OpenGD77

Look at Ghirda

https://ghidra-sre.org/

Its the main reverse engineering tool I use.

However you'd also need to decrypt the version of the baofeng firmware you want to use, and I think the developer who may have initially written tools to do this, as now withdrawn his tools for legal reasons.
However you may still find the tools on the internet somewhere

thanks, i'm looking at the site

I have now come to the point of getting a changed 2.1.9 on my device (until now, unfortunately, only in china language

the spanish have probably managed to decipher an original version and change it

device starts normally but unfortunately only in china language a shame there is probably no English as a language

first class that the version goes without low bt version error

the orginal spain page :

http://foros.radiogalena.es/showthread.php?tid=395

it is best to use a translator for reading

the firmware that was changed is probably about a memory extension for Baofeng DM-860 (BF-1801) WOW

I'm sorry for the question:

What's the difference between "Flash.bin" and "Flash_Lower_64k.bin"?

Thank you very much!

73 de Clovis- PY3OG

Flash_Lower_64k.bin does not contain your calibration data. See details here: https://www.opengd77.com/viewtopic.php?f=13&t=999

Hello!

I have a question that I have not been able to resolve, probably , due to my difficulties with the language: Understood how to do "partial flash memory restore (64k low memory) " However, I would like to know how to "partially backup" this flash memory. By CPS of Open GD77, I only see option for full backup.
Please, sorry for any inconvenience.
Thanks!

Clovis.

py3og wrote: ↑

Tue Oct 12, 2021 8:24 pm

Hello!

I have a question that I have not been able to resolve, probably , due to my difficulties with the language: Understood how to do "partial flash memory restore (64k low memory) " However, I would like to know how to "partially backup" this flash memory. By CPS of Open GD77, I only see option for full backup.
Please, sorry for any inconvenience.
Thanks!

Clovis.

There is no need for a partial backup function, because you can process a full backup using another program e.g. a hex editor like HxD (on Windows) to crop / cut / copy paste which ever part of the full backup you wany to use.

Got it... It remains to be seen which part to exclude, referring to the calibration data. Thank you very much! 73, Clovis -PY3OG

py3og wrote: ↑

Tue Oct 12, 2021 8:43 pm

Got it... It remains to be seen which part to exclude, referring to the calibration data. Thank you very much! 73, Clovis -PY3OG

Why do you need part of the flash backup ?

I'm trying to learn all steps for original fw recovery, in case I haven't done the recommended backup. At the moment I use Open DM-1801 which is excellent. But, it never hurts to have this information.

Once again, thank you very much.

73, Clovis-PY3OG

py3og wrote: ↑

Tue Oct 12, 2021 9:08 pm

I'm trying to learn all steps for original fw recovery, in case I haven't done the recommended backup. At the moment I use Open DM-1801 which is excellent. But, it never hurts to have this information.

Once again, thank you very much.

73, Clovis-PY3OG

Just do a full backup.

The partial restore is only for special problems. Its normally not used.


BTW.

We never backup the original firmware from inside the radio. This is not possible because the official firmware does not have a feature to backup the MCU ROM.

The reason we added a method to backup the MCU ROM is because there is some 'protection' data at the top of the ROM which is checked by the official firmware, and if its missing the firmware will not run.
There is also some 'protection' data which is checked by the bootloader, and if it is missing the bootloader will not allow any new firmware to be loaded.

However in both these cases the old way to recover the radio is to attach a hardware programmer dongle, like a JLinkEdu to the PCB of the radio, and restore the MCU backup file, created by the OpenGD77 firmware and CPS.

I also made modified versions of the bootloader(s) which does not check the protection data. These bootloader(s) are installed via programmer , dongle, and allow firmware to be loaded even if the protection bytes are erased.
However I do not make versions of the official firmware which work without the protection data bytes