Announcement

Collapse
No announcement yet.

Is it possible to recover a gamepad's firmware after accidentally erasing it?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Is it possible to recover a gamepad's firmware after accidentally erasing it?

    Hi, there!

    I bricked a GameSir T1s (product page) gamepad while reverse engineering it by issuing random commands though Bluetooth LE. I have most likely accidentally erased or overwritten the firmware. Could I possibly recover it? (photos)

    What I know, currently:
    • It doesn't turn on. Only two LEDs light up while holding the HOME button. Also won't connect through neither the wireless dongle nor Bluetooth.
    • Connecting though USB is useless. The same two LEDs light up, but that's it. No USB connection is made (I made sure by watching kernel logs)
    • There is a firmware update available for another older model. Could be compatible, as my gamepad misreports itself as that other model when in BLE. I could also try asking GameSir support for the original firmware binary, but I wouldn't count on that.
    • Disconnecting and reconnecting the battery didn't solve it.
    • There are a few labeled connections in the back of the PCB. May be some sort of serial connection. These are probably the only hope at restoring the firmware.
    • The MCU is a chip-on-board, so I have no way of knowing what it is exactly (or have I? Vsauce theme plays).
    • It likely uses some 32-bit, 48 MHz MCU if the product page is anything to go by. That's not great help, but it's better than nothing.


    Thank you. Sorry for my bad English.

    PS: Here's some backstory:

    Some time ago, I bought a GameSir T1s off of AliExpress. It's a pretty decent gamepad, but I had always felt a bit disappointed it didn't report the battery level like a Xbox 360 controller does, so I had been trying to find if that could be done somehow.

    So I found that's possible when connected through Bluetooth LE, although I'd have to reverse engineer it to find how to read button states and battery status and what command would activate rumble. I actually managed to do all I wanted. But my greedy ass wanted to find whether or not there were any other commands.

    That's where I effed up. I didn't remember you could upgrade the firmware through BLE. So I tried other commands and the controller froze. "No big deal", I thought, as I got a needle and hit the reset button. Now, after that, only two LEDs light up while I'm holding the HOME button. I immediately realized I had likely erased (or corrupted) the firmware.

    #2
    Re: Is it possible to recover a gamepad's firmware after accidentally erasing it?

    I don't think that you lost firmware or anything like that, by pressing the reset button. Take the battery out press the reset button and hold it for 10s, while putting the battery back in. See if that does something. Not sure what commands you ran, but maybe something goofed there.
    I didn't see a TTL port / header / holes in the PCB, in the pictures. It looks like firmware is done through the USB. But since the USB port won't come up, I don't think you will be able to flash that thing, but maybe the controller needs to be initialized that it knows that you want to program firmware.
    BTW, make sure that the reset button came back out and didn't stay depressed.
    Last edited by CapLeaker; 10-06-2019, 06:55 PM.

    Comment


      #3
      Re: Is it possible to recover a gamepad's firmware after accidentally erasing it?

      Thank you for your response.

      Originally posted by CapLeaker View Post
      I don't think that you lost firmware or anything like that, by pressing the reset button.
      Of course, although I'd guess it was already borked when it froze, before I pressed reset.

      Originally posted by CapLeaker View Post
      Take the battery out press the reset button and hold it for 10s, while putting the battery back in. See if that does something.
      I hadn't thought about trying these, might be a good idea. I'll definitely try these out as soon as I can.

      Originally posted by CapLeaker View Post
      Not sure what commands you ran, but maybe something goofed there.
      Neither do I, haha. I had found that writing a 0x04 into value 13 (through BLE), followed by four byte "parameters" allowed me to activate rumble. Then I got curious and tried 0x01, 0x02, 0x03, 0x05, 0x06 and I guess one of these is what broke it.

      Originally posted by CapLeaker View Post
      I didn't see a TTL port / header / holes in the PCB, in the pictures. It looks like firmware is done through the USB. But since the USB port won't come up, I don't think you will be able to flash that thing.
      Yeah, I'm afraid that's the case, although those DEBUG_* and SCL connections seem promising. I could try probing these.

      Originally posted by CapLeaker View Post
      BTW, make sure that the reset button came back out and didn't stay depressed.
      I can feel a click when pressing it, if I recall correctly. Will check it again anyway, just to be sure.

      If it turns out I really can't reflash it, I'll probably salvage the parts, hook them up to an Arduino or a cheap ATtiny88 board and make my own gamepad.

      Thank you again.

      Comment


        #4
        Re: Is it possible to recover a gamepad's firmware after accidentally erasing it?

        Nope. Disconnecting the battery and holding reset didn't work, sadly. And I do hear a click when pressing reset, so it's not stuck.

        Comment


          #5
          Re: Is it possible to recover a gamepad's firmware after accidentally erasing it?

          well, I guess you are down to that debug port now. see if there is some life...

          Comment


            #6
            Re: Is it possible to recover a gamepad's firmware after accidentally erasing it?

            it's probably SWD,
            the chinese love to use ST microcontrollers.

            Comment


              #7
              Re: Is it possible to recover a gamepad's firmware after accidentally erasing it?

              Originally posted by stj View Post
              it's probably SWD,
              the chinese love to use ST microcontrollers.
              Hmm, interesting. In that case, I can probably find how to drive those debug connections. Will look into that in the next few days.

              Thank you for your suggestion.

              Comment


                #8
                Re: Is it possible to recover a gamepad's firmware after accidentally erasing it?

                Hey, people. I'd like your input.

                Does anybody think it's worth to keep trying to recover the firmware? To me, it's starting to look more and more like a waste of time, since the chance of it actually working is pretty slim. Here's why:
                1. I'd need to order a SWD programmer, since I don't currently own one;
                2. Correctly identifying the proper connections looks like it'll be a challenge, assuming the labeling makes any sense. I'm starting to suspect it may not. You can see from the photos DEBUG_KC and DEBUG_SC are connected to the sticks and a few points have multiple labels ;
                3. The firmware I found needs to be compatible. Though it looks like it might, I'll probably not work fully (for instance, the battery indicator likely won't).
                4. After all, I can't really be sure the issue is actually a corrupt firmware, so it could be all a waste.


                I'm thinking of scrapping the main board and using the daughter boards (most of the buttons are on them), the battery, the motors, the sticks and the case to make a "new" controller. It seems a cheap ATtiny88 would be good enough (it has enough pins, I hope I can fit what I need into 8k ). Then I'd just need a Li-Ion charger, a Bluetooth module and a few simple components. I think that could be quite a learning experience.

                Of course, there may be no turning back from that. But hey, it's not working anyway, right?

                So what do you think (and what would you do)?

                Comment

                Working...
                X