Not working with fw version 2.6
buttim opened this issue · 10 comments
Unluckily seems like your code does not work anymore for modules with v2.6 firmware.
Any chances of getting the STM8 source code that gets translated to the stub to upload?
Any link for the docs on the update protocol?
Also your code is missing import time
Here is the output with the error:
Flashing dumpcode...
Traceback (most recent call last):
File "c:\Users\butti\Downloads\firmwaredump.py", line 73, in <module>
hc = enterUpdateMode(args.device)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "c:\Users\butti\Downloads\firmwaredump.py", line 23, in enterUpdateMode
assert x == b'\4', repr(x)
AssertionError: b'\xf8\xfe\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x98\xe0`x\x00\xf8\x86\x06\x98`\x06`\x18x\x9e\xe6\x98~\x1e`\x9e\x06f\x9e\x1e\x9ef\x18\xfe~\x18~\x9e\x9ex\x98f\x86\xe0\xe0f\xe6\x06fx`\xfeff\x1e'
Given that \xEE is an undocumented command, the fact that the code only works for v2.4 doesn't surprise me. I have a board that claims v2.3 and I guess that won't work either.
I suspect that the solution for both of us would need to be something like the following:
- Look at the other refs and find another way to download the firmware that does not require the special code here. It must be possible otherwise this project would not be possible.
- Possibly use Ghidra (https://ghidra-sre.org/) to decompile and understand the firmware sufficiently to create a plan for writing new firmware.
- Write new firmware in a similar style to the original but custom and from scratch (no reusing the original, patching etc), including emulating the original
AT+UPDATEprocess for ease of updates etc.
Not sure how possible this is but going to look around. If you come up with a better idea, please respond to my Issue and let me know.
Thanks for your reply. Studying more deeply your solution I figured that indeed it cannot work with a different firmware version. Alas doing the glitching to dump the new firmware is a bit too much for me.
Thanks anyway for your inspiring work. Should I come to some idea I will let you know for sure.
Why not update 2.3 to 2.4? El El dom, 17 mar. 2024 a la(s) 09:26, buttim @.***> escribió:
How exactly?
@lalo-uy To add to buttim's comment, although the HC-12 has an update command, there appears to be nowhere that provides either updated firmware or the HC-1X updater program that is mentioned in some of the earlier documentation.
FYI this, https://itooktheredpill.irgendwo.org/2020/stm8-readout-protection/, is a good starting point for "glitch attacks". As I understand it, on start-up the STM8 writes a specific byte that causes read-protection to be on. Glitch-attacks deliberately drop the voltage to the chip "enough to fail the write of this byte but not enough to reset the CPU, and only for the brief moment of this write attempt" meaning that the chip boots but that read protection is disabled. Sounds simple but of course it is not!
Yes, I eagerly read your blog post. I am tempted to give it a try, but not really confident in my skill/patience
Thanks. Where did you find it? Does it come with the actual firmware binary?
After analysis of the v2.6 firmware, it is apparent that it does not support the AT+UPDATE protocol anymore, that means that this tool cannot work for the v2.6 firmware version.
I have yet to test whether the v2.6 boards are working with custom firmware (https://github.com/rumpeltux/hc12fw).
Thanks for your analysis. Looking forward to the firmware compatibility test