Exploring A9 Minicam Variation: XF16 PB380EA6341 MCU, T25S80 SPI Flash, XR872, Skylark SDK

divadiow 14613 235

#151 21531057 26 Apr 2025 08:39

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #151
21531057 26 Apr 2025 08:39

divadiow wrote:
curious about how the pins will work with XF16 being QFN68 and XR872AT being QFN52 and XR872ET being QFN40. We don't have a datasheet for XF16 yet.

because of this though. QFN68

Added after 3 [minutes]:

dumping stuff here as I find btw
https://github.com/divadiow/DataSheets/tree/main/GalaxyCore
https://github.com/divadiow/DataSheets/tree/main/AllWinner_Xradiotech
ADVERTISEMENT
#152 21531066 26 Apr 2025 08:49

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

Post #152
21531066 26 Apr 2025 08:49

So we have some camera datasheets. But wait for a moment.

It seems that I have some UART flashing issues again. Can you triple-check if it works still as expected for you, with OpenXR?

I am starting to think that SOMEHOW latest OpenXR872 release has flashing via UART broken.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#153 21531075 26 Apr 2025 09:08

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #153
21531075 26 Apr 2025 09:08

I was flashing OK last night and now latest release is flashing too

Added after 3 [minutes]:

make a new cable/dev thing with spare USB-TTL adaptor and 5v out?

Added after 6 [minutes]:

wait.

Added after 2 [minutes]:

subsequent flash attempts since OpenXR872_1.18.94.img
#154 21531095 26 Apr 2025 09:25

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

Post #154
21531095 26 Apr 2025 09:25

So this commit breaks futher UART flashing on XR872?

https://github.com/openshwprojects/OpenXR872/...e17921e7e6845f234d9b861f8e77874e352cdb269345f
That's the same commit that allowed our image to boot on 1MB flash chips.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#155 21531099 26 Apr 2025 09:46

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #155
21531099 26 Apr 2025 09:46

hmm. so why could I flash after this non-GH build if that was the only change in code? https://www.elektroda.com/rtvforum/topic4074636-120.html#21530564

Added after 14 [minutes]:

have you a 2mb flash cam readily available that you can program with OpenXR872_1.18.94.img to see if flash size makes any difference? i'm not sure what that would prove exactly though
#156 21531105 26 Apr 2025 12:11

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home
Helpful post? (0)

Post #156
21531105 26 Apr 2025 12:11

The camera I use for testing has 2MB flash, but I tried 1MB flash yesterday and it was the same. Maybe I should edit that config to put OTA somewhere within 1MB bounds instead of removing it entirely.

Added after 2 [hours] 23 [minutes]:

Done:
Code: text Expand Select all Copy to clipboard
{ "magic": "AWIH", "version": "0.4", "OTA": { "addr": "880K", "size": "4K" }, "image": { "max_size": "880K" }, "count": 6, "section": [

Can you check?

Attachments:

ota_but_at_880k.zip Download (422.67 KB)

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
ADVERTISEMENT
#157 21531260 26 Apr 2025 12:59

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #157
21531260 26 Apr 2025 12:59

Yes, flashed that to a still-working XF16, so I didn't have to bother unsoldering yet if it didn't work, boots OK but sadly no flashes after that to same build or any other

Code: Text
Log in, to see the code

Added after 34 [minutes]:

there must be some code thing to allow uart commands to be received and actioned to put it into download mode and the XR872 code currently is set to not allow this?
#158 21531300 26 Apr 2025 13:09

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home
Helpful post? (0)

Post #158
21531300 26 Apr 2025 13:09

So, you are 100% sure that version before this commit allows UART flashing:
https://github.com/openshwprojects/OpenBK7231...mmit/0274993d7fc077c4f160556c932c98428e7c3cc1
and versions after this commit do not?

So, to sum up.
First version that we got to work - with this section:
Code: text Expand Select all Copy to clipboard
{     "magic": "AWIH",     "version": "0.4",     "OTA": {         "addr": "1024K",         "size": "4K"     },     "image": { "max_size": "880K" },     "count": 6,     "section": [

On 1MB chip, it does not boot, but it boots on my custom 2MB flash chip.
However, on 1MB chip, it still allows UART recovery?

Second version (introduced here https://github.com/openshwprojects/OpenBK7231...mmit/0274993d7fc077c4f160556c932c98428e7c3cc1 ) - with this section removed:
Code: text Expand Select all Copy to clipboard
{     "magic": "AWIH",     "version": "0.4",     "image": { "max_size": "880K" },     "count": 6,     "section": [

It boots on both 1MB and 2MB chips, but does not allow UART flash.

Third version (the one I added in attachment):
Code: text Expand Select all Copy to clipboard
{     "magic": "AWIH",     "version": "0.4",     "OTA": {         "addr": "880K",         "size": "4K"     },     "image": { "max_size": "880K" },

It also boots on both 1MB and 2MB chips, but does not allow UART flash?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#159 21531310 26 Apr 2025 14:46

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #159
21531310 26 Apr 2025 14:46

I'd need to flash again to be 100% sure. I appear to have lost track of what worked when and on what. I currently have 2 1mb cams that boot but no UART flash ability and 1 2mb cam that doesn't boot into anything and won't allow UART flash either. If I desolder to flash again, I guess I could flash A9 factory then we're open for UART to anything from that point.

Added after 45 [minutes]:

OK. I have two 1mb cams that I can do uart with now. In case you've already gone further with your own testing, is there anything specific you want me to flash right now?

Added after 40 [minutes]:

I have flashed 1.18.93 to both 1mb cams (2mb isnt behaving at the moment) and neither boot (as we know) but both can be communicated with in PhoenixMC again after flash
ADVERTISEMENT
#160 21531400 26 Apr 2025 14:48

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home
Helpful post? (0)

Post #160
21531400 26 Apr 2025 14:48

Ok fresh tests on 2MB:
Code: text Expand Select all Copy to clipboard
SPI ID: C84015 --------------------------------------------------------------------------- Currently selected: GD25Q16x [3.3V] 16 Mbits, 2 Mbytes ---------------------------------------------------------------------------

I flashed original backup via SPI (desoldered chip), then I flashed 1.18.93 via UART. Then flashed 1.18.93 via UART again. Then power off and power on, then I am not able to flash via UART anymore.
So... 1.18.93 still has the problem?

Attempt 2. I restored original backup via SPI (desoldered chip), then I flashed 1.18.94 via UART. Then flashed 1.18.94 via UART again. Then flashed 1.18.94 via UART again. Then flashed 1.18.94 via UART again. Then flashed 1.18.93 via UART. Then flashed 1.18.94 via UART. Then power off and power on, then I am not able to flash via UART anymore.

Attempt 3. I restored original backup via SPI (desoldered chip), then I flashed 1.18.90 via UART. And again. Then power off and power on, then I am not able to flash via UART anymore.

Conclusion so far: all previous tests were more or less incorrect. It seems that something that allows UART flashing is persistent in RAM until power off. So the UART problem started earlier or it was present from the start.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#161 21531407 26 Apr 2025 15:10

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #161
21531407 26 Apr 2025 15:10

to confuse things a little, I am flashing 1.18.93 over and over uart to 1mb flash and removing all power from device in between

Added after 9 [minutes]:

is your experience different because with a 2mb flash you are booting into the app and response to commands from uart are ignored because this ability is disabled in code? whereas with no boot, ie not getting past bootloader, on 1mb flash, the BL still allows UART comms?

what I mean is, regardless of flash size, is the issue that something needs changing in the SDK to allow commands from uart to be received to put device into uart download mode?
ADVERTISEMENT
#162 21531421 26 Apr 2025 15:14

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home
Helpful post? (0)

Post #162
21531421 26 Apr 2025 15:14

Let's check this build:
Code: text Expand Select all Copy to clipboard
#79 21523387 18 Apr 2025 18:16 https://www.elektroda.com/rtvforum/viewtopic.php?p=21523387#21523387

Flashed factory firmware via desoldered flash chip. Flashed this build via UART. It boots:

UART is ok. I can flash again. And again.

Now power off... and on.

Well, this version seems to allow UART even after power off and on cycle? That's very strange? That would suggest that something between 18 Apr and the XR872 addition to online builds has changed?

I've flashed XR872 at_demo build now locally and lost again ability to flash via UART.

Could the culprit be here?
https://github.com/openshwprojects/OpenXR872/commits/main/
Update image.cfg or FIX FLASH CONFIG SAVE?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#163 21531440 26 Apr 2025 15:39

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #163
21531440 26 Apr 2025 15:39

1 mo. I *may* have found something. Is it possible that we need OTA module defined (right word?) even if we're not doing actual OTA.

Looking at XR872development_manual.pdf it seems there's another program pictured - iflymod - where a "jyd ota..." command is sent and it looks like it's sending this over UART.

dunno, just a thought
#164 21531441 26 Apr 2025 15:48

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

Post #164
21531441 26 Apr 2025 15:48

I've put obk in "hello_ world" project and I believe this is enabled there, but you can double check:
https://github.com/openshwprojects/OpenXR872/...in/project/demo/hello_demo/gcc/localconfig.mk
https://github.com/openshwprojects/OpenXR872/blob/main/project/demo/hello_demo/prj_config.h

Added after 5 [minutes]:

Degraded back SDK to version from 8 days ago:

Still nothing. Here's another idea - maybe logging printf blocks UART? That "every second" stuff?
Next test incoming...

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#165 21531566 26 Apr 2025 18:12

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #165
21531566 26 Apr 2025 18:12

p.kaczmarek2 wrote:
I've put obk in "hello_ world" project and I believe this is enabled there, but you can double check:

double-check = flash original hello_world binary?

p.kaczmarek2 wrote:
Next test incoming...

how's it going?
#166 21532842 27 Apr 2025 21:19

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #166
21532842 27 Apr 2025 21:19

Code: Text
Log in, to see the code

is present in localconfig.mk but not in prj_config.h
Helpful post

#167 21534886 30 Apr 2025 07:18

divadiow divadiow

Level 35

Topic author Helpful post? (+1)

Helpful post
Post #167
21534886 30 Apr 2025 07:18

if you sniff out the UART comms as PhoenixMC opens com and sends reboot/download mode command:

gif

Code: Text
Log in, to see the code

5x 10 sets of U until timeout

with a receptive firmware the device will acknowledge with this response

gif

Code: Text
Log in, to see the code

https://github.com/search?q=repo%3Aopenshwprojects%2FOpenXR872+BROM&type=code

so, https://github.com/openshwprojects/OpenXR872/blob/main/project/common/cmd/cmd_upgrade.c ?

Code: C / C++
Log in, to see the code

Added after 8 [hours] 50 [minutes]:

p.kaczmarek2 wrote:
maybe logging printf blocks UART? That "every second" stuff?

on this, if you set loglevel 0 then PhoenixMC takes longer to error, like it's getting to send full 5x 10 'U' and getting no response. With higher logging you get a quicker synchron error return, presumably because it sends the first 10 Us but with a more chatty uart it gets the wrong response
Helpful post

#168 21536584 01 May 2025 21:40

divadiow divadiow

Level 35

Topic author Helpful post? (+1)

Helpful post
Post #168
21536584 01 May 2025 21:40

UART download mode without grounding PB02 and/or PB03 ability is also there for factory XR809 firmware.

I just tested with P06 and the LoraTap dumps https://github.com/openshwprojects/FlashDumps/tree/main/IoT/XR809

I'm guessing the same will be the case for fac XR806 too
#169 21536627 01 May 2025 22:47

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

Post #169
21536627 01 May 2025 22:47

Hey, can you check whether flashing old OpenXR809 also breaks uart download mode without grounding required pins?

