Dumping and reverse-engineering ST-Link v2/2-1 bootloader

[DWiskow]

Would anybody be interested in a PCB that can turn an STM32 Maple Mini (readily available for under $5 from China) into an unencrypted ST-Link V2.1?

• This exploits the processes explained in this thread (and my post above with links to the necessary files) to load an unencrypted bootloader onto the Maple Mini and then flash/update it with the latest ST-Link V2.1 firmware

• The resulting ‘ST-Link 2.1’ equivalent device will have SWD flash and debug functionality, plus serial wire viewer and Virtual COM Port (VCP) over USB, AND Mass Storage Interface (MSD) for simple ‘copy file to virtual USB drive’ flashing

[DavidAlfa]

Why? When you can do that with the $3 stlink mini

[DWiskow]

Why? When you can do that with the $3 stlink mini

A few  reasons

• the resulting ST-LinkV2.1 incorporates a Virtual Com Port enabling UART input/output between computer and the target device (and also supports drag & drop programming of the target over virtual USB drive on windows/mac/linux)
• an exercise in learning KiCAD for schematic/PCB design
• I happen to have a few Maple Mini boards going spare, so $3.70 (unit price per PCB delivered in qty of 3 from OSHpark) to turn one into a ST-Link V2.1 seems quite reasonable
• It is significantly less fiddly than cutting tracks and having to solder directly to the pins of an STM32F103 LQFP-48 package on a Chinese clone of an ST-Link V2
• Not all Chinese clone ST-Link V2 incorporate the 128k flash STM32F103CBT6 required to flash the latest release of the V2.1 ST-Link firmware
• All of the connections to the target device are properly labeled
• I wanted to have an “unencrypted/unprotected” ST-Link that I could disassemble/debug over its own SWD interface

Finally, I though others who already had an STM32F103CB based Maple Mini could benefit from sharing the PCB (easily and inexpensively purchased and shipped worldwide from OSHpark). The PCB(s) can be obtained here https://oshpark.com/shared_projects/mtkoCb6c $11.30 for 3 (including shipping).

[robca]

Nice job, @DWiskow

Just to provide more options, I recently bought an STLINK-V3MINI (roughly $10 from Mouser/Digikey). Got a 14 pin header at the same time (one of these, depending where you order from https://www.mouser.com/_/?Keyword=20021311-00014T4LF&bws=1 https://www.digikey.com/en/products/detail/20021311-00014T4LF/609-3756-ND/2209089) and a $2.25 PCB adapter I designed from OSHPark. Actually the $2.35 are for 3 adapters (shared here https://oshpark.com/shared_projects/zOLm9ezB). The STDC14 cable is not a standard yet and pretty hard to find adapters at the moment. That's why I hacked together an adapter that uses standard 2.54 headers

The header I got is not keyed, but it's easy enough to insert it correctly (the "USB ->" points towards the USB). For around $15 you can get a much better STLink 3, with VCP, drag and drop and much faster than the older devices. Also guaranteed to work in the future

Definitely the hacked solution are cheaper, but the STLink V3Mini is not much more and a really nice/small device

[DWiskow]

@robca, I created an almost identical board for the ST-Link V3mini I have . . . I found that you can ‘key’ the female connector by supergluing a small piece of black plastic to the connector 

[I do this with the 10 pin connector on ST-Link V2 Chinese clones too]

[peter-h]

May I ask a stupid question:

Why does anybody bother reverse engineering the STLINK when you can buy the latest 24MHz one (V3) for about 30 quid?

[robca]

May I ask a stupid question:

Why does anybody bother reverse engineering the STLINK when you can buy the latest 24MHz one (V3) for about 30 quid?

For a variety of reasons:

To learn by using something a person already has (Blue Pill, Maple or a clone)
Because a V2 clone can be flashed into a J-Link, much more powerful than even the STLink V3
Because the price of a STLink V3 depends on where you live, and in some places price+shipping is 10x the cost of a clone
Because for most debugging purposes, especially on a low end processor (STMF1-F4), the speed of the debugging probe is irrelevant
Because until recently, the V3 was not available, and a V2 clone was by far the best way to get started
Because, apart from the VCP (which you can anyway simulate using a separate FTDI USB Serial), the V3 doesn't offer anything more than a V2

A V3Mini is even cheaper, but once again only recently became available. These days I would probably recommend a V3 over any V2 clone

For someone developing professionally, clearly the hacked V2 clone was never a good option. But for a hobbyist that was not sure about STM32 development, the V2 clone and a Blue Pill was the cheapest way to get into STM32 coding, for around $5 all included