Class: SWD_STM32
- Inherits:
-
Object
- Object
- SWD_STM32
- Defined in:
- lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb
Instance Attribute Summary collapse
-
#ahb ⇒ Object
Returns the value of attribute ahb.
Instance Method Summary collapse
- #flashErase ⇒ Object
- #flashProgram ⇒ Object
- #flashProgramEnd ⇒ Object
- #flashRead(address, size) ⇒ Object
- #flashUnlock ⇒ Object
- #flashWrite(address, data) ⇒ Object
- #halt ⇒ Object
-
#initialize(debugPort) ⇒ SWD_STM32
constructor
A new instance of SWD_STM32.
- #sysReset ⇒ Object
- #unhalt ⇒ Object
Constructor Details
#initialize(debugPort) ⇒ SWD_STM32
Returns a new instance of SWD_STM32.
14 15 16 17 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 14 def initialize(debugPort) @ahb = SWD_MEM_AP.new(debugPort, 0) @debugPort = debugPort end |
Instance Attribute Details
#ahb ⇒ Object
Returns the value of attribute ahb.
12 13 14 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 12 def ahb @ahb end |
Instance Method Details
#flashErase ⇒ Object
102 103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 102 def flashErase HardsploitAPI.instance.consoleInfo "Flash unlock" flashUnlock # start the mass erase @ahb.writeWord(0x40022010, 0x00000204) @ahb.writeWord(0x40022010, 0x00000244) # check the BSY flag while (@ahb.readWord(0x4002200C) & 1) == 1 HardsploitAPI.instance.consoleInfo "waiting for erase completion..." end @ahb.writeWord(0x40022010, 0x00000200) HardsploitAPI.instance.consoleInfo "Finish unlock flash" end |
#flashProgram ⇒ Object
115 116 117 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 115 def flashProgram @ahb.writeWord(0x40022010, 0x00000201) end |
#flashProgramEnd ⇒ Object
118 119 120 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 118 def flashProgramEnd @ahb.writeWord(0x40022010, 0x00000200) end |
#flashRead(address, size) ⇒ Object
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 32 def flashRead(address,size) data = Array.new # Read a word of 32bits (4 Bytes in same time) size = size / 4 #Chunk to 1k block for SWD # ARM_debug_interface_v5 Automatic address increment is only guaranteed to operate on the bottom 10-bits of the # address held in the TAR. Auto address incrementing of bit [10] and beyond is # IMPLEMENTATION DEFINED. This means that auto address incrementing at a 1KB boundary # is IMPLEMENTATION DEFINED #But for hardsploit max 8192 so chuck to 1k due to swd limitation packet_size = 1024 number_complet_packet = (size / packet_size).floor size_last_packet = size % packet_size startTime = Time.now #number_complet_packet for i in 0..number_complet_packet - 1 do data.push(*self.ahb.readBlock(i * 4 * packet_size + address, packet_size)) #puts "Read #{packet_size} KB : #{i}" HardsploitAPI.instance.consoleProgress( percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)), startTime: startTime, endTime: Time.new ) end #Last partial packet if size_last_packet > 0 then data.push(*self.ahb.readBlock(number_complet_packet*4*packet_size+address,size_last_packet)) #puts "Read last packet : #{size_last_packet} packet of 4 bytes" HardsploitAPI.instance.consoleProgress( percent: 100, startTime: startTime, endTime: Time.new ) end return data end |
#flashUnlock ⇒ Object
97 98 99 100 101 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 97 def flashUnlock # unlock main flash @ahb.writeWord(0x40022004, 0x45670123) @ahb.writeWord(0x40022004, 0xCDEF89AB) end |
#flashWrite(address, data) ⇒ Object
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 71 def flashWrite(address,data) #Chunk to 1k block for SWD packet_size = 1024 #1024 number_complet_packet = (data.size/packet_size).floor size_last_packet = data.size % packet_size startTime = Time.now #ahb.csw(2, 1) # 16-bit packed incrementing addressing #number_complet_packet for i in 0..number_complet_packet-1 do self.ahb.writeBlock(address+i*packet_size,data[i*packet_size..i*packet_size-1+packet_size]) #puts "Write #{packet_size} KB : #{i}" HardsploitAPI.instance.consoleProgress( percent: 100 * (i + 1) / (number_complet_packet + (size_last_packet.zero? ? 0 : 1)), startTime: startTime, endTime:Time.new ) end #Last partial packet if size_last_packet > 0 then self.ahb.writeBlock(address+number_complet_packet*packet_size,data[number_complet_packet*packet_size..number_complet_packet*packet_size+size_last_packet]) #puts "Write last packet : #{size_last_packet} packet" HardsploitAPI.instance.consoleProgress(percent:100,startTime:startTime,endTime:Time.new) end ahb.csw(1, 2) # set to default 32-bit incrementing addressing end |
#halt ⇒ Object
19 20 21 22 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 19 def halt # halt the processor core @ahb.writeWord(0xE000EDF0, 0xA05F0003) end |
#sysReset ⇒ Object
27 28 29 30 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 27 def sysReset # restart the processor and peripherals @ahb.writeWord(0xE000ED0C, 0x05FA0004) end |
#unhalt ⇒ Object
23 24 25 26 |
# File 'lib/HardsploitAPI/Modules/SWD/HardsploitAPI_SWD_STM32.rb', line 23 def unhalt # unhalt the processor core @ahb.writeWord(0xE000EDF0, 0xA05F0000) end |