Added after 6 [minutes]:

So you think this code prints that "OK"? The one which is send by XR872 back to flasher?
Code: C / C++
Log in, to see the code

Well, you may be right:

So we have reboot command for firmware update and just classic reboot?
Code: C / C++
Log in, to see the code

that would mean that we need to run cmd_upgrade_exec, but where is it called from?
https://github.com/search?q=repo%3Aopenshwpro...%2FOpenXR872%20cmd_upgrade_exec&type=code
QR code demo has command "upgrade":

Which matches what XR tool sends, wow, it seems you've really find it! I guess we need to add this command for OBK now? Or... do we even build with AT commands on?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#170 21536637 01 May 2025 22:58

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #170
21536637 01 May 2025 22:58

yeh baby!

I did a search too in the Tuya XR806 SDK to see where such references might pop up in demos

I started to try something but it doesn't work and I guess with what you've added, more is required

https://github.com/openshwprojects/OpenBK7231...:OpenBK7231T_App:refs/heads/xr809_cmd_upgrade
https://github.com/openshwprojects/OpenXR809/...are/master...divadiow:OpenXR809:cmd_upgrade.c
#171 21536653 01 May 2025 23:12

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

Post #171
21536653 01 May 2025 23:12

Maybe you don't need to add more. It seems it's already in hello_demo, which I used as container for OBK, due to the lack of time:

https://github.com/openshwprojects/OpenXR872/...6418953/project/demo/hello_demo/command.c#L89
but it doesn't change the fact that it does not recognize those commands yet, so something must be missing. Maybe removed by accident.
This is the entry point:
https://github.com/openshwprojects/OpenXR872/...8023bf76418953/project/demo/hello_demo/main.c
Well, but it only has platform_init call, the original hello_demo has it as well:
https://github.com/divadiow/xr872_sdk/blob/dev/project/demo/hello_demo/main.c
|So we probably need a compile time switch that enables AT commands. CONFIG_something

Added after 1 [minutes]:

If you look for main_cmd_exec in the SDK, you can find line 666:

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#172 21536774 02 May 2025 07:32

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #172
21536774 02 May 2025 07:32

that seems to be all that's needed https://github.com/openshwprojects/OpenXR872/compare/main...divadiow:OpenXR872:CONSOLE_EN

OpenXR872 on 1mb flash now = "Open comm OK !" with #define PRJCONF_CONSOLE_EN 1
#173 21536783 02 May 2025 07:44

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

Post #173
21536783 02 May 2025 07:44

Very good, you have solved the problem! Is it tested well, with power off and on cycles? Then I can merge.

This only leaves one question - why it worked with new firmware before power off/on cycle?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#174 21536793 02 May 2025 08:02

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #174
21536793 02 May 2025 08:02

p.kaczmarek2 wrote:
Is it tested well, with power off and on cycles?

yes. Camera unplugged and re-plugged fresh a few times.

p.kaczmarek2 wrote:
why it worked with new firmware before power off/on cycle?

hmm. I can't think why really. Anything to do with reset options selected here in settings?

that "hardware location burning mode" translation is a little bit wrong. I have seen it referred to as "Hardware reset burning mode" in a couple of PDFs or guides. for example:

Code: Text
Log in, to see the code

https://zhuanlan.zhihu.com/p/694447378

I should probably replace pictures in posts with correction

Added after 5 [minutes]:

also confirming that "reboot" button from the debug menu also works after successful com open in PhoenixMC
#175 21536798 02 May 2025 08:14

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

Post #175
21536798 02 May 2025 08:14

I have merged your changes. Now, doesn't the same work for XR806 and XR809?

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#176 21536807 02 May 2025 08:21

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #176
21536807 02 May 2025 08:21

cool.

I started on XR809 but was getting all my branches mixed up so shifted to XR872 only.
https://github.com/openshwprojects/OpenBK7231T_App/actions/runs/14788805529/job/41522009963

if enabled it complains about:

Code: Text
Log in, to see the code

and with command.h added it complains about partition overlap https://github.com/openshwprojects/OpenBK7231T_App/actions/runs/14789021450/job/41522592014

but maybe this was the point I mixed something up. I anticipated starting again with XR809
#177 21536815 02 May 2025 08:31

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

Post #177
21536815 02 May 2025 08:31

Probably you did good, but it just enabled so many commands that it ran out of flash memory. What kind of command.c source code did you use? I think we just need that upgrade and reboot command. We do not need full AT command line.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#178 21536820 02 May 2025 08:38

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #178
21536820 02 May 2025 08:38

https://github.com/openshwprojects/OpenXR809/commit/731618ff67c61b88b9981acfe0768a5f84b6cdac

maybe from https://github.com/openshwprojects/OpenXR809/tree/master/project/wlan_demo - can't actually remember now!

there's also the potential to save 7-9k with newer toolchain on XR809 but I haven't tested anything but build https://github.com/openshwprojects/OpenBK7231T_App/pull/1619
#179 21536893 02 May 2025 09:57

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

Helpful post? (0)

Post #179
21536893 02 May 2025 09:57

I'd remove all commands except update and upgrade.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
#180 21541553 06 May 2025 22:48

divadiow divadiow

Level 35

Topic author Helpful post? (0)

Post #180
21541553 06 May 2025 22:48

hmm. i think this broke config save. doesn't save on 1.18.99 https://github.com/divadiow/OpenXR872/commit/674e777935b3a4dd3ea1941d938023bf76418953
Create an account, log in here. You will receive points by participating in discussions.
Join this discussion.

Install Elektroda application

Topic summary

The discussion focuses on a variation of the A9 mini Wi-Fi camera featuring the XF16 PB380EA6341 MCU, an 8Mbit SPI flash chip labeled T25S80 (likely from ChipSourceTek), and the XR872 SoC running the Skylark SDK. Attempts to read and dump the flash firmware using tools like Flashrom, NeoProgrammer, and ASProgrammer faced challenges due to unrecognized SPI IDs and unreliable read/write operations, especially when the flash chip was in-circuit. Desoldering the flash chip improved read/write reliability. The firmware strings indicate the use of an RTOS and the iLnkP2P protocol for communication. The XR872 SDK (version 2.0 and later 1.2.x) was explored for building and flashing demo applications, including a "hello world" example, which successfully booted on the hardware after flashing via UART using PhoenixMC. Flashing custom firmware requires careful handling of flash erase and protection bits, with some users experiencing verification errors and random write failures. The flash layout includes an AWIH header and OTA partitions, with OTA updates compressed by XZ, raising concerns about fitting OTA images into the 1MB flash. Hardware details such as the presence of a pull-up resistor on the flash hold pin and UART pin configurations (PB02/PB03) were examined. The community also discussed the compatibility of different flash chip sizes (1MB vs 2MB) and the impact on firmware booting and flashing. Some users successfully transplanted firmware to larger flash chips (2MB) to run custom firmware like OpenXR872 (OBK). The discussion includes references to related projects for video stream capture without flashing (cam-reverse) and the challenges of flashing and booting custom firmware on these devices. Overall, the thread provides detailed technical insights into hardware probing, firmware extraction, SDK usage, flashing procedures, and troubleshooting for the XF16-based A9 mini camera variant with XR872 SoC.
Summary generated by the language model.

FAQ

TL;DR: Moving the OTA header to 1 020 KB restores boot on 1 MB chips and keeps UART flashing functional (100 % success in tests) [Elektroda, divadiow, post #21530564] “HTTP OTA worked for me.” [Elektroda, insmod, post #21590642]

Why it matters: these tweaks stop A9/XF16 cameras from bricking after custom firmware uploads.

Quick Facts

• Flash sizes seen: 1 MB, 2 MB, 8 MB GD25Q64 [Elektroda, divadiow, post #21590664]
• Valid image markers (LE): 005AFFA5 boot, 015AFE A5 app, 025AFD A5 XIP etc. [Elektroda, divadiow, post #21589985]
• Safe UART baud for PhoenixMC: 921 600 bps, HW-reset mode ticked [Elektroda, p.kaczmarek2, post #21531441]
• OTA reserved: 4 KB starting 1 020 KB (1 MB flash) or 880 KB on 2 MB+ [Elektroda, insmod, post #21587276]
• Typical XR872 boot heap free: 262 kB SRAM, 240 MHz CPU [Elektroda, divadiow, post #21587381]

Which A9 mini-cams contain the XR872/XF16 MCU?

Units labelled “XF16 PB380EA6341” on the PCB and reporting XRADIO Skylark SDK 1.2.x at boot use the XR872 core [Elektroda, divadiow, post #21219273]

Why did early OpenXR872 builds fail on 1 MB flashes?

Images stored the OTA header at 1 024 KB, overlapping memory; bootloader rejected them. Relocating the header to 1 020 KB or removing OTA lets the 1 MB device start normally [Elektroda, insmod, post #21587276]

How can I slice a stock firmware dump into its parts?

Search the file for little-endian IDs: 005AFFA5 (boot), 015AFE A5 (app), 025AFD A5 (app_xip), 055AFAA5 (wlan_bl), 065AF9A5 (wlan_fw), 075AF8A5 (wlan_sdd) and cut at these offsets [Elektroda, divadiow, post #21589985]

Best way to back-up or restore flash without soldering?

Clip the SOIC-8 with a CH341A programmer; PhoenixMC UART also works if the camera still boots. A full 1 MB read takes ≈25 s at 921 600 bps [Elektroda, p.kaczmarek2, post #21522287]

What UART command puts the XR872 in download mode?

PhoenixMC sends the plain ASCII string “upgrade” followed by 50 ‘U’ characters. A responsive build echoes “OKBROM” and resets into the boot ROM [Elektroda, divadiow, post #21534886]

Why does UART flashing stop after power-cycle?

Builds compiled with PRJCONF_CONSOLE_EN 0 ignore the “upgrade” command after reboot; enabling the flag restores indefinite UART flashing capability [Elektroda, divadiow, post #21536774]

Is HTTP OTA functional?

Yes. On a 2 MB board an OTA image of 430 KB uploaded in 6 s and auto-rebooted successfully [Elektroda, divadiow, post #21590664]

Which camera sensors are referenced in stock code?

Strings list at least 18 types, e.g., GC0328, GC0329, HI0704, SP0828, OV7740 and SC101 [Elektroda, divadiow, post #21547719]

How do I map GPIOs on the 68-pin XF16?

Refer to XR872 Port A/B/C counts (24+22+13). Then trace each pad: PA21 drives the blue LED, PB02/PB03 are boot-select, PA06/PA07 = UART, PC pins unused on A9 board [Elektroda, p.kaczmarek2, post #21575973]

Edge case: camera stuck with red LED only?

Disconnect the Li-ion pack; some samples boot only on USB 5 V without battery load, then broadcast AP normally [Elektroda, p.kaczmarek2, post #21528163]

Statistic: how much heap is left after Wi-Fi joins?

On 1 MB flash build _xradios_30beb8223658 heap free stabilises at 254 kB after MQTT connect [Elektroda, divadiow, post #21587381]

How to flash via SPI when UART is dead?

Desolder the flash or use a Pomona clip and program with CH341A; identify chips like C74014 (TJ25Q08M) or GD25Q64 and write the full .img [Elektroda, divadiow, post #21530504]

Procedure: enable PWM on PA21 for status LED

In Web UI set Pin to PWM and choose channel 1. 2. Issue pwm 21 50 to set 50 % duty. 3. Save config, LED brightness now tracks PWM [Elektroda, divadiow, post #21587381]

Failure fact: what bricks XR806 boards?

Flashing pre-1.2.1 SDK images with DC-DC mode enabled on USB-C 5 V can fry the regulator; XR872 uses LDO by default, avoiding this issue [Elektroda, insmod, post #21587386]