Author Topic: STM8S207MBT6B cloning to a new IC  (Read 1270 times)

0 Members and 1 Guest are viewing this topic.

Offline krisskrossTopic starter

  • Newbie
  • Posts: 9
  • Country: my
STM8S207MBT6B cloning to a new IC
« on: May 23, 2023, 03:48:23 am »
Hi guys, i have this chip that im desperately looking forward to clone, but ive no idea how or what tools to use. Is there any easiest way to copy the original and write to the blank one? Thanking in advance.
 

Online HwAoRrDk

  • Super Contributor
  • ***
  • Posts: 1504
  • Country: gb
Re: STM8S207MBT6B cloning to a new IC
« Reply #1 on: May 23, 2023, 11:31:21 pm »
If read-out protection is turned on then you are out of luck. The only alternative then are voltage glitching attacks - IIRC there was an academic paper published in last year or two about doing that with STM8; you will probably find it if you Google.

Otherwise, you can use open-source stm8flash utility, stm8gal utility if ROM bootloader is enabled, or even ST Visual Programmer. Just connect VDD, GND, RESET and SWIM pins and dump the flash (address 0x8000+).
 

Offline barshatriplee

  • Regular Contributor
  • *
  • !
  • Posts: 130
  • Country: bd
Re: STM8S207MBT6B cloning to a new IC
« Reply #2 on: May 24, 2023, 12:27:29 am »
If I am not mistaken,  cloning or copying integrated circuits without the necessary rights or licenses is a violation of intellectual property laws and is considered illegal.
 

Offline darkspr1te

  • Frequent Contributor
  • **
  • Posts: 301
  • Country: zm
Re: STM8S207MBT6B cloning to a new IC
« Reply #3 on: May 24, 2023, 11:00:30 am »


Quote
If I am not mistaken,  cloning or copying integrated circuits without the necessary rights or licenses is a violation of intellectual property laws and is considered illegal.




it is if you intend to sell it on either as flashable code or installed in a clone device.


some local laws however allow you to copy for backup purpose and this is really needed, I've had several devices die due to the manufacturer providing faulty firmware and costly ones at that. I now always make a attempt to backup the firmware and as a result have helped many others
recover their devices from the same situ .e.g a500/a600 obd LCD displays elsewhere in this forum a $100 device that need updating before it can be used on newer cars and the OEM provided update program is faulty, however it can be used to download the update and then using a working open source tool i developed will flash the files correctly
 
In other cases it's allowed fixes to be applied that the OEM wont provide as they prefer you buy the newer model with all the same features + maybe one or two software extras.
In the case of the Reiden RD60xx series of power supplies it allowed a clean room open source firmware development that even the OEM now copies ideas from, this dumping also allowed recovery of devices that needed repairs that included the replacing stm32f103 MCU and open source bootloader compatible with OEM files was developed that again the OEM stole ideas from ( no thanks or nod provided as per the norm for china)


for stm8 firmware dumping on devices that dont have protection enabled you need a stlink v2/v2.1 device that has SWIM enabled , attached is a image of two models that do , you see both support SWIM protocol which means official tools will work as well as many un-official programs.
if the mcu is locked then your only choice is the VCC attack, i cant off hand remember which pin it is that is ment to have vcc+cap but you take that power feed and put it through a resistor , transistor, resistor setup controlled by another mcu that also controls reset and can do the swim protocol as the timing are so tight that sending a command via serial port to start swim reading while the mcu is in this zombie state are so tight that serial wont cut it.
Also you cant use offical software or h/w SWIM programmers for stm8's either as they all do a SWIM reset that restarts the mcu code  stopping the SWIM lockout bypass from working.
offical tools sort of go like this

Code: [Select]
STLINK: hello swim device?
SWIM device : yes ?
STLINK: reset
SWIM device :ok, doing so
STLINK: hello, swim device ?
SWIM device : yes?
STLINK:give me your details and read out protection status
SWIM device :"reads lockout status, depending on results responds with all mcu details or just ROP status", ok here you go


where as the hack device allows the device to start the internal on mcu SWIM code then drops power just enough to skip a line of code and then just asks for memory reads, this skips the device details and ROP status check and swim is enabled from the first request.
Also chances are a device based on stm8 mcu's it prob out of date and now e-waste in the eyes of the OEM and no doubt has a better new faster more expensive model out now.

one final thought, if the stm8 has STM's own DFU code on it the even with protection it falls pray to the dfu buffer sploit and that super easy to do as no hardware needed , just a virtual machine and usb cable

darkspr1te




« Last Edit: May 24, 2023, 11:03:04 am by darkspr1te »
 

Online HwAoRrDk

  • Super Contributor
  • ***
  • Posts: 1504
  • Country: gb
Re: STM8S207MBT6B cloning to a new IC
« Reply #4 on: May 24, 2023, 11:35:52 am »
for stm8 firmware dumping on devices that dont have protection enabled you need a stlink v2/v2.1 device that has SWIM enabled , attached is a image of two models that do , you see both support SWIM protocol which means official tools will work as well as many un-official programs.

I would recommend getting one of the ST-LINK v2 clones that have the same white puck enclosure as the official ones - I have been told that the support for SWIM by the USB stick style clones is varied; some work properly, some don't, it's hard to tell before buying.

one final thought, if the stm8 has STM's own DFU code on it the even with protection it falls pray to the dfu buffer sploit and that super easy to do as no hardware needed , just a virtual machine and usb cable

I don't recall any of the STM8 range supporting USB, so will not have DFU. They only have serial UART, LIN, or CAN support in the ROM bootloader (depending on model).
 

Offline Sacodepatatas

  • Regular Contributor
  • *
  • Posts: 90
  • Country: es
Re: STM8S207MBT6B cloning to a new IC
« Reply #5 on: May 26, 2023, 02:13:48 pm »
I have got an early BAITE clone (like the one on the right at the picture), and I've used It to program STM8S003/103/903/105 thought SWIM and STM32F103 (bluepills) and STM32F030 without any trouble. Currently I'm programming some STM32G030F6P6 using CubeIDE, but i'm using the ST-Flash tool that lets me override the Flash size limit so i can treat this last MCU as it was STM32G031F8P6 and program the whole 64 KB. Everything with the BAITE programmer that works like a charm (at least in my particular case).
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf