logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

How to flash BK7231M/BL2028N non-Tuya devices with 000000 keys?

p.kaczmarek2 4536 16
ADVERTISEMENT
Reply Cool? Ranking DIY | New topic
Notify about new articles
  • Close-up of a Beken BK7231M chip on a blue circuit board.
    Here I will show you how to flash BK7231M chips (or BL2028N) with our open source, Tasmota-style firmware. BK7231M/BL2028N are very similiar to BK7231N, and the only difference in the encryption key stored in efuse.
    eFUSE Definition Table for BL2028N
    Tuya BK7231N seems to be using always the following key: 510fb093 a3cbeadc 5993a17e c7adeb03.
    There are, however, also some BK7231M or BL2028N devices that are using other key, namely: 00000000 00000000 00000000 00000000. Note that not all BL2028N are using the "all zero" keys, only some of them.
    In their case, for the firmware to work, you must flash a proper version (compiled with correct key).
    You can do it easily with out flasher (version 1.3 or later):
    https://github.com/openshwprojects/BK7231GUIFlashTool
    To know your key, just run Do firmware backup (read) only. In older versions, it will just print the key:
    User interface of BK7231 Easy UART Flasher for BK7231N firmware updating.
    In new versions, if you are using BK7231N mode and key is not as expected, it will show error:
    BK7231 Easy UART Flasher application interface for flashing BK7231N/BK7231T chips.
    So, the solution is simple - but just remember to make 2MB backup first!.
    Just set the BK7231M role:
    Screenshot of the flasher tool for BK7231 chips with a dropdown menu of chip types.
    Then get latest build from web:
    Screenshot of the automatic firmware download tool.
    And then, finally, flash it to your BK7231M/similiar in BK7231M mode.
    BK7231M firmware flashing tool interface with write success message.
    The flasher is configured in such a way that even for QIO, it will leave old M-style bootloader, and only append OBK to it.
    Now you can also do two more things:
    - do restore RF (if your MAC ends with 00 00 , and most likely it will):
    BK7231 GUI Flash Tool interface in operation
    - configure your WiFi without using AP mode, in the flasher (this is also optional):
    Screenshot of flasher software for BK7231M/BL2028N chips
    It should flash correctly, and OBK should boot:
    Code: text Expand Select all Copy to clipboard
    
        BK7231n_1.0.11
REG:cpsr        spsr        r13         r14
SVC:0x000000D3              0x00401C1C  0x000033AC
IRQ:0x000000D2  0x00000010  0x00401E0C  0x9CB94EF0  
FIR:0x000000D1  0x00000010  0x00401FFC  0xBF77FAB6  
SYS:0x000000DF              0x0040192C  0x00000158  
ST:0x00000000
[I/FAL] Fal(V0.4.0)success
[I/OTA] RT-Thread OTA package(V0.2.4) initialize success.
[E/OTA] (ota_main:171) App verify failed! Need to recovery factory firmware.


go os_addr(0x10000)..........
bk_misc_init_start_type 0 0
prvHeapInit-start addr:0x4143d8, size:113704
[Flash]id:0xeb6015
sctrl_sta_ps_init
cset:0 0 0 0
Entering initLog()...
Commands registered!
initLog() done!
Info:MAIN:Main_Init_Before_Delay
Info:CFG:####### Boot Count 2 #######
Warn:CFG:CFG_InitAndLoad: Correct config has been loaded with 1 changes count.
Error:CMD:lfs is absent
Info:GEN:PIN_SetupPins pins have been set up.
Info:MAIN:Main_Init_Before_Delay done

