Hi I would like to run a function in microcontroller_1 in another microcontroller_2 is it possible? For example i want to execute this code in microcontroller_2 via microcontroller_1:
LPC_GPIO2->FIOSET=0xffffffff;
or for another example i want to ruuning this code from micro_1 to micro_2:
__disable_irq(); command[0] = 57; // Reinvoke ISP command iap_entry (command, result);
I mean i want to sent above code from micro_1 to micro_2 and expect to running this code in micro_2. Is it possible?
Suppose that microcontroller_2 is a LPC2300 protected in CRP3 or CRP2 and i want to run an application code to it(For example:
iap_entry (command, result);
) in order to reinvoke ISP command from microcontroller_1. Have you any solution?
Unless you've provided a method to inject machine code into the target device, probably not.
Is this device yours, or are you attempting to hack or reverse engineer someone elses?
If you have code-protected the chip, then you are limited to the documented ways to unlock it - or spend own time trying to figure out design errors.
A good rule - make sure you have a way to erase a chip or have an interface for sending commands to do IAP before you code-protect it.
If you did CRP2 - then connect using serial port (FlashMagic) and do a complete erase.
If you did CRP3 - use the IAP-interface you have already carefully implemented and tested to erase the chip or change firmware or copy repair code into RAM and run or jump into the ISP boot loader. You didn't implement a working IAP interface or a way to enter the ISP? Consider getting a new chip. Or a new board if you don't like soldering.
This is my own device but i forgot disable CRP3.Is there any solution to reinvoke ISP command?
www.nxp.com/.../AN10968.pdf "Be aware that there is no built-in recovery for designs once CRP Level 3 is enabled."
So basically if you didn't rough-in a trapdoor, then assume you don't have one. Throw away the chip, and learn from the experience.
The processor manual clearly states that:
This mode effectively disables ISP override using the P2.10 pin. It is up to the user’s application to provide for flash updates by using IAP calls or by reinvoking ISP via UART0.
What use would CRP3 be if there was a simple way to circumvent the protection?
How many companies would be willing to invest millions in in-house know-how into a broken NXP chip that would allow any willing student to extract the firmware and then send a request to some foreign country for a couple of hundred or thousand counterfeit units using stolen firmware?
OK Thank you very much
What is your idea about Writing 0xffffffff in RAM location at 0x0000001F for breaking CRP2? Because in CRP2 we can write sectors. What is your idea?
Can it run 8080 code or 6502 pascal?
Only on February 29th on odd numbered years.
First off: Address 0x0000001F is not RAM, so whatever you writes to RAM will not hurt the flash.
Next thing - only your already programmed firmware can write to RAM.
And it doesn't matter what you write to RAM - as long as it doesn't happen to be data that behaves like the required assembler instructions to do IAP or activate ISP. And even then it will not help you, unless your already existing firmware have a command to jump to these magic RAM bytes.
But since you are now talking about breaking CRP2 - which can be trivially broken by using ISP and request a full chip erase - it follows that you haven't accidentally locked up your own processor and want to get it erased so you can reprogram it with a better working program.
The only reason why you want to deactivate CRP2 without doing the trivial full-chip erase, is that you want to circumvent the code protection and extract the existing software. Which is a crime in (almost) all countries in the world. And in a lot of countries it is even criminal to debate different attack methods to try to circumvent copy protection.
So - why are you here asking for criminal help?
No I don't want to have criminal help just want to share our general information and also we can not erase a sector in CRP2 only can erase all of the chip NOT A SECTOR
Can you introduce me a good cross compiler for arm cortexM3?
Yes, in CRP2 you can only do a full erase - not erase a single sector.
But you don't need to be able to erase a single sector to solve the issue with CRP2. You erase the full chip. Then reprogram the unit with a corrected software.
The only time that it isn't an option to do a full erase to recover the chip/board is if you don't have any new software to program the chip with after you have done the full erase. I.e. your goal is to steal the current content of the chip and so want at most to erase the boot sector and destroy a part of the boot loader while leaving the business logic part of the application code in an unprotected state.
A legitimate company is almost totally unable to lose their source code. And even if they do lose all source code, they would still normally have sent download files to the factory so they can program new chips with the last released version while they learn how stupid it was to not have proper source code backup and recreates the lost source code. So a legitimate company would still not need to recover the contents already programmed into the chip. Hence, any request to just erase a single sector instead of doing a full chip erase to recover from CRP2 is most definitely an attempt to circumvent a copy-protection mechanism to gain improper access to someone else's intellectual property.
Yes completely true.