Closed Mesteery closed 3 months ago
Hi, this exploit does not work on the STM32F4, let alone one with RDP2. If you wish to be updated about potential progress regarding the f4, keep an eye on this thread:
RDP 2 is irreversible
Hi, the RDP2 can't be removed, even we hacked into the CPU and get arbitrary code execution - it's readonly, designed by ST for a security defense. In theory, the RDP2 can be temporary downgrade to RDP1, and for some combo glitches it could write the flash, implement a bootloader and makes it flashable again. But it's a quite challenging, due to the numerous security defenses filled by ST, makes it very hard to achieve. So downgrade the RDP 2 and reprogram the firmware will be worthless.
I came across this project which looks promising and I was wondering if it was able to remove the write protection RDP 2 so stm32 can be flashed. Thanks