Dear Sirs,
i've got a question about erics description installing a bootvector backdoor. He writes:
bootck:
jb P3.1,xxxyyy ;TxD always high without cliplead
mov AUXR1,#020h ;enable boot
!!insert parametres for set boot vector as in AN 461 pg 14
call 0fff0h
!! insert parametres for set status byte as in AN 461 pg 14
call 0fff0h
jmp $ ;wait for reset
I understand the comments about adding code for setting the boot vector and status byte.
But first, I think, the boot vector and status byte must be erased before they can be reprogrammed?
regards,
robert
never erased them, NoTouch works same way, never heard of it not working.
Erik
Yes, but they erase - contrary to the rest of FLASH - to 00h, so if you have the chip running the application from 0000h, you have at least the status byte in the erased state...
Not anything you will read out from the datasheets but you can find it out yourself experimenting with IAP using a terminal program rather than [inserted]FlashMagic[/inserted][strikethrough]FLIP[/strikethrough], if you are brave enough (or if you have a parallel programmer at hand :-)
Jan Waclawek
Post Edited (03-09-06 01:17)
Not anything you will read out from the datasheets but you can find it out yourself experimenting with IAP using a terminal program rather than FLIP, if you are brave enough (or if you have a parallel programmer at hand :-)
FLIP??? in a FlashMagic forum, that is high treason
Erik
Not high treason, just a bit confusing. :)
Sorry, tired a bit...
But it would be nice to have a common tool, wouldn't it? I'd guess it would be a piece of cake for Andy to support all of them, just the sponsor of FM would not like it at all...
;)
Jan Waclawek
Post Edited (03-09-06 01:20)