Own firmware for JDY-40 (BK2461) by piotr_go
Some time ago, while browsing aliexpress for the next thing to throw into the corner the day after receiving the parcel, I came across JDY-40 radio modules. Price $ 0.60, similar to NRF24L01 +.
What is it? I decided to dig a little deeper. BK2461 - Radio SOC with the C51. OK, "biere", for 60 cents I won't be picky. PDF skimpy after censorship, I'll see what comes out of it.
(I will emphasize right away that I will not describe how the module works with the original FW. I was interested in uploading my own.)
The radio is similar to other NRF24L01 + clones, only the registers are slightly rearranged. Procek has 8kB OTP. Hmmmm, you never know with the Chinese. Maybe it's flash?
Several times I encountered systems with ROM which turned out to be a flash. Maybe this time it will be lucky. Also, the pdf mentions loading the program from an external flash. No details. There is only a pinout.
In the meantime, while waiting for the modules, I decided to blindly design a PCB.
I decided to use the CH552 / 4 microcontroller for communication with the computer. The 25Q40 memory is used to store the program. Half a megabyte, a bit large, but I had such, I will not order smaller ones.
On 74xx244 I made a Flash disconnect buffer from BK2461. I disconnected the power supply with a stabilizer. VPP ~ 1.2V generated by a decrease in the zenith.
For this a pair of buttons. One for FW programmer upgrade, the other for BK2461 power on. LED to control what is happening.
I ordered a PCB.
After a month of waiting, the modules and boards arrived. Will it work? I will cut paths? Will I curse?
I soldered the whole thing and started soft. I wrote a simple DFU bootloader for flash programming. I wrote a simple soft test waving a pin. I loaded it into flash, it uploaded. At least that's how it works
Nothing on the BK2461 pin. I connected the analyzer to check the BK2461 flash communication. Looks ok here. I took a risk and somehow it worked. Procek reads memory, but in a loop. Hmmmm, some header required or what? Maybe CRC?
I generated a BIN with one crc, 2nd, 3rd ... 87th
Doopa.In the end, I decided to check CRC32, which I excluded at the beginning because of the speed at which the proc reads flash.
It seemed to me that C51 is not able to calculate it so quickly. Well, you can see CRC is counted by hardware because soft was read from flash only once
SUCCESSOf course, nothing appeared on the pin, it would be too easy
A few more tweaks and I have a blinking LED haha.24h later - radio communication fired.
But is it possible to upload FW to the BK2461 itself?
I connected 6.5V VPP, silence. No communication asleep with flash. Hmmmm.
Maybe you need a programmer? I hooked up another microcontroller and started generating random spi sequences. Finally, BK2461 spoke up.
Quote:0x12, 0x1F, 0xF4-0xFF, response
It looks like 0x12 is a read and the range 0x1FF4-0x1FFF can be read.
This is as much as I have found out so far.
Oh well. That's good and that's it. At least you can fire soft from the outside.
If anyone knows more, I would like to know how to program the internal BK2461 memory.
piotr_go wrote 2837 posts with
rating 3187 , helped 91 times.
Been with us since 2003 year.
Comments
How much self-denial in you to test these strange Chinese :D A plus [Read more]
I am curious about the development of the situation .. :) I also have 2 such modules (which I wanted to use so far according to their assumption - for wireless "sending" UART between the transmitter --->... [Read more]
"Those weird Chinese" in my opinion go to the market so that someone can to try replace such a module in a device that has broken down for him. Or for some other mysterious purpose. Certainly not for... [Read more]
For beginners, probably yes. Advanced users will find missing information that they do not write about in PDF. There is a schematic, there is software for BIN generation for flash, the rest is standard... [Read more]
I always read with interest about the cheapest chips. I can always find something for myself that I recommend to a friend who does LED flashing systems or WS2811 LEDs. With several thousand pieces, it... [Read more]
The 95 page one? [Read more]
Yes. They did not describe parts of the registers, part of the description is contradictory, empty tables ... [Read more]
In total, there is such an interesting entry in the PDF: So something's up :) [Read more]
1. And what the Chinese meant, only he himself knows. As I wrote, I have already seen the chips with the program memory described as "ROM", and further in the description was how to program it from the... [Read more]
@piotr_go Try it, maybe you will be able to get to this file: https://download.csdn.net/download/phker/11983889?source=bbsseo I think you just need to register. Maybe try to contact Beken. Somewhere... [Read more]
I have tried on this and several other servers. Registration does not give you anything, they want cash or you need to share something and the shared files must be downloaded. Beken did not respond and... [Read more]
Hello, I know I'm reheating the cutlet, but I have a small question. Do these systems to talk with each other somehow need to be paired, do we connect and work? [Read more]
I haven't tried, but from what I can see in the manual, they default to UART bridge 9600bps. [Read more]
This is how I read it and I know that it is factory set for transparent UART transmissions. But my point is whether two modules need to be paired with each other somehow or connect and work. And that would... [Read more]
I have never tried to fire them on the original FW. I know as much as in the manual. I would not count on encryption in modules for 60 cents. [Read more]
I know you haven't tried the original FW. I only hoped that someone who tried and would be able to answer my question, and this is what I have to buy and try, and it will last, because parcels are... [Read more]