Xiaomi has released new 2.1.1 firmware

[micturkey]

It seems that the way to update firmware using telink flasher has been forbidden.

[atc1441]

Thank you for the hint.
That really reads like they closed it

[pvvx]

Not closed, but changed the "activation". + Changed the "advertising interval" to 2100 ms
"Login", works with known keys. OTA also works.
Set "Mi Token", "Mi Bind Key" and press "Login":

A piece of the activation log (sniffer + MiHome):
"Sent Read Request, Handle: 0x00xx" abbreviated as "Send enc_XX".
"Rcvd Read Response, Handle: 0x00xx" abbreviated as "Rcvd enc_XX".

// > Checking for transmission with MTU size
Send enc_10: a4 // Test MTU
Rcvd enc_19: 000004000612 // ?
Send enc_19: 000005000612
Rcvd enc_19: 0000040112121212121212121212121212121212
Send enc_19: 0000050112121212121212121212121212121212
// > Get Device id
Send enc_10: a2000000 // SYS_DEV_INFO_GET
Rcvd enc_19: 000000000200 // ?, 2 blks
Send enc_19: 00000101
Rcvd enc_19: 01000200000000626c742e362e316667336a736f
Rcvd enc_19: 0200726f73673030
Send enc_19: 00000100 // ACK
// ????
Send enc_10: 15000000 // REG_START_WO_PKI
Send enc_19: 000000030400 // ECC_PUBKEY?, 4 blks
Rcvd enc_19: 00000101
Send enc_19: 01003b412a2b060a1d7da21033ff4e584bf4f8f3
Send enc_19: 02001a9dee5c4dc95e198c4bc3be5953d6babfdb
Send enc_19: 0300415a9eda4e42ac53e864d1ebd6c9b4616ce5
Send enc_19: 04004c9f1e094e30fc77ce51 // 18*3+10=64 bytes
Rcvd enc_19: 00000100 // ACK
Rcvd enc_19: 000000030400 // ECC_PUBKEY?, 4 blks
Send enc_19: 00000101
Rcvd enc_19: 010025c4faa9e119108b3133915e663ee3d4d0fb
Rcvd enc_19: 02009ada216d9d91928725dea0bb88f44639f8a1
Rcvd enc_19: 0300bb69a33f849bdbb0c2be2b8910271244c5dd
Rcvd enc_19: 04006bc5edefc593dc2d8557 // 18*3+10=64 bytes
Send enc_19: 00000100 // ACK

Send enc_10: 13000000 // REG_VERIFY_SUCC
Send enc_19: 000000000600   // DEV_SHARE_INFO?, 6 blks
Rcvd enc_19: 00000101
Send enc_19: 01001904e3c44b8ab77b3e2f9b7371b4606d9a8a
Send enc_19: 0200e7c71cc8bc712b7d080af2153d8638b7701e
Send enc_19: 0300ab70d36fceb296c3f8805d4073216e542f93
Send enc_19: 0400523da93c45061966487db32dd32936159b3e
Send enc_19: 05006739aa0281d368eac3205bc87d419ebc838e
Send enc_19: 06007457 // 18*5+2=92 bytes
Rcvd enc_19: 00000100 // ACK

Send enc_19: 000000071600 // SERVER_CERT?, 22 blks 
Rcvd enc_19: 00000101
// send certificate: https://github.com/Ai-Thinker-Open/Telink_SIG_Mesh/blob/master/example/AT_Ali_Mesh/mesh/mi_api/certi/cryptography/mi_crypto.c#L46
Send enc_19: 0100308201773082011ea003020102020101300a
Send enc_19: 020006082a8648ce3d0403023022311330110603
Send enc_19: 030055040a130a4d696a696120526f6f74310b30
Send enc_19: 04000906035504061302434e3020170d31363131
Send enc_19: 050032333038323032355a180f32303636313131 
Send enc_19: 0600313038323032355a30233114301206035504
Send enc_19: 07000a0c0b4d696a696120436c6f7564310b3009
Send enc_19: 080006035504061302434e3059301306072a8648
Send enc_19: 0900ce3d020106082a8648ce3d03010703420004
Send enc_19: 0a00a752ecd44b6b3b17abc34f8300c6320f2e4c
Send enc_19: 0b00bec57a51034b5ecadf7347d745df8c3dbcfa
Send enc_19: 0c00aedb67b04cace5aff798182e43c5a444b627
Send enc_19: 0d00c2d7f361629d3f914802a3423040301f0603
Send enc_19: 0e00551d2304183016801496b7a27c39b1b96633
Send enc_19: 0f00a9f8d109b20060c8e6c511301d0603551d0e
Send enc_19: 1000041604145a29bffb2fb7500ce9c420f23d89
Send enc_19: 11009b6fe0803293300a06082a8648ce3d040302
Send enc_19: 1200034700304402205eb096d630f92f092ae39d
Send enc_19: 13001356f836c529697a355d765f4eccce785b89
Send enc_19: 14009a6d1602207e206b22aa04e6dee818c7d4c4
Send enc_19: 150080e5fabd99074bdecf45346e37f1cffd8646
Send enc_19: 160090 // 18*22+1=397 bytes
Rcvd enc_19: 00000100 // ACK
Rcvd enc_10: 11000000 // REG_SUCCESS

[atc1441]

Thanks Victor,
So the activation part is not cracked right now, and you need to currently get the set key first from the app etc. to OTA ?

I would expect them to sign the activation on the server side with an unknown private key but lets hope not

[thazro]

Can i downgrade via Uart? With correct key/token cannot downgrade or change fw. Even if login is correct and OTA seems to work, it doesn't .

[pvvx]

I haven't clarified the whole process yet.
There is an assumption that the OTA firmware is signed with an additional key.
The "OTA" procedure itself always works, but at the end the "OTA" code itself may not be included. Previously, for some variants of thermometers, the signature was the correct "CRC" of the OTA code.

It is quite possible that because of these "security worries" Xiaomi has changed the activation and "OTA":
https://francozappa.github.io/publication/2023/espoofer/

PS: I can't clarify because I adhere to the "user agreement" in "MiHome". It is forbidden to view their code and other manipulations with it. And no one wants to publish the binary file of the new official firmware for public access :)

[maltiboi]

is this going to get fixed please? thank you

[Tim-The-Woodsman]

And I just updated the firmware without checking in here 😞

[wwnkrull]

I've made the same mistake by updating to the latest firmware. Hope this will be fixed soon.
Thanks guys for all the hard work!

[PerssonNiklas]

So for those of us who updated to the latest firmware, is there any way to downgrade when the flasher does not connect due to being on unsupported firmware? Catch 22 situation!

[igorlesiv]

I also can't flat on 2.1.1_0159 version, let me know please it if possible or not. Thanks!

[pvvx]

At the moment, you can only write another firmware using a hardware programmer.

[PerssonNiklas]

At the moment, you can only write another firmware using a hardware programmer.

How would I go about doing that?

[kri5to]

damn, got it with the new firmware so cant install the custom also :(
Is there a hope to get the upgrade soon ?

[pvvx]

A hint may occur when a new version is released. When it will be possible to upgrade version 2.1.1_0159 in Mi Home to the next one.

[e-caliskan]

To go back to the old version (Original_OTA_Xiaomi_LYWSD03MMC_v1.0.0_0130.bin );
To do this, you must remove your temperature sensor and connect it with the cables by following the steps below.
This is how I solved my problem.
I'm sorry for my bad english.

1. https://github.com/pvvx/ATC_MiThermometer/blob/master/Original_OTA_Xiaomi_LYWSD03MMC_v1.0.0_0130.bin download
2. https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html
3. 
4. 
5. File select Original_OTA_Xiaomi_LYWSD03MMC_v1.0.0_0130.bin
6. Write to flash

[pvvx]

@VonalOrdu

1. The contact on the PCB marked as "reset" is not an RST signal for the TLSR825x SoC !
2. https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html - does not use RX pin, resistor and connection RX is not needed !

[e-caliskan]

@VonalOrdu

1. The contact on the PCB marked as "reset" is not an RST signal for the TLSR825x SoC !
2. https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html - does not use RX pin, resistor and connection RX is not needed !

I have no idea about this.
I succeeded by doing this.
Maybe it will happen if you do as you say.
I used the suggestion below.

https://github.com/atc1441/ATC_MiThermometer/blob/master/Mi_SWS_Connection.jpg

[pvvx]

The very name of the utility describes: TLSR825x USB-COM Flash Writer v0.4 (TX-SWS only!) :)

The picture is from another version of the programmer - https://github.com/pvvx/TlsrComSwireWriter - does not work on FTDI chips!

Comment edited: Fixed a link error.

[e-caliskan]

The very name of the utility describes: TLSR825x USB-COM Flash Writer v0.4 (TX-SWS only!) :)

The picture is from another version of the programmer - https://github.com/pvvx/TlsrComProg825x - does not work on FTDI chips!

Are you saying that I am enough like this?

[pvvx]

Are you saying that I am enough like this?

Yes

[e-caliskan]

Are you saying that I am enough like this?

Yes

python.exe TLSR825xComFlasher.py -p COM3 -t 70 wf 0 Original_full_flash_Xiaomi_LYWSD03MMC.bin

Why didn't this method work?
"Chip sleep? -> Use reset chip (RTS-RST): see option --tact"
It was giving error.

https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html

This method worked. Thank you very much for your sharing.

[pvvx]

Why didn't this method work?

https://github.com/pvvx/TlsrComSwireWriter - does not work on FTDI chips! (Only Chinese USB-COM chips)

On FTDI chips, reception is performed by checking bitwise synchronization with the removal of bad characters from the buffer with error generation, which does not allow emulating "Telink Swire".

https://github.com/pvvx/TlsrComProg825x - this programmer uses a loader that switches to work with the RX and TX chip UART pins.
It takes a lot of wires...

---

https://github.com/pvvx/ATC_MiThermometer#the-usb-com-adapter-writes-the-firmware-in-explorer-web-version

[ceinmart]

Hi,
I just made the same mistake as everyone here.
I bought two of these sensors and was planning to flash them and use them with a BLE Tracker on my Home Assistant.
However, curious to see how it works originally I did the firmware upgrade when added to mihome app.... stupid curious...

So, after sharing my disgrace...

How hard is to get one of this USB-COM board and use it to downgrade? any link from Aliexpress?
I get little confused about which board is compatible, which link should be used to do the downgrade, how is the right way to wiring...
Please, can anyone share where to buy this USB-COM and a step-by-step how to downgrade the firmware ?

[thazro]

Hi, I just made the same mistake as everyone here. I bought two of these sensors and was planning to flash them and use them with a BLE Tracker on my Home Assistant. However, curious to see how it works originally I did the firmware upgrade when added to mihome app.... stupid curious...

So, after sharing my disgrace...

How hard is to get one of this USB-COM board and use it to downgrade? any link from Aliexpress? I get little confused about which board is compatible, which link should be used to do the downgrade, how is the right way to wiring... Please, can anyone share where to buy this USB-COM and a step-by-step how to downgrade the firmware ?

Hi. Downgraded using this ch340 usb to ttl rs232 converter:
https://www.aliexpress.com/item/32354359382.html?gatewayAdapt=glo2isr
Solder p14 on thermometer to txd
Solder Gnd to gnd
Solder + to 3.3V
Flash using:
https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html

[kimol88]

Maybe I can't differently, but flash by site only works on Windows "machine". On MacBook I bricked by flash. On Windows "machine" I recovery firmware without problems :)

[ceinmart]

Hi. Downgraded using this ch340 usb to ttl rs232 converter: https://www.aliexpress.com/item/32354359382.html?gatewayAdapt=glo2isr Solder p14 on thermometer to txd Solder Gnd to gnd Solder + to 3.3V Flash using: https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html

Hi Guys,
Just giving an feedback, I just flashed and downgraded my sensor successfully!!!

However I didn't used the board referenced by @tharzo, I got with a Friend the FTDI 232 and followed the steps passed by tarzho.

I did the downgrade of my firmware from v2 to v1 and then flashed it with the custom firmware v4.5 successfully!!
Very , very happy :)
Thanks all for the support.
Now , let's try to setup it on my Home Assistant using a ESP32 as BLE Tracker...

[vdende]

I'm not that familiar with soldering and boards, so I decided to buy a new one from Ali, from the same shop as my previous one. It was shipped very fast and fortunately the firmware version of the new device was still on v1.0.
So for this one I was able to flash it with the custom v4.5, set it to BTHome and configured it in HomeAssistant.

[adamb94]

Is there any expected date when soft 2.1.1 will be supported by Telink Mi Flasher? I was not able to downgrade by Serial

[pvvx]

So far no one is doing this or it is unknown.
I'm waiting for the next version to come out.
This will make it possible to understand how to update version 2.1.1.

Disassembling or otherwise viewing codes from Xiaomi is prohibited in the MiHome user agreement. For this reason, other methods that are not prohibited will be used. And this requires the next new version of OTA from MiHome.

[ulich]

I used windows with the default baud rate. When I tried a different baud rate (with -b) it didn't work for me.

[Juanpermon]

Hello. Thank you for your job.

Is there any guide for dummies on how to flash the firmware with the USB method?

Thank you.

[manelrodero]

I've found this video https://youtu.be/BtsxkOS6Zj8 about flashing using an USB/UART adapter.

Are all the USB/UART adapters the same?

This one https://amzn.to/41FpTf6 is similar to the one shown in the video.

But this https://amzn.to/3BIZrGE says that it uses a non cheap chip (FTDI FT232RL).

Which one have you used to flash?

Thanks.

[ulich]

My UART adapter uses an FTDI chip. I also tried it the same way as it was done in the video and this did NOT work for me. I also had to connect the RX, 1k resistor and RST pins as described here pvvx#378 (comment)

My UART adapter looks exactly like the one from that picture.

Then I used the python flasher and NOT the web flasher as described here #298 (comment)

[js4jiang5]

Add AES decrypt function to extract the temperature, humidity and battery level from advertised data, then use MQTT to send the info back to HA

https://www.home-assistant.io/integrations/xiaomi_ble

It works well, but the downside is the data update period is as long as 10 minutes.

The thermometer with Xiaomi firmware still transmits every 1.6 or 2 seconds, but not temperature and humidity data, but registration information.

I was waiting for @pvvx to release the version that support 2.1.1 devices, but it's been 9 months,

As described, I’m waiting for a new version to scan the new authorization protocol. MiHome's user agreement prohibits code reverse engineering.

I've been using three LYWSD03MMC for more than 5 months since I posted here. Two of them use the ATC firmware, and third one with ESP32 to decrypt AES and extract info from advertised data. Now I can compare their power consumption.

The battery level of the two with ATC firmware has started dropping, one is now 85% and the other one 99%. The third one that I use ESP32 to decrypt data is still 100%. I monitor every BLE packet, and the advertised data is very few. I suppose the power consumption of the AES decrypt method is more efficient with longer battery life.

The advantage of ATC firmware is that the info is more real time and frequent.
ATC

ESP32 AES decrypt of advertised packet

[pvvx]

I've been using three LYWSD03MMC for more than 5 months since I posted here.

It all depends on the settings.

[billybigpotatoes]

Any thoughts on when / if the firmware OTA option will work again. About to get the wires out!

[atc1441]

The newest FW is Signed by Xiaomi so only they can make a new OTA update.
Flashing by wires is needed

[pvvx]

After the introduction of firmware signing with certificate keys, purchasing Xiaomi LYWSD03MMC became unprofitable in terms of price and functionality. And this was expected.

It is highly likely that Xiaomi's wireless department will suffer the same fate as Nokia's mobile (smartphones) department. Opening-reversing the key will only prolong the agony...

[Tuti4120]

The newest FW is Signed by Xiaomi so only they can make a new OTA update. Flashing by wires is needed

But it's very easy.
I used CP2102 USB TTL 6in1 converter:

• only 3 connections: +V 3.3V, GND, TX -> P14

and https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html flasher.

[billybigpotatoes]

Did you flash the new ZigBee or did you need to downgrade first?

…

On Mon, 23 Dec 2024, 12:38 Tuti4120, ***@***.***> wrote: The newest FW is Signed by Xiaomi so only they can make a new OTA update. Flashing by wires is needed But it's very easy. I used CP2102 USB TTL 6in1 converter: image.png (view on web) <https://github.com/user-attachments/assets/d0f508c0-36ee-40f5-b643-1287377bab87> - only 3 connections: +V, GND, TX -> P14 and https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html flasher. — Reply to this email directly, view it on GitHub <#298 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAIASXJLCBR7KSNU27VJJSD2G774NAVCNFSM6AAAAAA5OISJFWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNJZGYZTENRTHA> . You are receiving this because you commented.Message ID: ***@***.***>

[pvvx]

Did you flash the new ZigBee or did you need to downgrade first?

1. It is better and faster to flash something that has a smaller firmware size.
2. There are no guarantees of firmware quality for the USB-COM programmer without feedback with SWire emulation of the Telink protocol.
3. Firmware via BLE OTA uses double checking for checksums.

[Tuti4120]

Nevertheless, in my case the USB-COM programmer worked with 5 boards. No need to downgrade first.
BT custom firmware.

[virtuald]

It took awhile to sort through how people did it... but I finally was able to flash 10x LYWSD03MMC B1.5 using https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html and a FT232H board (https://www.adafruit.com/product/2264).

• GND connected to GND
• TX (D0) connected to P14
• DTS (D2) connected to VBat

[manelrodero]

@Tuti4120

So, do you think it's worth buying a gadget like this https://amzn.to/49R8NwI to "recover" the 7 thermostats I have with the new firmware?

Would the flashing be done the same as in the video? I have no idea about electronics and I would like to be completely sure about the connections.

Could you post a photo with the connections between the thermostat and this CP2102?

Thank you very much and happy holidays!

[Tuti4120]

It did work for me. I have 5 of LYWSD03MMC B1.5. One with old firmware and four with the new one.
One of LYWSD03MMC was completely dead by unsuccessful flashing with other converter.
The above CP2102 converter did the job, with the https://pvvx.github.io/ATC_MiThermometer/USBCOMFlashTx.html flasher on Windows.

The connections:

You have to configure switches on the CP2102:
Left switch:

• 1: on
• 2: off

Right switch: up.

You can flash to original 0130 firmware and use the OTA flasher, or to whatever firmware you want with USB flasher.
That's all.

[gknops]

Anyone got hardware flashing to work from a Mac? Or is it still Windows only?

[billybigpotatoes]

I am about to try both. I will let you know how it goes

…

On Fri, 27 Dec 2024, 15:01 Gerd Knops, ***@***.***> wrote: Anyone got hardware flashing to work from a Mac? or is it still Windows only? — Reply to this email directly, view it on GitHub <#298 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAIASXJLPSLWEIQ6T3K5TRL2HVTUFAVCNFSM6AAAAAA5OISJFWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNRTG43TSOBQGQ> . You are receiving this because you commented.Message ID: ***@***.***>

[dimitrijeforesta]

I'll chime in just to give a big thanks to this thread, as I've successfully converted 6x LYWSD03MMC B1.5 to ZigBee.

The components were:

Thermometers from AliExpress

Waveshare USB TO TTL (C) 6pin Serial Cable, FT232RNL and its driver

Male to male jumper wires (for the sake of easier handling)

The setup:

As I didn't want to solder anything, I just tucked the ends of the jumper cables from GND to -VBAT and VCC to +VBAT below the contacts and it was sufficient to hold a proper contact as for P14 I just held it with one of my hands (Is this is a proper way to do it? Not really, so be careful if you choose to do it like I did).

The process was:
After installing the driver, the USB-COM Flash Writer was used with Baud: 115200 and Activation time: 3 seconds to downgrade to original 0130 version after that the Telink Flasher was used.

Additional notes
The TTL flashing went from 30-100 seconds and sometimes didn't work on the first try, just wanted to note that.

[devbis]

Anyone got hardware flashing to work from a Mac? Or is it still Windows only?

@gknops I flashed the thermometer using Mac, but I had to adjust timeouts and delays in the script using cp2102. But it is still not very reliable at the start, it may require many attempts to kickstart the process

[billybigpotatoes]

I'll chime in just to give a big thanks to this thread, as I've successfully converted 6x LYWSD03MMC B1.5 to ZigBee.

The components were:

Thermometers from AliExpress

Waveshare USB TO TTL (C) 6pin Serial Cable, FT232RNL and its driver

Male to male jumper wires (for the sake of easier handling)

The setup:

As I didn't want to solder anything, I just tucked the ends of the jumper cables from GND to -VBAT and VCC to +VBAT below the contacts and it was sufficient to hold a proper contact as for P14 I just held it with one of my hands (Is this is a proper way to do it? Not really, so be careful if you choose to do it like I did).

The process was: After installing the driver, the USB-COM Flash Writer was used with Baud: 115200 and Activation time: 3 seconds to downgrade to original 0130 version after that the Telink Flasher was used.

Additional notes The TTL flashing went from 30-100 seconds and sometimes didn't work on the first try, just wanted to note that.

Many thanks - this worked perfectly with windows 11. I also held the data connection manually - going to see if a croc clip will work -as I have 7 more to do. Once I have done a few more I will then move my test to my Mac.

[Paratyphi]

Hello everyone,

I have received a few of these Mi thermometer recently and i bought the CP2102 USB TTL 6in1 converter in order to flash them. I have followed the instructions, connected everything right, the CP2102 is recognised in W11 and on the USBCOM flasher, i have the right firmware (the xiaomi one for the downgrade), i click the flash button, leds starts to blink, it tells me it's done and then, when i want to flash with the telink flasher it tells me i'm still at the 2.1.1_0159 version.

I have tried 7 times (on the same thermometer though), i even tried with nothing connected to see if it gives me an error (fun fact no, leds will blink and the USBCOM flasher will tell you everything is ok), cables are ok, i've tried changing the activation time (baudrate 115200). Nothing works.

Has anyone got an idea what could be the problem.

Thank you !

[pvvx]

Has anyone got an idea what could be the problem.

How many times do I have to describe that this programmer has no feedback from the chip. It transmits the firmware without checking.
If connected correctly, everything works 100%.
If there are delays in the process of transferring the code to the chip due to the USB-COM adapter or the computer, the sequence will be disrupted.

A variant with an attempt to emulate reception on the features of Chinese USB-COM chips is located here:
https://github.com/pvvx/TlsrComSwireWriter -> TLSR825xComFlasher.py

The option to switch to the UART protocol is here:
https://github.com/pvvx/TlsrComProg825x

If you need a full-featured programmer for these chips, then buy it from Telink as a BDT.

https://aliexpress.ru/item/1005003712968248.html

---

Or use the PB-03F module.

All other COM/UART "programmers" are incomplete emulators of the SWire protocol from Telink.
And they do not guarantee high-quality work due to the incompatibility of the UART and Telink SWire protocols, as well as the specifics of use, the variety of USB-COM adapters, various operating systems and the implementation of libraries/APIs for servicing USB in Chrome Explorer or Python.
But the main mistakes are made by the users themselves.

As an example:

i've tried changing the activation time (baudrate 115200)

What was your purpose in changing the baudrate?

The SWS signal bus uses a speed of about 1.5 Mbit/s (up to 2 Mbit/s). It has the ability to synchronize, but not unlimited. The USB-COM adapter cannot transmit a stream of more than 460800 bit/s without interruptions. And everything below that may not be captured by the synchronization of the chip.

And if you do not connect the chip power in time, and it is in sleep mode, the startup sequence will not be accepted. To force the chip to start in time, use the RTS signal connection from the adapter to the RST pin of the chip.

In sleep mode, the current consumption of the chip is less than that supplied via the TX pin from the adapter. This current is sufficient even for the full operation of the thermometer.
A single chip is even fully programmable without power supply - it only draws current from the TX and GND pins.

If there is no connection to RTS->RST, then connect TX->SWS, +3.3V -> +Bat. After starting the program, connect GND-> -Bat.

The standard firmware (XIAOMI) has a 2-second cycle during operation.
2 seconds of sleep, then the chip wakes up, transmits BLE advertising and goes to sleep again. The "Atime" period is initially, by default, set so that the activation command hits the moment of chip activity.
With RTS-RST connection 100 ms is enough.
Do not confuse the pin on the board marked as "Reset" with the RTS pin of the chip.

[Tuti4120]

Hello everyone,

I have received a few of these Mi thermometer recently and i bought the CP2102 USB TTL 6in1 converter in order to flash them. I have followed the instructions, connected everything right, the CP2102 is recognised in W11 and on the USBCOM flasher, i have the right firmware (the xiaomi one for the downgrade), i click the flash button, leds starts to blink, it tells me it's done and then, when i want to flash with the telink flasher it tells me i'm still at the 2.1.1_0159 version.

I have tried 7 times (on the same thermometer though), i even tried with nothing connected to see if it gives me an error (fun fact no, leds will blink and the USBCOM flasher will tell you everything is ok), cables are ok, i've tried changing the activation time (baudrate 115200). Nothing works.

Has anyone got an idea what could be the problem.

Thank you !

Did you remember about the correct switches position before the flashing?
And maybe the correct order of connections matters: First +V and GND, power on, then TX -> P14 and start flashing ...

[Paratyphi]

What was your purpose in changing the baudrate?

I didn't changed it, only the activation time with the baudrate other people used.

How many times do I have to describe that this programmer has no feedback from the chip.

It's written at least once on the github page you wrote, just checked, sorry to have missed it.

Thanks for the answer and the knowledge. It gives me a few way to troubleshoot the issue. I'm going to try with the RTS pin first.

If it still doesn't work, i'll try to change a few parameters just in case, computers (have a few), OS, browser to see if it changes anything, sometimes it works in mysterious ways. If it's still does not work, i'll use the power of buying stuff.

Did you remember about the correct switches position before the flashing?

Yep, this one.

Left switch:

1: on
2: off
Right switch: up.

And maybe the correct order of connections matters: First +V and GND, power on, then TX -> P14 and start flashing ...

Did it in that order but with the CP2102 connected, will try with it not plugged in.

Thanks !

Edit : This did the trick.

If there is no connection to RTS->RST, then connect TX->SWS, +3.3V -> +Bat. After starting the program, connect GND-> -Bat.

I was too slow, i wasn't taking my time, there was a few seconds between the connection of the thermometer with the CP2102, but it was still too slow. Once again, a chair to keyboard interface problem.

Thanks again.

[pvvx]

And maybe the correct order of connections matters: First +V and GND, power on, then TX -> P14 and start flashing ...

This is an incorrect sequence. That is, it will not necessarily work in all cases.
If the program embedded in the chip has a shutdown of the SWS output, and such an option is given in the SDK, then this happens 2..3 ms after the power is connected. And if there is no such protection, then the initialization time of the typical firmware when the power is turned on is no more than 100 ms. Then the chip goes into sleep mode and does not perceive anything.

As a result, you have a time when the activation signal must arrive - it is only a couple of ms.
The activation signal is a command to stop the CPU.
It is duplicated during the selected "ATime".

The processor in the chip does not participate in programming, but if it continues to work, it will disrupt the writing process, which occurs by transferring data through the SWS hardware interface to the SPI driver registers, which are already connected to a separate SPI-Flash crystal.

In special cases, if protection is installed by software disabling SWS in the firmware, an RTS-RST connection is required. And then use the command - Erase All Flash. After this, the chip will always be ready to receive control via SWS.

A hardware programmer (not USB-COM) does not need such actions. The exception is the programmer from Telink. It requires dancing with a tambourine around the chip.

[atc1441]

@Oxi75 maybe its best to ask this question in the Zigbee firmware repo :)

[Tuti4120]

And maybe the correct order of connections matters: First +V and GND, power on, then TX -> P14 and start flashing ...

This is an incorrect sequence. That is, it will not necessarily work in all cases. If the program embedded in the chip has a shutdown of the SWS output, and such an option is given in the SDK, then this happens 2..3 ms after the power is connected. And if there is no such protection, then the initialization time of the typical firmware when the power is turned on is no more than 100 ms. Then the chip goes into sleep mode and does not perceive anything.

But that exact sequence did work for me and CP2101.

I'll try to make a video with the next LYWSD03MMC once I'll receive it.