Hi,
My device is locked by the electronic fuse that depends on the values at addresses 0x17FC to 0x17FF, zeroes or Fs keep device unlocked any other values lock the device (in my case they are DE AD BA BE). So I have access to the device trough BSL. I tried to write directly to these addresses using BSL but writing into that memory field failed. However I still can program the main memory. So I decided to make a program that can overwrite the that BSL part of memory that lock/unlock the JTAG access. So, my program failed. Let me show what I have done, and may be you can show me where am I wrong.
This is the function that suppose to write (4bytes) into the BSL:
void WriteByteToBSL(uint16_t address, uint8_t* data) { uint8_t * BSL_p = (uint8_t *)address; SYSBSLC &= ~SYSBSLPE; FCTL3 = FWKEY + LOCKA_L; FCTL1 = FWKEY + WRT; //Write byte or word #if defined (_DEBUG_) printf("%u \n",SYSBSLC); #endif *BSL_p = *data; FCTL1 = FWKEY; FCTL3 = FWKEY + LOCK_L + LOCKA_L; SYSBSLC |= SYSBSLPE; }
This is the function that reads part of the BSL memory (seems to work!):
uint8_t ReadBSL(uint16_t address) { SYSBSLC &= ~SYSBSLPE; uint8_t * BSL_p = (uint8_t *)address; SYSBSLC |= SYSBSLPE; return *BSL_p; }
And this is the caller into the main():
int main(void) { uint8_t flag = 1; uint8_t i; uint8_t arr[] = {0xff, 0xff, 0xff, 0xff}; WDTCTL = WDTPW + WDTHOLD; uart_init(BAUD_RATE_9600); IO_init(); __delay_cycles(50000); WriteByteToBSL(0x17FF, &arr[0]); P4OUT |= BIT0; while(1) { if(BUTT_PRESSED && flag == 1) { for(i = 0; i < 4; i++) WriteByteToBSL(0x17FC + i, &arr[i]); __delay_cycles(50000); //debounce time if(BUTT_PRESSED && flag == 1) { flag = 0; //flip-flop flag printf("%u \n",SYSBSLC); for(i = 0; i < 16; i++) { printf("%X ", ReadBSL(0x17F0 + i)); //print the values from 0x17F0 to 0x17FF } printf("\n"); } } if(!BUTT_PRESSED && flag == 0) flag = 1; P4OUT ^= BIT1; } }