How to compile and run custom firmware for ALI M3801 and other chips from tuners?

p.kaczmarek2 1944 31

ADVERTISEMENT

1
2

Treść została przetłumaczona

»

Zobacz oryginalną wersję tematu

Report a violation of the law

Reply Cool? Ranking DIY | New topic

Notify about new articles

Follow us

📢 Listen (AI):

#31 21803405 09 Jan 2026 00:39

p.kaczmarek2 p.kaczmarek2

Moderator Smart Home

» | Topic author Helpful post? (0)

Post #31
21803405 09 Jan 2026 00:39

And isn't it enough to give a header like in my iterate.cpp? CRC we can already count. I'm talking about the maincode partition. I need to check with mips decompiler if there are normally commands after this header.

I am creating multiplatform open source firmware (Tasmota replacement), right now supporting BK7231T, BK7231N, XR809, BL602, W800, W600, LN882H and soon supporting RTL and W701:
https://github.com/openshwprojects/OpenBK7231T
If you like my work, support me at: https://paypal.me/openshwprojects

Helpful post? Buy me a coffee.
ADVERTISEMENT
#32 21803726 09 Jan 2026 14:05

maciej_333 maciej_333

Level 38

» | Helpful post? (0)

Post #32
21803726 09 Jan 2026 14:05

One would still need to know where to RAM the bootloader loads the application from these partitions in flash. As if knowing this would be enough in the SDK to change the address where the code is and maybe just add the appropriate header. CRC actually we already know how to count. The application is not compressed?
Create an account, log in here. You will receive points by participating in discussions.
Join this discussion.

Install Elektroda application

Reply Cool? Ranking DIY | New topic

Notify about new articles

Follow us

📢 Listen (AI):

Report a violation of the law

1
2

FAQ

TL;DR: DIY firmware on ALI M3801 (MIPS) now boots a UART "Hello World" and scans up to 159 GPIOs; “The ALI M3801 is based on the MIPS architecture.” [Elektroda, p.kaczmarek2, post #21774649]

Why it matters: This helps you revive old DVB tuners, learn low-level MIPS, and prototype custom I/O without buying new boards.

For: hardware hackers, reverse‑engineers, and tuner modders who ask “how do I compile, flash, and talk to ALI M3801?”

Quick Facts

- CPU/SoC: ALI M3801; minimal bare‑metal demo built from scratch, not a full Linux SDK. [Elektroda, p.kaczmarek2, post #21774649]
- UART bases seen in code: 0xb8018300 and 0xb8001600; UART prints OK, RX initially problematic. [Elektroda, p.kaczmarek2, post #21774649]
- GPIO count observed: up to index 159, scanned via port registers; live button reads confirmed. [Elektroda, p.kaczmarek2, post #21774649]
- Build environment: Ubuntu + crosstool‑NG toolchain; Cygwin/WSL failed; GCC build took "over half an hour." [Elektroda, p.kaczmarek2, post #21774649]
- SPI flashing: CH341 programmer with NeoProgrammer; SOIC clip couldn’t detect memory. [Elektroda, p.kaczmarek2, post #21774649]

What chips does this walkthrough target?

It focuses on ALI M3801 from a Comsat TE 1050 HD tuner and references similar ALI M36xx register maps found via public code. The shared demo is a minimalist, bare‑metal project intended to be extended (GPIO, UART, interrupts). It is not a full vendor SDK. [Elektroda, p.kaczmarek2, post #21774649]

How do I compile and run the Hello World on ALI M3801?

Use Ubuntu, build a MIPS toolchain with crosstool‑NG, compile the ali_sdk demo, then flash the image via CH341. Finally, connect UART to see the kprintf output and command loop. 1) Build toolchain; 2) make the demo; 3) flash and open UART. “Main function” prints on boot. [Elektroda, p.kaczmarek2, post #21774649]

Why did the toolchain fail on Cygwin or WSL?

