[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Uisp-dev] Re: [avr-gcc-list] uisp and new STK500 firmware?
|
From: |
Marek Michalkiewicz |
|
Subject: |
Re: [Uisp-dev] Re: [avr-gcc-list] uisp and new STK500 firmware? |
|
Date: |
Mon, 20 Jan 2003 09:15:55 +0100 (CET) |
> Since uisp knows how to talk to a "AVR ISP" type programmer, we could use
> uisp to update the firmware of the stk500. We just need to figure how to
> read a .ebn file. ;-)
I suspect ".ebn" stands for "encrypted binary". Note that the file has
an odd length, probably some kind of header or checksum added - if you
have both the .ebn file and the flash dump, it should be possible to
figure out what kind of encryption they used. Note only the STK500,
but also the JTAGICE firmware upgrade is shipped in such a file.
> I've also hacked the firmware of the 1200 in the stk500 to allow me to
> upgrade the firmware using avr studio, but when avr studio tries to set the
> lock bits on the 8535, my hacked firmware ignores the command. Thus, I've
> been able to do a rom dump of the 8535 and may have a rather silly way to
> convert a .ebn file to what ever format I want.
They left a nice hole if the 1200 was not locked :) - but even if it
was, you could still spy on the 8535's pins (using an AVR with fast
enough clock and hardware SPI slave) to see what is being written...
Since the protection is weak anyway, I don't think they would bother
to use a real encryption algorithm for the .ebn file - could be more
like XOR, some bit shifts etc. Of course, after you reverse-engineer
it, they will be so nice to document it too, then make a new release
of AVR Studio with a new incompatible top-secret protocol ;)
Marek