Rooting/Modding the OP1?

Hey everyone!


Has anyone tried to reverse engineer their firmware? I’d bet there is a decent group of coders and developers among OP-1 fans. I would really love to contribute code to the firmware, coming up with my own synths and FXs and stuff.

My OP1 crashed once before and it showed the file path on the hardware, which gave me reasons to believe that the OP1 uses a Linux-like system with C++ as the main language for different components. However, I believe the .op1 firmware file is compressed and I couldn’t find its compression format, therefore I can’t really access the source files.

Any input on this would be appreciated!

Someone around here says they did get into the firmware with a way to mod it, but out of respect for TE left it alone and won’t divulge how they did it. Iirc it involved a hex editor or binary converter or something

Someone around here says they did get into the firmware with a way to mod it, but out of respect for TE left it alone and won't divulge how they did it. Iirc it involved a hex editor or binary converter or something

I couldn’t find anything related to that after a quick search. :frowning: Would really love to PM that guy if I can.

Isn’t the firmware a compiled code file? As in, unless you have the ability to convert from compiled code back to human-readable, it doesn’t seem likely. For example, you can get the source code to Linux, but you can’t just boot up Linux and pop into the kernel and start adding things. It is compiled (which removes comments and other formatting) so that the computer can read it efficiently. Computers don’t read the comment sections.

they bought a license from some fancy processor company blackwell? maybe or something. basically its a very powerful but very closed down system. I.e. some company actively works to stop exactly this and TE signed on. I wouldnt bother. doesnt mean its impossible.

The Analog Devices SHARC Blackfin DSP @masterofstuff124 - iirc the SDK is $1000 per license

We could petition TE to get plug-in support for user-written synth engines and the like. Maybe in the 2017 update :slight_smile: I’d definitely be interested.

That guy is @husker, but he only broke into the firmware package (like a zip/tar file). He mentioned the actual code files are all encrypted, so hacking is a no no…

the firmware is just a tar file with the first 4 bytes inserted as a checksum


there is a sqlite db with the presets, etc that I deleted the factory presets from to see if there would be more room for custom presets, but no change (the limits are hard coded, not based on available space according to a comment by TE)

given the OP-1 is not open source and TE are alive and well and still developing for it there’s no reason/justification for hacking it at this stage

it would be possible in the future to customise the firmware with new presets without much difficulty, but actually modifying the Blackfin DSP code (without source code) is a whole different level of challenge

Blackfin processors support signed code security, meaning that even if the DSP code is not encrypted, any changes will cause it to be rejected.

Guys…I can tell you that you can get around code signing. In the context of the exercise we are talking about - it’s really just a layer that can be bypassed. And it’s actually not the trickiest layer to bypass.


In an attempt to reverse engineer the object code, what would cause me more pain would be if an obfuscation utility had been used during compilation/assembly. Source code that has been reverse-compiled can be difficult to read at the best of times, but obfuscation makes it a whole lot worse. In practical terms you end up with a smaller number of recognisable “surface areas” on which to make alterations. And it makes the whole process take a lot longer.

CB

Wow! Thanks for the feedback guys! Apparently I’m not the only one interested in modding!


So yeah! Given that there wasn’t much information here last night, I went ahead and did some reverse engineering myself. I was able to figure out most of the stuff you guys mentioned. Here’s few more points that I noticed:

There exist two files named “te-boot.ldr” and “OP1_vdk.ldr” in the decompressed firmware folder. They are not in any typical file format AFAIK, but more sort of the concatenation of many different files.

The beginning of the OP1_vdk file looks completely unreadable. But there are all also readable codes inside that look like part of an update, specific instructions to modify certain lines of the source code. Heck, I even found full lines of SQL commands inside. I have reasons to believe that these are not debugging info or data dump because they look far too specific. It is also very inefficient for TE to include debugging info into what’s already a tiny memory on the OP-1.

Given that the update consists of direct source file modifications, I believe there’s a source file codebase on the ROM of the TE somewhere, or maybe in those encrypted gibberish blocks.

Utilizing the fact OP-1 uses sqlite dbs and the fact there’s a clear file path showing cpp source file location, I believe an SQL injection would be able to get us what we need.

However, I’m not comfortable doing this immediately cause I have basically no knowledge on the OS running on OP-1 at this minute. Nor do I know if the OP-1 is capable of a clean firmware wipe if I mess something up substantially.

So at this point, more research is needed.

AFAIK, modifying the firmware on my own piece of hardware without releasing the source code doesn’t violate any regulations.

As to why I’m trying to mod a system that still has updates coming? Welp, I’m tired of waiting for said update and got some free time on my hands :wink:

I would also love more inputs and potential collaborations on this.

Cheers~!

There are open source Blackfin tool chains and whatnot. The Blackfin wiki talks about it. Now whether you could use that to write purely home brew code to run on the OP-1 hardware is completely beyond me.

I personally would not reverse engineer this codebase without TE’s blessing.

Up to you of course. The subject of reverse engineering could be debated from here to kingdom come. But at some point you need to pick a side of the fence. As an ex-developer I’ve picked my side and just want to make my position known.

Good luck with whatever approach you choose.

CB

I personally would not reverse engineer this codebase without TE's blessing.

Up to you of course. The subject of reverse engineering could be debated from here to kingdom come. But at some point you need to pick a side of the fence. As an ex-developer I’ve picked my side and just want to make my position known.

Good luck with whatever approach you choose.

CB

Any particular reasoning you would give?

There are open source Blackfin tool chains and whatnot. The Blackfin wiki talks about it. Now whether you could use that to write purely home brew code to run on the OP-1 hardware is completely beyond me.

Yep I saw them online, but if the update block of the file is actually what I think it is, there should be a pre-built compilier on the OP-1 already. I would very much rather not touch blackfin-related stuff until the last resort.

aside from it possibly damaging your op1; it could damage TE reputation. how good is china at shitting out clones of things? might just hurt their market share. I grew up in a world were i can literally have anything digital i want instantly for free. so I know which side im on. But it doesnt change that some of these actions can have repercussions.

as a side note i think doing these things is perfectly fine. its how engineers stay up to date. they buy some one else’s product dissect it and learn from other peoples efforts. it happens all the time. its the publication of it thats dangerous. But that is the world we live in. I hate how hushhush reverse engineering is. and is why i LOVE the open source movement. I wish people were just more excited about tech. i think that would solve many of these problems. people dont want to have an opinion on tech. they dont want to understand it. they act like they are entitled to it. oh well one geek’s view.

morale of the story do it. dont expect TE’s blessing. and please have some common sense and dont sell it.

This isn’t going to damage TE any more than hacked versions of OS X running on PC laptops hurts Apple. If “China” wanted to crap out a clone of the OP-1 a dedicated hacker is not the thing that stands in their way.

That said, I would be way too paranoid to run anything unauthorized on my OP-1.