Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hey guys,
It was bound to happen. Honestly I don't know *why* it happened, but as I was loading a new osimage today, the client just kept copying more and more data...my finger was getting tired After a minute or so (it typically only takes a few seconds to load the osimage on there), I let go.
Of course now the pm3 won't start, and I can't reflash it by holding the button down either. All of the LEDs simply come on either way (with button held or not) and stay lit.
I assume I have to get a JTAG cable to flash it now. Is there any way to do this via USB without a JTAG cable? I understand the ARM has a preloaded bootloader, but did I screw up the bootloader by loading osimage.s19? PS, I got to 0004bf00 when writing before I stopped it which is crazy because osimage.s19 (mine at least) only goes to 00018378.
If I absolutely need a JTAG cable, I'll need one that talks to USB as I only have a MacBookPro, so only USB ports available. Any recommended USB->JTAG cable that's cheap (or I could easily build)?
RFID detox is going to be really really tough for me for the next few days. Expect posts littered with gibberish from intermittent convulsions. Need...LF...excitement...
---
donttasemebro:samy samy$ tail armsrc/obj/osimage.s19
S3150001830820636F6D6D616E6400000000206F6374F9
S3150001831865747320726561642066726F6D204944C5
S31500018328454E544946592072657175657374000046
S31500018338206F637465747320726561642066726F59
S315000183486D2053454C4543542072657175657374A8
S3150001835800000000206F63746574732072656164A0
S315000183682066726F6D20585858207265717565734D
S30700018378740088
S3090020000001000000D5
S70500010000F9
Last edited by samy (2009-07-13 23:17:51)
Offline
The booloader the ARM comes with (preloaded at the factory) was blitzed long ago then the PM3 bootloader was installed. IIRC if you flash the ARM and run off the end of the FLASH it wraps back to the beginning so you may have flashed the bootloader with gibberish.
JTAG is easy if you have a parallel port, damn harder and more expensive if you don't. Best bet is to ask around your friends and find a real parallel port then build the resistor only wiggler (real cheap, $2 worth of parts incl DB25 connector). Otherwise shell out some big bucks for a USB based JTAG.
Or maybe buy a bus pirate for $30, I think it does JTAG and is fully programmable (scriptable) for any protocol. It's open sourced and schematics/software is freely available.
Offline
In theory you can use the Olimex ARM-USB-TINY:
http://www.dontronics-shop.com/arm-usb-tiny.html
But as per one of my other posts, I couldn't get it to work with Crossworks s/w.
OpenOCD supports a bunch of USB dongles:
http://openocd.berlios.de/doc/html/JTAG … re-Dongles
Good luck!
Offline
Hi,
I also ran into this problem just now. And like samy I do not have a parallel port (thanks to the "advancement" of technology in laptops.. a parallel port is deemed to be obsolete)..
@adam: I saw this post on the Oblimex website on the page of the ARM-USB-TINY, there is a FAQ on how to get it to work with CrossWorks.. Don't know if this might be helpful to you:
=========================================
Q: how to install ARM-USB-TINY to work with CrossWorks:
A: Use: "Generic FTD2232" target interface
1. Right click on a blank space in the targets window and select "New Target Interface > Generic FT2232 Device".
2. Right click on the new target interface and select "Properties" - set the following properties:
nSRST Inversion Mask 0x0200
nSRST Mask = 0x0200
nTRST Inversion Mask = 0x0000
nTRST Mask - 0x0400
Output Pins = 0x0F1B
Output Value = 0x0408
PID: 0x0004
VID: 0x15BA
In CrossWorks 1.7 there are Target interfaces for Olimex JTAGs, note that RTCK is not used with FT2232 design so your JTAG clock should not exceed 1/6 of your target MCU clock or the JTAG will lock up, start with JTAG divider 10 and decrease until you are able to debug to find your own value for your target.
==========================================
Offline
marcus2608, what happened, did the osimage just keep writing and writing?
Once I get mine back up, I'll add protection in the loader to prevent overwriting the bootrom by querying the chip and determining size and how much can be written before writing.
I am not really motivated to do it until I get it working again though...so depressing without my pm3. JTAG on its way.
Offline
Yes samy, the osimage just writes nonstop, until I gave up and released my finger...
Your suggestion to put a check on the loader sounds great! But I am too much a novice in this area and will not be able to code this myself.
I just bought the JTAG cable online too. I guess I just have to work on other stuff in the mean time.
Offline
I'll shoot an update when I have the code done. Should be pretty simple, I just won't be able to test until I get the JTAG going.
Offline
I have received my ARM-USB-TINY JTAG cable from Olimex. Now how can I flash my PM3? I have tried using the ARMPgm-Win32 program found in the Files section, but I keep getting "No USB Adapter Found, ErrorCode = 1" errors. Did I miss a step? Thanks..
Offline
@marcus2608 - thanks for the info - I've defined a target and will test it when I have access to a 'spare' board next week... Don't want to risk screwing my nicely working PM3 right now...
Offline