Where might I find the build dependencies?
1 Like
As mentioned earlier, they are shared with reflashing the Librem 5:
You may also need to install udev rules from the same instructions.
2 Likes
How does one test their phone to see if any firmware would need updating/grading?
4 Likes
Usually there is a command or application that determines the firmware version for the hardware it is tied to. For example, bm818-tools displays information about the Broadmobi BM818-x1 cellular modem.
I think that’s the point of
sudo apt build-dep .
from the official reflash procedure. That should work on an ongoing basis whereas hard-coding a list of packages, even a currently correct list, is inviting future problems if the dependencies change.
2 Likes
I don’t think there is any easy way to do this - given the lack of comprehensive documentation.
However for uboot specifically the following post covers it: Manual Updates for Librem5 - #4 by Cc281080 but then, as dos says, uboot is the one piece that does actually get updated on reflash (so it is very likely that your phone already has the latest uboot).
2 Likes
Well, I tried that but I will try again. Thank you.
2 Likes
And to be fair, that will only work if the software creator correctly “documents” internally what the dependencies are.
2 Likes
No problem i dumping the blob.
purism@pureos:~/ft5x06-tool-master$ ls
Makefile README.md ft5x06-tool ft5x06-tool.c ft5x06-tool.o
purism@pureos:~/ft5x06-tool-master$ ls
Makefile README.md dos-dump.bin ft5x06-tool ft5x06-tool.c ft5x06-tool.o
purism@pureos:~/ft5x06-tool-master$ ./ft5x06-tool
[main]: Opening /dev/i2c-2
[main]: Couldn't open /dev/i2c-2: Permission denied
purism@pureos:~/ft5x06-tool-master$ ./ft5x06-tool -h
FT5x06 tool usage: ./ft5x06-tool [OPTIONS]
OPTIONS:
-a, --address
I2C address of the FT5x06 controller (hex). Default is 0x38.
-b, --bus
I2C bus the FT5x06 controller is on. Default is 2.
-c, --chipid
Force chip ID to the value (hex). Default is read from controller.
-i, --input
Input firmware file to flash.
-o, --output
Output firmware file read from FT5x06.
-h, --help
Show this help and exit.
purism@pureos:~/ft5x06-tool-master$ ls
Makefile README.md dos-dump.bin ft5x06-tool ft5x06-tool.c ft5x06-tool.o
purism@pureos:~/ft5x06-tool-master$ ./ft5x06-tool -o dos-dump.bin
[main]: Opening /dev/i2c-2
[main]: Couldn't open /dev/i2c-2: Permission denied
purism@pureos:~/ft5x06-tool-master$ sudo ./ft5x06-tool -o dos-dump.bin
[main]: Opening /dev/i2c-2
[main]: Setting addr to 0x38
[main]: Chip ID: 0x86 (ft8622)
[main]: Firmware version: 3.0.0
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[main]: Failed to read FW
purism@pureos:~/ft5x06-tool-master$ echo -n "2-0038" | sudo tee /sys/bus/i2c/drivers/edt_ft5x06/bind
2-0038tee: /sys/bus/i2c/drivers/edt_ft5x06/bind: Resource temporarily unavailable
purism@pureos:~/ft5x06-tool-master$ echo -n "2-0038" | sudo tee /sys/bus/i2c/drivers/edt_ft5x06/bind
2-0038purism@pureos:~/ft5x06-tool-ma./ft5x06-tool -o dos-dump.bin6/bind
[main]: Opening /dev/i2c-2
[main]: Couldn't open /dev/i2c-2: Permission denied
purism@pureos:~/ft5x06-tool-master$ sudo ./ft5x06-tool -o dos-dump.bin
[main]: Opening /dev/i2c-2
[main]: Setting addr to 0x38
[main]: Chip ID: 0x86 (ft8622)
[main]: Firmware version: 3.0.0
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_read_id]: READ-ID not ok: ef ef
[main]: Failed to read FW
purism@pureos:~/ft5x06-tool-master$ ls
Makefile README.md dos-dump.bin ft5x06-tool ft5x06-tool.c ft5x06-tool.o
purism@pureos:~/ft5x06-tool-master$ rm dos-dump.bin
rm: remove write-protected regular empty file 'dos-dump.bin'? yes
purism@pureos:~/ft5x06-tool-master$ ls
Makefile README.md ft5x06-tool ft5x06-tool.c ft5x06-tool.o
purism@pureos:~/ft5x06-tool-master$ make clean
RM objs bins
purism@pureos:~/ft5x06-tool-master$ ls
Makefile README.md ft5x06-tool.c
purism@pureos:~/ft5x06-tool-master$ nano ft5x06-tool.c
purism@pureos:~/ft5x06-tool-master$ make
MKDIR
CC ft5x06-tool.o
LD ft5x06-tool
purism@pureos:~/ft5x06-tool-master$ ls
Makefile README.md ft5x06-tool ft5x06-tool.c ft5x06-tool.o
purism@pureos:~/ft5x06-tool-master$ ./ft5x06-tool -h
FT5x06 tool usage: ./ft5x06-tool [OPTIONS]
OPTIONS:
-a, --address
I2C address of the FT5x06 controller (hex). Default is 0x38.
