XaiJu
nicsure
nicsure

patreon


RT-900 Firmware Flash Protocol Packet Structure

u8 leader; // always 0xAA
u8 command;
u8 blockNumber; // flash address is 0x08003000 + (blockNumber  * 0x400)
u16 dataLength; // big endian
u8 data[dataLength];
u16 crc16; // crc16/xmodem everything from command to the end of the data section
u8 trailer; // always 0xEF

From what I can tell, data is not encrypted or obfuscated. If there is any kind of obfuscation I think it's happening at the firmware level not any deeper, so unobfuscated/unencrypted binaries will probably work.


More Creators