Skip to content

device: dierya-dk68se#124

Closed
neduard wants to merge 141 commits into
carlossless:masterfrom
neduard:dk68se
Closed

device: dierya-dk68se#124
neduard wants to merge 141 commits into
carlossless:masterfrom
neduard:dk68se

Conversation

@neduard

@neduard neduard commented Apr 12, 2026

Copy link
Copy Markdown
Contributor

Closes #123

any feedback welcome!

Note the same device ID also shows up in #67

swiftgeek and others added 30 commits May 21, 2023 13:36
Board uses BYK801 FW / SH68F881 MCU
Tested with read / write operations, dumped contents match one obtained
from ICP mode (JTAG pins).
USB string descriptor was modified in the dump to provide a simple test case
for write feature
* output md5 checksums as part of the reading operation

* updated xinmeng-k916 bootloader md5
* test workflow

* install musl tools

* remove musl builds

* yml adjustment

* generate release notes

* action version update

* allow writting
* more limited and defined ihex handling

* error adjustments

* bump version
* Confirmed following functionality with Air75:
  * Reading bootloader, hash matches other NuPhy products
  * Reading full-flash
* Added Air75 part (another Air60 reference)
* Added minimum Rust version (let-else not stabilized before Rust 1.65 w/ PR rust-lang/rust#93628)
* reverted back to using hidapi instead of libusb, macos works

* set exclusive only for macos

* selecting hid-device path

* select only col4

* opening path

* conditionals for windows

* use a third request device

* identified some hid device paths

* try using two devices

* read and write use the same channel

* instantiate 2 devices instead of 3

* account for multiple devices

* cargo fmt

* nix flake updates and rustfmt

* reorganising error mapping

* clippy fixes

* find instead of filter and next

* more error handling

* d path fix

* using linux-static-libusb

* leaving only request device for macos, linux

* remove usage page check

* remove warning

* switch back to nightly

* add libusb

* install libusb for testing also

* remove arm targets while lack of cross-compiled libusb is causing problems

* corrected package name

* run workflow on push only

* return not found for win

* warning on return

* increase wait to 2secs
Changes here enable easy distribution of this tool as a nix flake.

Usage example:
```nix
{
  inputs = {
    flake-utils.url = "github:numtide/flake-utils";
    sinowealth-kb-tool.url = "github:carlossless/sinowealth-kb-tool";
  };

  outputs = { self, nixpkgs, flake-utils, sinowealth-kb-tool }:
    flake-utils.lib.eachDefaultSystem (
      system: let pkgs = nixpkgs.legacyPackages.${system}; in
        {
          devShells.default = pkgs.mkShell {
            buildInputs = with pkgs; [
              sinowealth-kb-tool.packages."${system}".default
            ];
          };
        }
    );
}
```
Bumps [rustix](https://github.com/bytecodealliance/rustix) from 0.38.8
to 0.38.20.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/bytecodealliance/rustix/commit/414309a2a685d872d0842b54296e5391f94a4dc2"><code>414309a</code></a>
chore: Release rustix version 0.38.20</li>
<li><a
href="https://github.com/bytecodealliance/rustix/commit/ce11b6c8cf59aae04b3c52514d5861ca978c4c66"><code>ce11b6c</code></a>
Miscellaneous documentation cleanups. (<a
href="https://redirect.github.com/bytecodealliance/rustix/issues/887">#887</a>)</li>
<li><a
href="https://github.com/bytecodealliance/rustix/commit/a59a1918e230519b40f72063acdc3a84e6d4cdf4"><code>a59a191</code></a>
Fix <code>sendmsg_unix</code>'s address encoding. (<a
href="https://redirect.github.com/bytecodealliance/rustix/issues/885">#885</a>)</li>
<li><a
href="https://github.com/bytecodealliance/rustix/commit/e35481c9a7e09eb24d4d67a4def48aa661fd52b3"><code>e35481c</code></a>
Fix a documentation link.</li>
<li><a
href="https://github.com/bytecodealliance/rustix/commit/b8d7e00322407c2e623cf85b4e5b4aaa0234de43"><code>b8d7e00</code></a>
Miscellaneous documentation cleanups. (<a
href="https://redirect.github.com/bytecodealliance/rustix/issues/883">#883</a>)</li>
<li><a
href="https://github.com/bytecodealliance/rustix/commit/30a5ae174bc093f8e7ba812def0ca63fe2614867"><code>30a5ae1</code></a>
Add support for armv7-sony-vita-newlibeabihf. (<a
href="https://redirect.github.com/bytecodealliance/rustix/issues/882">#882</a>)</li>
<li><a
href="https://github.com/bytecodealliance/rustix/commit/702c54a39c051aeba54d0207c0e58adcf7544750"><code>702c54a</code></a>
Add documentation for how to do the equivalent of
<code>gethostname</code>. (<a
href="https://redirect.github.com/bytecodealliance/rustix/issues/880">#880</a>)</li>
<li><a
href="https://github.com/bytecodealliance/rustix/commit/3a53dfe16cddc39fd20ecfb07c7d78880cb3880a"><code>3a53dfe</code></a>
chore: Release rustix version 0.38.19</li>
<li><a
href="https://github.com/bytecodealliance/rustix/commit/55cbe8839c8a78896b7f1e5310b3bcf20f8b0ac5"><code>55cbe88</code></a>
Fixes for <code>Dir</code> on macOS, FreeBSD, and WASI.</li>
<li><a
href="https://github.com/bytecodealliance/rustix/commit/31fd98ca723b93cc6101a3e29843ea5cf094e159"><code>31fd98c</code></a>
Merge pull request from GHSA-c827-hfw6-qwvm</li>
<li>Additional commits viewable in <a
href="https://github.com/bytecodealliance/rustix/compare/v0.38.8...v0.38.20">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rustix&package-manager=cargo&previous-version=0.38.8&new-version=0.38.20)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/carlossless/sinowealth-kb-tool/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Changes here allow the user to override the default options for the
specified part, or provide all of the options necessary to interface
with a part that hasn't been added to the parts list in this tool.

Example with custom part:
```sh
sinowealth-kb-tool read \
    --flash_size 61440 \
    --bootloader_size 4096 \
    --page_size 2048 \
    --vendor_id 0x05ac \
    --product_id 0x024f \
    foobar.hex
```

Example with overriding options:
```sh
sinowealth-kb-tool read \
    -p nuphy-air60 \
    --vendor_id 0x05ac \
    --product_id 0x024f \
    foobar.hex
```

@carlossless carlossless left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like in addition to a new BYKxxx label there's also new bootloader version. Can you please confirm that the hash is for a bootloader only read and it was printed out by sinowealth-kb-tool?

If so, can you please share the dump with me?

Comment thread README.md Outdated
Co-authored-by: Karolis Stasaitis <stkarolis@gmail.com>
@neduard

neduard commented Apr 13, 2026

Copy link
Copy Markdown
Contributor Author

Hey @carlossless thanks for the comment, I think the bootloader MD5 (620f0b67a91f7f74151bc5be745b7110) is a "known" one looking at the "Bootloader Support" section in the readme.. However, it seems to be all zeros so I'm guessing it's not able to read it?

$ target/debug/sinowealth-kb-tool read --device dierya-dk68se -s bootloader bootloader.bin
...
Connected!
Enabling firmware...
Reading...
Rebooting...
MD5: 620f0b67a91f7f74151bc5be745b7110
Successfully read 4096 bytes - bootloader.bin

$ hexdump bootloader.bin
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
0001000

$ md5sum bootloader.bin
620f0b67a91f7f74151bc5be745b7110  bootloader.bin

The actual firmware is indeed new:

$ target/debug/sinowealth-kb-tool read --device dierya-dk68se dump.hex
....
Connected!
Enabling firmware...
Reading...
Rebooting...
MD5: e611dacbc710b758a6fbcc3bcc648b7b
Successfully read 61440 bytes - dump.hex

here it is: https://gist.github.com/neduard/98858d988339070cf7f5ea24902f69ce

Also, do lmk if you need any help with testing / reverse engineering. I've been trying to run it through r2 and cross-referencing with smk source code but couldn't get very far (apart from ISRs, entry at 0x4152 & noticing the USB info at 0x16c0). If you have some tips on what your workflow is that would be hugely appreciated 😊

@carlossless carlossless left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I see. Thanks for the detailed answer. The entry in the readme misled me, please address it, and we'll get this merged in :)

Comment thread README.md
| Yinren R108 | 3e0ebd0c440af5236d7ff8872343f85d | SH68F90A | BYK916 | ✅ | ✅ |
| Yunzii AL66 | 3e0ebd0c440af5236d7ff8872343f85d | SH68F90A | SH68F90AS | ✅ | ✅ |
| Yunzii AL71 | 2d169670eae0d36eae8188562c1f66e8 | SH68F90A | SH68F90AS | ✅ | ✅ |
| Dierya DK68SE | e611dacbc710b758a6fbcc3bcc648b7b | SH68F90A | BYK903 | ✅ | ✅ |

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should hold the bootloader md5, not the main firmware

Suggested change
| Dierya DK68SE | e611dacbc710b758a6fbcc3bcc648b7b | SH68F90A | BYK903 |||
| Dierya DK68SE | 620f0b67a91f7f74151bc5be745b7110 | SH68F90A | BYK903 |||

carlossless added a commit that referenced this pull request Jul 11, 2026
Adds the Dierya DK68SE (VID 0x258a / PID 0x013b, SH68F90A, BYK903
bootloader). Read and write tested on Linux.

The ISP MD5 column holds the bootloader hash (620f0b67…, the shared
all-zero/unreadable bootloader image), not the stock firmware hash.

Cleaned up and rebased onto current master from #124; closes #123.

Co-authored-by: Karolis Stasaitis <karolis.stasaitis@heyjobs.de>
@carlossless

Copy link
Copy Markdown
Owner

Changes applied in #135

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[device-report] Dierya DK68SE