-b, --bus
I2C bus the FT5x06 controller is on. Default is 2.
-c, --chipid
Force chip ID to the value (hex). Default is read from controller.
-i, --input
Input firmware file to flash.
-o, --output
Output firmware file read from FT5x06.
-h, --help
Show this help and exit.
purism@pureos:~/ft5x06-tool-master$ echo -n "2-0038" | sudo tee /sys/bus/i2c/drivers/edt_ft5x06/unbind
2-0038purism@pureos:~/ft5x06-tool-masudo ./ft5x06-tool -o dos-dump.bin
[main]: Opening /dev/i2c-2
[main]: Setting addr to 0x38
[main]: Chip ID: 0x86 (ft8622)
[main]: Firmware version: 3.0.0
[ft5x06_init_upgrade]: Reset CTPM
[ft5x06_init_upgrade]: Enter upgrade mode
[ft5x06_init_upgrade]: Check READ-ID
[ft5x06_fw_read]: Read the FW from flash
[ft5x06_fw_receive_packet]: Read pkt [3] @0 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1a00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1b00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1c00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1d00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1e00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @1f00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2a00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2b00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2c00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2d00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2e00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @2f00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3a00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3b00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3c00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3d00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3e00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @3f00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4a00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4b00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4c00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4d00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4e00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @4f00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5a00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5b00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5c00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5d00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5e00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @5f00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6a00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6b00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6c00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6d00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6e00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @6f00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7a00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7b00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7c00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7d00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7e00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @7f00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8a00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8b00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8c00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8d00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8e00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @8f00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9a00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9b00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9c00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9d00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9e00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @9f00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @a900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @aa00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ab00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ac00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ad00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ae00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @af00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @b900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ba00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @bb00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @bc00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @bd00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @be00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @bf00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @c900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ca00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @cb00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @cc00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @cd00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ce00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @cf00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @d900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @da00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @db00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @dc00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @dd00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @de00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @df00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @e900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ea00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @eb00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ec00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ed00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ee00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ef00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f000 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f100 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f200 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f300 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f400 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f500 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f600 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f700 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f800 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @f900 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @fa00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @fb00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @fc00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @fd00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @fe00 - len 256
[ft5x06_fw_receive_packet]: Read pkt [3] @ff00 - len 256
[ft5x06_fw_read]: Reset the new FW
purism@pureos:~/ft5x06-tool-master$ ls
Makefile README.md dos-dump.bin ft5x06-tool ft5x06-tool.c ft5x06-tool.o
3 Likes
? 
Please in human language?
2 Likes
Initial effort to a libre firmware for Librem 5 TouchController to perform fancy and unique features for Librem 5.
I want L5 Touchcontroller Libre as GNU FRYF. I hope the support from dos for speed…
Libre Hacking!
GNU
3 Likes
hexdump -C dos-dump.bin | head -n 20
00000000 ef ef ef ef failed.bin r.o.p? time to easter-egg? or even something deeper: forensic engineering techniques?
Let see which one work.
Edit:
Added new flag: -t ‘register dumping’
sudo ./ft5x06-tool -b 2 -a 0x38 -t
[main]: Opening /dev/i2c-2
[main]: Setting addr to 0x38
[main]: Chip ID detected: 0x86 (ft8622)
[main]: Current Firmware version: 1.0.0
[ft5x06_init_upgrade]: Attempt 1: Reset CTPM (Soft Reset)
[ft5x06_init_upgrade]: Upgrade Mode Entered Successfully!
[ft5x06_test_protection]: TEST: Reading PARAMETER register (0x85)...
--- DUMP OF FIRST 32 BYTES (PARAM REG) ---
02 0b a0 02 07 23 c2 8c c2 a9 32 02 00 06 c2 88
d2 a8 22 02 04 9f d2 e9 c2 c1 22 02 05 4f 00 00
------------------------------------------
RESULT: [READABLE DATA]
Data looks ok. Protection might NOT be active.
You can try a full backup now.
Edit0:
Added new flag: -f ‘fuzz mode’ to forensic-tool ft5x06
purism@pureos:~/pirateTest$ sudo ./ft5x06-tool -b 2 -a 0x38 -f
[running fuzz mode]: Starting Blind Fuzzer (-f)...
Scanning all commands 0x00 - 0xFF looking for hidden data.
Ignoring responses: 0xEF (Protected), 0xFF (Bus Err), 0x00 (Empty)
[CMD 0x76] -> FOUND: ff ff ff ff ff ff ff 08
[CMD 0x77] -> FOUND: ff ff ff ff ff ff 08 07
[CMD 0x78] -> FOUND: ff ff ff ff ff 08 07 00
[CMD 0x79] -> FOUND: ff ff ff ff 08 07 00 00
[CMD 0x7A] -> FOUND: ff ff ff 08 07 00 00 00
[CMD 0x7B] -> FOUND: ff ff 08 07 00 00 00 50
[CMD 0x7C] -> FOUND: ff 08 07 00 00 00 50 01
[CMD 0x7D] -> FOUND: ff 07 00 00 00 50 01 05
[CMD 0x7E] -> FOUND: ff 00 00 00 50 01 05 10
[CMD 0x7F] -> FOUND: ff 00 00 50 01 05 10 21
[CMD 0x80] -> FOUND: 08 00 50 01 05 10 21 3c
[CMD 0x81] -> FOUND: 07 50 01 05 10 21 3c 00
[CMD 0x82] -> FOUND: 00 01 05 10 21 3c 00 00
[CMD 0x83] -> FOUND: 00 05 10 21 3c 00 00 00
[CMD 0x84] -> FOUND: 00 10 21 3c 00 00 00 00
Found 0x80 Reg ADN: 08 00 50 01 05 10 21 3c
0xA6: 01 05 00, v1.0.0=usa ver.
0xA6: 03 03 00, v3.0.0=china ver.
0xA8: 70, v1.0.0
0xA8: f0, v3.0.0
Missing… Access-Granted for 0x03, The Castle Gate.
Libre Hacking!
GNU
3 Likes
To all those who are “differently experienced” like me
AI simplified explanation: Certainly! Let’s go through this post step by step. It’s a good example of “hacking” in the positive sense: exploring a system to understand how it works.
The user is trying to extract the software (called “firmware”) from an electronic chip, probably a touchscreen controller, to analyze it and maybe modify it.
A simple metaphor: imagine the chip is a digital safe that contains an instruction manual (the firmware). The user doesn’t have the key and is trying different ways to open it and read that manual.
PART 1: THE INITIAL FAILURE
Command shown:
hexdump -C dos-dump.bin | head -n 20
Output starts with:
00000000 ef ef ef ef …
What is happening?
