Hmm, strange to have it read-protected. Mine wasn’t (HW 2.6).
I don’t see an error message like ‘File error 04’ anywhere in the published source code. Furthermore, in the DFU version I have atleast, there is no way to upgrade by “copying over the hex files in normal mode then resetting to DFU mode to upgrade”.
This topic may or may not be of help:
viewtopic.php?f=22&t=2519
I have one of the early engineering samples, HW 2.2. That might explain why it is so different.
The message is from the DFU boot loader, and this source has not been published, right? Why doesn’t this upgrade procedure work on the newer hardware/firmware? Doesn’t the DFU detect files that are already there, only those being copied?
Thanks! Looks like I saw that thread sometime, but totally forgot about it 
The question is if your boot loader is compatible with my hardware. I guess I don’t have much to lose by trying though. I am pretty much stuck. My only other option would be to rewrite the flash drive with an external circuit, or something like that…
And the fact that the USB drive functionality doesn’t work in DFU, but works (worked 
) in “normal” mode indicates that my old DFU is quite broken anyway.
Success 
I have a working Quad again. The latest firmware I could find for the engineering samples (1229_SYS/0106_APP) doesn’t look very different from what I had, but at least I have no read protection any longer so further experimention should be easier. Thanks to those who have provided information on the forum, jpa and “embedded” in particular for the boot loader images and also the wiki ferries behind seeedstudio.com/wiki/DSO_Qua … g_Firmware and many more!
Some notes from this experience, for myself later and anyone else it might help:
The cp2102-based USB-UART device I bought for 3$ (item.taobao.com/item.htm?id=9667883527) actually sends on its RX pin, so it must be connected to RX on the Quad. Usually you connect RX1-TX2 and TX1-RX2 on two serial devices. but I guess the adapter labeling here is “the pin that should be connected to RX on the other device”… So pins 4-5-6 on the adapter (counting from the top on the photo) goes to 5-4-6 on the Quad CN7.
Neither stm32flash nor stm32loader support the “Readout Unprotect” command (0x92). For now I temporarily modified the “Write Unprotect” command of stm32flash to send it. I should not need to do this again often.
I had a lot of trouble using stm32flash to write boot loader, SYS and APP separately from hex files. Whatever I tried with its -s and -e options I ended up erasing one thing while writing another. So I prepared one big binary file instead, filling up the spaces between the hex file contents:
unrar x firmware.rar
unzip -x BootLoader\ v3.10.zip
arm-none-eabi-objcopy -I ihex -O binary 1229_SYS.hex 1229_SYS.bin
dd if=/dev/zero of=nulls-after-SYS bs=15486 count=1
arm-none-eabi-objcopy -I ihex -O binary 0106_APP.hex 0106_APP.bin
cat BootLoader\ v3.10.bin 1229_SYS.bin nulls-after-SYS 0106_APP.bin > total.bin
stm32flash -b 115200 /dev/ttyUSB0 -w total.bin
(I did not manage to use the bootloader by itself to load SYS and APP the “normal” way.)
I almost killed my Quad when putting the battery back after assembly. It is quite possible to force the connector in the wrong way. Luckily I could smell some overheating electronics and disconnnect in time. (Damage reports: viewtopic.php?p=6929#p6929)
Congrats!
I think I have borked my Quad (engineering sample) while trying to upgrade the firmware. In DFU mode I never got a USB connection, so I was copying over the hex files in normal mode then resetting to DFU mode to upgrade. Now I am stuck with a “File error 04 Offset: 00007226”, and the normal mode is broken (it just displays SYS version, but no APP version). BTW, I did checksum the copied hex file on the USB drive, even after power cycling, before going to DFU, so I don’t know what went wrong.
Anyway, I guess the STM32 serial boot loader is the only way out of this, so I need to open the case. I have removed the battery and the 4 screws in the corners. But I am not able to separate the screen part from the chassis, it seems stuck on the middle of the long sides. So before I break off anything, can anyone me tell what the trick is? Is it glued and needs brute force or should I press something sharp into some opening?
UPDATE: Got it open with brute force, without breaking anything. Now wish me luck 
UPDATE2: When looking for info on the CN7 connector I discovered this manual http://www.4tronix.co.uk/files/DS203_Manual.pdf which even has assembling instructions, although not for disassembly I haven’t seen this document in the official or community lists.
Now I have the serial boot loader hardware and software (stm32flash) set up. However, it seems that the flash has been read-protected - which also makes it impossible to write to it - so I will have to clear the whole flash by running read-unprotect. Which means I have to restore the whole flash, including the “DFU” boot loader. I haven’t seen this file around. Can anyone please provide this image?