Do not use Windows tools flasher

[chuckhacker]

I used Windows tools to dump the firmware. My SHA256 hash was: aa79d2e4f9114f8f9162b52a321eb4cf4d123db9ad55d4c2e08b5716fcaea25f

The firmware version is SX567-401 but the hash is different(!)

Edited this issue since many things have been discovered:

• Linux flasher does extra steps to soft reset the device that Windows one does not, Windows one does not work (that's fine, just use Linux instead, w/e). Windows one "bricks" the device without the extra steps the Linux one does.
• The tamper check causes the device LCD to flash on and off (assuming this is the "we've detected tampering" behavior)
• The tamper check has been moved from F0 to F2 on this firmware (please confirm, happy to send the dump for educational / academic research purposes)... this is where the bne instruction is.
• I can get past the tamper check by nooping F2 instead of F0. However, the other modes (BiPap, etc.) simply do not work on my device when I patch with the mode bit vector set to all 1's (FF FF) instead of 3 and the tamper check bne instruction at F2 replaced with a noop.
• With full patcher, some of the extra menu options such as Ti and Breathe Easy cannot be modified. The options show up but the scroll wheel does not work.
• No air gets blown with BiPap mode.

Reverting back to stock firmware for now. Time to purchase a BiPap.

[cr2551]

I also used windows to dump the firmware, i got the same version and the same hash as you.
I only had trouble with the part of the code that checks to see if the hash is the same. I just commented out those lines. However, i do not get the extra options like easy breathe or back up rate. I only get to adjust the pressure settings except for Ivaps mode where i have settings for target Va and pt.

[darkflame808]

Oh boy. It's been quite some time since this thread popped up. However I would like to resurrect and say that I am in the same boat as you. Except I am not using Windows. I am using openocd on a M1 Mac Pro 16". My hash matches yours exactly. Could this be that rested updated firmwares without updating the versioning? To throw a wrench into this project?

Just curious if. you made progress. I have two more machines I am going to dump to see if they match. My gf gave me the thumbs up and I also have a spare unit I bought in case this one kicked the bucket. That one has never been powered up yet. I'll report back.

Also, if it is of any help, my gf has a aircurve isv unit. I'll dump that too! lol.

Ok. I read both of the other units. All three are showing this hash. I will stop as of now to avoid borking my units. Once I figure things out I'll dump the air curve. I hope some solutions come to light. Thanks everyone.