Another use for this: crossflash.

[Zibri]

Here is a Fenix 5X flashed with a Descent Mk1 firmware:

Click the image for the video!

If you have any more ideas contact me...

[mbirth]

Awesome! I've made this tool to "convert" my Fenix 5 Plus into a D2 Delta. Cool to see it's working with the 5X/Descent, too. Does it do depth measurements as well? I thought the "normal" 5X is missing the sensor.

[Zibri]

You got my cheat :D Everything works EXCEPT the diving features because my 5X misses the additional depth sensor the descent seems to have. For diving I use the great Dive IQ app. Question: do you have any link for the tactix charlie firmware? Please contect me on fb (fb.me/Zibri) so we can chat/discuss.

[inevity]

@Zibri Looks like that

	Fenix 5X	Descent Mk1
SKU	006-B2604-00	006-B2859-00
Sensor	006-B2663-00	006-B2664-00
BT
WIFI	006-B2196-01	006-B2196-01
GPS	006-B2957-00	006-B1621-00
DISPLAY	006-B2605-00	006-B2869-00

How do you deal with the gps difference? and about the Display driver or firmware?

[mbirth]

@inevity GPS 2957 is the same hardware as 1621, but the 2957 driver adds support for Galileo.

The wrong display part seemed to only make the clock hands appear in the wrong style as both devices most probably share the same display.

[Zibri]

I think there is a way to make descent firmware play along with 5X hardware since they are basically the same thing. Unfortunately there are many combinations of GPS/WIFI/Sensor firmwares and I don't have much time... Damn I wish so much to find a watch like the fenix 5x but with a linux/android based firmware! Anyway the descent diving app sucks. DiveIQ is way better.

[ghost]

Hello, you just changed hwid and checksums ?
It doesnt work with fenix 6... it says update failed

thanks

[mbirth]

The Fenix 6 has an encrypted firmware. I believe they use different encryption keys for different models so it can't decode a firmware from a different model. And since nobody know the encryption keys at the moment, we can't convert firmwares.

[jochu38]

Is the encryption still an issue with the fenix 6? Id like to put the delta kill switch and stealth mode features onto my fenix 6xPro solar watch

[mbirth]

@jochu38 Sadly I still don't know of anyone who found a way to decrypt the firmwares. And I also don't own one of these newer watches to experiment with. Maybe there's still a preboot mode to force-feed a firmware via WebUpdater. That's how I started with all this. But I doubt this, as I very much believe all decryption is happening in the main firmware during staging (=decrypting the firmware from the GCD file into the staging area) and the bootloader is just installing the already-decrypted firmware and doesn't know anything about encryption/decrypting.

[enbarberis]

Do you know if Fenix 6 firmware was always encrypted ? Maybe older versions are un-encrypted?

[mbirth]

They started encryption with the MARQ models already. And even though I'm 99% sure, the bootloaders for the MARQ Aviator and those of the other MARQ models (which all share the same firmware) are identical, they are completely different in encrypted form:

Bootloader of normal MARQ models v3.10 (67628 Bytes total):

28 08 01 00 │ 63 0F D5 58 │ 66 27 50 95 │ AA FA B7 91 │ 2E D1 A5 1A │ 2A 69 25 C8 │ F3 CF E3 64 │ F6 96 55 18 │ 4A 9F EF 29

Bootloader of MARQ Aviator v3.10 (67628 Bytes total):

28 08 01 00 │ 2C 8D C7 58 │ 59 E0 9C E1 │ B9 A4 F6 0C │ 9B 6F 9F 73 │ 80 6B 48 38 │ 9F 9B 86 E2 │ 0A BE 96 42 │ 14 24 5F F4

And even the same bootloader of a later version seems to use a different encryption key:

Boot loader of normal MARQ models v3.31 (67628 Bytes total):

28 08 01 00 │ 8D 2E 5E 8A │ 0B A7 97 25 │ EA 6E 7B A2 │ BA C5 0C 4D │ 1A BD 91 1C │ CD 14 97 25 │ 09 66 94 A7 │ DC 3D 38 8F

There might be an encryption key hidden somewhere in that binary data, but I didn't yet have the time and willpower to investigate further. ;)