Class: SWD_STM32
- Inherits:
-
Object
- Object
- SWD_STM32
- Defined in:
- lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb
Instance Attribute Summary collapse
-
#ahb ⇒ Object
Returns the value of attribute ahb.
Instance Method Summary collapse
- #flashErase ⇒ Object
- #flashProgram ⇒ Object
- #flashProgramEnd ⇒ Object
- #flashRead(address, size) ⇒ Object
- #flashUnlock ⇒ Object
- #flashWrite(address, data) ⇒ Object
- #halt ⇒ Object
-
#initialize(debugPort) ⇒ SWD_STM32
constructor
A new instance of SWD_STM32.
- #sysReset ⇒ Object
- #unhalt ⇒ Object
Constructor Details
#initialize(debugPort) ⇒ SWD_STM32
Returns a new instance of SWD_STM32.
14 15 16 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 14 def initialize(debugPort) @ahb = SWD_MEM_AP.new(debugPort, 0) end |
Instance Attribute Details
#ahb ⇒ Object
Returns the value of attribute ahb.
12 13 14 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 12 def ahb @ahb end |
Instance Method Details
#flashErase ⇒ Object
85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 85 def flashErase puts "Flash unlock" flashUnlock # start the mass erase @ahb.writeWord(0x40022010, 0x00000204) @ahb.writeWord(0x40022010, 0x00000244) # check the BSY flag while (@ahb.readWord(0x4002200C) & 1) == 1 puts "waiting for erase completion..." end @ahb.writeWord(0x40022010, 0x00000200) puts "Finish unlock flash" end |
#flashProgram ⇒ Object
98 99 100 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 98 def flashProgram @ahb.writeWord(0x40022010, 0x00000201) end |
#flashProgramEnd ⇒ Object
101 102 103 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 101 def flashProgramEnd @ahb.writeWord(0x40022010, 0x00000200) end |
#flashRead(address, size) ⇒ Object
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 31 def flashRead(address,size) data = Array.new # Read a word of 32bits (4 Bytes in same time) size = size / 4 #Chunk to 1k block for SWD # ARM_debug_interface_v5 Automatic address increment is only guaranteed to operate on the bottom 10-bits of the # address held in the TAR. Auto address incrementing of bit [10] and beyond is # IMPLEMENTATION DEFINED. This means that auto address incrementing at a 1KB boundary # is IMPLEMENTATION DEFINED #But for hardsploit max 8192 so chuck to 1k packet_size = 1024 number_complet_packet = (size/packet_size).floor size_last_packet = size % packet_size #number_complet_packet for i in 0..number_complet_packet-1 do data.push(*self.ahb.readBlock(i*4*packet_size+address,packet_size)) puts "Read #{packet_size} KB : #{i}" end #Last partial packet if size_last_packet > 0 then data.push(*self.ahb.readBlock(number_complet_packet*4*packet_size+address,size_last_packet)) puts "Read last packet : #{size_last_packet} packet of 4 bytes" end return data end |
#flashUnlock ⇒ Object
80 81 82 83 84 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 80 def flashUnlock # unlock main flash @ahb.writeWord(0x40022004, 0x45670123) @ahb.writeWord(0x40022004, 0xCDEF89AB) end |
#flashWrite(address, data) ⇒ Object
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 60 def flashWrite(address,data) #Chunk to 1k block for SWD packet_size = 1024 #1024 number_complet_packet = (data.size/packet_size).floor size_last_packet = data.size % packet_size ahb.csw(2, 1) # 16-bit packed incrementing addressing #number_complet_packet for i in 0..number_complet_packet-1 do self.ahb.writeBlock(address+i*packet_size,data[i*packet_size..i*packet_size-1+packet_size]) puts "Write #{packet_size} KB : #{i}" end #Last partial packet if size_last_packet > 0 then self.ahb.writeBlock(address+number_complet_packet*packet_size,data[number_complet_packet*packet_size..number_complet_packet*packet_size+size_last_packet]) puts "Write last packet : #{size_last_packet} packet" end ahb.csw(1, 2) # 16-bit packed incrementing addressing end |
#halt ⇒ Object
18 19 20 21 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 18 def halt # halt the processor core @ahb.writeWord(0xE000EDF0, 0xA05F0003) end |
#sysReset ⇒ Object
26 27 28 29 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 26 def sysReset # restart the processor and peripherals @ahb.writeWord(0xE000ED0C, 0x05FA0004) end |
#unhalt ⇒ Object
22 23 24 25 |
# File 'lib/HardsploitAPI/SWD/HardsploitAPI_SWD_STM32.rb', line 22 def unhalt # unhalt the processor core @ahb.writeWord(0xE000EDF0, 0xA05F0000) end |