Main_Init_Before_Delay done
Info:MAIN:Main_Init_Delay

Main_Init_Delay

delaying start
bandgap_calm_in_efuse=0x61
[load]bandgap_calm=0x61->0x21,vddig=4->5
[FUNC]rwnxl_init
[bk]tx_txdes#Startup delayed 0ms#
cyed 0ms#
[FUNC]intc_init
[FUNC]calibration_main
gpio_level=1,txpwr_state=0
user define rfcali mode:1 
get rfcal#Startup delayed 10ms#
ielayed 10ms#
#Startup delayed 20ms#
#Startup delayed 30ms#
#Startup delayed 40ms#
#Startup delayed 50ms#
#Startup delayed 60ms#
#Startup delayed 70ms#
#Startup delayed 80ms#
#Startup delayed 90ms#
#Startup delayed 100ms#
#Startup delayed 110ms#
#Startup delayed 120ms#
#Startup delayed 130ms#
#Startup delayed 140ms#
#Startup delayed 150ms#
#Startup delayed 160ms#
#Startup delayed 170ms#
#Startup delayed 180ms#
#Startup delayed 190ms#
#Startup delayed 200ms#
#Startup delayed 210ms#
#Startup delayed 220ms#
#Startup delayed 230ms#
#Startup delayed 240ms#
#Startup delayed 250ms#
#Startup delayed 260ms#
#Startup delayed 270ms#
#Startup delayed 280ms#
#Startup delayed 290ms#
#Startup delayed 300ms#
#Startup delayed 310ms#
#Startup delayed 320ms#
#Startup delayed 330ms#
#Startup delayed 340ms#
#Startup delayed 350ms#
#Startup delayed 360ms#
#Startup delayed 370ms#
#Startup delayed 380ms#
#Startup delayed 390ms#
#Startup delayed 400ms#
#Startup delayed 410ms#
#Startup delayed 420ms#
#Startup delayed 430ms#
#Startup delayed 440ms#
#Startup delayed 450ms#
#Startup delayed 460ms#
calibration_main over
NO TXPWR_TAB_TAB found in flash
Load default txpwr for b:0xb229c
Load default txpwr for g:0xb22aa
fit n20 table with dist:4
Load default txpwr for n40:0xb22b8
Load default txpwr for ble:0xb3131
#Startup delayed 470ms#

temp in flash is:350
xtal in flash is:12
xtal_cali:12
--init_xtal = 12
[FUNC]ps_init
[FUNC]func_init_extende#Startup delayed 480ms#
d
start_type:0
Version:
Initializing TCP/IP stack
app_init finished
#Startup delayed 490ms#
#Startup delayed 500ms#
#Startup delayed 510ms#
#Startup delayed 520ms#
#Startup delayed 530ms#
#Startup delayed 540ms#
#Startup delayed 550ms#
#Startup delayed 560ms#
#Startup delayed 570ms#
#Startup delayed 580ms#
#Startup delayed 590ms#
#Startup delayed 600ms#
#Startup delayed 610ms#
#Startup delayed 620ms#
#Startup delayed 630ms#
#Startup delayed 640ms#
#Startup delayed 650ms#
#Startup delayed 660ms#
#Startup delayed 670ms#
#Startup delayed 680ms#
#Startup delayed 690ms#
#Startup delayed 700ms#
#Startup delayed 710ms#
#Startup delayed 720ms#
#Startup delayed 730ms#
#Startup delayed 740ms#

starting....
Info:MAIN:Main_Init_Delay done

Main_Init_Delay done
Info:MAIN:Main_Init_After_Delay
Info:MAIN:Using SSID []
Info:MAIN:Using Pass []
Info:MQTT:MQTT_RegisterCallback called for bT obk8C000000/ subT obk8C000000/+/set
Info:MQTT:MQTT_RegisterCallback called for bT bekens_n/ subT bekens_n/+/set
Info:MQTT:MQTT_RegisterCallback called for bT cmnd/obk8C000000/ subT cmnd/obk8C000000/+
Info:MQTT:MQTT_RegisterCallback called for bT cmnd/bekens_n/ subT cmnd/bekens_n/+
Info:MQTT:MQTT_RegisterCallback called for bT obk8C000000/ subT obk8C000000/+/get
Error:CMD:LFS_ReadFile: lfs is absent
Info:CMD:CMD_StartScript: failed to get file autoexec.bat
Info:MAIN:Main_Init_After_Delay done
temperature_type=2
temp_code:36 - adc_code:328 - adc_trend:[13]:350->[15]:330
Info:MAIN:Time 1, idle 262300/s, free 80816, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 2/38 
Info:MAIN:Time 2, idle 190742/s, free 80816, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 2/38 
Info:MAIN:Time 3, idle 188788/s, free 80816, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 2/38 
Info:MAIN:Time 4, idle 188580/s, free 80816, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 2/38 
Info:MAIN:Time 5, idle 189736/s, free 80816, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 2/38 
Info:MAIN:no flash configuration, use default
Info:MAIN:set ip info: 192.168.4.1,255.255.255.0,192.168.4.1
Info:MAIN:ssid:OpenBK7231N_8C000000  key: mode:0
hostapd_main_exiting
hostapd_exit_handler
hostapd_exit_done
Soft_AP_start
[saap]MM_RESET_REQ
[bk]tx_txdesc_flush
[saap]ME_CONFIG_REQ
[saap]ME_CHAN_CONFIG_REQ
[saap]MM_START_REQ
hapd_intf_add_vif,type:3, s:0, id:0
apm start with vif:0
me_set_ps_disable:840 0 0 1 0 0
------beacon_int_set:100 TU
set_active param 0
[msg]APM_STOP_CFM
update_ongoing_1_bcn_update
vif_idx:0, ch_idx:0, bcmc_idx:1
update_ongoing_1_bcn_update
enter low level!
mac c8:47:8c: 0: 0: 1
leave low level!
net_wlan_add_netif done!, vif_idx:0
uap_ip_start

configuring interface uap (with Static IP)WARN: TCPIP mutex is NOT locked (1) caller 53D07

def netif is no ap's netif, sending boardcast or no-subnet ip packets may failed
sending broadcast_deauth:5
Info:MAIN:Time 6, idle 184226/s, free 73096, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 5/38 
Info:MAIN:Boot complete time reached (5 seconds)
Info:CFG:####### Set Boot Complete #######
Info:MAIN:Time 7, idle 180838/s, free 73096, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 5/38 
Info:MAIN:Time 8, idle 188316/s, free 73096, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 5/38 
temp_code:38 - adc_code:323 - adc_trend:[15]:330->[16]:320
Info:MAIN:Time 9, idle 187432/s, free 73096, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 5/38 
Info:MAIN:Time 10, idle 188399/s, free 73096, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 5/38 
Info:GEN:dhcp=0 ip=0.0.0.0 gate=0.0.0.0 mask=0.0.0.0 mac=00:00:00:00:00:00
Info:GEN:sta: 0, softap: 1, b/g/n
Info:GEN:softap:ssid=OpenBK7231N_8C000000,channel=1,dhcp=1,cipher_type:OPEN
Info:GEN:ip=192.168.4.1,gate=192.168.4.1,mask=255.255.255.0,dns=192.168.4.1
Info:MAIN:Time 11, idle 196627/s, free 73096, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 5/38 
Info:MAIN:Time 12, idle 188566/s, free 73096, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 5/38 
Info:MAIN:Time 13, idle 188681/s, free 73096, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 5/38 
Info:MAIN:Time 14, idle 203628/s, free 73096, MQTT 0(0), bWifi 0, secondsWithNoPing -1, socks 5/38 

    Code: text Expand Select all Copy to clipboard
    

Info:MAIN:Time 320, idle 187125/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:GEN:dhcp=0 ip=0.0.0.0 gate=0.0.0.0 mask=0.0.0.0 mac=00:00:00:00:00:00
    
Info:GEN:sta: 0, softap: 1, b/g/n
                                             
Info:GEN:softap:ssid=OpenBK7231N_8C000000,channel=1,dhcp=1,cipher_type:OPEN
   
Info:GEN:ip=192.168.4.1,gate=192.168.4.1,mask=255.255.255.0,dns=192.168.4.1
   
Info:MAIN:Time 321, idle 180226/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 322, idle 185042/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 323, idle 187819/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 324, idle 185465/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 325, idle 183827/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 326, idle 187444/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 327, idle 185459/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 328, idle 185320/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 329, idle 187294/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 330, idle 184974/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:GEN:dhcp=0 ip=0.0.0.0 gate=0.0.0.0 mask=0.0.0.0 mac=00:00:00:00:00:00
    
Info:GEN:sta: 0, softap: 1, b/g/n
                                             
Info:GEN:softap:ssid=OpenBK7231N_8C000000,channel=1,dhcp=1,cipher_type:OPEN
   
Info:GEN:ip=192.168.4.1,gate=192.168.4.1,mask=255.255.255.0,dns=192.168.4.1
   
Info:MAIN:Time 331, idle 194209/s, free 73008, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
hapd_intf_sta_add:1, vif:0
                                                    
rc_init: station_id=0 format_mod=0 pre_type=0 short_gi=0 max_bw=0
              
                                                                  rc_init: nss_m
ax=0 mcs_max=255 r_idx_min=0 r_idx_max=11 no_samples=10
                        
                                                        sta_idx:0, pm_state:0
 
ctrl_port_hdl:1
                                                               
Info:MAIN:Time 332, idle 183041/s, free 72816, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
WARN: TCPIP mutex is NOT locked (1) caller 51DFF
                               
WARN: TCPIP mutex is NOT locked (1) caller 52DC9

                              
WARN: TCPIP mutex is NOT locked (1) caller 51E25

                              
WARN: TCPIP mutex is NOT locked (1) caller 51DFF

                              
WARN: TCPIP mutex is NOT locked (1) caller 52DC9

                              
WARN: TCPIP mutex is NOT locked (1) caller 51E25

                              
Info:MAIN:Time 333, idle 176355/s, free 72816, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 334, idle 181786/s, free 72816, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 335, idle 185663/s, free 72816, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 336, idle 184417/s, free 72816, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 337, idle 183804/s, free 72816, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 338, idle 186666/s, free 72816, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 339, idle 186983/s, free 72816, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:MAIN:Time 340, idle 184551/s, free 72816, MQTT 0(0), bWifi 0, secondsWithNo
Ping -1, socks 5/38 
                                                          
Info:GEN:dhcp=0 ip=0.0.0.0 gate=0.0.0.0 mask=0.0.0.0 mac=00:00:00:00:00:00
    
Info:GEN:sta: 0, softap: 1, b/g/n
                                             
Info:GEN:softap:ssid=OpenBK7231N_8C000000,channel=1,dhcp=1,cipher_type:OPEN
   
Info:GEN:ip=192.168.4.1,gate=192.168.4.1,mask=255.255.255.0,dns=192.168.4.1
 

    Even in AP mode, you should be able to access your device and configure it:
    OpenBK7231N interface control panel with configuration, restart, and launch application buttons.
    Once you configure it, it should connect to your WiFi easily.
    DHCP client list displaying various devices, IPs, and lease times.
    And that's all! That's how you can run your BK7231M modules with OBK.

    Now, here is some miscelaneous information:
    - BK7231 Easy UART flasher used to overwrite bootloader for N platform, but this is no longer the case - it detects QIO file and skips the bootloader section. You can still change this behaviour in advanced options
    - here is a TX2 boot log from BK7231M:
    Code: text Expand Select all Copy to clipboard
    
       BK7231n_1.0.11
REG:cpsr        spsr        r13         r14
SVC:0x000000D3              0x00401C1C  0x000033AC
IRQ:0x000000D2  0x00000010  0x00401E0C  0x8C204EB0  
FIR:0x000000D1  0x00000010  0x00401FFC  0xBF75EAB6  
SYS:0x000000DF              0x0040192C  0x00000158  
ST:0x00000000
[I/FAL] Fal(V0.4.0)success
[I/OTA] RT-Thread OTA package(V0.2.4) initialize success.


go os_addr(0x10000)..........
 0
prvHeapInit-start addr:0x40ecb0, size:136016
[Flash]id:0xeb6015
[Flash]init over
sctrl_sta_ps_init
SDK Rev: 3.0.56 7e6923f
[THD]app:[tcb]40fe80 [stack]40ee78-40fe78:4096:5
[THD]extended_app:[tcb]4106f0 [stack]40fee8-4106e8:2048:4
[THD]idle:[tcb]410b60 [stack]410758-410b58:1024:0
[THD]timer_thd:[tcb]4118e8 [stack]410ce0-4118e0:3072:2
OSK Rev: F-3.0.35 7e6923f
cset:0 0 0 0
[D/FAL] (fal_flash_init:42) Flash device |                bl7231n2m | addr: 0x00000000 | len: 0x00025000 | blk_size: 0x00001000 |initialized finish.

[I/FAL] ==================== FAL partition table ====================

[I/FAL] | name     | flash_dev |   offset   |    length  |

[I/FAL] -------------------------------------------------------------

[I/FAL] | usercfg  | bl7231n2m | 0x00000000 | 0x00010000 |

[I/FAL] | fac_data | bl7231n2m | 0x00010000 | 0x00004000 |

[I/FAL] | log      | bl7231n2m | 0x00014000 | 0x00010000 |

[I/FAL] =============================================================

[I/FAL] Flash Abstraction Layer (V0.5.99) initialize success.

[FlashDB][kv][usercfg] (fdb_kvdb_init:1638) KVDB size is 65536 bytes.
[FlashDB][kv][usercfg] (fdb_kvdb_init:1642) kv load result 0 
[FlashDB]FlashDB V1.1.2 is initialize success.
[FlashDB]You can get the latest version on https://github.com/armink/FlashDB .
[FlashDB][kv][fac_data] (fdb_kvdb_init:1638) KVDB size is 16384 bytes.
[FlashDB][kv][fac_data] (fdb_kvdb_init:1642) kv load result 0 
[FlashDB][kv][log] (fdb_kvdb_init:1638) KVDB size is 65536 bytes.
[FlashDB][kv][log] (fdb_kvdb_init:1642) kv load result 0 
[THD]ves_evt:[tcb]413fe0 [stack]4133d8-413fd8:3072:6
[THD]ves_scanner:[tcb]414918 [stack]414110-414910:2048:6
[THD]ves_init:[tcb]415358 [stack]414b50-415350:2048:3
bandgap_calm_in_efuse=0x61
[load]bandgap_calm=0x20->0x21,vddig=4->5
[FUNC]rwnxl_init
chip id=7231c device id=20521028
IP Rev: W4-3.0.56-P0
txdesc flush
[FUNC]intc_init
[FUNC]calibration_main
get rfcali_mode:1
device_id=0x20521028
calibration_main over
NO TXPWR_TAB_TAB found in flash
Load default txpwr for b:0xe3720
Load default txpwr for g:0xe3756
fit n20 table with dist:4
Load default txpwr for n40:0xe3666
Load default txpwr for ble:0xe372e
uncali adc value:[00 00 00]
NO TXID_THERMAL found in flash, use def temp:330
temp in flash is:330
[THD]temp_detct:[tcb]415948 [stack]415540-415940:1024:3
NO TXID_LPFCAP found in flash, use def 114, 108
NO TXID_THERMAL found in flash, use def xtal:38
xtal in flash is:38
xtal_cali:38
--init_xtal = 38
[FUNC]ps_init
int watchdog enabled, period=10000
task watchdog enabled, period=60000
[FUNC]func_init_extended OVER!!!

start_type:0
[THD]kmsgbk:[tcb]416a10 [stack]415a08-416a08:4096:6
[THD]init_thread:[tcb]417250 [stack]416a78-417248:2000:5
Initializing TCP/IP stack
tcp_port:60281
[THD]tcp/ip:[tcb]417ca0 [stack]417498-417c98:2048:7
[THD]wpas_thread:[tcb]419168 [stack]418160-419160:4096:4
bk_wlan_app_init finished
[THD]core_thread:[tcb]41a0c8 [stack]4198c0-41a0c0:2048:7
[THD]rf_arbitrate:[tcb]41aa30 [stack]41a228-41aa28:2048:8
rf_thread_init ok
[THD]ble:[tcb]41b348 [stack]41ab40-41b340:2048:5
ble mac:fc-58-4a-b8-cf-d3
xvr_reg_init
h4tl_init-1 ok
hci_init ok
!!!!!!init_type=0
rwble_hl_init ok
BLE Rev: B5-3.0.56-P0
rwble_init ok
rwip_driver_init ok
enter normal mode
EM_BLE_END:0x1b40
!!!!!!init_type=1
llm_init:312
[gapm_cmp_evt_handler] conidx:0,operation:0x1,status:0x0
cmd->addr.addr[5] :0
!!!!!!init_type=2
[gapm_cmp_evt_handler] conidx:0,operation:0x3,status:0x0
gapm_cmp_evt:GAPM_SET_DEV_CONFIG
gapm_cmp_evt:wait GAPM_GEN_RAND_NB
[gapm_cmp_evt_handler] conidx:0,operation:0x1a,status:0x0
gapm_cmp_evt:GAPM_GEN_RAND_NB
[gapm_cmp_evt_handler] conidx:0,operation:0x1a,status:0x0
gapm_cmp_evt:GAPM_GEN_RAND_NB
[gapm_cmp_evt_handler] conidx:0,operation:0x28,status:0x0
gapm_cmp_evt:BLE_STACK_OK
[THD]cli:[tcb]41c2a8 [stack]41bea0-41c2a0:1024:3
[THD]ves_ble:[tcb]41d4c0 [stack]41c4b8-41d4b8:4096:5
ble create new db
ble_env->start_hdl = 0x10
[gapm_profile_added_ind_handler] prf_task_id:0x78,prf_task_nb:9,start_hdl:16,state:0x1
conidx:0x0,role:0x0,dest_id:0x3,src_id:0x7,param->status:0x0
[gapm_cmp_evt_handler] conidx:0,operation:0x1b,status:0x0
ble create new db
ble_env->start_hdl = 0x16
[gapm_profile_added_ind_handler] prf_task_id:0x79,prf_task_nb:10,start_hdl:22,state:0x1
conidx:0x0,role:0x0,dest_id:0x3,src_id:0x7,param->status:0x0
[gapm_cmp_evt_handler] conidx:0,operation:0x1b,status:0x0
[gapm_cmp_evt_handler] conidx:0,operation:0xa0,status:0x0
[gapm_cmp_evt_handler] conidx:0,operation:0xaa,status:0x0
[gapm_cmp_evt_handler] conidx:0,operation:0xa9,status:0x0
rw_ieee80211_set_country code:
code: EP
channel: 1 - 13
mode: MANUAL
[gapm_cmp_evt_handler] conidx:0,operation:0xa4,status:0x0
[THD]ves_mqtt:[tcb]40f940 [stack]41d6b8-41e6b8:4096:5
[SDK W vesync_net_config_read_from_flash:97] read flash error
[SDK W vesync_device_print_info:277] 
---------------Device Info---------------
  Device MAC: fc:58:4a:b8:cf:d2
  Device CID: vsotada32554d609b9c408a0919e68bd
  Device type: outlet
  Device model: BSDOG02
  Device alias model: BSDOG02
  Firmware type: release
  Hardware version: 1.0
  Vesync SDK version: v1.2.1-1d1881fe
  Firmware version: 1.0.01
  Country code: EU
----------------------------------------
[SDK W tb_default_rd_cfg_cb:120] read flash fail[1]
[SDK W vesync_timebase_init:660] config no found: -5
value:0x400, group:0, channel:1
ctrl:0x400
mode: 34, REG_PWM_GROUP_CTRL= 0x1400
value:0x1c04, group:0, channel:0
ctrl:0x1c04
mode: 34, REG_PWM_GROUP_CTRL= 0x1c14
[SDK W away_default_rd_cfg_cb:131] read flash fail[1]
[THD]app_task:[tcb]416c68 [stack]41a228-41aa28:2048:5
[THD]ves_netcfg:[tcb]416cf8 [stack]41e6c0-41f2c0:3072:4
[gapm_cmp_evt_handler] conidx:0,operation:0xa9,status:0x0
[sa_sta]MM_RESET_REQ
txdesc flush
[sa_sta]ME_CONFIG_REQ
[sa_sta]ME_CHAN_CONFIG_REQ
[sa_sta]MM_START_REQ
[gapm_cmp_evt_handler] conidx:0,operation:0xa9,status:0x0
sizeof(wpa_supplicant)=1016
mm_add_if_req_handler:0
hapd_intf_add_vif,type:2, s:0, id:0
wpa_dInit
hapd_intf_del_key: mac ff:ff:ff:ff:ff:ff, hw key idx 65
hapd_intf_del_key: mac ff:ff:ff:ff:ff:ff, hw key idx 65
hapd_intf_del_key: mac ff:ff:ff:ff:ff:ff, hw key idx 65
hapd_intf_del_key: mac ff:ff:ff:ff:ff:ff, hw key idx 65
hapd_intf_del_key: mac ff:ff:ff:ff:ff:ff, hw key idx 65
hapd_intf_del_key: mac ff:ff:ff:ff:ff:ff, hw key idx 65
wpa S: DISCONNECTED -> INACTIVE
wpa S: INACTIVE -> DISCONNECTED
enter low level!
mac fc:58:4a:b8:cf:d2
leave low level!
[net]addvif_idx:0
wpa_supplicant_req_scan
Setting scan request: 0.000000 sec
wpa_supplicant_scan
wpa S: DISCONNECTED -> SCANNING
wpa_supplicant_scan 1004
wpa_drv_scan
wpa_send_scan_req
no ht in scan
scan_start_req_handler
wpa_driver_scan_start_cb
wpa rx E SCAN_STARTED
temperature_type=2
temp_code:18 - adc_code:343 - adc_trend:[13]:330->[12]:339
init_xtal:38, delta:3, last_xtal:38
wpa_driver_scan_cb
wpa rx E SCAN_RESULTS
Scan completed in 1.326000 seconds
wpa_get_scan_rst:8
wpa S: SCANNING -> DISCONNECTED
temp_code:17 - adc_code:346 - adc_trend:[12]:339->[11]:348
init_xtal:38, delta:4, last_xtal:41
[SDK W report_cloud:79] cloud disconnect. state(0)
[SDK W report_cloud:79] cloud disconnect. state(0)
[SDK W report_cloud:79] cloud disconnect. state(0)
[SDK W report_cloud:79] cloud disconnect. state(0)
[SDK W report_cloud:79] cloud disconnect. state(0)
[SDK W report_cloud:79] cloud disconnect. state(0)
[SDK W report_cloud:79] cloud disconnect. state(0)
[SDK W report_cloud:79] cloud disconnect. state(0)
temp_code:19 - adc_code:341 - adc_trend:[11]:348->[12]:339
init_xtal:38, delta:3, last_xtal:42
[SDK W report_cloud:79] cloud disconnect. state(0)


    If you see a similiar bootlog before flashing, it may be BK7231M
    - CB2S with BK7231M was send to me by a reader and it was in LSPA9 clone marked as BSD33
    - if you have overwritten your bootloader before (for example, with old flasher, that flashed QIO without skipping bootloader), you may need to restore the original bootloader for your chip to work

    That's all for now, let me know if the new binary type works for you! I'm available and ready to fix potential issues, just let me know.

