Good lucky with that.EA5JAQ wrote: ↑Wed Oct 19, 2022 9:13 amHi all!
I was checking out an MCU ROM backup I took from my DM-1801 and I noticed that between the bootloader and the start of the firmware (aka, between 0x3800 and 0x3FF0) there is an additional section. But I just saw that the bootloader for the GD77 and GD77S ends at 0x3FF0 and immediately after, at 0x4000, the actual firmware starts (at least in the patched bootloaders I could find).
I assume this are the signature bytes that for the GD77 are at 0x7F800, right?
To run OpenGD77 in my Retevis RT50, my plan now is just to manually add the compiled firmware (i'll have to change in the code where every button is connected) after the GD77S bootloader, manually substitute both codec sections with the ones I extracted from my DM-1801 MCU ROM backup, fill with 0xFF until the end (0x7FFFF) and SWD it to the radio. I'll never be able to put my radio into DFU mode (as SK1 and SK2 are not connected to the same place) but at least I'll run OpenGD77 on it!! (or I'll try to and brick the radio in the process ) So, if I use the patched bootloader and do this, I won't have problems with the signature bytes?
Another doubt I have, I found in my computer old flash and eeprom backups for the GD77. Do those work for the GD77S or does it use a different system?
I originally patched the official firmware using Ghidra, but found that patching in assembler was very time consuming an difficult.
All these radios have signature bytes, but they are in all different locations.