Closed deividAlfa closed 9 months ago
Tested working in my STM32F103CB:
Attack ready
Press enter to start dumping firmware
xxxxxxx ......
xxxxxxx ......
Target has stopped sending data, assuming dump is complete
Dumped 131072 bytes
Output saved to dump.bin
Attached compiled firmares just in case anyone wants to try: targets.zip
No modification to dump.py required.
DBGMCU_IDCODE @ 0xE0042000 (RM0008 page 1088) reads 0 in the attack firmware, so we can't detect the flash using DEV_ID. Flash size register @ 0x1FFFF7E0 (RM0008 page 1076) works, so use it instead.
64KB devices actually have 128KB, it's the same die. Some firmwares use it, specially chinese devices, as they're cheaper and work anyways. So, override to 128KB when reporting 64KB.