Author Topic: I2C hacking, is this this the hidden address ?  (Read 635 times)

0 Members and 1 Guest are viewing this topic.

Offline MathWizard

  • Frequent Contributor
  • **
  • Posts: 315
  • Country: ca
I2C hacking, is this this the hidden address ?
« on: January 29, 2021, 09:22:57 am »
I'm playing around with BusPirate to spark my interest in learning some programing. And I have an STM8S003F3 8bit MCU, from an ebay device I took apart.
https://www.st.com/en/microcontrollers-microprocessors/stm8s003f3.html

I hooked up the buspirate w/ I2C, and also serial decoding on my scope. I only wired power and SDA/SCK, I never pulled reset high, I left everything floating.

I barely know what to do in the terminal command prompt so far, so I had buspirate do it's device address scan.

 I'm real new at this. When I had an eeprom hooked up, the BP would say
devices found at:
some write address and a read address.



But now this MCU, seems to be blocking it's address, the Terminal just says
devices found at:

And it's blank, now on my scope, I can see the search, and near the end it tries writing to or reading the same address 4 times, and each time there's a write address that's blanked out on the decode of my SDS1104 as well as in the Putty terminal (the device found at:blank)

Then it goes back to normal, and that's the only blanked out stuff.

So am I a hacker yet ? Is the chip actually trying to block me from writing to it? And I found it with the scope ? So I just have to hold reset high ?

Or is it really programmed to try to hide itself? Then I really am a hacker. But I can't find the default address in the datasheet yet. At least on the eeprom it was easy to find in the pdf

The spot with the gaps start at 240d, F0h
Then the missing blanked write addresses are 242d , 244d, or  246d /
F2/F4/F6
and didn't it skip the odd numbers there?
[attachimg=1][attachimg=2][attachimg=3]
« Last Edit: January 29, 2021, 09:26:05 am by MathWizard »
 

Online capt bullshot

  • Super Contributor
  • ***
  • Posts: 2388
  • Country: de
    • Mostly useless stuff, but nice to have: wunderkis.de
Re: I2C hacking, is this this the hidden address ?
« Reply #1 on: January 29, 2021, 09:31:56 am »
You're trying to access an MCU through it's I2C port. Without any knowledge of the firmware inside the MCU this would be rather pointless, as the function of the I2C interface is set by the firmware. It can be not used at all, a master reading or writing an external chip (sensor or something), or in rather rare cases an I2C slave. It can have any address, or none at all. The I2C port of an MCU is just a generic peripheral that doesn't do anything if it is not used by the firmware.

If you want to hack into the MCU, I'd recommend to get an appropriate debugger that speaks the debug protocol of that particular MCU and try to read out and disassemble the firmware first.
Safety devices hinder evolution
 

Offline MathWizard

  • Frequent Contributor
  • **
  • Posts: 315
  • Country: ca
Re: I2C hacking, is this this the hidden address ?
« Reply #2 on: January 29, 2021, 09:59:09 am »
So try UART and the software from ST or like the arduino IDE ?

Overall with this chip it was just a little sensor w/LED display, so it would be a good play to start trying trying more hacking.

In the end I'd like to read the program from the chip, so I don't want to erase it or damage it.

Time to try the UART
 

Online capt bullshot

  • Super Contributor
  • ***
  • Posts: 2388
  • Country: de
    • Mostly useless stuff, but nice to have: wunderkis.de
Re: I2C hacking, is this this the hidden address ?
« Reply #3 on: January 29, 2021, 05:04:48 pm »
It's a STM8, which has a debug interface called "SWIM". For a debugger I'd recommend an (original) ST-Link with the SWIM interface, and some tool like the ST-Link utility to read out the firmware (if not blocked by security bits).
As with the I2C, for the UART it depends on the firmware what it does or not.
You should have reverse engineered the original board to find which interface is connected to where and if it has some port to outside that might show activity.
Safety devices hinder evolution
 

Offline ricard2k

  • Supporter
  • ****
  • Posts: 17
  • Country: ie
Re: I2C hacking, is this this the hidden address ?
« Reply #4 on: March 16, 2021, 05:11:38 pm »
Usually MCUs use I2c to communicate with peripherals, and I never seen somebody implementing a console via I2C.

Ig you want to see what your MCU is doing, a ST link could help you better than I2C.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf