How can I use J-link or Ninebot IAP, to dump a copy of misc MCU's flash memory/FW?
Posted: Mon Jun 29, 2020 5:28 am
by Aquaman
How can I use J-link (with openocd or something else) or Ninebot IAP, to dump a copy of flash memory/FW of for example nrf51802 and STM32F103CB, which is used in various Ninebot scooters?
Can find som tips for st-link, but I don't have that.
I have a j-link and isn't that supposed to be more capable considering that you can upgrade the on board ST-Link to j-link on board on some dev boards?
https://www.segger.com/products/debug-p ... -on-board/
How can you use (if possible) j-link on board with ST-link Utility?
I want to get the FW for reverse engineering purposes.
Re: How can I use J-link or Ninebot IAP, to dump a copy of misc MCU's flash memory/FW?
Posted: Mon Jun 29, 2020 1:36 pm
by Bug_meh
Maybe this will help:
https://blog.zapb.de/stm32f1-exceptional-failure/
https://hackaday.com/2020/03/24/breakin ... m32-flash/
Here you can find a quite good tutorial how it works. Beginning from point 3.3 in this paper:
https://www.aisec.fraunhofer.de/en/Firm ... ction.html
I'm also waiting for my ST-Link and Jlink to arrive....
Re: How can I use J-link or Ninebot IAP, to dump a copy of misc MCU's flash memory/FW?
Posted: Tue Jul 07, 2020 12:17 am
by Jimmyyahoo
are you going to be the one "reverse engineering" the firmware as well? I'm sorry but if you're asking such redimentary questions how on earth do you expect to make any sense of the data/bin you get. It's not a bunch of fields with values like SPEED:33KM or VOLTAGE:Xv, it's hex and gobelygook to non computer science majors. The companies that produce the controllers are A- keen to keep the software side proprietary and as much a secret as possible and B- the companies that do allow you to modify the workings of their hardware through firmware updates and FPGAs, they also release sophisticated and bespoke software frontends to do just that.
A data dump from the chip isn't even the preferred method of reverse engineering, a firmware upgrade software package is how most of these endeavors start. You got a lot of reading to do, and not just answers to questions you post on forums. Go out and get a book and start there. At least for me when I see someone wanting to be spoon fed the basics, to me that shows they have little initiative and therfore no real grasp of what they intend to do because they haven't done the groundwork to even understand what they are asking. It's not a step by step process.
That all said, I wish you all the luck in the world and should you succeed where countless other have failed (you aren't the first one not by far) more power to you. The day you release your own firmware, I will eat my scooter.
Re: How can I use J-link or Ninebot IAP, to dump a copy of misc MCU's flash memory/FW?
Posted: Wed Jul 08, 2020 6:47 am
by 365GUY
That’s your first post here ? Well wasn’t that a nice way to introduce yourself
the person was just asking how he might go about getting the firmware to tweak. I didn’t get the impression he was claiming to be a programming jedi.
Re: How can I use J-link or Ninebot IAP, to dump a copy of misc MCU's flash memory/FW?
Posted: Tue Jul 28, 2020 4:12 am
by Jimmyyahoo
What's wrong with being honest? I didn't belittle him or besmirch his character. I put a lot of time into that response so that alone should show that my goal wasn't to offend the guy but to educate him.. Like I said, a lot of people get big ideas. And some of them expect everyone else to do the hard word and the research and then spoon feed them the info. That mentality pisses me off. That's how childhood and elementary school works, not the real wold. What I told the guy was far more useful than a step by step how to. Wasn't my first reponse just forgot my username.
the person was just asking how he might go about getting the firmware to tweak. I didn’t get the impression he was claiming to be a programming jedi.