epson-reversing icon indicating copy to clipboard operation
epson-reversing copied to clipboard
verified publisher icon abrasive

hello

Open creazy2000 opened this issue 3 years ago • 3 comments

Hello,my printer wf-7620 had already flshed a chipless firmware Ver.AD21G7 ,but i have no the firmware files ,I have dumped the rom files from the motherboard with a programmer, I wonder how i can flash the rom files into another printer (2 ICs N25Q128A13E4), not with the programmer. Thanks!

creazy2000 avatar Apr 08 '22 03:04 creazy2000

Hi, I removed original response as it was inaccurate From a bindump it is possible to generate a firmware file that is updatable via the epson update tool.

As for if this contains the information to make the printer chipless... I do not know because there is other data in the bindump that is not part of the firmware update.

As for the author of the repository, it's been 2 years since the author published these tools and I suspect he has moved onto other projects. i'm curious if he came up with any further insights.

peterb1234 avatar Apr 14 '22 12:04 peterb1234

Am still wondering whether it is possible to run the firmware that has been activated with a code in another printer

Morrisohbig avatar Jan 19 '23 18:01 Morrisohbig

Am still wondering whether it is possible to run the firmware that has been activated with a code in another printer

If printers share compatible firmware (e.g. 2 of the same printer model) then the probably is that "yes it is possible".

Whatever activates the "chipless mode" is likely persisted on the on the NOR IC's somewhere.

It requires taking a bindump of NOR Flash chips of the mainboard with a programmer. (easiest way is usually de-soldering the IC's)

The bindump's contain:

  • The unmodified SEG's e.g. running rcx_unpack on a downloaded firmware file will generate the exact same "SEG" .

Note: depending on number for NOR chips, the following sections are only contained on only one of the bindumps... always after the "SEG"

  • next contains the jffs2 fileystem that is created on printers initial power on. This store things like network configuration.
  • next contains several sections of Data. It contains several copies of the serial number and other information. i do not know the exact information stored here. I assume it uses the section to persist information about the printer. e.g. print statistics

What this means:

  • If you write the unmodified bindump to the IC's of the new printer, it will have the same serial number of the original printer and should be chipless.
  • You can extract the SEG sections from the bindumps and recreate a file installable by the epson firmware updater. ( I have successfully done this)
  • To make the printer chipless, i do not know what part of flash the "activation code" make modifications to. It might modify something in one of the mystery sections at the end of the bindump?... or it might modify something in the SEG sections delivered in a firmware update, it's the sort of thing that would need analysis.

Note: for modern printers ( unlike the XP-240 on this git page) :

  • The bootloader is already on the NOR chip and is no longer distributed as part of the firmware update
  • This means the beginning SEG's on one of the bindump's is offset at the beginning .

Alternatives IF you do not want to solder IC's, the only approach i can think of is to work out what the activation does by capturing the usb traffic. In practice this will be much much more challenging. You would then need to use the capture to write your own IEEE 1284.4 client in hope to activate any printer of same model that has their hacked firmware.

Final notes If you do proceed, if i can get a copy of the bindumps from the printer made chipless, i'm happy to compare it's SEG's against the originals. If they have been modified (presumably by activation), I can generate a file compatible with the epson firmware update which should make printers chipless.

peterb1234 avatar Jan 23 '23 03:01 peterb1234