The author reports builds failed on Cygwin and WSL, while the same sources compiled successfully on Ubuntu after generating the cross‑compiler. Expect platform quirks in POSIX tooling and long GCC builds. Use native Ubuntu for reliability. [Elektroda, p.kaczmarek2, post #21774649]

Which UART addresses and settings should I start with?

Code and searches point to UART registers at 0xb8018300 and 0xb8001600. Initial UART TX worked, but RX misbehaved until parity settings were changed. Begin with no parity, then test framing. Keep a terminal ready to confirm prints. [Elektroda, p.kaczmarek2, post #21774649]

My CH341 adapter won’t receive data—how do I fix UART RX?

Observed behavior: CH341 mishandled even parity on TX towards the device; disabling parity improved results. The device’s TX to CH341 still appeared correct, which can mislead debugging. Quote: “It is immediately much better.” Validate with a logic analyzer if issues persist. [Elektroda, p.kaczmarek2, post #21774649]

How many GPIOs can I read, and what’s the quick way to scan them?

The demo scans indexed GPIOs up to 159 via port control registers, printing live changes. Use input direction on all pins, sample, and compress eight bits per byte for fast display. This enables identifying front‑panel buttons quickly. [Elektroda, p.kaczmarek2, post #21774649]

Why did my GPIO change‑detector hang at boot?

A large per‑pin integer array on the stack prevented progress (UART showed only “Booting.... M”). Switching to a bit‑packed state array resolved it. Edge case: stack size limits can break early boot loops. [Elektroda, p.kaczmarek2, post #21774649]

How do I read the ALI chip ID on this platform?

Read from ALI_SOC_BASE (0xb8000000), then shift right by 16. The author’s board returned 0x3811, likely an internal revision of M3801. This direct read avoids remapping to vendor enums. [Elektroda, p.kaczmarek2, post #21774649]

What’s the plan for reliable UART I/O?

Move from blocking reads to an interrupt‑driven UART with an ISR that updates a volatile flag or buffer. Then implement a simple menu to tweak registers quickly. Lack of full docs means experimenting with known IRQ code paths. [Elektroda, p.kaczmarek2, post #21774649]

What hardware and software were used to flash the firmware?

A CH341 programmer with NeoProgrammer was used; a test clip failed to detect flash memory, so a direct connection was used. Confirm TX, RX, 5V, and GND pins before flashing to avoid miswiring. [Elektroda, p.kaczmarek2, post #21774649]

Is hacking an old ALI tuner worth it versus buying a new module?

If you want speed and support, a tiny RV1103 class module costs about £25 and has better resources. If you want learning and reuse, hacking the tuner is rewarding but time‑intensive. [Elektroda, piotr_go, post #21774740]

Where can I find a low‑cost alternative board example?

One user bought a Luckfox Pico Pro Max (RV1106) for 45 zł and noted homepage multirabates listing Pico Mini A at £24. Prices fluctuate, but deals exist on vendor homepages. [Elektroda, piotr_go, post #21774999]

What is MIPS in this context?

MIPS refers to the CPU architecture used by the ALI M3801. You compile a MIPS cross‑toolchain and build bare‑metal code that runs directly on the SoC’s cores without Linux. [Elektroda, p.kaczmarek2, post #21774649]

How do I quickly verify front‑panel buttons over GPIO?

Initialize every GPIO as input, then loop and pack eight pins into one byte for printing. A bit change indicates a button event. Statistic: the scanner covered up to 159 indices on the author’s unit. [Elektroda, p.kaczmarek2, post #21774649]

Why can’t I see the main power button as a GPIO?

The demo detected several buttons, but not the primary on/off key. That switch can be on a different controller path or latched circuit rather than a simple GPIO. Treat it as an outlier. [Elektroda, p.kaczmarek2, post #21774649]

Any minimal 3‑step build-and‑flash recipe I can copy?

On Ubuntu, build a MIPS toolchain with crosstool‑NG and compile the ali_sdk demo.
Flash the image via CH341 using NeoProgrammer; verify wiring.
Open UART, disable parity, and confirm "Main function" prints. “Only on Ubuntu did it work.” [Elektroda, p.kaczmarek2, post #21774649]

ADVERTISEMENT