Closed deividAlfa closed 6 months ago
Tried this, enabling SW_WDG in Option Bytes. With the current target FW, it bootlooped endlessly, sending the same first bytes again and again.
With this modification it worked as expected, ending in:
Target has stopped sending data, assuming dump is complete
Dumped 131072 bytes
The MCU might have large empty areas, so it would look static, showing the same "FF FF..." to the user.
Last commit will show this:
Attack ready
Press enter to start dumping firmware
0x8000000: 00 50 00 20 e1 02 00 08 c9 02 00 08 cb 02 00 08
...
...
0x801ffd0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x801ffe0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x801fff0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Target has stopped sending data, assuming dump is complete
Dumped 131072 bytes
Great contributions again! Will merge soon!
~~Good catch on the IWDG option byte. That was likely the culprit of this issue: https://github.com/CTXz/stm32f1-picopwner/issues/20~~
Edit: Looks like you already checked it out :)
Check WDG_SW in Option Bytes, IWDG might be enabled by hardware, triggering a reset while dumping the firmware and causing an endless loop.
Ignore flash size register as not all stm32 clones implement it. Instead, dump up to 1MB, when the flash is over it'll trigger a hard fault and stop.