logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

Extracting Firmware from RC Car with Beken Chip [BK7231UQN40] Using UART - CEN Pin Query

Mi4Flash 1452 2
ADVERTISEMENT
Reply | New topic
  • #1 20792906
    Mi4Flash
    Level 2  

    Hello, I have an RC car with a Beken chip, and I want to extract the firmware using UART.
    I connected with PuTTY, but I'm receiving this message in a loop.

    beken bk7xxx bootloader, Dec 10 2018 17:15:53
    wait uart download timeout: 400
    jump to pc addr: 0x00010000

    I also tried using BK7231Flasher executable, but with no success.
    I'm not sure which one of those pins is the CEN, so I can short it to ground. I tried a few times with a few pins, but no success.
    Do you guys have any idea? Also, I'm not sure if this is a T or N chip 🤔.

    Thanks!

    Circuit board with a Beken chip and connected wires. Circuit board with Beken BK7231 chip. Close-up of a circuit board with connected wires and visible pin labels: UART, CEN, RX, TX.
  • ADVERTISEMENT
  • #2 20794061
    p.kaczmarek2
    Moderator Smart Home
    Hello, is there really nothing else on the UART?

    Where do you get that message, on TX2, I presume?

    TX1/RX1 is used for flashing, TX2 is used for debug log output.

    Or at least... it's that way in the Tuya products that are using BK7231N or BK7231T.
    Helpful post? Buy me a coffee.
  • #3 20794160
    Mi4Flash
    Level 2  
    Hi!

    I connected to the big TX, RX displayed on the side. I don't know where tx2/rx2 are. As you can see in the pics, the bottom circular pins labels are over one another and I can't understand anything. There is even that CEN label, but don't know which is it.

    When the device is working, there is nothing connected to the RX pin, but it's using the TX pin to send data to the motor controller board.
    And on the UART there is nothing else except those 3 lines. When I'm connected through UART the WiFi access point is not working.

    Added after 51 [minutes]:

    Ok... I think I made some progress...
    Flipped the board upside over and If you can see in the pic where the main beken chip is, there are also 2 round pins.
    If I connect the UART RX to what I assume is TX I get the following data..

    uart2_init bulid date:Dec 21 2020, time:16:44:19
    [Flash]id:0xc84015
    flash_init end
    efuse get MAC:c8:47:31:c5:17:5f
    [FUNC]rwnxl_init
    [FUNC]intc_init
    [FUNC]calibration_main
    gtx_dcorMod:8, gtx_dcorPA:8
    gtx_dcorMod:8, gtx_dcorPA:8
    NO TXPWR_TAB_TAB found in flash
    Load default txpwr for b:0x8e344
    Load default txpwr for g:0x8e352
    fit n20 table with dist:2
    Load default txpwr for n40:0x8e360
    NO TXID found in flash, use lpf i&q:17, 15
    NO TXID found in flash, use def xtal:14
    xtal in flash is:14
    [FUNC]func_init OVER!!!

    kmsgbk:402bb8-402bb0:2048:6
    init_thread:4033f8-4033f0:2000:5
    core_thread:4040c0-4040b8:2048:7
    app:404530-404528:1024:5
    cli:405f90-405f88:4096:3
    app:406800-4067f8:2048:2
    idle:406c70-406c68:1024:0
    timer_thd:407548-407540:2000:2
    Initializing TCP/IP stack
    tcp/ip:407f40-407f38:2048:6
    wpas_thread:408de0-408dd4:3500:4
    app_init finished
    app_demo_softap_init
    app_demo_softap:409ad0-409ac8:3072:3
    app_led_init 4198904
    app led:40a0b0-40a0a8:1024:3
    fly_command_thread:40a520-40a518:1024:2
    heart_monitor_thread:40a9c8-40a9c0:1024:2
    wifi_sta:40b238-40b230:2048:2
    app_demo_udp_init
    app_udp:40baa8-40baa0:2048:5
    app_demo_udp_main entry
    [sa_sta]MM_RESET_REQ
    [sa_sta]ME_CONFIG_REQ
    [sa_sta]ME_CHAN_CONFIG_REQ
    [sa_sta]MM_START_REQ


    This is also looping for some reason...
Reply | New topic
Report a violation of the law
Popular Topics
ADVERTISEMENT