search

ArduinoHannover / ZPB30A1_Firmware

Open-Source firmware for the ZPB30A1 electronic load (WIP)
GNU General Public License v3.0
49 stars 22 forks source link

Write protection #3

Open josemariaaraujo opened 6 years ago

josemariaaraujo commented 6 years ago

When you say:

Using STVP-STM32 on Windows confirmed my guess and made it even worse. So not only the ROP is set, the write protection is also set. So there neither real software reverse engineering possible nor can you recycle the existing processor. Software needed to be build from scratch.

They also activated the write protection, so unfortunately you have to replace the IC on the board.

I think it's not correct. According to the reference manual RM0016 page 50, in SWIM mode (external programmer) you can write to the ROP to disable the protection, erasing the STM8 in the process. But then you can program it again.

But having another STM8 is not a bad idea until a new stable firmware is developed that can replace the original one.

zerog2k commented 6 years ago

@soundstorm Did this not work to clear out rop in option bytes? https://github.com/vdudouyt/stm8flash/issues/38#issuecomment-213712893

Ref https://www.st.com/resource/en/datasheet/stm8s005c6.pdf#page38

spth commented 6 years ago

Maybe the UBC write protection was set, too? One could disable it by preparing a suitable hex file for the option bytes, then use stm8flash.

Philipp

herm commented 6 years ago

You can easily unlock this device with these commands:

echo "0000ff00ff00ff00ff00ff00ff00ff00ff" | xxd -r -p > opt_bytes
stm8flash -c stlinkv2 -p stm8s005k6 -s opt -w opt_bytes

It erases the whole device and resets the option bytes to their default values.