Success I have a working Quad again. The latest firmware I could find for the engineering samples (1229_SYS/0106_APP) doesn’t look very different from what I had, but at least I have no read protection any longer so further experimention should be easier. Thanks to those who have provided information on the forum, jpa and “embedded” in particular for the boot loader images and also the wiki ferries behind seeedstudio.com/wiki/DSO_Qua … g_Firmware and many more!
Some notes from this experience, for myself later and anyone else it might help:
The cp2102-based USB-UART device I bought for 3$ (item.taobao.com/item.htm?id=9667883527) actually sends on its RX pin, so it must be connected to RX on the Quad. Usually you connect RX1-TX2 and TX1-RX2 on two serial devices. but I guess the adapter labeling here is “the pin that should be connected to RX on the other device”… So pins 4-5-6 on the adapter (counting from the top on the photo) goes to 5-4-6 on the Quad CN7.
Neither stm32flash nor stm32loader support the “Readout Unprotect” command (0x92). For now I temporarily modified the “Write Unprotect” command of stm32flash to send it. I should not need to do this again often.
I had a lot of trouble using stm32flash to write boot loader, SYS and APP separately from hex files. Whatever I tried with its -s and -e options I ended up erasing one thing while writing another. So I prepared one big binary file instead, filling up the spaces between the hex file contents:
unrar x firmware.rar
unzip -x BootLoader\ v3.10.zip
arm-none-eabi-objcopy -I ihex -O binary 1229_SYS.hex 1229_SYS.bin
dd if=/dev/zero of=nulls-after-SYS bs=15486 count=1
arm-none-eabi-objcopy -I ihex -O binary 0106_APP.hex 0106_APP.bin
cat BootLoader\ v3.10.bin 1229_SYS.bin nulls-after-SYS 0106_APP.bin > total.bin
stm32flash -b 115200 /dev/ttyUSB0 -w total.bin
(I did not manage to use the bootloader by itself to load SYS and APP the “normal” way.)
I almost killed my Quad when putting the battery back after assembly. It is quite possible to force the connector in the wrong way. Luckily I could smell some overheating electronics and disconnnect in time. (Damage reports: viewtopic.php?p=6929#p6929)