-
PWNa Adapter Pinout
02/12/2022 at 11:55 • 0 commentsAdaptor pinout figured out. Messing with the firmware now possible without opening up.
-
Full PWNage
02/04/2022 at 20:55 • 0 commentsDebug Port uses the same plug as the Samsug Galaxy S3 used for its MHL extra pins. Need to make me a adaptor based on a MHL adaptor and some soldering -
Code update pushed
02/01/2022 at 21:45 • 0 commentsUploaded a newer version of my utility that got flashdump and jailbreak shorthands for getting a different key inserted for self-signed DFU files. -
Debugging Progress
02/01/2022 at 16:47 • 0 commentsSPI works for yanking off a flash dump. (that means that the port is not locked at all) Pins on the chip for tracking down the SPI are following: Left side: 3rd from bottom: CS 4th from, bottom: MISO 5th from bottom: MOSI 6th from bottom: CLK Noticed that they are wired out on a undocumented extra set of Pins in the micro-USB connector. -
Next Steps
01/21/2022 at 20:39 • 0 commentsWaiting for a CSR USB-SPI Programmer since the SRL2 got a obvious SPI Port.
(the 10S only got TP1-TP10 and no meaningful names)
SRL2 is my main helmet intercom, thats why i dont want to mess much with its firmware. Got to find out which chipset pins are the SPI ones to rigg a connection jig for the 10S which i bought for development/reverseing
-
Initial Digging
01/21/2022 at 20:34 • 0 commentsPeeking into the Hardware (disassembling the SRL2 main unit is really easy since its only 4 screws holding it together) helped me finding out it being a CSR device.
Understanding the outer firmware file format was easy after spotting the pattern in the header. Each file inside is MD5-summed and stored with offset and length in the header.
Split Layout Headsets got a DFU file for the internal flash and a vp.bin for the external flash. Only those can be modified so far since (found out later) the external flash is not signature-checked.
Extraction of the external IMG is possible with the ADK toolkits since its a Filesystem image in their format.
Current workflows are written into the linked Github code