@Naldarn Thanks for the right unscrambled key. Do you know what i did wrong? Using the zilch.dll I got almost the same key but did I have to run it through the routine 2 times?
So, now, since we can modify Hex file and put correct checksum in there, I think we can try to use background debugger. Here is the current config: Background debug is disabled, but it is easy to change and write back to printer. I don't have my picikt3 yet, once I have it, I will try it myself.
Do we know which pin goes to the 1-wire chip? If we know that, we should be able to remove any read or writes to that pin and no more chipped filament.
I am planning to do that and test if printer still works after that Will test it shortly. Once it's working, I'll post the packed firmware somewhere. Yes, that's the idea, but so far I don't know where it is connected so I don't know, which interface to look for. But once I can do live debugging, I'll figure it out and make the changes in the software.
On the LCD, were there any part no. or manufacturer? I'm looking into the display portion, and would help narrow the command set down if you have that info.
Can someone tell me howto get to the mainboard out the easiest way? I am doing my research on the cubepro and did buy a cube3. I can upload and download firmware without any problems now with a Chipkit3.5 I also changed some code already and trying some stuff out. (Changed some lines in eWriteCartridgeCurrentQty: idx=%i current=%i new=%i to 99) edit: Ok didnt work
Oh if you even can flash the firmware, here are the last two lines of the .hex: :102FF000FFFFFF3CD979F8FF5B0DEDFFF6FFFF7F88 :00000001FF The big line is the config registers, I enabled the debugger. Put those instead the last two ones in the .hex and flash to the PIC. You should have debugging capability with PicKit
Oh sorry, just realized you sad you have CubePro. These are from Cube 3 firmware, so they are probably different. Bu the way, can you share your experience connecting to the mainboard? What tools/software/configuration I need to have? I remember Geezer70 said that there was a problem with MEMCLR being pinned to low. What to do with it? I don't even know if I need to connect all 6 wires, complete newbie in the PIC32 in general, so help would be appreciated.
Not really. You have to talk to the chip to enable the proper switches, like material type for one, color is not critical to us, but it could be to the rest of the code. You just want to disable the write function so all chips will read 100% regardless.
mainboard: remove 2 screws and 2 feet the bottom. remove two screws from the cartridge area perpendicular to the front face. unclip the clear plastic catches in your previous post. Carefully move the front out far enough to disconnect the front panel PCB connector.
What I would suggest is to change the quantity calculation to fixed number. That way, all the functional code is the same but it never subtracts after the first write. Can you post more of this section of code?
Have torn into the firmware hex 1.14b, and most of the data from :10D0D000 to :10981000 seems to be text characters encoded in the firmware like this: I removed the checksum at the end of each line and the FF to make it easier to see.
Ok. I will post some pics of the connection, but will be tomorrow. I dont have any problems with pin out. Just connected the Chipkit cable to a header which i soldered in place. The config code for debugging is working. I can set breakpoints etc. The code of the Section is attached .
Is it on live Cube? Great! I am looking forward doing the same! ) By the way, I have slightly newer version of IDA file, or actually, I have produced some signature files from XC32 compiler, 1.21, so some of the statically compiled functions are now recognized! I can send you signatures.
@Kiza Please do so. The code is really hard to read. @Naldarn Which disassembled code do you mean? I use IDA as dissambler and Kiza is doing the job in dissambling the firmware. I then look into the routines and check where in the memory of the firmware it is and patch the code accordingly. Attached is the connection diagram for the Pickit 3.5. I did get the 3.5 Version which should be more stable in regards of power the chips. Thx Geezer70 for the Pinout. He told me how to connect the pickit.
I have IDA and could help with the dissassembling, I have been looking through the image695.hex files and can rule out several sections as data only.
Thanks so much for the info! My PicKit3 is here, so I guess I am soldering the header tomorrow! Just a few quick questions, sorry if it is stupid. Should I power the system or PicKit3 will power the chip? Should I connect Pin 6, (PGM/LVP), or it should not be connected?
I did connect pin 6. You can Power the Board from the pickit. You have to set it in the options. You can also Power the Board normaly and write the firmware without the Power Option of the pickit. I did both without issues on my cubepro. (Same Board). Will try to get the Board of the cube3 out today.
Thank you so much, will do that! Cube 3 is easy to open, there are instructions on the 1st page. I actually did not remove the rubber stands. Removed the screws in the bottom, removed the 4 screws in the sides where the cartridge is inserted. Than you'll find the clips, they are big and easy to locate. This way you will remove the front panel with LCD screen and gain the access to the mainboard, no need to do anything with the back panel.
Nope, not hinting. Just saying these were interesting, to me. That perhaps you might find them interesting also. As of now they remain as locations I have yet to explore. I, at this time, can't trace them for two reasons: I, being clumsy, separated pin 5 of the ICSP from its home on the MOBO and I can't seem to get IDA 6.6 to co-operate with me. So, until hey something going, I'm hobbled. IDA being the best dissembler, works very well with J-Link albeit frustrating to me. So, I was asking if you could help me. The comment "you're the default lead" is meant as a compliment to you.
GitHub - sergev/ejtagproxy: GDB interface utility for MIPS processors, including PIC32 Here is the GDB Server for PicKit 3, hope it helps. I'm planning to use it. So far did not solder the pin header on the motherboard.
Thanks Kiza. I'll give it a shot. IDA drives me nuts. I'll be plugging along setting code segments and such, then I accidentally click an Icon by mistake. BAMM. The window disappears, never to be found again. I have to start over. Try MPLAB IPE (IPE not IDE) to program the Pickit3. The PK3 has two modes MPLAB and Debbuger
Since I don't have a hardware debugger, I used IDA to look into the 1.07 hex file, and found these ascii labels in the code. Of particular note is the D_OW which is the 1-wire protocol. aD_ow_reset 1D05D31C aD_ow_no_reset_ 1D05D328 aD_ow_family_mi 1D05D340 aD_ow_find_null 1D05D358 aD_ow_rd_page_1 1D05D368 aD_ow_rd_page_0 1D05D37C aD_ow_ff_read 1D05D41C aD_ow_write_blo 1D05D450
