help to read MCU firmware

[nassih]

hello I am trying to export the contents and parameters of a tms320f28021 memory with the uniflash tool via debugger xds100 v2, but the problem is that I cannot read all the contents of the memory; an error message appears:  error memory map prevented reading 0x200000@data. Is the code is locked? If yes, is there a solution to unlock it? Is there another software similar than uniflash that can do this job?

[jpanhalt]

There are numerous studies and attempts to unblock/unlock chips.  One method uses "decapping" followed by microscopic attachment to the chip.  Here's an old reference to get you started: http://core.kmi.open.ac.uk/download/pdf/72289.pdf

[nassih]

thank you for the answer and the link, first I want to know if the code is locked, because I can export part of the memory

[nassih]

please the link is not working if you can send another tanks

[jpanhalt]

I am sorry about that.  I almost always check a link that I post, but I didn't in that case.  Unfortunately, the pdf is too large to upload too.

Just search on "decapping."  That would lead to other references on bypassing firmware protection "fuses" and so forth.

[KG7AMV]

Hello, I quickly looked at the device options form my Xeltek programmer software I do not see any options for security or protection on that device.

Some devices have alternate security/protection methods generally noted in the device info, this device had no notes but not uncommon for some devices to be missing the info. One common alternate method is that you need to edit the buffer at specific addresses basically a key. You may want to check the data sheet. Another is they lock out read attempts via SPI or other ISCP so can only be read in parallel mode.



Update I did look at device config and it is most likely locked with the key type protection. So unless you send it out to a pro (decaping and extraction) You are prob not getting the contents)



Form the look's of the device config they prob left some areas FFFF unlocked so part of the contents could be read such as serial number / model info but you are prob just getting jibberish on the read because its locked.