Author Topic: How to clone firmware on Atmel AT91SAM  (Read 7671 times)

0 Members and 1 Guest are viewing this topic.

Offline Signal32Topic starter

  • Frequent Contributor
  • **
  • Posts: 251
  • Country: us
How to clone firmware on Atmel AT91SAM
« on: July 17, 2016, 03:53:25 pm »
Hello,

I have 2xAT91SAM7S256's. One of them has gotten their firmware corrupted. I do not have access to the original firmware.
I am looking to clone the good firmware from the intact one on to the corrupted one. I will need them to both be intact / have good firmware after.
I see that programming can be done via JTAG, with which I am unfamiliar.
Primarily I am wondering if JTAG programmers are universal and therefore I could use any JTAG programmer to read the firmware from the 1st and copy it unto the 2nd, or would I need a specific programmer from ATMEL?
Since this is going to be a one-off fix, I was looking at getting the most basic programmer, such as this: http://www.aliexpress.com/item/Free-Shipping-New-Mini-Usb-Blaster-Cable-For-ALTERA-CPLD-FPGA-NIOS-JTAG-Altera-Programmer-in/1487146376.html

PS: I do know that the chip has some security features which might be enabled that may prevent me reading the firmware, I am just hoping that these are disabled.

So my question would be what would be the easiest way for me to clone the firmware from one onto the other?

Thanks!
 

Offline donotdespisethesnake

  • Super Contributor
  • ***
  • Posts: 1093
  • Country: gb
  • Embedded stuff
Re: How to clone firmware on Atmel AT91SAM
« Reply #1 on: July 17, 2016, 05:08:43 pm »
The easiest method I know of is to buy a genuine JLINK and use Segger software to read/write Flash. If you only need it for Atmel devices, then SAM-ICE is a cheaper option, as is JLINK-EDU version.
Bob
"All you said is just a bunch of opinions."
 

Offline Signal32Topic starter

  • Frequent Contributor
  • **
  • Posts: 251
  • Country: us
Re: How to clone firmware on Atmel AT91SAM
« Reply #2 on: July 18, 2016, 04:54:31 am »
The easiest method I know of is to buy a genuine JLINK and use Segger software to read/write Flash. If you only need it for Atmel devices, then SAM-ICE is a cheaper option, as is JLINK-EDU version.
Thanks. In this case, easiest also includes cheap as this is going to be used only once.
I think I found a cheap China alternative: http://www.ebay.com/itm/-/182197178568
It says it supports ARM7TDMI so allegedly  it would work, wondering if someone can confirm ?

Bit off topic:
I'm somewhat surprised that basic features such as firmware reading/writing are not able to be done with all JTAG programmers on all chips.
What actually is JTAG/what's the purpose of saying a chip has "JTAG support" if different manufacturers can have different implementations of it ? Is it more like a feature set ?
From the Wikipedia article I would think that there should only be one JTAG protocol and therefore different programmers should be able to talk to different chips implementing the protocol(at least for the basic features such as firmware read/write/erase, etc ). Why is this not the case ?
 

Offline Kilrah

  • Supporter
  • ****
  • Posts: 1852
  • Country: ch
Re: How to clone firmware on Atmel AT91SAM
« Reply #3 on: July 18, 2016, 08:21:36 am »
The protocol to get data in/out of the chip is standard, but the algorithms (where that data has to be put, how and when to achieve something) depends on the chip's design and capabilities.
While the actual interface is standard the tools are often manufacturer-specific.
 

Offline richardman

  • Frequent Contributor
  • **
  • Posts: 427
  • Country: us
Re: How to clone firmware on Atmel AT91SAM
« Reply #4 on: July 18, 2016, 09:12:54 am »
The writing part is particularly nasty as it is dependent on the flash technology and size etc. e.g. basically vendor and chip (family) specific
// richard http://imagecraft.com/
JumpStart C++ for Cortex (compiler/IDE/debugger): the fastest easiest way to get productive on Cortex-M.
Smart.IO: phone App for embedded systems with no app or wireless coding
 

Offline donotdespisethesnake

  • Super Contributor
  • ***
  • Posts: 1093
  • Country: gb
  • Embedded stuff
Re: How to clone firmware on Atmel AT91SAM
« Reply #5 on: July 18, 2016, 09:40:30 am »
The easiest method I know of is to buy a genuine JLINK and use Segger software to read/write Flash. If you only need it for Atmel devices, then SAM-ICE is a cheaper option, as is JLINK-EDU version.
Thanks. In this case, easiest also includes cheap as this is going to be used only once.
I think I found a cheap China alternative: http://www.ebay.com/itm/-/182197178568
It says it supports ARM7TDMI so allegedly  it would work, wondering if someone can confirm ?

I think all the cheap "JLINK" adapters on ebay are unofficial clones, Segger call them counterfeit. The Segger software detects clones and refuses to work with them, so I would not advise buying a clone.

The Flash writing algorithms are in the software, so the questions are 1) what software supports SAM7S series, 2) what JTAG adapters does that software support.

So for example, IAR and Keil support SAM7S and a range of adapters, but the free versions of IAR/Keil might be limited to 32K. The cheap route might use OpenOCD, but you might end up having to write your own programming routines, as well as a lot of messing with config files.

I have been down all these routes, so I can tell you the easiest method is an official Segger JLINK. The cheap routes eat up a whole lot of time, and is not easy.

Quote
I'm somewhat surprised that basic features such as firmware reading/writing are not able to be done with all JTAG programmers on all chips.

There are many many things that are not standard, so I wouldn't worry about that. If there is no commercial incentive to make products compatible with competitors, it doesn't happen.
« Last Edit: July 18, 2016, 09:42:04 am by donotdespisethesnake »
Bob
"All you said is just a bunch of opinions."
 

Offline andersm

  • Super Contributor
  • ***
  • Posts: 1198
  • Country: fi
Re: How to clone firmware on Atmel AT91SAM
« Reply #6 on: July 18, 2016, 11:27:20 am »
OpenOCD supports the AT91SAM7 series out of the box, and it's not difficult to set up if you're at all able to read documentation. Keep in mind though that if the chips have their security bits set, you won't be able to read the flash.

I'm somewhat surprised that basic features such as firmware reading/writing are not able to be done with all JTAG programmers on all chips.
What actually is JTAG/what's the purpose of saying a chip has "JTAG support" if different manufacturers can have different implementations of it ? Is it more like a feature set ?
JTAG was designed and specified only for boundary scan testing. Chip vendors figured out they could piggyback other features on the same interface, but this was not done via the IEEE 1149.1 working group.

Offline stj

  • Super Contributor
  • ***
  • Posts: 2153
  • Country: gb
Re: How to clone firmware on Atmel AT91SAM
« Reply #7 on: July 18, 2016, 01:24:10 pm »
that part sounds familiar, if it's a car ecu or an ecu manipulation tool then it will be protected.
 

Offline Signal32Topic starter

  • Frequent Contributor
  • **
  • Posts: 251
  • Country: us
Re: How to clone firmware on Atmel AT91SAM
« Reply #8 on: July 18, 2016, 04:26:55 pm »
So for example, IAR and Keil support SAM7S and a range of adapters, but the free versions of IAR/Keil might be limited to 32K.
That would actually work, as there is a fully functional 30 day trial of IAR. I think the trial version of Keil would also allow size-unrestricted flashing from what I can see on their website.
Would I be able to use those Altera adapters with IAR/KEIL ? http://www.ebay.com/itm/-/262136733505

OpenOCD supports the AT91SAM7 series out of the box, and it's not difficult to set up if you're at all able to read documentation.
What adapter would I be using with OpenOCD ? Anything that I might have on hand / would have large applicability would be preferred. Also, could I do this on Windows ? I wouldn't mind taking my time to get familiar with OpenOCD as I was already wanting to try it out for STM32 development.

that part sounds familiar, if it's a car ecu or an ecu manipulation tool then it will be protected.
It is part of an Agilent 34405A. The firmware on one got corrupted so need to "manually" re-flash it. I'm trying to clone the firmware from one onto the other. There is a header exposed, I'm rather sure it's a JTAG header. Not sure how much sense there would be on having security enabled on this.
 

Offline Signal32Topic starter

  • Frequent Contributor
  • **
  • Posts: 251
  • Country: us
Re: How to clone firmware on Atmel AT91SAM
« Reply #9 on: August 08, 2016, 02:48:19 am »
So I ended up getting a JLINK V8 clone and succesfully read the firmware on the good chip using the following command in J-Link commander:
Quote
savebin image.bin 0x0 0x8000

However, I don't seem to be able to write the firmware to the new chip.
I'm trying to write memory by using:

Quote
exec device = AT91SAM7S256
loadbin image.bin 0

After this, commands like "mem 0 0x10" return valid firmware memory, however the data seems to be coming from cache, not the chip itself ( not sure what is going on here ). I suspect it is from cache since the call is returning instantly vs after a slight delay when I read memory initially, without writing it first.
After power cycling the JLINK, and trying to do a "mem 0 0x10" I get all 0x00's.

I've tried JFlash and it won't connect to the chip, giving the error:
Quote
- J-Link found 1 JTAG device. Core ID: 0x3F0F0F0F (ARM7)
 - Reading CFI info ...
    - Could not find CFI compliant flash device
 - Detecting flash memory ...

I'm using J-Link commander 4.24(should be good enough as this chip is quite old).
What am I doing wrong ?
 

Offline Signal32Topic starter

  • Frequent Contributor
  • **
  • Posts: 251
  • Country: us
Re: How to clone firmware on Atmel AT91SAM
« Reply #10 on: August 08, 2016, 02:57:18 am »
Yes, I did try to write to the chip that I'm not sure it's still 100% working.
I don't have a replacement chip right now, any way to test if the chip is still working ?
Since I managed to connect & read all 0's I was assuming it's OK .
Is there a reason to believe it is damaged, is the caching behavior of the j-link expected ?
 

Offline andersm

  • Super Contributor
  • ***
  • Posts: 1198
  • Country: fi
Re: How to clone firmware on Atmel AT91SAM
« Reply #11 on: August 08, 2016, 03:55:22 am »
Did you verify that the dump is good (eg. open it in a hex editor)?

Offline Signal32Topic starter

  • Frequent Contributor
  • **
  • Posts: 251
  • Country: us
Re: How to clone firmware on Atmel AT91SAM
« Reply #12 on: August 08, 2016, 06:27:43 am »
Did you verify that the dump is good (eg. open it in a hex editor)?
Hi, yes, I verified that the dump looks valid (semi-random data stream with some patterns, valid expected strings, etc).
 

Offline batteksystem

  • Regular Contributor
  • *
  • Posts: 167
  • Country: hk
    • My ebay store
Re: How to clone firmware on Atmel AT91SAM
« Reply #13 on: August 08, 2016, 07:29:23 am »
Yes, I did try to write to the chip that I'm not sure it's still 100% working.
I don't have a replacement chip right now, any way to test if the chip is still working ?
Since I managed to connect & read all 0's I was assuming it's OK .
Is there a reason to believe it is damaged, is the caching behavior of the j-link expected ?

Fastest way to check is to do a full erase, see if every byte is 0xFF, then do a blank write, and see if every byte is 0x00. Of course, you will need a JLINK or something similar.


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf