DaVinci Junior cartridge reset (Page 40 of 58)

I'll try installing an older version of the software on my Mac that's never been connected to the printer and try it again.  Is there an archive anywhere of software versions?

@Bozotclown1970 - v2.2.6 didn't had any effect on the software, I had that idea too. I've installed clean copy of OSX in VM with XYZWare. Then installed an app which monitors drive for any file changes (system, user etc) and network packet capture was enabled to see maybe it pulls some info down from the XYZ servers. Then simply bypassed USB connection to VM and watched how it captures the data.
Spent whole evening digging through... Nothing... Found nothing...

I've also tried with older version from the SD card, same...

Ok, this is v2.2.7 here, it might be different but from what I can see they only added "feature" that you can't downgrade.

Still worth digging.

Btw...
When I was digging through the config I found file with some commands which could be serial commands and there was a line "enableDowngradeFW"     = "DAVCFW_82895_203811@";

ThreeDubber dev guy had some success with his app being able to connect to Jr and print files directly bypassing XYZWare - so some kind of a serial interface I guess.
What if you manage to push that command to Jr and then try to downgrade?!

When I was stuck on v2.2.6 and was trying to find a way to downgrade I tried to send that command through by editing 3w file by adding this line, only thing I got was SD card error on the Jr LCD so in theory it had some kind of a effect I guess.
But again, back then I didn't know about boot loader mode so scrapped this idea.

Now I'm on v2.2.0 and not very keen deliberately upgrade to v2.2.7 to try this out...
But if you are stuck on v.2.2.7 and have some spare time - I'd suggest you to look into this, you could be the guy who finds a way to downgrade...

Good luck and I'll do my best if you ever need my help.

For those who interested and haven't seen this content, see below all the code commands.

/* 
  CommandSet.strings
  XYZprinting-daVinic
  Created by Alex Lin on 11/21/13.
  Copyright (c) 2013 XYZPrinting Inc. All rights reserved.
*/

"prefix"              = "XYZ_@3D:";
//"disconnect"           = "XYZ_@3D_S10_X";
//"connect"              = "XYZ_@3D_S10_0";
//"start print"          = "XYZ_@3D_S10_1";
//"test case"            = "XYZ_@3D_S10_2";
//"uploadFirmwareBinary" = "XYZ_@3D_S10_3";
//"uploadGCodeText"      = "XYZ_@3D_S10_4";
//"queryExtruderTemperature" = "XYZ_@3D_S10_101";
//"getStandardInfo"      = "XYZ_@3D_S10_102";
//"getAdvancedInfo"      = "XYZ_@3D_S10_103";

"disconnect"             = "XYZ_@3D:-1";
"connect"                = "XYZ_@3D:0";
"startOnlinePrint"       = "XYZ_@3D:1";
"testPrinter"            = "XYZ_@3D:2";
"injectManualCommand"    = "XYZ_@3D:2";
"uploadFirmwareBinary"   = "XYZ_@3D:3";
"uploadGCodeText"        = "XYZ_@3D:4";
"latestBlockSent"        = "XYZ_@3D:900";
"uploadBinaryDidFinish"  = "XYZ_@3D:901";
"uploadGCodeDidFinish"   = "XYZ_@3D:902";
"queryMachineLife"       = "XYZ_@3D:5";
"queryEEPROM1"           = "XYZ_@3D:6";
"queryEEPROM2"           = "XYZ_@3D:7";
"queryMachineStatus"     = "XYZ_@3D:8";
"queryPrinterStatus"     = "XYZ_@3D:8"; // same as machine status
"getStandardInfo"        = "XYZ_@3D:931";
"getAdvancedInfo"        = "XYZ_@3D:932";
"uiEnglish"    = "XYZ_@3D:20";
"uiJapanese"   = "XYZ_@3D:21";
"uiFrench"     = "XYZ_@3D:22"; // not support yet
"uiGerman"     = "XYZ_@3D:23"; // not support yet
"uiSpanish"    = "XYZ_@3D:24"; // not support yet
"uiItalian"    = "XYZ_@3D:25"; // not support yet
"uiPortuguese" = "XYZ_@3D:26"; // not support yet
"uiLatin1"     = "XYZ_@3D:27"; // not support yet
"uiLatin8"     = "XYZ_@3D:28"; // not support yet
"uiTraditionChinese"  = "XYZ_@3D:81"; // not support yet
"uiSimplifiedChinese" = "XYZ_@3D:82"; // not support yet
//example "XYZ_@3D:101,1"
//example "XYZ_@3D:101,2"
//example "XYZ_@3D:103,2"
"turnExtruderON"           = "XYZ_@3D:101,%x"; // should pass the extruder bitmask
"turnExtruderOFF"          = "XYZ_@3D:102,%x";
"queryExtruderTemperature" = "XYZ_@3D:103";
"enableDowngradeFW"     = "DAVCFW_82895_203811@";
"diableFakeCheck"       = "XYZ_@3D:9376\nXYZ_@3D:1423\nXYZ_@3D:5192\nXYZ_@3D:6810";


// response from device (printer)
"accept"  = "XYZ_@3D:start";
"Welcome" = "Welcome:";
"sdforamt" = "DAVSDF@\n";
"sdsendata" = "DAVCPY@";

If you're on at all recent firmware you're going to need to use version 3 of the serial protocol. See here for my implementation of that, which supports basically all the operations you can do over serial with the Jr: https://gitlab.com/anthem/py-threedub

Unfortunately, v3 of the protocol supports basically no interesting operations. You can start a print, attempt a firmware upgrade (and no, even with this I had no luck downgrading from 2.2.7), and get printer status, and that's about it.

I also had no luck using v1 (DAV- commands) or v2 (XYZ_@3D- commands) with the Jr. It just doesn't respond to them.

Now, here's an interesting thing -- I think there are some kind of password "salt" values that *might* be used to generate the chip passwords. There is a command, XYZv3/config=, which is used at the beginning of a print job to push what appears to be four 16-bit integer values:

XYZv3/config=pda:[1591]
XYZv3/config=pdb:[4387]
XYZv3/config=pdc:[7264]
XYZv3/config=pde:[8046]

I don't know what exactly these do, or what happens if you push different values, or in a different order. You can definitely start print jobs over serial without pushing these first, so if they are used for chip passwords then the firmware stores and re-uses the last values.

The reason I *suspect* these have something to do with the password algorithm is that, using the "0x0" chip ID and password that greatone76 generated a while back you can actually zero out the 12 least significant bits of the password for chip ID 0x0 by incrementally XORing the four values in the order (pdb, pde, pdc, pda) while shifting 4 bits left.

E.g.,

chip ID 0x0 password = 0x5ADBF8F3

Original password:
0x5ADBF8F3 = 1011010110110111111100011110011b

p = p ^ (pdb)
0x5ADBE9D0 = 1011010110110111110100111010000b

p = p ^ ((pdb ^ pde) << 4)
0x5ADB0D00 = 1011010110110110000110100000000b

p = p ^ ((pdb ^ pde ^ pdc) << 8)
0x5AC92000 = 1011010110010010010000000000000b

p = p ^ ((pdb ^ pde ^ pdc ^ pda) << 12)
0x5B888000 = 1011011100010001000000000000000b

So this is starting to look like some sort of checksum algorithm based on these four values. However, this simple sequence falls apart after the 12th bit and the rule no longer applies.

There's also some other aspect to this algorithm that ends up factoring higher bits of the ID (at least when non-zero) into the least significant bits of the password, since as you can see the password for chip id 0x1 is far different from that for chip id 0x0.

Also interesting is the fact that there are certain chip IDs that reproduce the same password. There are a few examples of this in greatone76's generated passwords:

    (0x00000100000000, 0x44F5BB33)
    (0x00010000000000, 0x44F5BB33)

    (0x00000000010000, 0x9C18EBFF)
    (0x00000001000000, 0x9C18EBFF)

    (0x00000000000001, 0xABAA7D46)
    (0x00000000000100, 0xABAA7D46)

So there's some sort of symmetry or omission that occurs between bits 1 and 3, 5 and 7, and 9 and 11 that makes them either factor the same into the password, or the algorithm ends up ignoring them in some cases.

In any case, I never got much further than that. Long story short I ended up upgrading to 2.2.7 just after learning how to use my logic analyzer, then I fried my stock firmware and ended up converting to RAMPS 1.4 anyway.

I've read much of this thread, but I must confess it is a bit of a tangle in my head.
I recently acquired a Jr with firmware v2.3.0.  Will I be able to reset the NFC chips successfully?

Hi all

I have been following the thread for a while and now I figured I would give it a try, but I have a few questions that I was hoping you would be able to answer.

1. I have had my printer since January but I haven't upgraded my firmware so I am still running 1.0.4. Will this be a problem in terms of hacking the NFC chip?

2. Are there any significant benefits in upgrading the firmware to a newer version and where would I be able to find 2.2.4 if there is a good reason to upgrade?

3. I will be using an Arduino setup with a NTAG reader/writer as described in the instructable from great one76 but I am not skilled enough to find "hack" the password of my NFC chip. Would anybody be able to help with this or is there a description on what hardware to use and how to do it?
So far I am able to read the info of the NFC chip but I am kinda stuck here.

@daev80 - initially I've bought NFC code of eBay but later on got Logic Analyser of eBay for £5 delivered and unlocked all my NFC's as per Bozotclown1970 instructions. Piece of cake.
Firmware wise, when I bought my Jr it had v1... on as well and after upgrading to v2.2.4 I haven't seen any improvements what so ever. Just don't do it, you don't want to upgrade to v2.2.8 by accident.

dave80,

I'm not saying you have to buy it from ebay, but the following is what I am using.

http://www.ebay.com/itm/USB-Logic-Analy … rmvSB=true

Hi together,

today I've downgraded my firmware to 2.2.4 and I've ordered a nfc key from greatone76. But now I have another question to the community:
is it possible to set the temperature on the nfc tag to zero?
The reason for this question is, I use the simplify3D software and some very different pla with very different temperatures. Some of this pla uses temperatures lower than 190°C but with the nfc temperature of 190°C the printer use this temperature instead of the temperature from Simplify3D. If the pla-temperature is higher than 190°C than the Printer use the higher one.

Ralph

@kr15_uk: in S3D is a funktion "wait antil the temperature is stable". With this function enabled it works fine and with stable temperature, but only if the temp is higher than 190°C!

Anyone want to buy working Jr logic board running firmware v2.2.0?!
It's working fine with hacked NFC chips and is fully functional.
I can throw in some hacked NFC chips as well, I think I have 4x of them.

Reason why I want to sell is that I want to do RAMPS conversion.

I'm from UK though and doubt that international shipping is worth the money.

If you are interested please PM me.

Ladies and gents,

I've listed my Jr Logic Board running firmware v2.2.0 + 4x hacked NFC chips with passwords on eBay.
UK Sale ONLY. If you are desperate and not from the UK I'll accept international sale if you'll arrange currier like DHL which will collect item from me. Sorry but I can't control what happens to it when it leaves island so yeah...

Also if it seams pricey - well I need to cover eBay fees + RAMPS cost etc...
Also you can get decent filament for as low as £10 for 1kg PLA, Jr 0.6kg spool were +/- £25 do +/- £40 per 1kg
My math says that logic board will pay off after 1.5-2x spools of cheap filament.

https://www.ebay.co.uk/itm/122138030695

Also if anyone from UK is looking for cheap decent filament, just search Amazon "excelvan pla 1.75", cheapest I could find which produces fair quality prints. Bought it as prototyping filament but ig turned out to be quite better than I've expected.
I'm not being paid to advertise this filament, didn't received any free stuff or what so ever.