Question about backdoor.doc by eric

Started by rweber, March 08, 2006, 02:26:08 AM

Previous topic - Next topic

rweber

Dear Sirs,

i've got a question about erics description installing a bootvector backdoor. He writes:


bootck:
     jb  P3.1,xxxyyy ;TxD always high without cliplead
     mov  AUXR1,#020h  ;enable boot
!!insert parametres for set boot vector as in AN 461 pg 14
     call 0fff0h
!! insert parametres for set status byte as in AN 461 pg 14
     call 0fff0h
     jmp  $            ;wait for reset


I understand the comments about adding code for setting the boot vector and status byte.

But first, I think, the boot vector and status byte must be erased before they can be reprogrammed?


regards,
robert

erikm

never erased them, NoTouch works same way, never heard of it not working.

Erik

erik

Jan Waclawek

Yes, but they erase - contrary to the rest of FLASH - to 00h, so if you have the chip running the application from 0000h, you have at least the status byte in the erased state...

Not anything you will read out from the datasheets but you can find it out yourself experimenting with IAP using a terminal program rather than [inserted]FlashMagic[/inserted][strikethrough]FLIP[/strikethrough], if you are brave enough (or if you have a parallel programmer at hand :-)

Jan Waclawek



Post Edited (03-09-06 01:17)

erikm

Not anything you will read out from the datasheets but you can find it out yourself experimenting with IAP using a terminal program rather than FLIP, if you are brave enough (or if you have a parallel programmer at hand :-)

FLIP??? in a FlashMagic forum, that is high treason

Erik

erik

Andy Ayre

Not high treason, just a bit confusing. :)

Embedded Systems Academy, Inc.
support at esacademy dot com

Jan Waclawek

Sorry, tired a bit...
But it would be nice to have a common tool, wouldn't it? I'd guess it would be a piece of cake for Andy to support all of them, just the sponsor of FM would not like it at all...
;)

Jan Waclawek



Post Edited (03-09-06 01:20)