bad magic number

[skrypnyk-dmytro]

Hi.
Can somebody explain why the magic number buf[1] cannot be 0xcd?
Cause I have two UV-k5 that I can't read/write.

./k5prog -r -vv
Quansheng UV-K5 EEPROM programmer v0.4 (c) 2023 Jacek Lipkowski <[email protected]>

k5_prepare: try 0
********  k5 command hexdump [obf_len:16 clear_len:8 crc_ok:1 **********
## obfuscated ##

0x000010 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: ab cd 08 00 02 69 10 e6 44 a8 5a 24 b9 a9 dc ba   .....i..D.Z$....   
## cleartext ##

0x000008 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 14 05 04 00 6a 39 57 64                           ....j9Wd           
*****************
k5_receive: bad magic number

[sq5bpf]

please send me the firmware version, and the result of ./k5prog -r -vvv

[skrypnyk-dmytro]

Thank you for your quick response!
I don't know FW version because it is the new radio and I can't read it

flasher v

./k5prog -r -vv -D -Y
Quansheng UV-K5 EEPROM programmer v0.4 (c) 2023 Jacek Lipkowski <[email protected]>

"I know what i'm doing" value set to 1
wait_flash_message try 9999
********  k5 command hexdump [obf_len:44 clear_len:36 crc_ok:0 **********
## obfuscated ##

0x00002c |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: ab cd 24 00 0e 69 34 e6 2f 93 0f 4b 2c 66 93 74   ..$..i4./..K,f.t   
0x000010: 41 5a 16 8b 98 6c 6a e6 1c bf 3d 70 0f 05 e3 40   AZ...lj...=p...@   
0x000020: 27 09 e9 80 16 6c 14 c6 ff ff dc ba               '....l......       
## cleartext ##

0x000024 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 18 05 20 00 01 02 02 0b 0d 53 46 34 52 59 ff 0b   .. ......SF4RY..   
0x000010: 8e 00 7e 00 32 2e 30 30 2e 30 36 00 34 0a 00 00   ..~.2.00.06.4...   
0x000020: 00 00 00 20                                       ...                
*****************
Flasher version is: [2.00.06]

./k5prog -r -vvv

./k5prog -r -vvv
Quansheng UV-K5 EEPROM programmer v0.4 (c) 2023 Jacek Lipkowski <[email protected]>

k5_prepare: try 0
********  k5 command hexdump [obf_len:16 clear_len:8 crc_ok:1 **********
## obfuscated ##

0x000010 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: ab cd 08 00 02 69 10 e6 44 a8 5a 24 b9 a9 dc ba   .....i..D.Z$....   
## cleartext ##

0x000008 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 14 05 04 00 6a 39 57 64                           ....j9Wd           
*****************
write 16
RXRXRX:

0x000004 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 00 00 01 f0                                       ....               
magic:

0x000004 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 00 00 01 f0                                       ....               
k5_receive: bad magic number
k5_prepare: try 1
********  k5 command hexdump [obf_len:16 clear_len:8 crc_ok:1 **********
## obfuscated ##

0x000010 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: ab cd 08 00 02 69 10 e6 44 a8 5a 24 b9 a9 dc ba   .....i..D.Z$....   
## cleartext ##

0x000008 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 14 05 04 00 6a 39 57 64                           ....j9Wd           
*****************
write 16
read_timeout
RXRXRX:

0x000002 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 00 7e                                             .~                 
magic:

0x000002 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 00 7e                                             .~                 
k5_receive: bad magic number
k5_prepare: try 2
********  k5 command hexdump [obf_len:16 clear_len:8 crc_ok:1 **********
## obfuscated ##

0x000010 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: ab cd 08 00 02 69 10 e6 44 a8 5a 24 b9 a9 dc ba   .....i..D.Z$....   
## cleartext ##

0x000008 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 14 05 04 00 6a 39 57 64                           ....j9Wd           
*****************
write 16
RXRXRX:

0x000004 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 00 00 01 f8                                       ....               
magic:

0x000004 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 00 00 01 f8                                       ....               
k5_receive: bad magic number
k5_prepare: try 3
********  k5 command hexdump [obf_len:16 clear_len:8 crc_ok:1 **********
## obfuscated ##

0x000010 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: ab cd 08 00 02 69 10 e6 44 a8 5a 24 b9 a9 dc ba   .....i..D.Z$....   
## cleartext ##

0x000008 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 14 05 04 00 6a 39 57 64                           ....j9Wd           
*****************
write 16
read_timeout
RXRXRX:

0x000002 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 00 80                                             ..                 
magic:

0x000002 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 00 80                                             ..                 
k5_receive: bad magic number
k5_prepare: try 4
********  k5 command hexdump [obf_len:16 clear_len:8 crc_ok:1 **********
## obfuscated ##

0x000010 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: ab cd 08 00 02 69 10 e6 44 a8 5a 24 b9 a9 dc ba   .....i..D.Z$....   
## cleartext ##

0x000008 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 14 05 04 00 6a 39 57 64                           ....j9Wd           
*****************
write 16
RXRXRX:

0x000004 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 08 00 01 f8                                       ....               
magic:

