Friday, August 15, 2014

Pure C firmware loader for RFD900 Radios

We are using the RFD900 radios in the Mesh Extenders, as described in previous posts.

The normal route for programming these is to use a python script or mono based GUI that comes with the SiK firmware.  However, for auto-updates on the Mesh Extender we need to run the update process from on the Mesh Extender itself.

It is possible to install python on the little OpenWRT boxes we use for the Mesh Extenders, however it isn't ideal on several fronts.

First, it is way bigger than the entire rest of the mesh extender distribution, and seriously bloats the upgrade bundles if we want them to be all-inclusive.

Second, for reasons I don't entirely understand, it isn't possible to run the python script headless in an /etc/rc.d script, which is basically a show stopper.

Third, the python firmware loader doesn't check if the firmware is already the same as what is on the radio.  This means that the flash would get worn out a little with each Mesh Extender software update, even if it doesn't change the radio firmware.

Fourth, you have to specify the baudrate of the radio.  It would be much nicer and safer to have it auto-detect.

Our solution is to write our own compact RFD900 firmware loader in pure C that addresses all these problems.

I have just finished the first working version, which can be downloaded from

It probably has some bugs, and might brick your RFD900 (although it might also help un brick it, too ;)

It is very easy to build and use:

To compile, just type make.  It is bland enough that it should work on most UNIX-like systems.  That said, I have only tested it on my Mac.

To run, you need to tell it the firmware file (in intelhex format) and serial port, e.g.:

flash900 radio~rfd900a.ihx /dev/cu.usbserial-A901G64G

When running, it will display something like:

Read 1760 IHEX records from firmware file
Trying to get command mode...
Checking if stuck in bootloader
Trying to switch to AT command mode
Switching to boot loader...
Got OK at 115200
Board id = $43, freq = $91
Erased parameters.
Checking if the radio already has this version of firmware...

Firmware differs: erasing and flashing...
Erasing flash.
Flash erased, now writing new firmware.
Range $f7fe - $f7ff

The Range line shows the memory range currently being verified/written, so you know how far along it is.  The flash gets verified as it is written, and the program will exit with an error if verification fails after writing.

If you want to force it to flash the radio even if the firmware is the same, add "force" to the end of the command line:

flash900 radio~rfd900a.ihx /dev/cu.usbserial-A901G64G force

While this little program is far from perfect, hopefully it will be of use to some people out there.


  1. Are there any initial configuration or firmware releases that I need to first flash to the RDF900 before proceeding with the steps to connect to the MR-3020 router?

    Or is the RFD900 already in a state that it can be completely configured from the serial comms of the router as implied in the procedures I am following here:

    Thanks, I just want to confirm before I desolder the header pins. The blog released here made me question that.

  2. Our firmware flasher should work on any firmware that the old python one worked with, as it uses much the same interface.