    Cool? Ranking DIY
    Helpful post? Buy me a coffee.
    About Author
    p.kaczmarek2
    Moderator Smart Home
    Offline 
    p.kaczmarek2 wrote 11952 posts with rating 9992, helped 572 times. Been with us since 2014 year.
  • ADVERTISEMENT
  • #2 21110313
    p.kaczmarek2
    Moderator Smart Home
    There were some bugfixes made, latest version is now 1.3.2, thanks @divadiow for pointing that out via private message.
    @divadiow is 1.3.2 working better now?
    https://github.com/openshwprojects/BK7231GUIFlashTool/releases
    Helpful post? Buy me a coffee.
  • #3 21110397
    divadiow
    Level 34  
    yes, thanks. 1.3.2 appears to have resolved the issue of Easy Flasher quitting unexpectedly when trying the 'Restore RF part' function in M-type chip mode.

    Also, the overwrite bootloader advanced option in M-type mode also works where previously it would not overwrite bootloader.

    Screenshot of the Easy UART Flasher program showing a successful write message.
  • ADVERTISEMENT
  • #4 21110399
    p.kaczmarek2
    Moderator Smart Home
    Ok any other suggestions? Or do you think it's a good time to just add an advanced (hidden for most users) "write N bytes at offset X" command?
    Helpful post? Buy me a coffee.
  • ADVERTISEMENT
  • #5 21110874
    divadiow
    Level 34  
    Well, I would certainly make use of more flexible flashing options. The ability to flash from a specific address and or skip a custom portion of a file. Even specifying the start and end address of a source file AND the same for destination could be useful for flashing back factory RF partition, for example, assuming addresses are known.

    If more non-Tuya BK devices start appearing then these abilities may become a necessity in order to experiment more.
  • #6 21111458
    p.kaczmarek2
    Moderator Smart Home
    Sure, would something like that work for you?
    Screenshot of BK7231 Easy UART Flasher program for downloading and flashing firmware with an open settings window.
    Helpful post? Buy me a coffee.
  • ADVERTISEMENT
  • #8 21111506
    p.kaczmarek2
    Moderator Smart Home
    I pushed release due to the ReadOBKConfig bug:
    https://github.com/openshwprojects/BK7231GUIFlashTool/releases/
    This release contains unfinished custom read.
    Helpful post? Buy me a coffee.
  • #10 21126765
    divadiow
    Level 34  
    ferbulous wrote:
    What am i missing here?


    these Beken-based Matter devices are different.

    I've flashed your dumps to my CB3S uHome device and both have the RT-Threads 1.0.13 bootloader. The experience with these will be the same as mine here https://www.elektroda.com/rtvforum/topic4032988.html#21115403

    Code: Text
    Log in, to see the code


    which is in summary that you will be able to get OpenBeken to boot, after some flashing acrobatics, but that there will be no AP. I've got no further with this yet.

    You'll probably find your devices, in their current state, are not booting at all.

    Added after 3 [minutes]:

    please also link to device product pages/post pics so I can label your dumps for reference in my collection
  • #11 21126861
    ferbulous
    Level 18  
    @divadiow just to clarify after some flashing acrobatics, you could get it to boot up and connected to wifi? Just that it can’t show the AP?

    Should be the same one you’ve purchased before from aliexpress

    Just found this amazing item on AliExpress. Check it out! MYR22.69 56% Off | 1/4 Gang Matter WIFI Smart Switch Module Automation Relay Smart Breaker Voice Control Apple Home Siri Alexa Google smarttings
    https://a.aliexpress.com/_oEKFOgI

    3 gang - cb3s with pin headers
    4 gang - cbu with pin headers
    2 gang - still shipping but looking at the review it’s cb3s

    Matter 4CH switch module connected with wires.
  • #12 21126863
    divadiow
    Level 34  
    oh interesting. I didn't know some come with a CBU. Yes, mine is CB3S.

    No, no AP and no connecting to wifi. No mac assigned wireless interface, as seen in OBK boot log in other thread.

    Added after 47 [seconds]:

    so apart from watching OBK (sometimes) boot, these devices don't appear to be usable yet with OpenBeken.
  • #13 21130219
    p.kaczmarek2
    Moderator Smart Home
    So how are they different @divadiow ? Have you tried restoring or transplanting RF partition from, for example, the working OBK BK7231M device?

    By the way, it seems we've got first user that flashed BK7231M with our guide and reported it to our forum! Let's check this out, it seems it was worth to support this platform flavour:
    [BK7231M][BL0937] 2$ ChinaMobile HeJiaQin/HuiJu (合家亲/惠桔) X1S tear down & pinmap
    Helpful post? Buy me a coffee.
  • #14 21130297
    divadiow
    Level 34  
    p.kaczmarek2 wrote:
    Have you tried restoring or transplanting RF partition from, for example, the working OBK BK7231M device?


    Yes. I have tried restoring RF from normal Tuya device and the one from factory from this device. Both to usual RF address and I think to the different address the factory fw has RF. I'm away from home at the moment but will do it all again to confirm.

    Added after 1 [minutes]:

    p.kaczmarek2 wrote:
    it seems we've got first user that flashed BK7231M with our guide and reported it to our forum!

    This is cool

    Added after 2 [minutes]:

    What id really like to do is sit and try to make a map of the partition layout for these uHome firmwares. There's probably somewhere online that has it actually, surely.

    Added after 1 [minutes]:

    So if the RF partition is at a different address, what does that mean for OBK? Does OBK need to know what that address is?

    Added after 4 [minutes]:

    Ah. I've already posted about it Comparison of RF partition layout between Tuya and uHome devices.

    Added after 25 [minutes]:

    Oh. And the uHome device coeff is different but I haven't got OBK to boot flashing to 0x11000 with a build using uHome coeff

    "-the coeff key is 4862379A 8612784B 85C5E258 75754528 but reads as 00000000 00000000 00000000 00000000 (presumably because efuse read-out is disallowed- something of note for others reporting 0s in Easy Flasher)"
  • #15 21140379
    p.kaczmarek2
    Moderator Smart Home
    Ok, I've added the warning you mentioned to the flasher:
    https://github.com/openshwprojects/BK7231GUIF...mmit/2ee1f316036454f0ca1684433b4d39e9a44accb8
    Helpful post? Buy me a coffee.
  • #16 21450591
    divadiow
    Level 34  
    I have flashed your dump of that LSPA9 clone/BSD33 to a 4mb SparkleIoT XH-CB2S/BK7231M module from a Matter device - the same as can be seen here https://www.elektroda.com/rtvforum/topic4086986.html

    The key in the efuse on my module really is 000000, rather than because read-out is disallowed, and so your dump boots and I get the same boot log

    Code: Text
    Log in, to see the code


    I notice in the boot there's mention of a company called VeSync who have a Play Store app https://play.google.com/store/apps/details?id=com.etekcity.vesyncplatform

    Code: Text
    Log in, to see the code


    Screenshot of the VeSync app on Google Play.

    I've never heard of this company or seen their name in a boot log before. Going further, the VeSync finds the device and pairs it successfully.
    Energy management app interface displaying voltage, energy, and power information. Device information screen on a mobile phone. Mobile app interface for managing smart home devices, displaying a screen with a list of devices.

    VeSync_BSD33_BSDOG02_Plug_1.0.0.1.bin
    https://github.com/openshwprojects/FlashDumps/tree/main/IoT/BK7231M

    Added after 3 [minutes]:

    seems there's another world of these VeSync type devices https://github.com/webdjoe/pyvesync

    Added after 2 [minutes]:

    https://github.com/search?q=bsd33+vesync&type=code

    Added after 46 [minutes]:

    Oh look. Another VeSync dump

    https://github.com/openshwprojects/OpenBK7231T_App/issues/826
Reply Cool? Ranking DIY | New topic
Notify about new articles
Report a violation of the law

Topic summary

The discussion focuses on flashing BK7231M and BL2028N devices with open-source firmware, specifically addressing the use of the "00000000" encryption key. Users share experiences with the BK7231GUIFlashTool, highlighting improvements in version 1.3.2 that resolve issues with the flashing process. Suggestions for additional features, such as flexible flashing options and the ability to specify memory addresses, are proposed to enhance usability. Users also discuss challenges faced with different firmware versions and the need for a better understanding of partition layouts for successful flashing. The conversation includes troubleshooting steps for devices that fail to connect to Wi-Fi after flashing.
Summary generated by the language model.
Popular Topics
ADVERTISEMENT