So, I pulled the brand new UR44C out of the box, and figured I’d update the firmware first, in case there were any bug fixes lol…
Well, the updater crashed mid-update and bricked the device, all it did was flashing the red LEDs on the front panel, no sound, no channels appearing in audio software, etc.
Firmware updater was unhelpful, all it did was proudly display “It is already updated to the lastest firmware, no need to update it again yay!”
So, well.
Install OllyDB. It’s a debugger. Start it and load the updater program “UR-C_firmware_V150.exe”
If there are any warnings, just ignore them.
If it doesn’t display machine code, click on cute little teal “C” button in the tool bar.
Don’t launch the program yet, we have to hack it first.
Hit Ctrl-G, put 7A46BA in the box, ENTER.
See “PUSH 1388” on top of screen full of machine code, double click on it, it lets you modify the instruction. Add two zeros so it becomes “PUSH 138800”. ENTER. Your modification should appear in red in the code. Now it wants to modify the next instruction, but we don’t, so hit ESC.
Note 1388 in hexadecimal is 5000, and it’s the value in milliseconds of the timeout that this code initializes. Without the above modification, you have to do all the rest of the stuff in 5 seconds. So it’s much easier with a few extra zeros added to the time limit.
Note there is another PUSH 1388 a few lines above, that’s a diversion, so make sure not to modify the wrong one.
Hit Ctrl-G again, type 7AD063 in the box, enter.
Locate “MOV EBX,DWORD PTR SS:[EBP+8]” on top of window.
Double click on the hex code on the left (8B5D something) to set a breakpoint. The indicator in the margin becomes red. If you set it on the wrong line, double click again to cancel it and put it on the line with “MOV EBX,DWORD PTR SS:[EBP+8]”.
Now hit F9 to launch the program, it’s gonna grind a bit then stop on the breakpoint. Note the updater window is unresponsive while it is frozen in the debugger, so no worries about that.
Remove the breakpoint by double clicking as before, otherwise it will trigger constantly during the update and you will have to hammer F9.
Now the instruction “MOV EBX,DWORD PTR SS:[EBP+8]” should be highlighted, so hit F8 ONCE to execute it and advance to the next instruction. Well that just loaded into register EBX the memory address where it put the version number it got from the device. So, in the “Registers” panel, right-click on “EBX” and choose “Follow in dump”.
A large quantity of hexadecimal garbage appears in the bottom left panel. In the top right corner of this panel, somewhere on the second or third line you should see “MAIN” then some gibberish then “V1.5”
So, click on the “5” (make sure to have a steady aim) and press space. Then click in the box that says “ASCII” and replace the contents with the character 4. ENTER.
So, now it thinks the device has firmware V1.4 instead of V1.5, and it will finally bother to flash it.
Hit F9 to launch.
Click on the cute little teal “L” button in the tool bar to display the log box, it will display a lot of stuff during the flashing, which takes a while. Sometimes it pauses, but that’s just to fool you so you unplug it and it’s bricked again.
When the white USB LED lights on the UR44, it’s done.