Sometimes GPS watches are too good to be left with their stock firmware. [Renaud] opened his Kalenji 300 GPS watch, reverse engineered it in order to upload his own custom firmware.
The first step was to sniff the serial traffic between the PC and the microcontroller when upgrading firmware to understand the protocol and commands used. [Renaud] then opened the watch, figured out what the different test points and components were. He used his buspirate with OpenOCD to extract the existing STM32F103 firmware. The firmware helped him find the proper value to store in a dedicated register for the boot loader to start.
By looking at the disassembly code he also found the SPI LCD initialization sequence and discovered that it uses a controller similar to the ST7571. He finally compiled his own program which uses the u8glib graphics library. Follow us after the break for the demonstration video.
25 thoughts on “Reverse Engineering A GPS Watch To Upload Custom Firmware”
There is no s in firmware.
No, but there is a ‘s’ in ‘firmwares’. You see, in the English language we often add an ‘s’ to the end of a noun when we want to indicate there are more than one of a thing.
Basically Renaud has managed to open up this watch to upload any of many firmwares.
Yes, but there is no possibility to upload more then one firmware to this device, so its still either inproper English, factually incorrect, or this device can be used to upload custom firmware to other devices (unlikely).
It is possible to upload more than one firmware. Not all at once perhaps, but I don’t think that’s relevant. I have a plate that can be loaded with many custom dinners, but not all at once.
Incorrect. Firmware is a mass noun like software, hardware, water, and Lego. You can upload firmware programs to the device, but not firmwares.
No wonder the English language is going down the toilet when people can’t even be bothered to open a dictionary before they correct others.
If you insist on being such a bad word and comment on grammar rather that the hack, you might want to think a bit about ‘water’. Waters is perfectly valid and firmwares in this context is similar to waters. At the very least you should look for a replacement for water in future corrections.
I suppose you’d also criticize the hack because it’s using the watch in a manner not intended.
Interestingly enough, scrabblefinder.com gives a definition for firmwares and claims it’s a Scrabble word.
I don’t need to think about anything of the kind. My usage of water was correct. Firmwares is not similar in context to waters at all as waters is not a pluralisation of the word water. Try an actual dictionary rather than rely on a Scrabble website for you English knowledge.
You can assume anything you like. Doesn’t make you right.
Firmware is mass noun, but it is also a countable noun. Hence I can say that I loaded a firmware onto a device, and I can load firmwares onto a device.
In my understanding firmware becomes the mass noun when we’re talking about the concept which is what you’re using when you say ‘firmware programs’.
Not in English you can’t.
“Firmwares” is a legitimate word according to http://www.wordfind.com/word/firmwares/, as well as Merriam-Webster. You got this one wrong.
Ouches – corrected
Don’t be such a tight-ass
Ignoring any possible grammar issues, I tip my hat to Renaud for a fine hack.
Geez, I’ve read the News post as well and took a closer look to his video and pinout sheet and was amazed by the effort that went into it… I then scrolled down, to hope for some additional discussion… nope, just someone having a grammatical complain. Dang you HaD Comments. Chris Gammel was right…
@Indyaner, since you’re obviously not a native speaker you shall be forgiven. (-;
@Howard, I totally agree with you, it’s a fine hack.
I’m not sure “firmware” is considered a mass noun any more than is “operating system.” Pluralization of a mass noun is used to signify differences, to make clear that there are distinctions. I have in front of me several U.S. coins of varying denominations, a Canadian quarter, a Deutsche mark, and an Australian 20-cent piece. Can I combines these monies to pay for a pint at my local pub? I have two firmwares installed on my Sansa Clip MP3 player. The stock firmware is rather limited, so I often boot into Rockbox which allows greater control over the device. I have two operating systems installed on my desktop. It boots into Linux and runs XP as a virtual machine.
Yeah, I don’t know if this sort of nonsense is an engineer thing (I only see people get this wrapped around the axle on grammar here and on other similar sites) or what, but actual linguists understand that communication is the paramount goal of language. Even children understand that it’s alright to occasionally fudge the rules to allow them to succinctly make a distinction that would otherwise either take sentences, or at the very least require more time to compose than the content is actually worth. Being imperfect writers in other respects doesn’t somehow make these sorts of liberties unacceptable.
Most of all, if you’re going to write a giant wall of text on grammar while totally ignoring the topic at hand, you had better be completely and objectively correct, and have accounted for all regional differences.
We could’ve asked Ascher Opler’s opinion but he died 2-years after inventing this American-English noun in his article “Fourth-Generation Software” in Datamation Jan-67.
GNU Linux, not LINUX
Now this is what I call hack!
I wish he’d show how it operated before the mod though. I checked out the decathlon website and all but didn’t find any clear “what it looked like before and after” comparison material. A list of new features he’s unlocked/added is the sort of thing I’m after.
I have an older garmin forerunner and for the same money these days you get way less features. Watches capable of lat long read out or entering way points now cost far more. I’m sure their cheaper models are still capable with the right firmware.
The day it dies I’ll see what I can sniff out.
Hey eanao, curious if that ended up happening. I’m using an old Forerunner 201 as well. Curious if it’s possible to hack a coordinates calculator into it. That model only displays Lat/Long., and I’d like to get UTM’s (at least North American datum) displayed as well. As an amateur I’m thinking this may be more of a calculator to convert the device’s Lat/Long values into the UTM I need. The math is fairly straightforward, as far as GPS math goes, lol, just need some more confidence in teaching that to the Forerunner.
What are your thoughts?
People are really arguing grammar on a hack post?!?!? Really?!?!
Please be kind and respectful to help make the comments section excellent. (Comment Policy)