ATC_MiThermometer
ATC_MiThermometer copied to clipboard
pvvx
Wrong firmware - Bricked or not bricked?
Hi, I have just used TelinkMiFlasher on my LYWSD03MMC (ver 1.4), flashing it with MHO_C401_v34c.bin. Devices display is dead - shows nothing, advertising on my ESP32 and TelinkMiFlasher (mobile chrome ) no longer see it.
Is there a way to flash it back or is it in silicone heaven now?
Will answer myself - How to flash the custom firmware or unbrick the device.
What if third person decides to brick these sensors with Telink flasher? Is there a protection from this "attack"?
@mdarii Hi. You mean with new firmware or is it possible with original one?
@bolovanos not sure what you mean by new, but I think Xiaomi original firmaware also allow using of pincode, custom firmware also supports it
@bolovanos there is no need to write me a private email about this problem :)
You can ask it here
@mdarii New - custom firmware. Not sure if I saw that option in TelinkFlasher. Btw - does it mean that these sensors are prone to this "attack" when used directly?
@atc1441 Right - sry :)
- What torx screwdriver is used on LYWSD03MMC? The one I have T06 is a bit wider.
-
Wiring you use tx/rx - is wire connection from P10 the way it is on this scheme(taken from pvvx page) ?
@bolovanos For a PC, there is a firmware option via a USB-COM adapter in the Chrome explorer. https://github.com/pvvx/ATC_MiThermometer#the-usb-com-adapter-writes-the-firmware-in-explorer-web-version https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html Only the TX adapter output and SWS pin SoC TLSR825x are used.
The pin-code only works on custom firmware. If the pin-code is forgotten, then only the erasure of the entire flash drive with a hardware connection...
Hey guys!
I did tried to flash the firmware using the python script but the device is still bricked 😢
Here you can see that it is supposed to be working and flashed with newest but in reality nothing is happening which is really sad for me.
yeyeto2788@juan-thinkbook:~/Downloads$ python3 ATCtelink.py ./ATC_V34d.bin
=======================================================
TLSR825x Flasher, modified from ComSwireReader Utility version 00.00.01
-------------------------------------------------------
Open /dev/ttyUSB0, 921600 baud...
UART-SWS 92160 baud. SW-CLK ~23.5 MHz(?)
Erasing flash ...
Started writing 0xf8a4 bytes
Writing at 0x0 (0%)
Writing at 0x100 (0%)
Writing at 0x200 (0%)
Writing at 0x300 (1%)
Writing at 0x400 (1%)
Writing at 0x500 (2%)
Writing at 0x600 (2%)
Writing at 0x700 (2%)
Writing at 0x800 (3%)
Writing at 0x900 (3%)
Writing at 0xa00 (4%)
Writing at 0xb00 (4%)
Writing at 0xc00 (4%)
Writing at 0xd00 (5%)
Writing at 0xe00 (5%)
Writing at 0xf00 (6%)
Writing at 0x1000 (6%)
Writing at 0x1100 (6%)
Writing at 0x1200 (7%)
Writing at 0x1300 (7%)
Writing at 0x1400 (8%)
Writing at 0x1500 (8%)
Writing at 0x1600 (8%)
Writing at 0x1700 (9%)
Writing at 0x1800 (9%)
Writing at 0x1900 (10%)
Writing at 0x1a00 (10%)
Writing at 0x1b00 (10%)
Writing at 0x1c00 (11%)
Writing at 0x1d00 (11%)
Writing at 0x1e00 (12%)
Writing at 0x1f00 (12%)
Writing at 0x2000 (12%)
Writing at 0x2100 (13%)
Writing at 0x2200 (13%)
Writing at 0x2300 (14%)
Writing at 0x2400 (14%)
Writing at 0x2500 (14%)
Writing at 0x2600 (15%)
Writing at 0x2700 (15%)
Writing at 0x2800 (16%)
Writing at 0x2900 (16%)
Writing at 0x2a00 (16%)
Writing at 0x2b00 (17%)
Writing at 0x2c00 (17%)
Writing at 0x2d00 (18%)
Writing at 0x2e00 (18%)
Writing at 0x2f00 (18%)
Writing at 0x3000 (19%)
Writing at 0x3100 (19%)
Writing at 0x3200 (20%)
Writing at 0x3300 (20%)
Writing at 0x3400 (20%)
Writing at 0x3500 (21%)
Writing at 0x3600 (21%)
Writing at 0x3700 (22%)
Writing at 0x3800 (22%)
Writing at 0x3900 (22%)
Writing at 0x3a00 (23%)
Writing at 0x3b00 (23%)
Writing at 0x3c00 (24%)
Writing at 0x3d00 (24%)
Writing at 0x3e00 (24%)
Writing at 0x3f00 (25%)
Writing at 0x4000 (25%)
Writing at 0x4100 (26%)
Writing at 0x4200 (26%)
Writing at 0x4300 (26%)
Writing at 0x4400 (27%)
Writing at 0x4500 (27%)
Writing at 0x4600 (28%)
Writing at 0x4700 (28%)
Writing at 0x4800 (28%)
Writing at 0x4900 (29%)
Writing at 0x4a00 (29%)
Writing at 0x4b00 (30%)
Writing at 0x4c00 (30%)
Writing at 0x4d00 (30%)
Writing at 0x4e00 (31%)
Writing at 0x4f00 (31%)
Writing at 0x5000 (32%)
Writing at 0x5100 (32%)
Writing at 0x5200 (32%)
Writing at 0x5300 (33%)
Writing at 0x5400 (33%)
Writing at 0x5500 (34%)
Writing at 0x5600 (34%)
Writing at 0x5700 (34%)
Writing at 0x5800 (35%)
Writing at 0x5900 (35%)
Writing at 0x5a00 (36%)
Writing at 0x5b00 (36%)
Writing at 0x5c00 (37%)
Writing at 0x5d00 (37%)
Writing at 0x5e00 (37%)
Writing at 0x5f00 (38%)
Writing at 0x6000 (38%)
Writing at 0x6100 (39%)
Writing at 0x6200 (39%)
Writing at 0x6300 (39%)
Writing at 0x6400 (40%)
Writing at 0x6500 (40%)
Writing at 0x6600 (41%)
Writing at 0x6700 (41%)
Writing at 0x6800 (41%)
Writing at 0x6900 (42%)
Writing at 0x6a00 (42%)
Writing at 0x6b00 (43%)
Writing at 0x6c00 (43%)
Writing at 0x6d00 (43%)
Writing at 0x6e00 (44%)
Writing at 0x6f00 (44%)
Writing at 0x7000 (45%)
Writing at 0x7100 (45%)
Writing at 0x7200 (45%)
Writing at 0x7300 (46%)
Writing at 0x7400 (46%)
Writing at 0x7500 (47%)
Writing at 0x7600 (47%)
Writing at 0x7700 (47%)
Writing at 0x7800 (48%)
Writing at 0x7900 (48%)
Writing at 0x7a00 (49%)
Writing at 0x7b00 (49%)
Writing at 0x7c00 (49%)
Writing at 0x7d00 (50%)
Writing at 0x7e00 (50%)
Writing at 0x7f00 (51%)
Writing at 0x8000 (51%)
Writing at 0x8100 (51%)
Writing at 0x8200 (52%)
Writing at 0x8300 (52%)
Writing at 0x8400 (53%)
Writing at 0x8500 (53%)
Writing at 0x8600 (53%)
Writing at 0x8700 (54%)
Writing at 0x8800 (54%)
Writing at 0x8900 (55%)
Writing at 0x8a00 (55%)
Writing at 0x8b00 (55%)
Writing at 0x8c00 (56%)
Writing at 0x8d00 (56%)
Writing at 0x8e00 (57%)
Writing at 0x8f00 (57%)
Writing at 0x9000 (57%)
Writing at 0x9100 (58%)
Writing at 0x9200 (58%)
Writing at 0x9300 (59%)
Writing at 0x9400 (59%)
Writing at 0x9500 (59%)
Writing at 0x9600 (60%)
Writing at 0x9700 (60%)
Writing at 0x9800 (61%)
Writing at 0x9900 (61%)
Writing at 0x9a00 (61%)
Writing at 0x9b00 (62%)
Writing at 0x9c00 (62%)
Writing at 0x9d00 (63%)
Writing at 0x9e00 (63%)
Writing at 0x9f00 (63%)
Writing at 0xa000 (64%)
Writing at 0xa100 (64%)
Writing at 0xa200 (65%)
Writing at 0xa300 (65%)
Writing at 0xa400 (65%)
Writing at 0xa500 (66%)
Writing at 0xa600 (66%)
Writing at 0xa700 (67%)
Writing at 0xa800 (67%)
Writing at 0xa900 (67%)
Writing at 0xaa00 (68%)
Writing at 0xab00 (68%)
Writing at 0xac00 (69%)
Writing at 0xad00 (69%)
Writing at 0xae00 (69%)
Writing at 0xaf00 (70%)
Writing at 0xb000 (70%)
Writing at 0xb100 (71%)
Writing at 0xb200 (71%)
Writing at 0xb300 (71%)
Writing at 0xb400 (72%)
Writing at 0xb500 (72%)
Writing at 0xb600 (73%)
Writing at 0xb700 (73%)
Writing at 0xb800 (74%)
Writing at 0xb900 (74%)
Writing at 0xba00 (74%)
Writing at 0xbb00 (75%)
Writing at 0xbc00 (75%)
Writing at 0xbd00 (76%)
Writing at 0xbe00 (76%)
Writing at 0xbf00 (76%)
Writing at 0xc000 (77%)
Writing at 0xc100 (77%)
Writing at 0xc200 (78%)
Writing at 0xc300 (78%)
Writing at 0xc400 (78%)
Writing at 0xc500 (79%)
Writing at 0xc600 (79%)
Writing at 0xc700 (80%)
Writing at 0xc800 (80%)
Writing at 0xc900 (80%)
Writing at 0xca00 (81%)
Writing at 0xcb00 (81%)
Writing at 0xcc00 (82%)
Writing at 0xcd00 (82%)
Writing at 0xce00 (82%)
Writing at 0xcf00 (83%)
Writing at 0xd000 (83%)
Writing at 0xd100 (84%)
Writing at 0xd200 (84%)
Writing at 0xd300 (84%)
Writing at 0xd400 (85%)
Writing at 0xd500 (85%)
Writing at 0xd600 (86%)
Writing at 0xd700 (86%)
Writing at 0xd800 (86%)
Writing at 0xd900 (87%)
Writing at 0xda00 (87%)
Writing at 0xdb00 (88%)
Writing at 0xdc00 (88%)
Writing at 0xdd00 (88%)
Writing at 0xde00 (89%)
Writing at 0xdf00 (89%)
Writing at 0xe000 (90%)
Writing at 0xe100 (90%)
Writing at 0xe200 (90%)
Writing at 0xe300 (91%)
Writing at 0xe400 (91%)
Writing at 0xe500 (92%)
Writing at 0xe600 (92%)
Writing at 0xe700 (92%)
Writing at 0xe800 (93%)
Writing at 0xe900 (93%)
Writing at 0xea00 (94%)
Writing at 0xeb00 (94%)
Writing at 0xec00 (94%)
Writing at 0xed00 (95%)
Writing at 0xee00 (95%)
Writing at 0xef00 (96%)
Writing at 0xf000 (96%)
Writing at 0xf100 (96%)
Writing at 0xf200 (97%)
Writing at 0xf300 (97%)
Writing at 0xf400 (98%)
Writing at 0xf500 (98%)
Writing at 0xf600 (98%)
Writing at 0xf700 (99%)
Writing at 0xf800 (99%)
Done, resetting CPU
Even plugging and unplugging the device does not work. Any way to fix that?
BTW, I flashed by mistake the MHO_C401_v34c.bin due to the fact that yesterday there was a new change introduced on the HTML and it couldn't retrieve the V34c for the LYWSD03MMC
Please try flashing it a few times and or try a different usb uart converter
Got it! Thanks for the reply @atc1441 Should I also try flashing the stock firmware?
Reset is wrong if i remember right. Thats just a gpio. But i could be wrong its put of my head.
@atc1441 then that would mean that I would need to unplug and replug the USB-Serial converter in order to hard reset the device or is it needed for something else?
What probes are you using with these needle pins ?
@bolovanos this are the connections I used
I hope it helps you.
What probes are you using with these needle pins ?
@bolovanos this are the connections I used
I hope it helps you.
Those are regular sewing needles (cut with pliers) with wrapping wires I'm too cheap to buy specialized tools. The rig is 3D printed BTW
What probes are you using with these needle pins ?
@bolovanos this are the connections I used
I hope it helps you.
Those are regular sewing needles (cut with pliers) with wrapping wires I'm too cheap to buy specialized tools. The rig is 3D printed BTW
@yeyeto2788 could you share sources for the rig? looks very useful when required to connect without soldering
@mdarii here you have. They work like a charm and I haven't even print all of the pieces.
@yeyeto2788 thank you
@evildad > FTDI USB to serial converter
I bet most 3.3v USB to serial converter would work. Even a CH340
FTDI is not suitable for Telink S-Wire emulation... CH430, CH340c, Prolific PL-2303HX, ...
Finally I have needed components / tools.
@pvvx "For a PC, there is a firmware option via a USB-COM adapter in the Chrome explorer. ..."
- I am a bit lost in schematics. For browser flashing - Can I use version B of my schematics, or C mentioned by you in your link (The USB-COM adapter writes the firmware in explorer. Web version. "Connect only TX-SWS and GND wires."
- Version A is suitable for TlsrComSwireWriter or for ATCtelink.py by @atc1441 - right?
- That Reset is not needed in my case?
@yeyeto2788
- Thank you - that RST is a bit confusing - place where to connect on ATC is somehow "clear" see ^ - but from your picture is not clear whether you use that pull up resistor and how you work with that reset (which seems to be not needed). Btw nice rig - I thought to ask you for source, but I noticed texture of 3D printer which I do not have. :)
@atc1441 "Lift up the battery + pin shortly :)" You mean that one and only p14 pin? :)
A, B and C are fine. In some cases, either a reset signal or a power on is required. These signals are taken from the adapter's DTR or RTS pins. The controller reset signal is not output to the test point. It is possible to use the output of the capacitor connected to leg 18 "RESETB" TLSR8251F512ET24. It is possible to short-circuit "RESETB" to GND manually, while "ATime" is working - activate the time
In the case of power switching, this is done:
- Manually, while "ATime" is running - activate time
- Through the key from the DTR or RTS adapter.
Such cases arise if the controller is frozen or in sleep mode, Telink protection from firmware is enabled :)
The most difficult case is when the controller at the start immediately switches to deep sleep mode and turns on protection - reassigning the "SWS" output function. Then you need to use the "RESETB" pin. In this mode, the controller has enough power from any output, in this case from the connected TX from the adapter ...
Better to use a hard programmer ... https://github.com/pvvx/TLSRPGM https://github.com/pvvx/TlsrTools825x