Beken Flash Dump Partition Info Extraction with RT-Threads Partition Tool - Development Thoughts?

divadiow 318 42

#31 21737582 31 Oct 2025 19:53

divadiow divadiow

Level 36

Topic author Helpful post? (0)

Post #31
21737582 31 Oct 2025 19:53

Code: Text
Log in, to see the code
ADVERTISEMENT
#32 21737587 31 Oct 2025 19:57

insmod insmod

Level 29
Helpful post? (0)

Post #32
21737587 31 Oct 2025 19:57

Another

Attachments:

bk7231n_bootloader_enc_crc.bin Download (62.22 KB)
ADVERTISEMENT
#33 21737592 31 Oct 2025 20:01

divadiow divadiow

Level 36

Topic author Helpful post? (0)

Post #33
21737592 31 Oct 2025 20:01

wait. what. wtf. i've added rbl to 132000 to first booting BL and it's OTAd and OBK boots.

insmod wrote:
same binary crc'ed with old encrypt and 0 0 0 0 flags.

not uascent key?

Added after 2 [minutes]:

>>21737587

Code: Text
Log in, to see the code

M_ALT does not boot btw
#34 21737596 31 Oct 2025 20:03

insmod insmod

Level 29

Helpful post? (0)

Post #34
21737596 31 Oct 2025 20:03

>>21737592
First with encrypt_n with uascent keys, then added partitions and then crc'ed it with zero keys.
OTA works because i've changed tuya keys to uascent at 0x3c, 16 bytes length in bk7231n_bootloader.bin (not encrypted one).
#35 21737601 31 Oct 2025 20:07

divadiow divadiow

Level 36

Topic author Helpful post? (0)

Post #35
21737601 31 Oct 2025 20:07

ooh ok. ok.

ah, linking to ..?
insmod wrote:
Tuya keys are at 0x48-0x57

I didn't follow that up
ADVERTISEMENT
#36 21737604 31 Oct 2025 20:10

insmod insmod

Level 29

Helpful post? (0)

Post #36
21737604 31 Oct 2025 20:10

>>21737601
Oops, i've changed it at wrong address, 0x48-0x57 is correct.
If OTA completes, does it boot?
ADVERTISEMENT
#37 21737608 31 Oct 2025 20:15

divadiow divadiow

Level 36

Topic author Helpful post? (0)

Post #37
21737608 31 Oct 2025 20:15

insmod wrote:
If OTA completes, does it boot?

yes.

with the BL from here + rbl at 12A000 =

Code: Text
Log in, to see the code
#38 21737609 31 Oct 2025 20:15

insmod insmod

Level 29
Helpful post? (0)

Post #38
21737609 31 Oct 2025 20:15

Here's a fixed one

Attachments:

bk7231n_bootloader_enc_crc.bin Download (62.22 KB)
#39 21737612 31 Oct 2025 20:17

divadiow divadiow

Level 36

Topic author Helpful post? (0)

Post #39
21737612 31 Oct 2025 20:17

insmod wrote:
Here's a fixed one

same experience

Code: Text
Log in, to see the code
#40 21737614 31 Oct 2025 20:19

insmod insmod

Level 29
Helpful post? (0)

Post #40
21737614 31 Oct 2025 20:19

Does ota work on M/zero keys?
If not, then here's enc & crc bootloader for M

Attachments:

bk7231n_bootloader_enc_crc.bin Download (62.22 KB)
Helpful post

#41 21737626 31 Oct 2025 20:41

divadiow divadiow

Level 36

Topic author Helpful post? (+1)

Helpful post
Post #41
21737626 31 Oct 2025 20:41

M_ALT does boot on zero-keys BK7231N module. OTA does work

Code: Text
Log in, to see the code

OpenBK7231M_ALT_QIO_1.18.206.bin -> OpenBK7231N_1.18.204.rbl

old-SDK M QIO does not boot still because of this: https://www.elektroda.com/rtvforum/viewtopic.php?p=21725511#21725511

PR not submitted for change yet

These are test devices btw

Uascent key = blue CB3S from Matter mini switch
Zero key = white UAM026 from Uascent bulb (yes a Uascent with zero keys)

Added after 4 [minutes]:

>>21737614

this does not boot on M

Added after 2 [minutes]:

UAM026 = BL2028N https://www.elektroda.com/rtvforum/topic4111089.html#21477454
Helpful post

#42 21737638 31 Oct 2025 20:44

insmod insmod

Level 29
Helpful post? (+1)

Helpful post
Post #42
21737638 31 Oct 2025 20:44

>>21737626
Strange, but doesn't matter then.
Attached uascent-encrypted non-crc bootloader for beken_packager.

Attachments:

bk7231n_bootloader_uascent_enc.bin Download (58.55 KB)
#43 21737644 31 Oct 2025 22:38

divadiow divadiow

Level 36

Topic author Helpful post? (0)

Post #43
21737644 31 Oct 2025 22:38

Ok cool. We'll feed that into the build for the uascent section and can finally, hopefully, release Uascent QIO in the BK7231N zip?

Added after 1 [hours] 51 [minutes]:

I'll give that a go. I should be almost there a with a branch only 10 days ago I think.

@p.kaczmarek2 partition detection is still a useful thing in itself though? This doesn't affect that adventure?

I can imagine using partition detection on backups mostly, but maybe it'd be useful for when a user reports OTA not working and they've flashed app, but not QIO, maybe to a BK7238 or a non-Tuya BK-T?
Create an account, log in here. You will receive points by participating in discussions.
Join this discussion.

Install Elektroda application

Topic summary

The discussion focuses on extracting partition offset and length information from Beken flash dumps to facilitate OpenBK* firmware conversions, particularly to ensure OTA updates function correctly by aligning bootloader expectations with fixed OTA file offsets. The main challenge involves interpreting the partition table starting with the "01PE" signature, which requires understanding little-endian byte order. The RT-Threads Partition Tool is explored as a means to edit or add partitions in a virgin bootloader binary (e.g., bootloader_bk7231n_uart2_v1.0.13.bin). Comparisons are made with the FlashDumps project, which identifies RBL (ROM Boot Loader) identifiers but does not parse the "01PE" partition table. Attempts to catalog known bootloader versions via RBL extraction have been inconclusive, highlighting the potential utility of the partition table approach for better firmware analysis and modification.
Summary generated by the language model.