-
Notifications
You must be signed in to change notification settings - Fork 405
Firmware m1400
Target
Purpose
Versions
Structure
Boot process
OS and Libraries
Flashing
Interfaces
The firmware programs NXP LPC1765 micro-controller on GL300a/b RC Main board. Later GL300 models switched to NXP LPC1549, which has separate m1401 firmware.
TODO
There are several major versions for different product families. These firmwares are typically not encrypted.
| Marking | Packages | Timestamp | Overview |
|---|---|---|---|
| 02.08.0005 | P3X_FW_V01.01.1003 | 2015-04-30 | |
| 02.08.0006 | P3X_FW_V01.01.0006 | 2015-05-01 | |
| 02.09.0003 | P3S_FW_V01.01.0008 P3S_FW_V01.01.0009 P3X_FW_V01.01.0008 P3X_FW_V01.01.0009 | 2015-05-06 | |
| 02.09.0261 | P3S_FW_V01.02.0007 P3S_FW_V01.02.0008 P3X_FW_V01.01.1007 P3X_FW_V01.02.0006 | 2015-06-13 | |
| 04.01.0004 | P3C_FW_V01.00.0014_Beta | 2015-07-21 | |
| 04.01.0005 | P3C_FW_V01.00.0017_Beta P3C_FW_V01.00.0020 | 2015-07-30 | |
| 04.01.0009 | P3C_FW_V01.01.0030 | 2015-09-02 | |
| 04.01.0010 | P3C_FW_V01.02.0040 | 2015-11-23 | |
| 04.01.0256 | P3C_FW_V01.03.0050 P3C_FW_V01.04.0060 P3C_FW_V01.05.0070 P3C_FW_V01.05.0074 P3C_FW_V01.06.0080 P3C_FW_V01.06.0083 P3C_FW_V01.07.0082 P3C_FW_V01.07.0084 P3C_FW_V01.07.0086 P3C_FW_V01.07.0090 | 2015-12-21 | |
| 04.01.0258 | P3C_FW_V01.06.0086 | 2016-09-27 | |
| 04.01.0261 | P3XW_FW_V01.01.0000 P3XW_FW_V01.02.0010 P3XW_FW_V01.03.0020 P3XW_FW_V01.04.0030 P3XW_FW_V01.04.0036 P3XW_FW_V01.05.0040 C1_FW_V01.03.00.21 C1_FW_V01.03.0020 P3S_FW_V01.03.0020 P3XS_FW_RC_V01.03.0020 P3X_FW_V01.03.0020 | 2015-12-15 | |
| 04.09.0784 | C1_FW_V01.00.0004 C1_FW_V01.04.0030 C1_FW_V01.00.0010 C1_FW_V01.05.0070 C1_FW_v01.05.0071 | 2015-09-22 | |
| 04.09.0805 | C1_FW_V01.05.0080 | 2016-03-15 | |
| 04.10.0006 | C1_FW_V01.01.0000 C1_FW_V01.06.0000 C1_FW_v01.06.0001 C1_FW_v01.07.0000 C1_FW_v01.08.0000 C1_FW_v01.09.0000 | 2016-04-01 | |
| 04.10.0007 | C1_FW_V01.01.0010 | 2016-03-29 | |
| 04.10.0011 | C1_FW_V01.01.0020 | 2016-05-25 | |
| 04.10.0015 | C1_FW_v01.01.0030 | 2016-06-02 | |
| 04.12.0013 | C1_FW_v01.01.0035 C1_FW_v01.07.0002 | 2016-07-08 | |
| 04.12.0014 | C1_FW_v01.07.0030 | 2016-07-14 | |
| 04.12.0256 | C1_FW_v01.01.0040 | 2016-07-25 | |
| 04.12.0259 | C1_FW_v01.01.0050 C1_FW_v01.01.0051 C1_FW_v01.01.0054 C1_FW_v01.01.0055 C1_FW_v01.07.0040 C1_FW_v01.07.0060 | 2016-07-27 | |
| 04.12.0519 | C1_FW_v01.01.0053 C1_FW_v01.01.0060 C1_FW_v01.01.0080 | 2016-09-13 | |
| 04.12.0773 | C1_FW_v01.01.0090 | 2016-12-06 | |
| 04.12.0774 | C1_FW_V01.01.0092 C1_FW_V01.01.0093 | 2016-12-08 | |
| 05.00.0276 | MG1SRC_FW_V01.00.00.01 | 2016-12-05 | |
| 05.02.0000 | C1_FW_v00.00.00.01 | 2016-09-06 |
All the published versions are without encryption.
The unencrypted firmware is a memory image of ARM binary. During startup, it is being loaded into memory at address 0x0a000 and executed by a loader. Such memory images are usually prepared by first linking the file with all libraries, and then using objcopy -O binary to get the final file without ELF header. The ELF header can be re-created if the address and boundaries of sections are known.
No analysis of the booting procedure were performed.
The image is based on uC/OS-III real time operating system.
No signatures of common libraries were found in the code.
TODO
TODO
This page is created by drone enthusiasts for drone enthusiasts.
If you see a mistake, or you know more about specific subject, or you see an area for improvement for the wiki - create an issue in this project and attach your patch (or describe the change you propose).