Customise USB Compact Keyboard Firmware #32
Comments
|
Interesting. Did you try upgrading your own keyboard? Notice any different behaviour other than the listed key combination not working? |
|
Yes, I did update it. No visible changes. I tried sending it some new parameters from Linux but it still has the annoying middle-button behaviors. |
|
So I have been doing a little reverse engineering (I'm getting this keyboard tomorrow and just wanted to tinker a little bit) and these are my findings so far:
My plan is to figure out how the SN8 file format works (probably it just directly flashes certain regions to the ROM) and create disassembler cores for IDA/Binary Ninja to be able to reverse engineer the Lenovo firmware. |
|
@mrexodia Did you have time to do some more work on this? |
|
@dal00 I did do some work on this but recently I didn’t have much time. I came in contact with @vpelletier from https://github.com/vpelletier/dissn8 and he in fact reversed most of the firmware. At the moment I’m working on an emulator for the whole chip to do debugging on changes to the firmware without risking to brick my board. This is coming along nicely and at the moment I’m implementing USB support inside qemu. It’s mostly a project I work on during flights though so don’t expect too much. Also, doing a clean room firmware could be possible but is a significant effort without benefits other than having an open source firmware. My plan is to just hook in the real firmware and replace the keyboard routine with something more to my liking... |
|
@mrexodia Cool, thanks for the update! What kind of changes do you have in mind? |
|
Hi, Mostly I want to change mappings for Fn+something to arbitrary keycodes (F13 and certain other keys that no keyboard has for a personal project) and also allow swapping the Fn/Ctrl keys (although I got used to that by now). Probably I could have made my changes by now but I’m just doing the emulator stuff to learn 😀 |
|
Here is some progress on an interactive disassembler/emulator for the platform: https://github.com/mrexodia/SN8F2288_gui |
|
I figured out how to disable the automatic hardware "scrolling". If you use that to flash the firmware, it functions as a normal three button mouse would (obviously, one can still do software fake mouse wheel shenanigans if one wants to). I think it still intersperses some scrolling reports depending on the mode, but all the actual scrolling calculations should be disabled. This seems to work fine with Windows (with, and presumably without, the Lenovo driver), but Linux (the lenovo_hid driver, I think) seems to ignore the middle mouse button events. I mostly intend to use the keyboard with Windows (all my Linux machines are actual Thinkpads :)), so I'm not going to debug this further. Some obvious NB:
|
|
Can you elaborate on the process to come to this conclusion for the patch? |
|
I used dissn8 and looked for code that writes to the USB endpoint FIFO and from there figured out which memory locations are used to hold button state, and from there which places check for middle mouse button. (I'm not really sure to what extent I can legally share specifics about this...) |
|
I really want to swap the Fn and Ctrl keys. It's crazy that this isn't possible with the default firmware, since their laptops have the feature to swap. It's increcibly hard to press Ctrl+Shift with the current (ISO) layout. Do you know if this would even be possible with just a FW mod, or if the key matrix is designed so that some combinations wouldn't register? I just want to know if there's any point in looking into this, or if i should just do the HW mod. |
|
From what I looked at when disassembling the keyboard, it is just a laptop keyboard glued to a plastic body (you can remove the body without removing any screws if you want to look inside yourself). This tells me that there is no problem with the design of the key matrix. It is possible to modify the firmware to switch the Ctrl and Fn keys, but I'm hesitant of trying because I don't want to brick the keyboard. Recently I implemented interrupts and timers is my emulator and I can now observe pins being read/written, but no more time 😄 |
|
Did you guys make any progress with this? I really want to be able to swap the Fn and Ctrl keys as well. |
|
This is the closest to progress I got: https://github.com/mrexodia/SN8F2288_gui Personally I just got used to it and had to drop the project for time reasons... |
|
I improved dissn8 some more, the biggest addition being the ability to generate global function call graph and per-function branch graphs (in graphviz "dot" format), closely second to per-address read/write/set/clear access tracking. I also continued my firmware analysis a bit further, but still haven't made up my mind about releasing the dissn8 .cfg file I write firmware-specific findings to: there is no code in it but symbolic names I came up with for ram & rom addresses, and some comments. IANAL, but this does not look "clean room" enough to me. In any case, the firmware can be fully disassembled with the chip declaration file only, all the (few) jump types the CPU has are supported. The only things missing in dissn8 are ram bank selection (which this firmware doesn't use, and given how it uses B0 and non-B0 instruction variants for the same variables it looks like the compiler used does not support them itself) and possible direct program counter assignments as opposed to increments (which this firmware also doesn't use). Just a cautionary word: firmware flashing is purely handled by the firmware itself, the chip does not on its own assist in getting the device on the USB bus. So the next step after a bad flash will very likely be to poke at whatever JTAG capabilities the chip may have (I have not looked into this myself). Given how obscure the code is in some places (I think I found a periodic event occurring every 14.5 hours... that can't be right), combined with the at places obscure documentation of the chip itself (timer source can be external or internal, internal being "fcpu or fclk" but without any indication of which it really is - and there is a factor of 2 to 8 between these two...), this means I would be very surprised if someone achieves extended firmware modifications without bricking a few. |
|
I did not get very deep into it, but the risk of bricking was why I started
writing an emulator. Most things appear to be working and the next step
would be to actually support USB with qemu or similar...
With regards to bricking though, perhaps it is possible to always run the
firmware in the “kernel” component that is responsible for handling
flashing (I went through many Chinese sites looking for example source code
and it looks like there is some kind of support for detecting failed
flashes and then falling back). To jump to the normal operation it could be
made so that it only happens if a specific hid packet is received, meaning
that if you mess up nothing would persist making it less likely to brick.
You might like my gui by the way, I only did a minimal implementation and
it is already very comfortable to comment/label (compatible with your cfg
file format). It’s no IDA, but gets the job done better than manually
reading in a text editor and is very hackable :)
Not sure if I implemented cross reference support yet, but it should also
be very easy...
…On Tue, 7 May 2019 at 00:48, Vincent Pelletier ***@***.***> wrote:
I improved dissn8 some more, the biggest addition being the ability to
generate global function call graph and per-function branch graphs (in
graphviz "dot" format), closely second to per-address read/write/set/clear
access tracking.
I also continued my firmware analysis a bit further, but still haven't
made up my mind about releasing the dissn8 .cfg file I write
firmware-specific findings to: there is no code in it but symbolic names I
came up with for ram & rom addresses, and some comments. IANAL, but this
does not look "clean room" enough to me. In any case, the firmware can be
fully disassembled with the chip declaration file only, all the (few) jump
types the CPU has are supported. The only things missing in dissn8 are ram
bank selection (which this firmware doesn't use, and given how it uses B0
and non-B0 instruction variants for the same variables it looks like the
compiler used does not support them itself) and possible direct program
counter assignments as opposed to increments (which this firmware also
doesn't use).
Just a cautionary word: firmware flashing is purely handled by the
firmware itself, the chip does not on its own assist in getting the device
on the USB bus. So the next step after a bad flash will very likely be to
poke at whatever JTAG capabilities the chip may have (I have not looked
into this myself). Given how obscure the code is in some places (I think I
found a periodic event occurring every 14.5 hours... that can't be right),
combined with the at places obscure documentation of the chip itself (timer
source can be external or internal, internal being "fcpu or fclk" but
without any indication of which it really is - and there is a factor of 2
to 8 between these two...), this means I would be very surprised if someone
achieves extended firmware modifications without bricking a few.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#32 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AASYFGNANNMK2LT5CWN47HDPUCYVVANCNFSM4BX7FQBA>
.
|
|
I am making enough progress on the analysis that I think I can prepare a description for a clean-room reimplementation:
The rest should be available already: CPU doc, USB HID doc. A libre assembler tool should be easy to implement. A libre C compiler should be a lot more effort, and I doubt it would be worth it (unless we have an sdcc dev in the audience maybe ? But then it will be another arch costing in maintenance for very few known device types...). So the implementation will likely have to be done in pure assembler. To give a very general idea of the amount of effort needed, the proprietary firmware has around 6500 assembler instructions (flasher included). This chip's assembly dialect is very simple (a bit simpler than the 8051, to give a more widely known example). I believe this would require a few weeks of work, Is anyone motivated to take this on, and non-tainted by the proprietary implementation ? Fun discovery of the day: if you press "return" while plugging the keyboard, it boots in flash mode. It's still under firmware control, but that means that if we do not touch the early initialisation code & flashing program, we can have a quite fail-safe setup for experimenting. |
Sadly, that's not possible... Early initialisation code calls functions well past this offset, before checking key state. Also, erase pages are huge compared to how fast the code progresses in initialising everything, so custom firmware would get an already initialised state with interrupts enabled, and would have to carefuly place stub functions to satisfy early init, and tread around the memory offsets it uses... Such frankenware seems much more dangerous than reimplementing the key polling ourselves early in the init. |
|
I have most of the clean-room spec written. I still feel there is something fishy with i²c, and the chip at the other end seems famously undocumented (custom ASIC ?), so I have to check some more before they are ready. I still would like to hear that someone is motivated to work on the implementation part of the firmware. In addition, I would also like to hear from anyone willing to review the clearoom spec without being candidate for implementation, in order to advise on what is missing and what shouldn't be there (ex: I feel the keyboard matrix may be too much, as it can be deduced during implementation by using the keyboard - although some cells will not be found until enough layouts have been tested). I have written a flashing tool, and have verified with actual hardware all except the dangerous commands. I ordered a second keyboard to not brick the one I use (non-local layout). I do not intend to release it until I have used it myself, so it's not in my repository yet. |
|
Curiosity killed the... mouse. Below, a cautionary tale for the curious: <my life> Then a brainfart hit, and I burned myself with the soldering iron. The recoil caused SCL's pull-up to lift. No way to get solder back under it. I removed it completely, resoldered the pads, and the resistor suddenly decided it wanted to travel at high speed to somewhere. So I discovered a new feature of the firmware: if it cannot initialise the mouse chip (via i²c), it reboots the keyboard. So it won't work as a mouseless keyboard until I get my hands on what seems to be a 3.3k 1005 and somehow succeed in my first intentional SMC solder. The good thing is that now I'm less scared of trying my flashing tool, as boot-time flashing mode is still available (RETURN press on plug is checked before mouse init). |
Done. flashsn8 pushed to my repository. Works-for-me state. No warranty, use at your own risk. Tested on linux with python-libusb1 installed (as of Debian sid). |
Done, pushed to my repository. It is very crude, error reporting is abysmal (what's a line number ?), but it's able to assemble the source produced by dissn8, and end up with the same binary image as dissn8's input and should be able to cope with some style variations. So the libre toolchain is now bootstrapped. |
Success ! It was hard, and I had to wipe the board clean of burned flux twice, but I eventually succeeded. I suspect I lifted the pad along with the original resistor, and had to make a solder bridge to a nearby via. Now that board, which sustained a few erase/program cycles with my tool (with the original firmware), is back in working order. And I now have a spare keyboard in another layout - and could confirm I could swap the key matrices between both. I'm currently busy writing asm libraries for the chip. I've written flasher interfacing, a bit-banging I²C and am progressing on USB implementation - but I did not test much yet. I²C is a pain to check even in the original toolchain's simulator, as it does not have an accurate port emulation. I expanded the features of the assembler enough to be able to work on modular sources (ram allocation, symbol exports/imports, anonymous jump targets). EDIT: Just pushed the - still very crude and 95% untested - asm libraries in my repository. |
|
Hey Vincent! Just wanted to chip in and say I'm following attentively your progress, as I'm writing this from my very own compact USB keyboard. I really appreciate – and judging by the reactions on your comments, I'm not alone – that you continue to report your progress regularly, so cheers! |
|
Thanks a lot for the support, it really helps keeping my motivation ! I will try to push this as much as I can, although I'm still worried that I cannot on my own implement the final firmware: I am tainted by my analysis of the proprietary implementation. Even though keyboard reading is not rocket science, copyright is copyright, and I do not want to do all this work (as fun as it may be), then push a firmware just to have it taken down by a DMCA claim. So I'm implementing from specs as much as I can when specs exist (and am fairly confident I am not reproducing idiosyncrasies of the proprietary firmware, although there are only so many ways to implement a USB On a related motivational note, I realized that one feature I miss from old thinkpad keyboards is the Fn+up/down/left/right key combo for stop/play|pause/previous/next multimedia keys. A custom firmware would bring these back. Now that I have a bunch of untested ASM code around, my next goal is to test it automatically, and for this I need a scriptable emulator (ex: run until this address is reached in at most this many cycles, then flip that port bit, then run until that address is reached...). I'm not yet sure how to go: there is @mrexodia 's emulator but I am not familiar enough with C++ to add scripting to it. Or I could implement an emulator in python, but this will also take quite some time as I have to start from scratch. |
|
With regards to the emulator, in the end it didn't take me very long to implement emulation of the instructions. The main issue for me is implementing the I2C/USB/timers/interrupts because I'm not at all familiar with stuff at a level this low... I like the progress a lot though! |
I started implementing one and I confirm instructions is not the hardest part.
This is indeed the hardest part. Ports are also harder than they seem on the surface: is the port driving the line (high/low), does it have an internal pull-up, is there an external pull-up, is the line pulled low externally... I find the SN8F2288 pin schema in the spec underwhelming:
So far I could implement pins by following my own assumptions (read samples from line, pull-up disabled on output pins), but I have not verified on the actual hardware (...because I do not have any firmware code nearly ready for a first flash). Each pin is basically a voltage divider circuit, and I compare computed voltage to logic thresholds. I'm sure it can be simplified (binary voltage & binary impedance ?) but I'm happy that this model is enough to get a bit-banging I²C implementation able to communicate. Simulator progress:
On scriptability level, it is terse:
I also implemented (separately) board-specific IOs: key matrix, minimal I²C slave understanding the same protocol as the real one (...all constant bytes considered magic, I have no idea on their meaning). With that board I am able currently to at least reach a successful mouse init (about 200ms of run-time in the original firmware, including 50ms of flash page erase). I still have to test the key matrix. USB is not implemented at all (need in-CPU-emulator support for this). I²C slave implementation is ugly, with code duplication - I failed a lot on this part. On to the next: USB support. Once working and I could get a few HID reports from the original firmware I will probably push the simulator. EDIT: Woops, I pinged "yz" user when talking about the register. Sorry. |
I did not go all the way to HID reports yet, but USB EP0 is working. I pushed the simulators for the CPU and the board. Next, HID reports. On my machine (i5-5200U @ 2.20GHz) the very basic test scenario I committed (which simulates around 152ms of µC time) takes 6.7s with python2.7 and 1.9s with pypy 7.0.0 . And a sneak peek at the output of current test scenario, which simulates USB enumeration & configuration and ends as soon as mouse init over I²C is over: |
|
A very short progress report this time: I can get an HID report from mouse (but I did not test very intensely either), but key matrix is full of bugs:
I think I need to step back for a while to stop running in circles. |
|
I was referring to the issue mentioned by @trevor403, @sanderboom and @federvieh where Fn-[Up/Down/Left/Right]Arrow doesn't do anything after doing the remapping of keys. #32 (comment) Works for me but your preferences may differ. |
|
This is what I have concluded based on #issuecomment-687659110, #issuecomment-750739628, #issuecomment-1273517862 hope it is useful. |
|
@elnahir did you get any further on this? I've bought a couple of SK-8855 well knowing that the ctrl and fn wasn't swapable but I'd love to do it, still. |
|
Received II wireless version today... you know how I feel. Which model number is possible to remap (don't care about it being wired). Does KU-1255 have problems with the middle button? |
|
Another possible path is flash the kbd with a QMK / ZMK / BlueMicro_BLE firmware, so you not only get the ctrl/fn swap, but also all the programable features of these firmwares. Is better than reverse engineering the Lenovo code. Check https://github.com/SonixQMK |
Have you tried to flash your Lenovo Thinkpad Trackpoint Keyboard II with any firmware from the site you mentioned? I was tying to find there anything which would fit to this keyboard but with no luck. |
|
@KlosiakMK I didn't tried because currently I don't have a Thinkpad USB Compact keyboard. Looking better, the SN8F2288 doesn't seems to be supported by SonixQMK, only chips of the SN32* family :( https://sonixqmk.github.io//SonixDocs/#status But the Thinkpad Trackpoint Keyboard II is based on another chip who seems to be well supported by BlueMicro_BLE firmware, lets continue the talk for that keyboard here: #53 |
|
To find the address of the "Left Windows" key, i locate the value "B9" in the ROM at the Keyboard Maxtrix section, and found its address to be 0x740B0 Replacing default keys Ref https://www.usb.org/sites/default/files/documents/hut1_12v2.pdf UsageName -------Hex ------- Xored with 0x5A Key--------------Address--------------Value Before--------------Value After |
It need modify the PID & VID at the position from 794b0H to 9747H by the your actual PID&VID, Attention: Need XOR key 0x5A. |
|
@zhanghongcq thanks for the feedback on this issue, I'm also one of the guys who'd love to swap the FN/CTRL on a SK-8855 although I'm by no means good at modifying firmware/drivers like this. Have you gotten it to work on a SK-8855 yourself? |
|
Sorry,I have only the firmware for the KU-1255. I have not the official firmware of the SK-8855. If you have it, you can send me and I try modifying it. And you must give me the PID&VID value of your SK-8855.
Outlook<https://aka.ms/qtex0l>
…________________________________
发件人: kocane ***@***.***>
发送时间: 星期一, 五月 22, 2023 22:41
收件人: lentinj/tp-compact-keyboard ***@***.***>
抄送: Zhanghong ***@***.***>; Mention ***@***.***>
主题: Re: [lentinj/tp-compact-keyboard] Customise USB Compact Keyboard Firmware (#32)
@zhanghongcq<https://github.com/zhanghongcq> thanks for the feedback on this issue, I'm also one of the guys who'd love to swap the FN/CTRL on a SK-8855 although I'm by no means good at modifying firmware/drivers like this. Have you gotten it to work on a SK-8855 yourself?
―
Reply to this email directly, view it on GitHub<#32 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AGAMT5MRXDOTA3L2Y45IUY3XHN3JBANCNFSM4BX7FQBA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
@zhanghongcq ah I must've misunderstood. The trouble is that there is no firmware released for the SK-8855. So I suppose it's hopeless. |
|
hey hey, My PID is 60EE and VID is 17EF, and I can not fully understand how to translate it the positions you mention. Thank you! |
|
Do you have the firmware of your keyboard?
Outlook<https://aka.ms/qtex0l>
…________________________________
发件人: slv087 ***@***.***>
发送时间: Monday, December 4, 2023 7:10:19 AM
收件人: lentinj/tp-compact-keyboard ***@***.***>
抄送: Zhanghong ***@***.***>; Mention ***@***.***>
主题: Re: [lentinj/tp-compact-keyboard] Customise USB Compact Keyboard Firmware (#32)
hey hey,
@zhanghongcq<https://github.com/zhanghongcq> can you please elaborate this part ?
#32 (comment)<#32 (comment)>
My PID is 60EE and VID is 17EF, and I can not fully understand how to translate it the positions you mention.
image.png (view on web)<https://github.com/lentinj/tp-compact-keyboard/assets/144065417/7b697b79-9474-48f0-bb53-fae2c7997cf7>
Thank you!
―
Reply to this email directly, view it on GitHub<#32 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AGAMT5MJ522I2B74EBBRCUTYHUBFXAVCNFSM4BX7FQBKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBTG43DGMJYGI3Q>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
heya,
Using Lenovo Trackpad TrackPoint Keyboard 2.
No firmware has been released for this one, but it seems that people are successful using old firmware (https://forums.lenovo.com/t5/Displays-Options-and-Accessories/USB-compact-trackpoint-keyboard-Can-not-be-recognized-after-updating-the-firmware/m-p/3530362).
Made modifications in .exe for Ctrl and Fn swap as described in the thread, but getting as that same error when trying to "Start" firmware update.
…________________________________
From: Zhanghong ***@***.***>
Sent: 04 December 2023 03:08
To: lentinj/tp-compact-keyboard ***@***.***>
Cc: slv087 ***@***.***>; Comment ***@***.***>
Subject: Re: [lentinj/tp-compact-keyboard] Customise USB Compact Keyboard Firmware (#32)
Do you have the firmware of your keyboard?
Outlook<https://aka.ms/qtex0l>
________________________________
发件人: slv087 ***@***.***>
发送时间: Monday, December 4, 2023 7:10:19 AM
收件人: lentinj/tp-compact-keyboard ***@***.***>
抄送: Zhanghong ***@***.***>; Mention ***@***.***>
主题: Re: [lentinj/tp-compact-keyboard] Customise USB Compact Keyboard Firmware (#32)
hey hey,
@zhanghongcq<https://github.com/zhanghongcq> can you please elaborate this part ?
#32 (comment)<#32 (comment)>
My PID is 60EE and VID is 17EF, and I can not fully understand how to translate it the positions you mention.
image.png (view on web)<https://github.com/lentinj/tp-compact-keyboard/assets/144065417/7b697b79-9474-48f0-bb53-fae2c7997cf7>
Thank you!
D
Reply to this email directly, view it on GitHub<#32 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AGAMT5MJ522I2B74EBBRCUTYHUBFXAVCNFSM4BX7FQBKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBTG43DGMJYGI3Q>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
―
Reply to this email directly, view it on GitHub<#32 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BCLEHCMGHP5MJ3V7T5WFKPTYHUPBNAVCNFSM4BX7FQBKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBTG43DQNBTGE4Q>.
You are receiving this because you commented.
|
|
First, If you used a modfiy firmware update the Keyboard and it may be fail, you PID & VID will be changed.
So, you must modfiy the firmware with your new PID &VID, and recover you keyboard.
And update use the new firmware with modification "Ctrl and Fn".
Another Import, the version of firware must different with you actual Keyboard, if not it cann't be update.
The attachment is my modify for change PID&VID (Changed:PID=0C45,VID=7500)recover, if the PID & VID are same, you can try to use it.
Tips: The update is very slowly, maybe more than 10 minutes, please wait! If you disconcet the keyoard or close the firmware ware, it must be fail.
***@***.***
From: slv087
Date: 2023-12-04 22:48
To: lentinj/tp-compact-keyboard
CC: Zhanghong; Mention
Subject: Re: [lentinj/tp-compact-keyboard] Customise USB Compact Keyboard Firmware (#32)
heya,
Using Lenovo Trackpad TrackPoint Keyboard 2.
No firmware has been released for this one, but it seems that people are successful using old firmware (https://forums.lenovo.com/t5/Displays-Options-and-Accessories/USB-compact-trackpoint-keyboard-Can-not-be-recognized-after-updating-the-firmware/m-p/3530362).
Made modifications in .exe for Ctrl and Fn swap as described in the thread, but getting as that same error when trying to "Start" firmware update.
…________________________________
From: Zhanghong ***@***.***>
Sent: 04 December 2023 03:08
To: lentinj/tp-compact-keyboard ***@***.***>
Cc: slv087 ***@***.***>; Comment ***@***.***>
Subject: Re: [lentinj/tp-compact-keyboard] Customise USB Compact Keyboard Firmware (#32)
Do you have the firmware of your keyboard?
Outlook<https://aka.ms/qtex0l>
________________________________
发件人: slv087 ***@***.***>
发送时间: Monday, December 4, 2023 7:10:19 AM
收件人: lentinj/tp-compact-keyboard ***@***.***>
抄送: Zhanghong ***@***.***>; Mention ***@***.***>
主题: Re: [lentinj/tp-compact-keyboard] Customise USB Compact Keyboard Firmware (#32)
hey hey,
@zhanghongcq<https://github.com/zhanghongcq> can you please elaborate this part ?
#32 (comment)<#32 (comment)>
My PID is 60EE and VID is 17EF, and I can not fully understand how to translate it the positions you mention.
image.png (view on web)<https://github.com/lentinj/tp-compact-keyboard/assets/144065417/7b697b79-9474-48f0-bb53-fae2c7997cf7>
Thank you!
D
Reply to this email directly, view it on GitHub<#32 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AGAMT5MJ522I2B74EBBRCUTYHUBFXAVCNFSM4BX7FQBKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBTG43DGMJYGI3Q>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
―
Reply to this email directly, view it on GitHub<#32 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BCLEHCMGHP5MJ3V7T5WFKPTYHUPBNAVCNFSM4BX7FQBKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBTG43DQNBTGE4Q>.
You are receiving this because you commented.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
My model is KC-1957. Seems to the newest one. Completely wireless keyboard - 1x bluetooth connection and 1x 2.4 ghz with dongle. Usb-C wire is only for charging. Thank you @zhanghongcq for trying to help out. |
Wishlist:
Even though we have PgUp/PgDn right next to the arrow keys, it's muscle memory to use Fn+arrow keys with it being pretty standard on other keyboards. And then those dedicated PgUp/PgDn keys could be remapped to something else. It sounds like some other thinkpad keyboards do behave like this. I wonder if there are similarities between firmwares that could be cross-referenced. But dang no firmware for the Trackpoint Keyboard II eh... The Fn key is also purely on the keyboard side? I see no event with |
|
I thought I would get used to the original fn / ctrl positioning but my left finger was hating me. Thanks so much for this thread on the easy fix. On a related note, does anyone know if there are physical keycaps available that I can replace the fn / ctrl keys with to match the modification? (I guess I can use stickers if it comes down to it) |
|
I didnt see it here so I wanna also put this here, you start with the firmware sha256 of also I wanna thank everyone in this thread, really made this keyboard perfect for me, so perfect that I'm gonna end up buying another one |
|
The hexedit firmware update worked for me with: Just a quick question to confirm. I'm noticing that C-x C-s (hold ctrl, then press x, then press s) does not register correctly in Emacs if I do it "fast". Is this another instance of the ghosting issue above? |
Hi, my thinkpad compact keyboard was made in 27 october 2021, FN swapped to left CTRL works! But can you share the checksum 256 of you file for the FN swapped to right CTRL? For some reason Ctrl+Shift+Up works for me, Fn swapped to Left Ctrl. |
|
I have Lenovo Trackpad Bluetooth Keyboard II: Any chance of getting firmware for switching positions of Fn and CTRL ? |
|
Great solution! |
|
Awesome, thanks! |
|
For aynone wondering, yes it DOES work for SPANISH variation, here's my fw updated: https://filebin.net/93g9timf1uf33xyd/tp_compact_usb_kb_with_trackpoint_fw_upd.zip |
|
Hello I have just tested the FN / CTR swap method on model KU-1255 rev W02 from 2024 and it worked properly. |
|
Hi @valentt , did you try it, and did it worked for that model? |
Have you found anything for the Thinkpad Trackpoint II (KC-1957)? |
|
I bricked my ku-1255 when I tried to update the newest firmware. What should I do to recover? T_T |
and others
(I am only half joking here)
The keyboard has an upgradable firmware and a documented microcontroller:
https://support.lenovo.com/us/en/documents/pd026745
http://www.sonix.com.tw/article-en-1002-3048
It would be great to have a keyboard with a working middle mouse button. A completely clean room firmware would allow this.
As a bonus, it would be great to implement proper negative inertia, which has disappeared from newer TrackPoint devices:
http://blogs.epfl.ch/icenet/documents/Ykt3Eext.pdf
The text was updated successfully, but these errors were encountered: