mirror
/
UV-K5-Modded-Firmwares
kopia lustrzana https://github.com/Tunas1337/UV-K5-Modded-Firmwares
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność
UV-K5-Modded-Firmwares/k5_v2.01.19_mod.md

3.3 KiB
Czysty Wina Historia

Files info

Original MD5 4102238f8f9d336409e2c2f1ba36c96b
Modded MD5: 5125458a4231f67c237cb1ce71af9159

Changes

1) At address @0x1af4: 00 87 93 03 => 40 ff 10 05

This is part of function sub_1ABC in which frequency is compared with value of 60000000 / 0x03938700 which is internal representation of 600MHz.

ROM:00001ABC                   ; int __fastcall sub_1ABC()
...
ROM:00001AE2 04 4A                             LDR     R2, =60000000   ;indirect addresing from [1AF4]
ROM:00001AE4 91 42                             CMP     R1, R2          ;compare if R1 (entered frequency is higher than 600MHz)
ROM:00001AE6 00 DD                             BLE     loc_1AEA        ;if no then skip next command
ROM:00001AE8 11 46                             MOV     R1, R2          ;set current frequency to max (600MHz)
ROM:00001AEA                   loc_1AEA                                ; CODE XREF: sub_1ABC+24↑j
ROM:00001AEA 81 60                             STR     R1, [R0,#8]
ROM:00001AEC 10 BD                             POP     {R4,PC}
ROM:00001AEC                   ; End of function sub_1ABC
...
ROM:00001AF0 40 4B 4C 00       dword_1AF0      DCD 5000000            
ROM:00001AF4 00 87 93 03       dword_1AF4      DCD 60000000            ;*** PATCH HERE from 60000000 to 85000000 (0x03938700 to 0x0510FF40)

2) At address 0xa224: ff => 07

When in Common setting you set option Power on display mode to Full screen then you will be welcomed with LCD screen wiht all pixels active. This is done by function at address @BE60. Basically it is done with filling display memory with 0xFF. Setting it argument of this function to 7 displays bars like in binary representation 0b00000111. It could be fun to patch this with 0x55 then it should effect in thinner stripes :)

ROM:0000A224 FF 20                             MOVS    R0, #0xFF ; *** PATC HERE -> parameter for function sub_BE60 changed from 0xFF to 0x07
ROM:0000A226 01 F0 1B FE                       BL      sub_BE60

3) at address 0xeae8: 80 cb a4 00 => 40 77 1b 00 and

4) at address 0xeb18: 00 87 93 03 => 40 ff 10 05

At latter parts of firmware file, near the end we have some nice looking arrays. Both are used in function at @188C (TODO: describe what that function does).

ROM:0000EAE4 40 4B 4C 00       dword_EAE4      DCD 5000000
ROM:0000EAE8 80 CB A4 00                       DCD 10800000   ; *** PATCH HERE: from 108Mhz to 18Mhz (0x00A4CB80 to 0x001B7740)
ROM:0000EAEC 00 85 CF 00                       DCD 13600000
ROM:0000EAF0 C0 80 09 01                       DCD 17400000
ROM:0000EAF4 C0 0E 16 02                       DCD 35000000
ROM:0000EAF8 00 5A 62 02                       DCD 40000000
ROM:0000EAFC C0 29 CD 02                       DCD 47000000
ROM:0000EB00 80 F7 73 00       dword_EB00      DCD 7600000

ROM:0000EB04 F6 84 CF 00                       DCD 13599990
ROM:0000EB08 B6 80 09 01                       DCD 17399990
ROM:0000EB0C B6 0E 16 02                       DCD 34999990
ROM:0000EB10 F6 59 62 02                       DCD 39999990
ROM:0000EB14 B6 29 CD 02                       DCD 46999990
ROM:0000EB18 00 87 93 03                       DCD 60000000  ; *** PATCH HERE: from 600Mhz to 850Mhz (0x03938700 to 0x0510FF40)