Protocol for downloading the program into the CH55x

[ogogon]

Could you please tell me if there is a document describing the protocol for downloading the program into the CH552? Is this possible only via USB or is it possible through a com-port?

I contacted the manufacturer, but they, to my great surprise, replied that this information was not published. I am somewhat confused - usually manufacturers do not hide such information. I do not see any risks for the manufacturer in disseminating this information.

Thank you for your reply.

[ole00]

There is a datasheet that describes the memory address map (including flash location) and registers that allow you to rewrite the contents of the flash. The datasheet can be found here: http://www.wch-ic.com/downloads/CH552DS1_PDF.html

See section 6 for memory map, section 6.4 for flash -ROM register and 6.5 for flash rom operation steps. This information would allow you to write your own bootloader that could update the flash contents (for example to implement Arduino flashing protocol)

The CH552 chip comes preprogrammed with bootloader from the factory. As far as I understand the bootloader can receive both USB data and UART data (com port). There is an official programming tool for Windows provided by the manufacturer called WCHISPTool (installer name is WCHISPTool_Setup_2.7.exe). This tool has an option to upload/program the CH552 (and other WCH chips) over com port.

[ogogon]

Thank you. I even contacted their support, but they answered me that the firmware download protocol is not published.

What do you think is the reason for this policy? What risks do they fear? I don't remember another case where a microcontroller manufacturer made a secret out of it...

[ole00]

Basically they want to provide as less public information as possible to prevent somebody finding a security flaw in their protocol. I think that is generally their main concern. For example the reason they upgraded their bootloader was that somebody found a way how to read the contents of the flash from the "protected" chip. If you are interested, check this thread (it is quite long): https://www.mikrocontroller.net/topic/462538?page=single

I think - in this case - they provide enough information and tools for programming these chips. If you need to program the chip on the fly (for example OTA upgrades etc.) you can implement your own bootloader and control the flashing protocol the way you like. BTW. why do you need the information? Chprog source code provide enough information about the protocol to program the chips - or not?

[ogogon]

Hm... If someone has found a vulnerability, manufacturer must to fix it. If this vulnerability is simply classified - one day this secret may be disclosed, and everything will be even worse...

The information is interesting to me without any evil purposes. I recently learned about this microcontroller, and everything about it is interesting to me. In addition, the situation when the download protocol is classified, but everyone knows it and write their own programs to implement it, somewhat surprised me. I’m used to the fact that the technology for loading a program into a chip is described in the official manual for 350 pages.

In addition, I did not find an open source utility for downloading firmware via a COM port. Does something similar exist?

[ole00]

I did not find an open source utility for downloading firmware via a COM port. Does something similar exist?

I don't know, perhaps it does - you have to do your own research if you are interested. It should be possible to 'sniff' the serial port communication while the official tool (WCHISPTool) does the upgrade over COM port and figure out the protocol.

[ogogon]

Thank you. There is something to think about here. If I take a dump from the com port when uploading a file, it will be possible to ask your opinion?

[ole00]

Sure, feel free to ask.