✧✦Catherine✦✧Feb 6
i heckin love looking at firmware. send me firmware pls
Show threadMini

@whitequark interested in a firmware update blob? sent over usb, not sure of the address offset its loaded at, but i know the chip it's for

the blob is sent to the device partially obscured (xored with some bytes earlier in the payload it sends)

the sdk is public and the device is marketed as a BLE sniffer, i kept meaning to go back and figure out address offset the fw blob is loaded at (presuming it doesn't do anything super freaky) but kept getting distracted by other projects 😭

Feb 6 at 3:36pmWeb
Show thread✧✦Catherine✦✧Feb 6
@mini_ninja_64 sure
Show threadMiniFeb 6

@whitequark COOoL!! hope its fun if have a go :3

https://gist.github.com/mini-ninja-64/65696609d24fa1fb2b7fb13e63fcd79e

i think that covers what I know, incldued is the latest firmware blob, there are older versions, I can provide if usefukl!

ummmmm oh some things to note, the sdk has some examples of uploading firmware blobs for updates, but they dont do any wierd xor etc. and iirc I tried it at the SDKs default memory address for firmware uploads but it didnt look right (could be misremembering)

WCH BLE Analyzer RE README.md

GitHub Gist: instantly share code, notes, and snippets.

Gist