Bus Pirate script to recover bricked radio

[koolatron]

Hi guys,

I posted about this over at http://forum.bitcraze.se/viewtopic.php? ... t=10#p2010, but figured I'd make a topic just for this in case there's anyone in need who's missed it. I've knocked together a perl script to reflash a busted crazyradio over SPI using a Bus Pirate. This saved me from a firmware upgrade gone bad.

I'll put together some more coherent documentation in a bit, but at the moment I have a crazyflie to pilot...

https://github.com/koolatron/buspirate_nrf24lu1p

Couple of caveats:
- Tested only on OS X. Should work on Linux without modification, and Windows with very minor changes to use the windows serial module.
- It's very slow (~5 minutes to flash the entire .bin file). I deemed this acceptable as this script is for emergency recovery only. I can make it faster if necessary.

Prerequisites:
- A Bus Pirate (you should know where to get one of these, if you don't already have one).
- perl and either Device::SerialPort (*nix) or Win32::SerialPort (Windows)
- Some jumper wires to connect the SPI lines on the radio to the ones on the Bus Pirate.

Instructions:
- Solder a 2x5 pin header onto the programming port of the crazyradio. There's an unpopulated footprint already there for you.
- Connect the crazyradio to your Bus Pirate using the table in the script. Also in the readme when I get around to sticking it on github.
- Run the script: perl ./flasher.pl -input ./cradio-0.51.bin -device [serial device]
- Wait till you see lots of hex addresses crawling up your screen. Your device is programming.
- Go make a sandwich or have a beer (or both).

[smiler]

Awesome work!

[foosel]

Wonderful, and I just ordered a Bus Pirate actually

[tobias]

Great work! Arnaud is working on a Arduino setup to do this as well.

[marcus]

Nice work!! I've pasted the instructions and link into the wiki for the Crazyradio as well. If you want to do some documentation there or change anything just drop me a mail or PM and I'll add a user for you.

/Marcus

[arnaud]

Thank you for this script, this is very useful! I will test it right away.

Actually I discovered that writing "0x02 0x78 0x00" at the beginning of the flash is enough to unbrick the Crazyradio (it forces it to jump to the USB bootloader), this could solve the speed issue. To generate this 'jump bootloader' firmware run in a console (on linux and OSX):

Code: Select all

echo -ne "\x02\x78\x00" > jmpBootloader.bin

[Everdoubtful]

Hi all, i got question how to make alive bootloader in crazyradio after "unbricking" it.
what i did:
1) perl ./flasher.pl -input ./cradio-0.52.bin -device "/dev/ttyUSB0"
ok, it is flashed(takes about 10 min), and works ok as usual.
2) python usbtools/launchBootloader.py
Trying enter bootloader - not working: it searches few minutes and
then says: error, can't find bootloader.(or something similar)
3) echo -ne "\x02\x78\x00" > jmpBootloader.bin
i made this file for jumping to bootloader as far as i understood
4) perl ./flasher.pl -input jmpBootloader.bin -device "/dev/ttyUSB0"
Entering raw bitbang mode...
Entering binary SPI mode...
Configuring peripherals..
Configuring SPI...
Enabling programming...
Reading status byte...
Status: 20
Erasing chip...
Enabling programming...
Reading status byte...
Status: 20
Programming device...
0000 : 0278
0002 : 00
Unable to set status. at ./flasher.pl line 344, <INPUT> chunk 2.

I flashed these 3 bytes
5) python usbtools/launchBootloader.py
i tryed run again bootloader and it outs:
Error!, cannot find the CrazyRadio USB dongle!

Guys, question is how to make run bootloader again, as earlier?

[arnaud]

Hi Everdoubtful,

Apparently the script has erased the entire chip including the nrf usb bootloader, which is bad.

To get the radio to work again flash the normal firmware, the latest version can be download from there https://bitbucket.org/bitcraze/crazyrad ... /downloads
Otherwise for a more permanent solution I uploaded a bin version of the bootloader there http://files1.bitcraze.se/dl/boot24lu1p-f32.bin. Until the perl script is fixed this is 32K so it will take some time to flash.

I don't have access to a buspirate right now but I will look at it tomorrow to fix the script.

/Arnaud

[koolatron]

Yes, the script I wrote executes ERASE_ALL so it is intended only to flash images that contain a copy of the bootloader. It was never intended to take a truncated “jump to bootloader” bin.