Closed deividAlfa closed 1 year ago
Answering myself:
OpenOCD doesn't contain any file called stlink.cfg
by default.
I edited dump.py
, replacing all the entries containingstlink.cfg
with stlink-v2-1.cfg
.
If the script keeps waiting for the Picos's /dev/ttyACM0
port though existing, it's probably a permission issue, open another terminal and run: sudo chmod 777 /dev/ttyACM0
, the script will instantly start working.
Case correction at dump.py : 250
if "readout protection on" in line:
return True
elif "readout protection off" in line:
return False
Should be:
if "Readout Protection On" in line:
return True
elif "Readout Protection Off" in line:
return False
And finally, I got it working!
sudo dmesg
and check the port number.python3 dump.py -p /dev/ttyACM0 -o dump.bin
.Waiting for Pi Pico to be connected... (Looking for /dev/ttyACM0)
Connect the pico now. Run sudo chmod 777 /dev/ttyACM0
in another window.
Device connected to serial port /dev/ttyACM0 Waiting for debug probe to be connected...
Connect the ST-Link SWD port to the target.
Debug probe connected to STM32F1 target STM32F1 target is confirmed to be read protected Detected SRAM entry point offset: 0x108 (0x20000108) Please select the USART used by the STM32F1 target to dump firmware 1: USART1 - RX: PA10 TX: PA9) 2: USART2 - RX: PA3 TX: PA2) 3: USART3 - RX: PB11 TX: PB10) Enter 1, 2 or 3: 1
Choose the firmware depending on the stm32 pins you connected the pico's serial port.
Press enter to load the target exploit firmware to the SRAM
Just that. Press enter.
Target firmware loaded to the SRAM Waiting for debug probe to be disconnected... Warning: Disconnect the debug probe from the target, not just the host USB port!
Disconnect the ST-Link SWD port from the target, no need to remove the USB.
Debug probe disconnected from STM32F1 target
Attack ready Press enter to start dumping firmware
Again, just that. Press enter.
(Lots of hex data)
After 1 minute or so:
Target has stopped sending data, assuming dump is complete Dumped 65536 bytes Output saved to dump.bin
Ah, I was aware of the differences between older and newer OpenOCD versions but thought I had tested the script on 0.10 successfully. Turns out I likely didn't.
I'll specify 0.12 as the min version from now on and add a comment referring to this issue for users that wish to use 0.10.
Glad you got it working!
EDIT:
0.11 appears to be compatible too
It would be great if it could work with both versions, as the differences are minimal.
For the the differences in OpenOCD output, I think the solution would be to do a case insensitive string compare.
And for the stlink config file, shoulnd't be too hard to test if openocd likes "stlink.cfg" by checking the output.
openocd -f interface/stlink.cfg
Openocd won't launch as there's no target, but we will be able to scan the ouput for "Can't find interface/stlink.cfg". If so, then try the old config:
openocd -f interface/stlink-v2-1.cfg
Edit: This only happens if OpenOCD is outdated. It works with OpenOCD 0.12 right away without any modifications!
My system was using OpenOCD 0.10, so these were the fixes.
Update: It's solved now. Here's the procedure, problems and how I fixed them.
git clone https://github.com/CTXz/stm32f1-picopwner
3.7.3
.pip3 install pySerial
, it should install the module.sudo apt update && sudo apt install -y openocd
.The problem:
I'm executing
python3 dump.py -p /dev/ttyACM0 -o dump.bin
, but all I get is:I'm getting this message no matter what, even if
/dev/ttyACM0
doesn't exist or specifying a non-existing port like/dev/asdfg
.All the capacitors from VDD and nRST were removed. My connections are as follows: