libusbK driver using Zadig. The tool can show more information, such as the Status Registers.
@arikon im curious about what devices you have that contain BK7238s. if you have links to exact items please that would be useful. thanks!
this is the only one I have at present https://discord.com/channels/967863521511608370/1261030204508209243
Is it possible to use
bk7231tools
withbk7238
SoC?I tried with no luck on macOS: