Hi,
I have one working pricer 16954 and a battery disconnected 16955.
By capturing the base station communications, and analyzing the captures, we could find out how to init the labels and upload the firmware directly.
Most likely the BS automatically reinits the rebooted or "lost" tags when the label attempts to contact the BS, so we could also capture the firmware.
Could use Flipper0 IR Scope, a custom TagTinker sniffer mode, alternatively a mitm logger on the pricer's IR transceiver.
If anybody has access to a Base Station, the procedure should be quite simple, if nobody then we can still sniff the hard way.
We could learn a lot from this experiment, a custom firmware would also be great.
Ideas?
PS: Thanks for this cool Tinkering project! 👍
Hi,
I have one working pricer 16954 and a battery disconnected 16955.
By capturing the base station communications, and analyzing the captures, we could find out how to init the labels and upload the firmware directly.
Most likely the BS automatically reinits the rebooted or "lost" tags when the label attempts to contact the BS, so we could also capture the firmware.
Could use Flipper0 IR Scope, a custom TagTinker sniffer mode, alternatively a mitm logger on the pricer's IR transceiver.
If anybody has access to a Base Station, the procedure should be quite simple, if nobody then we can still sniff the hard way.
We could learn a lot from this experiment, a custom firmware would also be great.
Ideas?
PS: Thanks for this cool Tinkering project! 👍