| #!/usr/bin/env python3 | |
| from math import ceil | |
| import pyftdi.gpio | |
| dev = pyftdi.gpio.GpioAsyncController() | |
| dev.open_from_url('ftdi:///1', 0b11) | |
| print(dev) | |
| dev.set_frequency(1000000) |
| set mem inaccessible-by-default off | |
| # GPIO clocks | |
| set *(int*)0x58024540 = 0x7FF | |
| # OCTOSPI clocks | |
| set *(int*)0x58024534 = 0x00204000 | |
| # Port A | |
| set *(int*)0x58020020 = 0x00000090 |
| #!/usr/bin/env python3 | |
| import sys | |
| from PIL import Image | |
| infn = sys.argv[1] | |
| outfn = sys.argv[2] | |
| with open(infn, 'rb') as f: | |
| indata = f.read() |
The reMarkable UI is primarily built using QML, but all of the files are embedded inside the binary as compiled Qt resources. For ease of hacking, it is possible to extract the files onto the filesystem and patch the binary to load the extracted files.
--> ONLY FOR FIRMWARE VERSION 2.11.0.442 on rM2 <--
| OUTDATED PLEASE GO TO https://github.com/rqou/linux/tree/atc-m1max | |
| if instance == 0 | |
| AUSPLL_CORE_AUSPLL_CFG_DCO_EFUSE_SPARE.RODCO_ENCAP_EFUSE = efuse 0xa10 >> 25 | |
| AUSPLL_CORE_AUSPLL_CFG_DCO_EFUSE_SPARE.RODCO_BIASADJ_EFUSE = efuse 0xa10 >> 22 |
| import struct | |
| import time | |
| import usb | |
| dev = usb.core.find(idVendor=0x32f8, idProduct=0x424c) | |
| # print(dev) | |
| dev.set_configuration() | |
| serno = usb.util.get_string(dev, dev.iSerialNumber) |
| import sys | |
| def parse_cnf(infn): | |
| with open(infn, 'r') as f: | |
| inp = f.readlines() | |
| # print(inp) | |
| while inp: | |
| l = inp[0] |
| import sys | |
| def parse_cnf(infn): | |
| with open(infn, 'r') as f: | |
| inp = f.readlines() | |
| while inp: | |
| l = inp[0] | |
| inp = inp[1:] |
service 0xFFF0 characteristic 0xFFF2 --> commands service 0xFFF0 characteristic 0xFFF1 --> responses
0xB4 0x4B len type <payload> csum
len -> number of bytes in payload
csum -> add all of the previous bytes in the packet and truncate to 1 byte