Dump Flash Memory through a single GPIO pin

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Not applicable
Hi there,

I'm working with Infineon's XMC4500 Relax Kit and I'm trying to extract the firmware through a single GPIO pin.

My very naive idea is to dump one bit at a time through the GPIO pin and somehow "sniff" the data with a logic analyzer.

Pseudocode:


while(word by word memory copy hasn't finished)
register = value;
temp_value = value AND 0x1;
port/pin = temp_value;
value = value >> 1;


Am I on the right track? Does anybody have a better/nicer idea how to archive this?

Cheers

stulle
0 Likes
5 Replies
Not applicable
Hi Stulle,

Just for my curiosity, why don't you consider using UART to transfer the data out?
That would be much each easier and you can connect to any terminal program to read the data instead of going through logic analyzer.
0 Likes
Not applicable
Hi Jackson,

my goal is to write as tiny (shell)code as possible.

Finally I'm successful in dumping flash memory with the following C-code but I'm struggling to make it even smaller.


#include "XMC4500.h"

// SPI bit banging
void spi_send_word(uint32_t data)
{
int i;

// LSB first, 32 bits per transfer
for (i = 0; i < 32; i++)
{
// set pin 1.1 to low (SPI clock)
PORT1->OUT &= (~0x2UL);

// set line high if bit is 1, low if bit is 0
if (data & 0x1) {
// set pin 1.0 to high (SPI MOSI)
PORT1->OUT |= 0x1UL;
}
else {
// set pin 1.0 to low (SPI MOSI)
PORT1->OUT &= (~0x1UL);
}

// set pin 1.1 to high (SPI clock)
PORT1->OUT |= 0x2UL;

data >>= 1;
}
}

int main() {
// start dumping at memory address 0x08000000
unsigned int *p;
p = (uint32_t *)(0x08000000u);

// configure pin 1.0 and pin 1.1 as output (push-pull)
PORT1->IOCR0 = 0x8080UL;

while(1) {
spi_send_word(*p);
p++;
}
}


Any hints on what to optimize or to leave out?
0 Likes
Travis
Employee
Employee
First solution authored Welcome! 500 replies posted
We really do not understand why you need to use bit banging for transmission. In my own point of view there is no need for optimization as there is a duration which you need to maintain a logic hi or lo.

Beside this if you are using interrupt in other area, this function will be disrupted which cause a significant delay during logic hi or lo.
0 Likes
Not applicable
Thank you Travis for your hints.

In terms of UART:

Do you mean it would be simpler to output the data on an UART tx pin as the UART adds start and stop bits and manages timing? How would I set this up with few lines of code without using DAVE?
0 Likes
Travis
Employee
Employee
First solution authored Welcome! 500 replies posted
stulle wrote:
Thank you Travis for your hints.

In terms of UART:

Do you mean it would be simpler to output the data on an UART tx pin as the UART adds start and stop bits and manages timing? How would I set this up with few lines of code without using DAVE?


Hi stulle,

Certainly this would be very much easily.

Download the example for this link and follow the power point slides to setup the UART communication.

http://www.infineonforums.com/threads/1911-XMC_HOT-XMC1200-Secured-UART-communication-with-AES
0 Likes