01-16-2020, 11:07 AM
(01-16-2020, 10:03 AM)C_Elegans Wrote: Well, I got impatient and decided to do it this morning: https://drive.google.com/open?id=1D5SfKV...7bmsBweSOb
Included files:
click.dsl - a single click using the mouse button
drag.dsl - me dragging my finger around for a few seconds
i2c1.dsl - random clicks, drags, and taps
start1.dsl - Recording of the i2c activity on laptop startup
start2.dsl - Same as start1
tap.dsl - a single tap
updater-step1.dsl - The i2c activity while running step1 of the update utility
updater-step2.dsl - The i2c activity while running step2 of the update utility
These files are compatible with DSView, however I'll try to convert them to a more open-source friendly format this evening.
Beautiful! I installed DSView here and was able to export the decoded i2c to CSV files for further analysis. Thank you very much!
I take it you've never activated any of the kill switches? Your two startup captures don't show any traffic to the eeprom. I noticed on my end that once kill switches have been pressed, the startup looks quite different forever there after. No need to capture again though. These are great.
updater-step2.dsl looks the most promising. Looks like an eeprom inside the HLK H2168 is behind address 0x1A
Your captures are good. Now we know how tpfw.bin gets flashed, but I still don't know what exactly the bytes in tpfw.bin are.
Thanks again.