-
-
Save losnir/78fae7e6cbb8cebf952bac8139beb258 to your computer and use it in GitHub Desktop.
| 0x00004e1e movw r2, #0xc977 | |
| 0x00004e26 movw r1, #0xc977 | |
| 0x00004e3e movw r2, #0xc977 | |
| 0x00004e46 movw r1, #0xc977 | |
| 0x00004e5c movw r3, #0xc977 |
| void sub_4dec(int arg0, int arg1, int arg2) { | |
| r2 = arg2; | |
| r12 = *(int8_t *)0x20000610; | |
| r7 = 0x20000610; | |
| asm { ldrd r4, r3, [r7, #0x8] }; | |
| r7 = *(r7 + 0x4); | |
| if (r12 >= 0x7) goto loc_4e70; | |
| loc_4e06: | |
| goto *0x4e0a[r2]; | |
| loc_4e70: | |
| asm { strd r1, r2, [r0] }; | |
| return; | |
| loc_4e12: | |
| r2 = SAR(0xc977 * (sign_extend_32(*0x4001243c) - r4), 0xa); | |
| goto loc_4e70; | |
| loc_4e54: | |
| r2 = *0x4001283c; | |
| r2 = SAR(0xc977 * (sign_extend_32(r2) - r4), 0xa); | |
| goto loc_4e70; | |
| } |
The patched version of the flash tool already includes a number of bin files but gives no way to actually use the firmware customized on that website - or am I missing something? I've tried to re-package the app with replaced bin files but the flashing fails at 99% :-) Any ideas?
UPDATE: used the wrong app - see BotoX/xiaomi-m365-firmware-patcher#3
@losnir do you have starting point / rom size for the firmware files to load in IDA/hopper, cheers.
Hi, does anyone have more information on how to decompile the firmware binary files? I know it has the Cortex-m3 processor which uses the armv7 architecture.
Anyone got update on this?
I would like to access the assembler code itself to be able to adjust it on my own and from that create a .bin legit file which I can load into the m365.
@DamnStr4ight go here https://m365.botox.bz and select your scooter fw version (i guess it's 1.3.8). Select Patch to Maximum speeds and enter your desired values and at bottom you will see Patch button this will create you custom FW, and you can flash it with modified flasher, also available at that website.