Class: SWD_STM32

Inherits:
Object
  • Object
show all
Defined in:
lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(debugPort) ⇒ SWD_STM32

Returns a new instance of SWD_STM32.



14
15
16
17
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 14

def initialize(debugPort)
  @ahb = SWD_MEM_AP.new(debugPort, 0)
  @debugPort = debugPort
end

Instance Attribute Details

#ahbObject

Returns the value of attribute ahb.



12
13
14
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 12

def ahb
  @ahb
end

Instance Method Details

#flashEraseObject 



102
103
104
105
106
107
108
109
110
111
112
113
114
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 102

def flashErase
    HardsploitAPI.instance.consoleInfo "Flash unlock"
    flashUnlock
    # start the mass erase

    @ahb.writeWord(0x40022010, 0x00000204)
    @ahb.writeWord(0x40022010, 0x00000244)
    # check the BSY flag

    while (@ahb.readWord(0x4002200C) & 1) == 1
        HardsploitAPI.instance.consoleInfo "waiting for erase completion..."
    end
    @ahb.writeWord(0x40022010, 0x00000200)
    HardsploitAPI.instance.consoleInfo "Finish unlock flash"
end

#flashProgramObject 



115
116
117
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 115

def flashProgram
    @ahb.writeWord(0x40022010, 0x00000201)
end

#flashProgramEndObject 



118
119
120
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 118

def flashProgramEnd
    @ahb.writeWord(0x40022010, 0x00000200)
end

#flashRead(address, size) ⇒ Object 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 32

def flashRead(address,size)
  data = Array.new
  # Read a word of 32bits (4 Bytes in same time)

  size = size / 4
  #Chunk to 1k block for SWD

  #  ARM_debug_interface_v5   Automatic address increment is only guaranteed to operate on the bottom 10-bits  of the

  # address held in the TAR. Auto address incrementing of bit [10] and beyond is

  # IMPLEMENTATION DEFINED. This means that auto address incrementing at a 1KB boundary

  # is IMPLEMENTATION DEFINED


  #But for hardsploit max 8192  so chuck to  1k due to swd limitation


  packet_size = 1024
  number_complet_packet = (size / packet_size).floor
  size_last_packet =  size % packet_size
  startTime = Time.now
  #number_complet_packet

  for i in 0..number_complet_packet - 1 do
      data.push(*self.ahb.readBlock(i * 4 * packet_size + address, packet_size))
    #puts "Read #{packet_size} KB : #{i}"

    HardsploitAPI.instance.consoleProgress(
      percent:  100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
      startTime: startTime,
      endTime:  Time.new
    )
  end
  #Last partial packet

  if size_last_packet > 0 then
    data.push(*self.ahb.readBlock(number_complet_packet*4*packet_size+address,size_last_packet))
      #puts "Read last packet : #{size_last_packet} packet of 4 bytes"

      HardsploitAPI.instance.consoleProgress(
        percent:   100,
        startTime: startTime,
        endTime:   Time.new
      )
  end
  return data
end

#flashUnlockObject 



97
98
99
100
101
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 97

def flashUnlock
    # unlock main flash

    @ahb.writeWord(0x40022004, 0x45670123)
    @ahb.writeWord(0x40022004, 0xCDEF89AB)
end

#flashWrite(address, data) ⇒ Object 



71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 71

def flashWrite(address,data)
    #Chunk to 1k block for SWD

    packet_size = 1024 #1024

    number_complet_packet = (data.size/packet_size).floor
    size_last_packet =  data.size % packet_size
    startTime = Time.now
    #ahb.csw(2, 1) # 16-bit packed incrementing addressing

    #number_complet_packet

    for i in 0..number_complet_packet-1 do
      self.ahb.writeBlock(address+i*packet_size,data[i*packet_size..i*packet_size-1+packet_size])
      #puts "Write #{packet_size} KB : #{i}"

      HardsploitAPI.instance.consoleProgress(
        percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)),
        startTime: startTime,
        endTime:Time.new
      )
    end
    #Last partial packet

    if size_last_packet > 0 then
        self.ahb.writeBlock(address+number_complet_packet*packet_size,data[number_complet_packet*packet_size..number_complet_packet*packet_size+size_last_packet])
        #puts "Write last packet : #{size_last_packet} packet"

        HardsploitAPI.instance.consoleProgress(percent:100,startTime:startTime,endTime:Time.new)
    end
    ahb.csw(1, 2) # set to default 32-bit incrementing addressing

end

#haltObject 



19
20
21
22
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 19

def halt
    # halt the processor core

    @ahb.writeWord(0xE000EDF0, 0xA05F0003)
end

#sysResetObject 



27
28
29
30
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 27

def sysReset
    # restart the processor and peripherals

    @ahb.writeWord(0xE000ED0C, 0x05FA0004)
end

#unhaltObject 



23
24
25
26
 
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 23

def unhalt
    # unhalt the processor core

    @ahb.writeWord(0xE000EDF0, 0xA05F0000)
end