Attack Firmware v1.1, Target firmware v1.1
This release serves as a companion to the recent modifications made to the dump.py script (v1.2). The script has been updated to address an issue where the attack was not functioning correctly on STM32F1 chips with a distinct SRAM entry point offset from the value of 0x108 found on the F103 series (refer to #1). Special thanks to @luistmw for pointing out the issue and testing the fix!
In this release, instead of compiling a single target firmware, we now compile target firmware binaries for each possible SRAM entry point offset, namely 0x108, 0x1CC, and 0x1E0. Additionally, we compile binaries for each possible USART peripheral, resulting in a total of nine firmware binaries. The dump script automatically detects the SRAM entry point offset and now prompts the user to select the USART peripheral for dumping the firmware (alternatively the -u flag can be also be used to select the target dumping USART). It then selects the appropriate binary corresponding to the detected entry point offset and selected USART peripheral.
Besides dealing with varying entry point offsets and now allowing the user to select the target dumping USART peripheral during script execution, here are some additional changes in this release:
dump.py:
- Script now requires to disconnect the debugger before prompting to reset/re-connect the Pi Pico. This ensures that the target device is power cycled when the Pico is reset/reconnected.
- Changes in printed output/instructions
Attack Firmware:
- Power pin is first set to
HIGHbefore being configured asOUTPUTto prevent accidental short when debugger is connected
