FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Extracting firmware from Dev Board via SWD

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Extracting firmware from Dev Board via SWD

Jump to solution
‎12-14-2020 05:25 AM
3,352 Views
zxlyo
Contributor II

Hi, everyone! I want to extracting/downloading the binary file (firmware) that was flashed earlier in LPC1549 on my OM13056U via SWD. I learn a little bit about SWD, but how I can access it and its related APIs using MCUXpresso IDE? Thanks!

Tags (3)
0 Kudos
Reply
1 Solution

Jump to solution
‎12-22-2020 04:06 AM
3,313 Views
zxlyo
Contributor II

Thanks to @ErichStyger , I bought a J-Link debugger which supports both J-Tag and SWD. After reading the schematic of the board, I find the SWD interfaces (P1) and connected them to the debugger. Then I installed the JFlash in the host PC. Click "connection" and "read back > entire chip", everything works like a charm. Finally, I get the firmware which is the same as the binary compiled by MCUXpresso.

View solution in original post

Reply
3 Replies

Jump to solution
‎12-22-2020 04:06 AM
3,314 Views
zxlyo
Contributor II

Thanks to @ErichStyger , I bought a J-Link debugger which supports both J-Tag and SWD. After reading the schematic of the board, I find the SWD interfaces (P1) and connected them to the debugger. Then I installed the JFlash in the host PC. Click "connection" and "read back > entire chip", everything works like a charm. Finally, I get the firmware which is the same as the binary compiled by MCUXpresso.

Reply

Jump to solution
‎12-14-2020 06:07 AM
3,347 Views
ErichStyger
Senior Contributor V

Hi @zxlyo ,

as long as you did not had read-out protection enabled (this depends on the chip used, see https://mcuoneclipse.com/2014/06/22/preventing-reverse-engineering-enabling-flash-security/ for the concept), you can connect and read the flash with a normal debug probe.

With MCUXpresso you simply could attach to the target, e.g. this way:

ErichS_0-1607951096354.png

 

And then you have full access and can for example export the memory (https://mcuoneclipse.com/2012/05/04/dump-my-device-memory/ ).

 

Another way is just to use the J-Link utility and read-out the whole chip (J-Flash, see https://mcuoneclipse.com/2019/05/26/reverse-engineering-of-a-not-so-secure-iot-device/ ).

That article shows how you even can reconstruct (limited) source code from the binary.

 

I hope this helps,

Erich

0 Kudos
Reply

Jump to solution
‎12-14-2020 06:50 AM
3,341 Views
zxlyo
Contributor II

Thanks a LOT @ErichStyger. I will try these and keep you posted.

0 Kudos
Reply