0x000004 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 08 00 01 f8                                       ....               
k5_receive: bad magic number
k5_prepare: try 5
********  k5 command hexdump [obf_len:16 clear_len:8 crc_ok:1 **********
## obfuscated ##

0x000010 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: ab cd 08 00 02 69 10 e6 44 a8 5a 24 b9 a9 dc ba   .....i..D.Z$....   
## cleartext ##

0x000008 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 14 05 04 00 6a 39 57 64                           ....j9Wd           
*****************
write 16
^C

[skrypnyk-dmytro]

Maybe uv-k5 has an issue with my USB-ttl converter?
I have
Bus 001 Device 010: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port / Mobile Action MA-8910P
and it works perfectly with Midland CT990

[sq5bpf]

i don't think so. you have been able to read the flasher version, so the serial device seems to work. can you try the vendor software and see if that works?

but if you can borrow a different cable, then please do so. there might be issues with timeouts etc.

what operating system is this under?

[skrypnyk-dmytro]

Yep. It was converter PL2303TA did not work correctly with UV-K5
I just tried with
Bus 003 Device 005: ID 10c4:ea60 Silicon Labs CP210x UART Bridge
and all OK.
Thank you for your time and sorry for the "Mystical" issue
P.S. Ubuntu
uname -a Linux DEP-11 5.15.0-79-generic #86-Ubuntu SMP Mon Jul 10 16:07:21 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

[sq5bpf]

the issue is still "mystical", because you were able to read the flasher version. the cable seems to be receiving gibberish (00 00 01 f8 etc...). might be because of higher input impedance etc.

you've closed the issue, and that's fine because you've found that changing the cable solves the issue.

however if you want to reopen it to investigate this further, i can do that

[cloudwindy]

This problem reproduces on one of my K5s but not on the other.

Quansheng UV-K5 EEPROM programmer v0.8 (c) 2023 Jacek Lipkowski <[email protected]>

"I know what i'm doing" value set to 1
********  k5 command hexdump [obf_len:28 clear_len:20 crc_ok:0 **********
## obfuscated ##

0x00001c |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: ab cd 14 00 0e 69 14 e6 2f 93 0f 42 2f 66 85 0a   .....i../..B/f..   
0x000010: 24 44 16 81 9d 6c d4 e6 ff ff dc ba               $D...l......       
## cleartext ##

0x000014 |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: 18 05 00 00 01 02 02 02 0e 53 50 4a 37 47 ff 01   .........SPJ7G..   
0x000010: 8b 00 c0 00                                       ....               
*****************
wait_flash_message: got unexpected command length 20
********  k5 command hexdump [obf_len:28 clear_len:0 crc_ok:0 **********
## obfuscated ##

0x00001c |0 |1 |2 |3 |4 |5 |6 |7 |8 |9 |a |b |c |d |e |f |
---------+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+------------
0x000000: ab cd 14 00 ab cd 14 00 0e 69 14 e6 2f 93 0f 42   .........i../..B   
0x000010: 2f 66 85 0a 24 44 16 81 9d 6c d4 e6               /f..$D...l..       
*****************
wait_flash_message: received malformed packet
k5_receive: bad magic number
wait_flash_message: timeout

[cloudwindy]

Well I don't know if it helps, but this K5 is a bit different because it's manufactured earlier than others (March, 2023)

[sq5bpf]

interesting, i haven't seen such a flash packet before, and this is probably the smallest flash packet possible.

try the latest k5prog version and see if it works. it does work on k5emulator, but it doesn't have any of the radio logic.

[cloudwindy]

What makes it even more interesting is that I'm able to flash this K5 using the official flasher but not with k5prog.

[sq5bpf]

you mean that the latest version doesn't work? will look into it tonight (in about 12h), it seems that the whole magic string detection has to be redone.
also see this issue:
#9 (too bad there is no way to merge issues).

i know the official flasher v1.1.1 doesn't work with the 22 byte packet, but will try the latest version

[sq5bpf]

please try the latest version

[diabl0w]

please try the latest version

I'm not the OP, but I've had similar issues to some of these open issues on my UV-5R plus, and your latest series of commits fixed it. Thanks!

[qrp73]

Hi. Can somebody explain why the magic number buf[1] cannot be 0xcd? Cause I have two UV-k5 that I can't read/write.

I have the same issue with the same log on a new device bought from aliexpress.
Exactly the same config works ok with more old UV-K5(8) radio bought from the same seller.

Currently I'm investigate it and wrote my own tool to analyze device responses and parse packets to readable form.

What I found is that it looks like there is some issue with receive packets from PC to device.
My device just sends echo with the same data which is sent from PC to device.
After some time my device stops to send even echo and now don't responds at all.
But I still can see proper boot acknowledge message in flashing mode.
Original software also don't see device.
Original flasher can see boot message, but fails to upload firmware with error "Update program failed!".

I think there is possible broken serial channel from PC to device, so it cannot listen what I send.
But the serial channel from device to PC works ok.
I also found that charging from USB is also don't works.
I'm still not 100% sure, but at a glance it looks like some hardware defect.