-
The hexdump command:
“hexdump” displays the raw contents of a file byte-by-byte in hexadecimal (0–F). It’s like looking at a file’s DNA instead of its normal readable form. -
The result “ef ef ef ef”:
The user tried to copy/read firmware from the chip and saved it to a file (dos-dump.bin). When they opened it, it was full of “ef”. In this context, that likely indicates a failed read or a protected response—basically the chip refused and returned a repeated error-like byte pattern. -
The user’s speculation:
They’re thinking out loud about what to try next:- “r.o.p?”: Return-Oriented Programming, a very advanced exploitation technique. They’re asking: “Is the protection so strong that I need a complex software exploit?”
- “easter-egg?”: A hidden, undocumented feature. They’re wondering: “Is there a secret command that unlocks it?”
- “forensic engineering techniques?”: Similar to methods used in forensic work to recover or extract data from protected/damaged devices.
Summary:
The first attempt to open the “safe” failed. Now the user is considering whether they need advanced exploitation, a hidden key, or forensic-style tricks.
PART 2: A FIRST SUCCESS
They run:
sudo ./ft5x06-tool -b 2 -a 0x38 -t
And get logs like:
Chip ID detected: 0x86 (ft8622)
Current Firmware version: 1.0.0
…
DUMP OF FIRST 32 BYTES (PARAM REG)
02 0b a0 02 …
RESULT: [READABLE DATA]
Data looks ok. Protection might NOT be active.
What is happening?
-
ft5x06-tool:
A specialized program used to communicate with a family of touchscreen controller chips (FT5x06 / related models). -
The “-t” option (“register dumping”):
Instead of trying to copy the whole firmware, they are reading a small piece of chip memory (a register). Think of it as opening a small service hatch instead of forcing the main door. -
The result:
It works. The tool detects the chip, enters an “upgrade mode”, and successfully reads 32 bytes from a parameter register. Since the data looks sensible, the user suspects that full protection might not be enabled (or not blocking everything).
Summary:
They found that the “safe” is not completely sealed. There is at least one accessible area that returns real data.
PART 3: SEARCHING FOR HIDDEN COMMANDS (“FUZZING”)
They add a new flag:
-f “fuzz mode”
And run:
sudo ./ft5x06-tool -b 2 -a 0x38 -f
The tool says it is scanning commands 0x00–0xFF and then prints lines like:
[CMD 0x76] → FOUND: ff ff ff ff ff ff ff 08
[CMD 0x77] → FOUND: ff ff ff ff ff ff 08 07
…
[CMD 0x84] → FOUND: 00 10 21 3c 00 00 00 00
What is happening?
-
Fuzzing:
Fuzzing means sending lots of inputs (often all possible values) to see what responses you get. Here they are trying every possible 1-byte command from 0x00 to 0xFF (256 total). -
What the tool is doing:
It sends each command to the chip and observes the response. It ignores certain responses:- 0xEF (Protected)
- 0xFF (Bus error)
- 0x00 (Empty)
-
The “FOUND” results:
For some command values (around 0x76 and onward), the chip returns data that looks structured, not just a constant error. The shifting pattern suggests they may have discovered a way to read some internal memory/register area in sequence.
Summary:
By trying all “keys”, they found which commands unlock hidden drawers inside the “safe”, letting them pull out data chunk by chunk.
PART 4: INTERPRETING THE DATA AND THE FINAL GOAL
They write:
Found 0x80 Reg ADN: 08 00 50 01 05 10 21 3c
Then they mention:
0xA6: 01 05 00, v1.0.0 = usa ver.
0xA6: 03 03 00, v3.0.0 = china ver.
0xA8: 70, v1.0.0
0xA8: f0, v3.0.0
Missing… Access-Granted for 0x03, The Castle Gate.
Libre Hacking!
GNU
Meaning:
-
They believe they found meaningful identification/version fields:
Certain registers (like 0xA6, 0xA8) appear to differ depending on firmware version/region (“USA version” vs “China version”). This is valuable for reverse engineering and understanding how the device is configured. -
“Access-Granted for 0x03, The Castle Gate”:
This is a dramatic way of saying: “There is probably a specific value or command (0x03) that, if used correctly, grants full access.” They are close, but still missing the final step to unlock everything. -
“Libre Hacking! GNU”:
They are framing their work in the spirit of free/libre software (GNU philosophy): understanding and liberating hardware/software so users are not locked into the manufacturer’s restrictions.
FINAL SUMMARY IN SIMPLE WORDS
An experienced user tried to copy firmware from a chip but initially failed because the chip returned a protected/error pattern (EF bytes).
They then used a specialized tool to read small registers and discovered that at least some data is accessible.
Next, they used fuzzing (trying all possible commands) to find undocumented commands that return interesting data, suggesting hidden access paths.
From those results, they started mapping registers that reveal firmware version/region differences, and they suspect one more “unlock” step (a particular command/value) is needed for complete access.
Their stated motivation is aligned with free/libre hacking: understanding the device and enabling open, user-controlled software.
1 Like
added new flag -x x-ray mode
purism@pureos:~/pirateTest$ sudo ./ft5x06-tool -b 2 -a 0x38 -x
[running x-ray mode]: Starting...... (-x)
Starting Bank Scanner...
Attempting to switch memory pages via Reg 0xFC.
--- CHECKING BANK 0 ---
[0xA3 ID] : ef ef ef ef
[0x80 CF] : ef ef ef ef ef ef ef ef
--- CHECKING BANK 1 ---
[0xA3 ID] : ef ef ef ef
[0x80 CF] : ef ef ef ef ef ef ef ef
--- CHECKING BANK 2 ---
[0xA3 ID] : ef ef ef ef
[0x80 CF] : ef ef ef ef ef ef ef ef
--- CHECKING BANK 3 ---
[0xA3 ID] : ef ef ef ef
[0x80 CF] : ef ef ef ef ef ef ef ef
--- CHECKING BANK 4 ---
[0xA3 ID] : ef ef ef ef
[0x80 CF] : ef ef ef ef ef ef ef ef
--- CHECKING BANK 5 ---
[0xA3 ID] : ef ef ef ef
[0x80 CF] : ef ef ef ef ef ef ef ef
--- CHECKING BANK 6 ---
[0xA3 ID] : ef ef ef ef
[0x80 CF] : ef ef ef ef ef ef ef ef
--- CHECKING BANK 7 ---
[0xA3 ID] : ef ef ef ef
[0x80 CF] : ef ef ef ef ef ef ef ef
Scanner Complete. Resetting to Bank 0...
So at this point no more new flags needed, as next step is the whole controller physically for a manual inspection, however for some reason i will not disassemble my loved L5 for, however it is time to buy one on Purism Sore
In this adventure, i have discovered new ways to save battery for L5 on touchcontroller, this could explain why one of my L5 is more tangibly efficient with battery than.
Stay on Purism.
1 Like
So, as usual, I asked to AI simple explanation!
a) in your post is missing how (the reasons) save battery! AI suggested me:
Trick → explanation
- reducing frequency control → instead of check 100 times per second, maybe only 50?
- sleep mode → when L5 isn’t used that chip go to sleep?
- sensibility reduction → less sensible = less work = less battery?
Or other reason(s)?
b) why EF (hexadecimal, right?) when:
- it’s empty
- it doesn’t exist
- it’s locked/protected
Please which one is the reason and why?
If 3 it shouldn’t be open source that chip?
Gracias, Carlos 
1 Like
@veleno, I think you should make it clear when a post is sourced from AI, so that people can determine how they should evaluate its reliability. For every AI-sourced comment. (That goes for any bit of information that would normally require a citation, actually.)
3 Likes
You’re right! Usually I do that if you read my posts. In that post I forgot to do it!
Please let me add it now!
Thank you 
2 Likes
on v3.0.0 no need to worry as the blob opensource embeded do good work.
yes.
So blob v3.0.0.0 it more fast, smart and power save.
Which one do you have in ur L5?
sudo cat /sys/kernel/debug/edt_ft5x06/lic_version /sys/kernel/debug/edt_ft5x06/fw_version
Monitor need to be ON before execute the cmd.
1 Like
2
3
Strangely autocompleting doesn’t work.. 
“blob opensource” ???
How can it be possible to have it?
I know or blob or open-source!
1 Like
gr34t it is v3.0.0
1 Like