Close
0%
0%

Reverse Engineering the Sena Firmware

Trying to understand the code and getting sidetracked by the Prompts

masterx244masterX244
Following
Liked Like project

Just one more thing

To make the experience fit your profile, pick a username and tell us what interests you.

Pick an awesome username
hackaday.io/
Your profile's URL: hackaday.io/username. Max 25 alphanumeric characters.
Pick a few interests
Projects that share your interests
People that share your interests

We found and based on your interests.

Choose more interests.

OK, I'm done! Skip
Similar projects worth following
386 views
0 comments
2 followers
View Gallery
Dissecting the Sena Firmware Files down to the CSR Logic

Current Status: Dissection and Reassembly of Separate Prompt Files possible

Not yet Possible: Changing Internal Flash image parts. DFU is signed. Time to find a way via hardmod.

  • PWNa Adapter Pinout

    masterX24402/12/2022 at 11:55 0 comments

    Adaptor pinout figured out. Messing with the firmware now possible without opening up.

  • Full PWNage

    masterX24402/04/2022 at 20:55 0 comments

    Debug Port uses the same plug as the Samsug Galaxy S3 used for its MHL extra pins. Need to make me a adaptor based on a MHL adaptor and some soldering

  • Code update pushed

    masterX24402/01/2022 at 21:45 0 comments

    Uploaded a newer version of my utility that got flashdump and jailbreak shorthands for getting a different key inserted for self-signed DFU files.

  • Debugging Progress

    masterX24402/01/2022 at 16:47 0 comments

    SPI works for yanking off a flash dump. (that means that the port is not locked at all) Pins on the chip for tracking down the SPI are following: Left side: 3rd from bottom: CS 4th from, bottom: MISO 5th from bottom: MOSI 6th from bottom: CLK Noticed that they are wired out on a undocumented extra set of Pins in the micro-USB connector.

  • Next Steps

    masterX24401/21/2022 at 20:39 0 comments

    Waiting for a CSR USB-SPI Programmer since the SRL2 got a obvious SPI Port.

    (the 10S only got TP1-TP10 and no meaningful names)

    SRL2 is my main helmet intercom, thats why i dont want to mess much with its firmware. Got to find out which chipset pins are the SPI ones to rigg a connection jig for the 10S which i bought for development/reverseing

  • Initial Digging

    masterX24401/21/2022 at 20:34 0 comments

    Peeking into the Hardware (disassembling the SRL2 main unit is really easy since its only 4 screws holding it together) helped me finding out it being a CSR device.

    Understanding the outer firmware file format was easy after spotting the pattern in the header. Each file inside is MD5-summed and stored with offset and length in the header.

    Split Layout Headsets got a DFU file for the internal flash and a vp.bin for the external flash. Only those can be modified so far since (found out later) the external flash is not signature-checked.

    Extraction of the external IMG is possible with the ADK toolkits since its a Filesystem image in their format.

    Current workflows are written into the linked Github code

View all 6 project logs

Enjoy this project?

Share

Discussions

Similar Projects

aka how I reflashed the UEFI after I've bricked it
Project Owner Contributor

Asus T100TA resurrection

darthllamahdarth_llamah

STM32 based Drag N Drop iCE40 SPI Bitstream loader.
Project Owner Contributor

iCEBlaster

tinlethaxTinLethax

Design your custom ST-Link to program and debug ST Microcontrollers based on reverse engineered hardware and firmware.
Project Owner Contributor

Custom ST-Link V2.0 / V2.1 / V3.0

florian-baumgartnerFlorian Baumgartner

nrf24l01 over-the-air bootloader for different microcontrollers
Project Owner Contributor

rf24boot: The NRF24L01 bootloader

necromantNecromant

Does this project spark your interest?

Become a member to follow this project and never miss any updates

Going up?

About Us Contact Hackaday.io Give Feedback Terms of Use Privacy Policy Hackaday API

© 2024 Hackaday

Yes, delete it Cancel

Report project as inappropriate

You are about to report the project "Reverse Engineering the Sena Firmware", please tell us the reason.

Send message

Your application has been submitted.

Remove Member

Are you sure you want to remove yourself as a member for this project?

Project owner will be notified upon removal.