ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

>>To make it extra tricky to try to get the >>...

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

>>To make it extra tricky to try to get the >>...

‎10-31-2007 04:45 PM
2,953件の閲覧回数
Inliner
Contributor I
>>To make it extra tricky to try to get the >>code, read/write out of RAM can be taken >>away by writing 0x7b into 0xffd1. Please, describe more,what will happens? As i know, not only bruteforcing is usefull to find or bypass security key.
ラベル(1)
ラベル
0 件の賞賛
返信
13 返答(返信)

‎11-01-2007 08:30 AM
951件の閲覧回数
Ake
Contributor II
Hi,
If you want to write $7b into $ffd1, enter
 
lda #$7b
sta $ffd1
 
If you want  to get the data from the RAM cell $7b, write
lda $7b
sta $ffd1
 
But if you run it on a HC908JB16, nothing will happen because the cell $ffd1 is a Flash EPROM cell and cannot be written during normal operation.
Instead you should write in your assembly code
 org $ffd1
    dc.b    $7b
 
If you are writing a Flash EPROM programming routine, you should write
lda $7b
sta $ffd1
as a part of a much more complex algoritm.
 
Did that help?
 
Regards,
Ake
0 件の賞賛
返信

‎11-01-2007 09:51 AM
951件の閲覧回数
Inliner
Contributor I
Is it possible to run these commands when in secured mode? Mean when i runnning my proc , after enterning to monitor with invalid security codes.
0 件の賞賛
返信

‎11-01-2007 01:24 PM
951件の閲覧回数
Ake
Contributor II
Hi,
If you enter the Monitor mode with an invalid security, the only thing that is possible is to erase the entire Flash EPROM.
 
And as I said in my previous message, you cannot change the Flash EPROM cells by just running some simple op codes.
 
If you want to change a single byte in a Flash EPROM where you do not know the security bytes, it is not possible.  The only thing you can do is to erase everything and start from the beginning.
 
Regards,
Ake
0 件の賞賛
返信

‎11-02-2007 12:39 PM
951件の閲覧回数
Inliner
Contributor I
I understand, but i tried to execute commands in monitor mode: i programmned my flash wirh firmware with known 8-byte code. i entered into monitor mode with INVALID code. After executing set of codes: --------------
lda #FF
sta $FFF6
sta $FFF7 ...
sta $FFFD
-----------
i resetted the processor and tried to enter to MCU:
with correct code: without success..
with code FF..FF...FF : without success too...
how this can be?
0 件の賞賛
返信

‎11-02-2007 09:35 PM
949件の閲覧回数
peg
Senior Contributor IV
Hi inliner,
 
It is very unclear to me what it is you are actually trying to achieve or understand here with all these questions.
 
The code snipped you supplied does not work because the address being STA 'ed to is implemented in flash. It is no good just writing to here you must "programme" these locations.
Also the flash in these devices reads as FF when blank, so there is actually no need to programme FF ever. This is why a security code of all F's is used to gain access to a blank part.
 
0 件の賞賛
返信

‎11-03-2007 10:16 AM
949件の閲覧回数
Inliner
Contributor I
Hi! i just looking a way to read full(part of) firmware, protected with security. I tried to do thos within monitor mode. The second way is use USB monitor mode. Seems it's not checking secutiry when entering in USB monitor mode.
0 件の賞賛
返信

‎11-03-2007 08:40 PM
949件の閲覧回数
peg
Senior Contributor IV
Hi inliner,
 
Monitor entry via USB is only guaranteed when the device is blank (or reset vector). Even then it can still be prevented if extended security is enabled.
If the code in the device has been written in such a way as to provide for monitor entry from within the user programme, then yes, you may be able to get in. But what method have they implemented?
 
0 件の賞賛
返信

‎11-05-2007 08:21 AM
951件の閲覧回数
Inliner
Contributor I
Hi! The device can be updated with new firmware with usb interface trough the special connector in my device. Seems it loads the bootloader and then flashes rest of code. But i dont know, is it use usb monitor mode or custom code to update flash.
0 件の賞賛
返信

‎11-05-2007 09:15 AM
951件の閲覧回数
Inliner
Contributor I
Also, when i'm connecting my device via USB interface with 1.5 resistor and D+/D- pins , OS detects new device, but failed to install.
I used USBICP.INF/SYS driver.

Any ideas, howto talk to device directly, bypassing the OS's checking?
0 件の賞賛
返信

‎11-05-2007 10:31 AM
951件の閲覧回数
Inliner
Contributor I
Additinal:

Device has folowing characteristics:
idVendor: 0000
idProduct 0000

i use schematic with:
- 1.5 resistor on D-
- no capacitor 10nF on RESET.
0 件の賞賛
返信

‎11-05-2007 11:33 AM
949件の閲覧回数
Inliner
Contributor I
i used generator 6MHZ instead of 12, maybe this is a problem? i also tried to set PTA3 with 0 to make Bus clock = fXCLK. is it correct? or 12MHZ must be used instead? Thanks!
0 件の賞賛
返信

‎10-31-2007 11:56 PM
951件の閲覧回数
NLFSJ
Contributor III
Please provide the p/n in the HC08 family that you are working with.
 
Regards,
Nina
0 件の賞賛
返信

‎11-01-2007 07:06 AM
951件の閲覧回数
Inliner
Contributor I
I'm using MC68HC908JB series, partuculary 908JB16. Thanks!
0 件の賞賛
返信