Bus Pirate script to recover bricked radio
Bus Pirate script to recover bricked radio
Hi guys,
I posted about this over at http://forum.bitcraze.se/viewtopic.php? ... t=10#p2010, but figured I'd make a topic just for this in case there's anyone in need who's missed it. I've knocked together a perl script to reflash a busted crazyradio over SPI using a Bus Pirate. This saved me from a firmware upgrade gone bad.
I'll put together some more coherent documentation in a bit, but at the moment I have a crazyflie to pilot...
https://github.com/koolatron/buspirate_nrf24lu1p
Couple of caveats:
- Tested only on OS X. Should work on Linux without modification, and Windows with very minor changes to use the windows serial module.
- It's very slow (~5 minutes to flash the entire .bin file). I deemed this acceptable as this script is for emergency recovery only. I can make it faster if necessary.
Prerequisites:
- A Bus Pirate (you should know where to get one of these, if you don't already have one).
- perl and either Device::SerialPort (*nix) or Win32::SerialPort (Windows)
- Some jumper wires to connect the SPI lines on the radio to the ones on the Bus Pirate.
Instructions:
- Solder a 2x5 pin header onto the programming port of the crazyradio. There's an unpopulated footprint already there for you.
- Connect the crazyradio to your Bus Pirate using the table in the script. Also in the readme when I get around to sticking it on github.
- Run the script: perl ./flasher.pl -input ./cradio-0.51.bin -device [serial device]
- Wait till you see lots of hex addresses crawling up your screen. Your device is programming.
- Go make a sandwich or have a beer (or both).
			
			
									
						
										
						I posted about this over at http://forum.bitcraze.se/viewtopic.php? ... t=10#p2010, but figured I'd make a topic just for this in case there's anyone in need who's missed it. I've knocked together a perl script to reflash a busted crazyradio over SPI using a Bus Pirate. This saved me from a firmware upgrade gone bad.
I'll put together some more coherent documentation in a bit, but at the moment I have a crazyflie to pilot...
https://github.com/koolatron/buspirate_nrf24lu1p
Couple of caveats:
- Tested only on OS X. Should work on Linux without modification, and Windows with very minor changes to use the windows serial module.
- It's very slow (~5 minutes to flash the entire .bin file). I deemed this acceptable as this script is for emergency recovery only. I can make it faster if necessary.
Prerequisites:
- A Bus Pirate (you should know where to get one of these, if you don't already have one).
- perl and either Device::SerialPort (*nix) or Win32::SerialPort (Windows)
- Some jumper wires to connect the SPI lines on the radio to the ones on the Bus Pirate.
Instructions:
- Solder a 2x5 pin header onto the programming port of the crazyradio. There's an unpopulated footprint already there for you.
- Connect the crazyradio to your Bus Pirate using the table in the script. Also in the readme when I get around to sticking it on github.
- Run the script: perl ./flasher.pl -input ./cradio-0.51.bin -device [serial device]
- Wait till you see lots of hex addresses crawling up your screen. Your device is programming.
- Go make a sandwich or have a beer (or both).
Re: Bus Pirate script to recover bricked radio
Awesome work!
			
			
									
						
										
						Re: Bus Pirate script to recover bricked radio
Wonderful, and I just ordered a Bus Pirate actually
			
			
									
						
							
Also: AR.Drone 2.0 (RC-enabled thanks to self-soldered MiruMod) and Hubsan X4 H107
Re: Bus Pirate script to recover bricked radio
Great work! Arnaud is working on a Arduino setup to do this as well.
			
			
									
						
										
						Re: Bus Pirate script to recover bricked radio
Nice work!! I've pasted the instructions and link into the wiki for the Crazyradio as well. If you want to do some documentation there or change anything just drop me a mail or PM and I'll add a user for you.
/Marcus
			
			
									
						
										
						/Marcus
Re: Bus Pirate script to recover bricked radio
Thank you for this script, this is very useful! I will test it right away.
Actually I discovered that writing "0x02 0x78 0x00" at the beginning of the flash is enough to unbrick the Crazyradio (it forces it to jump to the USB bootloader), this could solve the speed issue. To generate this 'jump bootloader' firmware run in a console (on linux and OSX):
			
			
									
						
										
						Actually I discovered that writing "0x02 0x78 0x00" at the beginning of the flash is enough to unbrick the Crazyradio (it forces it to jump to the USB bootloader), this could solve the speed issue. To generate this 'jump bootloader' firmware run in a console (on linux and OSX):
Code: Select all
echo -ne "\x02\x78\x00" > jmpBootloader.bin
- 
				Everdoubtful
- Beginner
- Posts: 1
- Joined: Sun Jun 29, 2014 7:32 am
Re: Bus Pirate script to recover bricked radio
Hi all, i got question how to make alive bootloader in crazyradio after "unbricking" it.
what i did:
1) perl ./flasher.pl -input ./cradio-0.52.bin -device "/dev/ttyUSB0"
ok, it is flashed(takes about 10 min), and works ok as usual.
2) python usbtools/launchBootloader.py
Trying enter bootloader - not working: it searches few minutes and
then says: error, can't find bootloader.(or something similar)
3) echo -ne "\x02\x78\x00" > jmpBootloader.bin
i made this file for jumping to bootloader as far as i understood
4) perl ./flasher.pl -input jmpBootloader.bin -device "/dev/ttyUSB0"
Entering raw bitbang mode...
Entering binary SPI mode...
Configuring peripherals..
Configuring SPI...
Enabling programming...
Reading status byte...
Status: 20
Erasing chip...
Enabling programming...
Reading status byte...
Status: 20
Programming device...
0000 : 0278
0002 : 00
Unable to set status. at ./flasher.pl line 344, <INPUT> chunk 2.
I flashed these 3 bytes
5) python usbtools/launchBootloader.py
i tryed run again bootloader and it outs:
Error!, cannot find the CrazyRadio USB dongle!
Guys, question is how to make run bootloader again, as earlier?
			
			
									
						
										
						what i did:
1) perl ./flasher.pl -input ./cradio-0.52.bin -device "/dev/ttyUSB0"
ok, it is flashed(takes about 10 min), and works ok as usual.
2) python usbtools/launchBootloader.py
Trying enter bootloader - not working: it searches few minutes and
then says: error, can't find bootloader.(or something similar)
3) echo -ne "\x02\x78\x00" > jmpBootloader.bin
i made this file for jumping to bootloader as far as i understood
4) perl ./flasher.pl -input jmpBootloader.bin -device "/dev/ttyUSB0"
Entering raw bitbang mode...
Entering binary SPI mode...
Configuring peripherals..
Configuring SPI...
Enabling programming...
Reading status byte...
Status: 20
Erasing chip...
Enabling programming...
Reading status byte...
Status: 20
Programming device...
0000 : 0278
0002 : 00
Unable to set status. at ./flasher.pl line 344, <INPUT> chunk 2.
I flashed these 3 bytes
5) python usbtools/launchBootloader.py
i tryed run again bootloader and it outs:
Error!, cannot find the CrazyRadio USB dongle!
Guys, question is how to make run bootloader again, as earlier?
Re: Bus Pirate script to recover bricked radio
Hi Everdoubtful,
Apparently the script has erased the entire chip including the nrf usb bootloader, which is bad.
To get the radio to work again flash the normal firmware, the latest version can be download from there https://bitbucket.org/bitcraze/crazyrad ... /downloads
Otherwise for a more permanent solution I uploaded a bin version of the bootloader there http://files1.bitcraze.se/dl/boot24lu1p-f32.bin. Until the perl script is fixed this is 32K so it will take some time to flash.
I don't have access to a buspirate right now but I will look at it tomorrow to fix the script.
/Arnaud
			
			
									
						
										
						Apparently the script has erased the entire chip including the nrf usb bootloader, which is bad.
To get the radio to work again flash the normal firmware, the latest version can be download from there https://bitbucket.org/bitcraze/crazyrad ... /downloads
Otherwise for a more permanent solution I uploaded a bin version of the bootloader there http://files1.bitcraze.se/dl/boot24lu1p-f32.bin. Until the perl script is fixed this is 32K so it will take some time to flash.
I don't have access to a buspirate right now but I will look at it tomorrow to fix the script.
/Arnaud
Re: Bus Pirate script to recover bricked radio
Yes, the script I wrote executes ERASE_ALL so it is intended only to flash images that contain a copy of the bootloader.  It was never intended to take a truncated “jump to bootloader” bin.