Black Magic Probe on an stm32f103c8

User avatar
RogerClark
Posts: 6342
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Black Magic Probe on an stm32f103c8

Post by RogerClark » Tue Dec 06, 2016 8:03 pm

michael,

Do you think its a hardware of software problem with your STLink ?

michael_l
Posts: 336
Joined: Mon Aug 24, 2015 6:11 pm

Re: Black Magic Probe on an stm32f103c8

Post by michael_l » Tue Dec 06, 2016 9:23 pm

Well I guess it must be the hardware because I didn't flash anything to it. Maybe I accidentally put 3.3V to GND or something.

User avatar
RogerClark
Posts: 6342
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Black Magic Probe on an stm32f103c8

Post by RogerClark » Tue Dec 06, 2016 9:50 pm

michael_l wrote:Well I guess it must be the hardware because I didn't flash anything to it. Maybe I accidentally put 3.3V to GND or something.

Ummm.

OK. I find the STM32 is normally quite electrically robust. The things that normally break (especially on the Blue Pill) are the USB connections from the socket to the PCB)

User avatar
RogerClark
Posts: 6342
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Black Magic Probe on an stm32f103c8

Post by RogerClark » Tue Dec 06, 2016 10:02 pm

BTW.

Getting back to the original topic ;-)

FYI.

The STLink binary on blacksphere's website (linked from the Readme on their github repo), are not actually usable.

The compiled binaries do not contain the new Blackmagic bootloader, (blackmagic_dfu.bin) which sits at the base of flash.
They are the main / runtime code that needs to be flashed to 0x8002000

So in order to flash the BMP onto a STLink, you still need to build from source, because Gareth is not going to publish compiled binaries for the stm32 version of blackmagic_dfu.bin - basically for commercial reasons, because Blacksphere make money from selling the BMP hardware rather than from the software.

So... I've attached the STLink binaries I built last night, both the blackmagic_dfu.bin which needs to be flashed to 0x800000 and also blackmagic.bin which needs to be flashed to 0x8002000

You can just flash blackmagic_dfu.bin to 0x800000 and then restart the board and then upload blackmagic.bin via the BMP's own DFU, (as documented here https://github.com/blacksphere/blackmag ... g-Firmware )

But if you've already got the Serial or STLink etc uploader open , its going to be quicker and easier just to do both of them in that tool
Attachments
blackmagic_stlink.zip
(39.19 KiB) Downloaded 90 times

User avatar
RogerClark
Posts: 6342
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Black Magic Probe on an stm32f103c8

Post by RogerClark » Tue Dec 06, 2016 10:05 pm

Edit.

I may have a chat with STM to find out if there is any way to write an updater (a bit like the Segger updater) which allows users to replace their STLink firmware on their Nucleo with the Segger JLink code.

To see if they would be interested in allowing update from STLink to Blackmagic probe. But I suspect that for various reasons they would not be open to this. (especially as there would be no official way back to STLink)

devan
Posts: 42
Joined: Sat May 14, 2016 1:45 am

Re: Black Magic Probe on an stm32f103c8

Post by devan » Wed Dec 07, 2016 2:05 am

RogerClark wrote:I may have a chat with STM to find out if there is any way to write an updater (a bit like the Segger updater) which allows users to replace their STLink firmware on their Nucleo with the Segger JLink code.

To see if they would be interested in allowing update from STLink to Blackmagic probe. But I suspect that for various reasons they would not be open to this. (especially as there would be no official way back to STLink)
I've spent some time looking into the STLink bootloader and the updater based on this forum thread:
http://www.eevblog.com/forum/microcontr ... -firmware/

Summary of what the original poster found and what I've found through my own experimentation:
  • It is possible to to put new firmware onto an STLink by modifying the STLinkUpgrade jar.
  • It is possible to bypass the read protection and dump the bootloader out.
  • There is no way to do an in-place bootloader replacement because clearing the read protection triggers a mass erase, even if run from flash on the chip with no debugger attached.
  • The STLinkv2 bootloader starts in DFU mode and only runs the main firmware after receiving a USB command, which makes it inconvenient to use with anything besides the STLink firmware.
  • The STLinkv2-1 bootloader used on Nucleo boards might not have the same issue, since it has to run the MSC and CDC interfaces in addition to the STLink, but I didn't dump that bootloader correctly, so I can't test it further. It should be possible to retrigger the bootloader and restore the original firmware with the standard STLink update tool.

User avatar
RogerClark
Posts: 6342
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Black Magic Probe on an stm32f103c8

Post by RogerClark » Wed Dec 07, 2016 2:20 am

@devan

Very interesting

How big is the STLink bootloader ?

The BMP code is normally set to have its base address at 0x8002000, but I know we could change this to match the STLink code address

User avatar
RogerClark
Posts: 6342
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Black Magic Probe on an stm32f103c8

Post by RogerClark » Wed Dec 07, 2016 3:07 am

@devan

Thanks for the links to those articles

I'm not sure if I'm reading this correctly, but the bootloader for all STLInk boards may be the same, apart from the USB VID PID, and the ST Firmware update tool may be reading this data to determine which firmware to install

But perhaps there is some other ID data in the bootloader which the ST uploader reads in order to determine which firmware to upload.

Of course if we make a BMP version and encrypt it, it doesn't make much difference as long as the bootloader just accepts our BMP code.

devan
Posts: 42
Joined: Sat May 14, 2016 1:45 am

Re: Black Magic Probe on an stm32f103c8

Post by devan » Wed Dec 07, 2016 3:28 am

Flashing the STLink-v2 bootloader onto an STLink-v2-1 causes the updater to pick the STLink-v2 firmware, so I'm pretty sure that the bootloaders are not the same.

Unfortunately, I didn't dump the STLink-v2-1 bootloader correctly, so doing any further analysis is difficult unless I sacrifice another Nucleo board.

User avatar
RogerClark
Posts: 6342
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Black Magic Probe on an stm32f103c8

Post by RogerClark » Wed Dec 07, 2016 4:18 am

@devan

Have you tried changing the VID/PID on the bootloader ?

I presume you can get hold of a copy of the STLink binary that was on some russian forum. It would be easy to use a hex editor to find and change the VID /PID pair as those sorts of things are usually stored close to each other in the binary

BTW. Does the bootloader set the read protection on the STLink binary, or do you think the main binary protects its self (possibly both). But even if the app protected its self, the simple thing to do would be to prevent the bootloader jumping to the main STLink binary at all, so it couldn't protect its self

Locked

Who is online

Users browsing this forum: No registered users and 1 guest