• State
  • Locked Locked
  • Replies 27 replies
  • Subscribers 32 subscribers
  • Views 3239 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Help to Modify MCU Firmware

Steve Moser
Prodigy 130 points
Other Parts Discussed in Thread: LMFLASHPROGRAMMER, SEGGER, UNIFLASH

Hello,
I am looking for help, either explanation or the actual work, which I would be glad to pay for.
I have a circuit board with at TI TM4C1233H6PGEI MCU.  I have some of the binary .dfu firmware files that can be loaded the to the MCU.  I do not have the uncompiled firmware.
I need to modify this firmware and the manufacturer of the circuit board is out of business.  What would I need to do first and how would I accomplish that?
If anyone is interested in helping me with this project please send me an email steve_moser@yahoo.com
Thanks!
  • 0
    TI__Guru**** 244440 points
    Hello Steve,

    NOTE: This is not a pay-for site but sharing issues/information site. Having said that a binary file cannot be converted to a source code. Might I suggest contacting the manufacturer on terms of negotiations.

    Regards
    Amit
  • 0 in reply to Amit Ashara
    Prodigy 130 points
    Thanks Amit,

    Sorry for the solicitation. I felt that I needed to offer some $$ as I am very green in this area and did not want to upset those in the community due to my lack of experience. I have some programming experience but nothing relating to firmware stuff.

    Yes I have tried contacting the manufacturer, there is nothing left of that circuit board manufacturer. I have even placed an add in the local paper where the company was located with no luck. So my search here.

    If we knew what compiler was used to make the binary would there be any way we could convert it back to source code?
  • 0 in reply to Steve Moser
    TI__Guru**** 244440 points
    Hello Steve,

    Since you mentioned it is USB DFU, is there something custom being done. I am asking the question since if it is not the case, then the ROM USB DFU can be used with the device at power up.

    Regards
    Amit
  • 0 in reply to Amit Ashara
    Prodigy 130 points
    Yes, I would think it is a custom application and the usb interface is used to start and stop application in the MCU.
    I have a couple different versions of binary.dfu and when upgrading it does get uploaded thru the USB interface.

    Can you provide me some more details on how to use the ROM USB DFU? Sorry that I am starting at zero here.
  • 0 in reply to Steve Moser
    TI__Guru**** 244440 points
    Hello Steve,

    I would need the following information to better understand the requirements

    1. How is the application image updated to the End Product, via a button press and USB upload or direct USB upload of some sort?
    2. What is the custom actions being done in the USB Boot Loader (if any)?

    Regards
    Amit
  • 0 in reply to Amit Ashara
    Prodigy 130 points
    Hello,

    I am "guessing" a direct usb upload (for upgrade)

    The board will startup without the usb connected.

    it uses a file "dfu-util" to load the *.dfu file from a linux beaglebone system via the usb interface
  • 0 in reply to Steve Moser
    TI__Guru**** 244440 points
    Hello Steve,

    We have an application called dfuprog that comes along with the USB Examples which can be used for uploading a firmware via USB. On a empty device the DFU will always be active till an application is loaded. To step it out

    1. Empty flash device when connected to a PC will show up as a USB DFU when USB cable is connected
    2. The user can use dfuprog.exe or the LMFlashProgrammer to put in a application code.
    3. The application code can also configure a boot pin, such that in the future if the pin is pressed during power on, the device shall go back into USB DFU mode and flash in a new application image.

    The example for doing so comes as a part of the TivaWare release.

    What I am not too familiar with is the BBB system for using the same.

    Regards
    Amit
  • 0 in reply to Amit Ashara
    Prodigy 130 points
    Hello,

    Forgive me for asking, but I want to make sure we are going in the right direction. I need to make a small modification to existing firmware.

    Are these tasks moving us into the direction where we will be able to determine if we can convert the binaries into source code?
  • 0 in reply to Steve Moser
    Expert 2415 points
    A blunt answer: the binaries cannot be converted to readable source code - compiling is more or less a one-way operation. The assembly instructions can be extracted, but that is a far cry from source code that one could fully understand and thus be able to modify successfully.

    Without knowing any more about the product, I would bet that it would be less work to replicate the functionality by reverse-engineering the hardware configuration (ie. pin usage etc) and then writing new firmware from scratch, than to try to make sense of the disassembled binary.
  • 0 in reply to Steve Moser
    TI__Guru**** 244440 points
    Hello Steve

    No. As Veikko and myself have said, a bin cannot be converted back to source code. You would need to treat it as a new product development cycle.

    Regards
    Amit
  • 0 in reply to Amit Ashara
    Prodigy 130 points

    Is IDA PRO & HEX RAYS  a waste of time?

  • 0 in reply to Steve Moser
    Guru 11940 points

    Is IDA PRO & HEX RAYS  a waste of time?

    I'd think so. Any decent company involved in this business would enable the read-out protection capabilities, as provided by the MCU vendor (debugging interface disabled, Flash readout disabled, ...)

    In your place, would try to contact that company, or it's remains/successor. Perhaps you can locate one of the former employees/developers, and discuss the issue with him.

  • 0 in reply to Steve Moser
    Expert 2415 points

    Didn't know about these before, they do look promising in the sense that you get one step closer to source code "automatically".

    Yet still, it is nowhere near the original source code - please allow for some "artistic freedom" when I say that this could be compared to a situation where you are given a book that has all the nouns replaced with generic words (chair becomes object1, keyboard object2 etc), and only the very basic verbs are preserved. In other words, you would need to have quite a good hunch of what the source should look like in order to make sense of the decompiler output.

    Redirecting the effort to tracking the source as f.m. suggested or starting a new development from scratch would seem to be a better bet. Plus the latter would shield you from any possible copyright issues.

  • 0 in reply to Veikko Immonen
    Prodigy 130 points
    Thank you. I understand the copyright issues. Regarding my situation - some would argue the lifecycle of my board in question is already over. And the manufacturer of board - their phones do not work and website says 404 - not found. Only this companies competitors will benefit if I can not figure this out.
  • 0 in reply to Steve Moser
    TI__Guru**** 244440 points
    Hello Steve

    Or you can contact their competitors.

    Regards
    Amit
  • 0 in reply to Amit Ashara
    Prodigy 130 points

    Yes, no problem.  flush my investment and then invest more money.

  • 0 in reply to Steve Moser
    TI__Guru**** 244440 points
    Hello Steve,

    The only other way I see is to develop it which would "time" investment as well.

    Regards
    Amit
  • 0 in reply to Steve Moser
    Expert 2415 points
    To give the discussion a bit of context, could you enlighten us on what scale of investment we're talking about here? $1k, 10k, 100k+?

    You have already arrived at a point where your investment has "self-flushed" and you need to invest more - the most reasonable path forward depends on so many variables that we cannot possibly give you any meaningful advice, we're effectively blind here!
  • 0 in reply to Veikko Immonen
    Prodigy 130 points
    investment is not completely gone, but I am trying to lengthen the life of it.

    The source code I assume is going to be a little complex as nothing else these guys did was simple. I figure rebuilding would be a combination of using a decompiler and an understanding of what is being tasked. I know a lot of the variable names being used etc.

    I felt this could be accomplished by the right person relatively easily, yes under $1,000. When faced with a challenge, I always remember that we put men on the moon with less than a trs-80 computer. (but one heck of a budget) so anything is possible.
  • 0 in reply to Steve Moser
    Prodigy 130 points
    If I determine there is no way we can hit this without 10k investment than that makes an easy decision, I will punt on the effort.
  • 0 in reply to Steve Moser
    Expert 2415 points
    Under $1k, involving disassembly & modifying original functionality? Dream on.
    If it were a simple modification, you'd have the original source code and whoever you contracted the work to was very familiar with the platform, then maybe.
    But given what you've told us so far, I'd say you'd be lucky to hit even the $10k target with the "modify-the-original" -approach.
  • 0 in reply to Veikko Immonen
    Prodigy 130 points

    If there is any preference, can someone recommend the JTAG type cable I should use to read/write firmware to teh TM4C mcu?  Thanks!

  • 0 in reply to Steve Moser
    TI__Guru**** 244440 points
    Hello Steve,

    If you mean an emulator then it depends on the IDE being used. CCS with XDS100v2, IAR with Segger Jlink, Keil with uLink Pro are options. Do look into the price point as in some case the IDE may be pricey while in others the emulator hardware.

    Regards
    Amit
  • 0 in reply to Amit Ashara
    Prodigy 130 points
    just to read/write the firmware. What type of JTAG cable do I need?
  • 0 in reply to Steve Moser
    TI__Guru**** 244440 points
    Hello Steve,

    As I said before, you would need

    1. An emulator like XDS100v2
    2. A Flasher tool like UNIFLASH, LMFlashProgrammer (only ICDI supported)
    3. An IDE if the code needs to be compiled into a binary,

    Regards
    Amit
  • 0 in reply to Amit Ashara
    Prodigy 130 points

    Also, thinking about getting this to test any modified firmware before uploading to actual unit.

    www.ti.com/.../launchpads-connected-ek-tm4c123gxl.html

    That is what I need correct?

  • 0 in reply to Steve Moser
    TI__Guru**** 244440 points
    Hello Steve,

    Make sure that all pins needed for your application are bonded out to the headers. The package on the LaunchPad is the 64-Pin while your original device is 144 Pin. The closest one (not the cheaper one) is the DK-TM4C123G

    Regards
    Amit