Class: SWD_STM32

Inherits:
Object
  • Object
show all
Defined in:
lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(debugPort) ⇒ SWD_STM32

Returns a new instance of SWD_STM32.



14
15
16
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 14

def initialize(debugPort)
  @ahb = SWD_MEM_AP.new(debugPort, 0)
end

Instance Attribute Details

#ahbObject

Returns the value of attribute ahb.



12
13
14
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 12

def ahb
  @ahb
end

Instance Method Details

#flashEraseObject 



85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 85

def flashErase
    puts "Flash unlock"
    flashUnlock
    # start the mass erase
    @ahb.writeWord(0x40022010, 0x00000204)
    @ahb.writeWord(0x40022010, 0x00000244)
    # check the BSY flag
    while (@ahb.readWord(0x4002200C) & 1) == 1
        puts "waiting for erase completion..."
    end
    @ahb.writeWord(0x40022010, 0x00000200)
    puts "Finish unlock flash"
end

#flashProgramObject 



98
99
100
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 98

def flashProgram
    @ahb.writeWord(0x40022010, 0x00000201)
end

#flashProgramEndObject 



101
102
103
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 101

def flashProgramEnd
    @ahb.writeWord(0x40022010, 0x00000200)
end

#flashRead(address, size) ⇒ Object 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 31

def flashRead(address,size)
  data = Array.new
  # Read a word of 32bits (4 Bytes in same time)
  size = size / 4
  #Chunk to 1k block for SWD
  #  ARM_debug_interface_v5   Automatic address increment is only guaranteed to operate on the bottom 10-bits  of the
  # address held in the TAR. Auto address incrementing of bit [10] and beyond is
  # IMPLEMENTATION DEFINED. This means that auto address incrementing at a 1KB boundary
  # is IMPLEMENTATION DEFINED

  #But for hardsploit max 8192  so chuck to  1k

  packet_size = 1024
  number_complet_packet = (size/packet_size).floor
  size_last_packet =  size % packet_size

  #number_complet_packet
  for i in 0..number_complet_packet-1 do
      data.push(*self.ahb.readBlock(i*4*packet_size+address,packet_size))
    puts "Read #{packet_size} KB : #{i}"
  end
  #Last partial packet
  if size_last_packet > 0 then
    data.push(*self.ahb.readBlock(number_complet_packet*4*packet_size+address,size_last_packet))
      puts "Read last packet : #{size_last_packet} packet of 4 bytes"
  end
  return data
end

#flashUnlockObject 



80
81
82
83
84
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 80

def flashUnlock
    # unlock main flash
    @ahb.writeWord(0x40022004, 0x45670123)
    @ahb.writeWord(0x40022004, 0xCDEF89AB)
end

#flashWrite(address, data) ⇒ Object 



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 60

def flashWrite(address,data)
    #Chunk to 1k block for SWD
    packet_size = 1024 #1024
    number_complet_packet = (data.size/packet_size).floor
    size_last_packet =  data.size % packet_size

    ahb.csw(2, 1) # 16-bit packed incrementing addressing
    #number_complet_packet
    for i in 0..number_complet_packet-1 do
      self.ahb.writeBlock(address+i*packet_size,data[i*packet_size..i*packet_size-1+packet_size])
      puts "Write #{packet_size} KB : #{i}"
    end
    #Last partial packet
    if size_last_packet > 0 then
        self.ahb.writeBlock(address+number_complet_packet*packet_size,data[number_complet_packet*packet_size..number_complet_packet*packet_size+size_last_packet])
        puts "Write last packet : #{size_last_packet} packet"
    end
    ahb.csw(1, 2) # 16-bit packed incrementing addressing
end

#haltObject 



18
19
20
21
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 18

def halt
    # halt the processor core
    @ahb.writeWord(0xE000EDF0, 0xA05F0003)
end

#sysResetObject 



26
27
28
29
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 26

def sysReset
    # restart the processor and peripherals
    @ahb.writeWord(0xE000ED0C, 0x05FA0004)
end

#unhaltObject 



22
23
24
25
 
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 22

def unhalt
    # unhalt the processor core
    @ahb.writeWord(0xE000EDF0, 0xA05F0000)
end