PM3 Firmware upgade fail [Solved]

b0ngokarl · 2013-01-20 02:11:15

Hi,

Unfortunately I have a issue during firmware upgrade - it doesnt matter if I build from sources with Linux or Windows - nor if I try to flash with Linux or Windows.
C:\Proxmark\pm3-bin-r486\Win32>flasher.exe osimage.elf
Loading ELF file 'osimage.elf'...
Loading usable ELF segments:
1: V 0x00110000 P 0x00110000 (0x00013284->0x00013284) [R X] @0xb8
2: V 0x00200000 P 0x00123288 (0x00002ce0->0x00002ce0) [RWX] @0x13340
Note: Extending previous segment from 0x13284 to 0x15f68 bytes
Note: 0x4-byte hole created
Waiting for Proxmark to appear on USB...
Connected units:
1. SN: ChangeMe [bus-0/\\.\libusb0-0001--0x9ac4-0x4b8f]
Found.
Flashing...
Writing segments for file: osimage.elf
0x00110000..0x00125f67 [0x15f68 / 352 blocks]..................................
..............................Error: Unexpected reply 0x00fe (expected ACK)
ERROR
Error writing block 64 of 352

Flashing bootloader works fine...

hw verstion:

proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 486-unclean 2011-07-09 19:59:31
#db# os: svn 486-unclean 2011-08-28 18:52:03
#db# FPGA image built on 2012-11-09 at 15:27:56

Did you have a solution for this? I have it with SVN Build rev 649 and everything else I've tried.

Thanks

Joe

b0ngokarl · 2013-01-20 02:15:31

btw dont know if it matters - fullimage failes at 32...

b0ngokarl · 2013-01-21 11:22:27

Nobody has an idea? I'd need to Hitag functionalities quite urgent

They are not supported with r486...

Thanks!

Joe

Cex · 2013-01-21 14:10:34

Some people having similar issues has reported to solve the problem by holding the button pressed during the whole flashing process.

Anyway, and assuming that your image always fails at sector 64, it looks more like one of the 16 lock bits of the flash is set (each of them protect 64 pages), and then I think the only solution is to erase the whole flash and flash the bootloader and images using a JTAG probe.

You can also try to use a shorter (or better quality) usb cable, just in case it is a problem with power supply or communications with your PC.

b0ngokarl · 2013-01-22 11:49:31

Hi Cex,

thanks for your assistance. Indeed the "holing the button" thingie was done correctly.

It always fails at 64 or for fullimage at 32 - isnt there any other possibility to fix this instead of buying a JTAG? I've tried with another USB cable already and unfortunately this is not a reason

Any other advise maybe?

Thanks!

Joe

Cex · 2013-01-22 13:44:03

None that I can think of.
If you have some soldering skills and a PC with a paralell port you can build yourself a Wiggler that is very cheap, and use Armpgm.

Anyway it's not sure that the problem was lock bits. Maybe your Atmel is faulty.

b0ngokarl · 2013-01-22 18:07:32

Hi Cex,

is there a way to somewhere find out if its a lock bits thingy by communicating through bootloader? i can tell that if i flash something else then r486 - it doesnt work. it keeps on blinking and the relais (forgive me im not sure how this component is called) keeps on clicking every ~ 2 minutes).but if i reflash r486 - and it will faile at 32 or 64 depending if i do fullimage or osimage it is back to normal operation. even tho i feel voltage if i do "hw tune" quite low for 13.56 mghz and it misbehaves.

Unfortunately I'm new to fpga's and ic's and such "low level" operations. Am equipped with native parallel port and an solder iron so I'll find out about the Wiggler

Thank you so much!

Joe

Cex · 2013-01-24 13:37:28

From what I've seen from the bootloader sources it does not provide such information.
I think your best solution is to build up the wiggler (it only requires the connectors, a cheap TTL IC and some resistors) and erase the whole IC.
Then program the bootloader, osimage and fpgaimage.

Cex · 2013-01-24 14:33:38

You could also make an small program (less than 32 blocks) to test that, but it will be easier and faster to build the Wiggler.

Last edited by Cex (2013-01-24 14:34:51)

b0ngokarl · 2013-01-25 10:21:28

Hi Cex,

before I start - would a ATMEL STK200 work? It has ordercode STK200 on kanda.com

Do you know?

Thanks for your efforts - I owe you a beer! (could send some smartcards instead / working for a big manufacturer in europe)

Thanks!

Jonas

Cex · 2013-01-25 10:39:54

I'm not sure, but from the specs it looks like it only support ISP for AVR family of microcontroller.
The uC in PM3 uses an ARM core and it needs JTAG, not ISP.

I think JTAGAVR will do the trick, but it will surely be much more expensive than the Wiggler that you can build yourself (google for "wiggler schematic" to get info for it. Once build use the ARMPGM you can find at http://www.proxmark.org/files/Flash/ to program the PM3).

b0ngokarl · 2013-01-25 12:11:55

Hi Cex,

do you think this one would work?

http://downloads.amilda.org/MODs/JTAG/wiggler.gif

If so I'll get myself the parts and try my luck

Thanks!

Jonas

Cex · 2013-01-25 12:33:52

Yes, it shall work.
The only thing you have to take into account is that the schema you put has a 14-pin header and the PM· uses a 20-pin one, so check for JTAG pinouts to see the pins you should use for PM3.

b0ngokarl · 2013-01-29 17:05:08

So I got myself a wiggler which seems to work.

Flasing the .elf files I build myself work well too - it seems to be successfull but when i try Verify it says it would not match expected

Then I tried again with normal flasher.exe

Writing segments for file: fpgaimage.elf
0x00102000..0x0010c4bb [0xa4bc / 165 blocks]................................Err
or: Unexpected reply 0x00fe (expected ACK)
ERROR
Error writing block 32 of 165

Now when I have erased everything - it is completly not working

Any ideas?

Cex · 2013-01-30 08:16:39

After erasing all the flash you need to program everything: Bootloader, osimage and fpgaimage.
If you PM3 still fails maybe it is faulty, so contact your seller for fixing the issue.

b0ngokarl · 2013-01-30 09:41:11

I tried again - used the howto here: http://www.proxmark.org/files/Flash/2008.09.20-flash-howto.pdf

Flashing with JTAG seems to be fine but device won't boot (it is bootlooping)

So I tried again flashing r486 from pm-3-r486.zip:

Z:\j0nas\pm3-bin-r486\pm3-bin-r486\Win32>flasher.exe -b bootrom.elf
Loading ELF file 'bootrom.elf'...
Loading usable ELF segments:
0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94
1: V 0x00200000 P 0x00100200 (0x00001828->0x00001828) [R X] @0x294

Waiting for Proxmark to appear on USB.................
Connected units:
        1. SN: ChangeMe [bus-0/\\.\libusb0-0001--0x9ac4-0x4b8f]
 Found.

Flashing...
Writing segments for file: bootrom.elf
 0x00100000..0x001001ff [0x200 / 2 blocks].. OK
 0x00100200..0x00101a27 [0x1828 / 25 blocks]......................... OK

Resetting hardware...
All done.

Have a nice day!

Z:\j0nas\pm3-bin-r486\pm3-bin-r486\Win32>


Z:\j0nas\pm3-bin-r486\pm3-bin-r486\Win32>flasher.exe osimage.elf
Loading ELF file 'osimage.elf'...
Loading usable ELF segments:
1: V 0x00110000 P 0x00110000 (0x000104fe->0x000104fe) [R X] @0xb8
2: V 0x00200000 P 0x001204fe (0x00001c54->0x00001c54) [RWX] @0x105b8
Note: Extending previous segment from 0x104fe to 0x12152 bytes

Waiting for Proxmark to appear on USB.....................
Connected units:
        1. SN: ChangeMe [bus-0/\\.\libusb0-0001--0x9ac4-0x4b8f]
 Found.

Flashing...
Writing segments for file: osimage.elf
 0x00110000..0x00122151 [0x12152 / 290 blocks]..................................
..............................Error: Unexpected reply 0x00fe (expected ACK)
 ERROR
Error writing block 64 of 290

Z:\j0nas\pm3-bin-r486\pm3-bin-r486\Win32>

Z:\j0nas\pm3-bin-r486\pm3-bin-r486\Win32>flasher.exe fpgaimage.elf
Loading ELF file 'fpgaimage.elf'...
Loading usable ELF segments:
0: V 0x00102000 P 0x00102000 (0x0000a4bc->0x0000a4bc) [R  ] @0xb4

Waiting for Proxmark to appear on USB...
Connected units:
        1. SN:  [bus-0/\\.\libusb0-0001--0x9ac4-0x4b8f]
 Found.

Flashing...
Writing segments for file: fpgaimage.elf
 0x00102000..0x0010c4bb [0xa4bc / 165 blocks]................................Err
or: Unexpected reply 0x00fe (expected ACK)
 ERROR
Error writing block 32 of 165

Z:\j0nas\pm3-bin-r486\pm3-bin-r486\Win32>

Strange thing is - even that I wiped it completly with JTAG and flashing failes with flasher.exe

It works again now

proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 486-unclean 2011-07-09 19:59:31
#db# os: svn 486-unclean 2011-08-28 18:52:03
#db# FPGA image built on 2009/12/ 8 at 8: 3:54

I think it is broken or something?

Kind regards

Jonas

b0ngokarl · 2013-01-30 09:48:24

I need to correct myself - its only looking okay but doesnt work:

# LF antenna: 0.00 V @ 125.00 kHz
# LF antenna: 0.00 V @ 134.00 kHz
# LF optimal: 0.00 V @ 12000.00 kHz
# HF antenna: 0.00 V @ 13.56 MHz
# Your LF antenna is unusable.
# Your HF antenna is unusable.
proxmark3>

:'(

Cex · 2013-01-30 13:40:49

Did you flash the fpga image for that same release?

On the other hand I searched a bit on the lock bits for the IC, and it seems that the only way of erasing lock bits is using the ERASE pin.
This pin in unconnected in PM3 (pin 55). You should solder a wire to that pin (IC if fine pitch tqfp, so you better be good with soldering iron), and with the board power on, connect the pin to 3V3 for one second (for example), and then left it unconnected again. This erases everything.

Anyway lock bits should not be programmed, so consider returning the PM3 to your seller.

b0ngokarl · 2013-01-30 21:30:26

Hi Cex,

Thank you for your contributions!

Fortunately Jason was able to help me out. Indeed it has had set lock bits from bit 8-31.

I have no clue how this has happened - nor am I sure that you could do this without having a JTAG.

Anyways all in all - everything is fine now

Thanks Cex and Jason!

Best regards

Jonas

BTW you could tag this as solved if possible somehow

stijn · 2014-11-20 12:48:15

Hi

how can you change the lockbits? I think I'm in the same situation as you but when I connect my J-Link it keeps failing to connect due to the fact that it can't reset the processor.

Tnx

linsir · 2018-03-14 09:35:57

stijn wrote:

Hi
how can you change the lockbits? I think I'm in the same situation as you but when I connect my J-Link it keeps failing to connect due to the fact that it can't reset the processor.
Tnx

I think I'm in the same situation as you.Have you solved it ??

Last edited by linsir (2018-03-14 09:45:56)

Proxmark3 community

Announcement

#1 2013-01-20 02:11:15

PM3 Firmware upgade fail [Solved]

#2 2013-01-20 02:15:31

Re: PM3 Firmware upgade fail [Solved]

#3 2013-01-21 11:22:27

Re: PM3 Firmware upgade fail [Solved]

#4 2013-01-21 14:10:34

Re: PM3 Firmware upgade fail [Solved]

#5 2013-01-22 11:49:31

Re: PM3 Firmware upgade fail [Solved]

#6 2013-01-22 13:44:03

Re: PM3 Firmware upgade fail [Solved]

#7 2013-01-22 18:07:32

Re: PM3 Firmware upgade fail [Solved]

#8 2013-01-24 13:37:28

Re: PM3 Firmware upgade fail [Solved]

#9 2013-01-24 14:33:38

Re: PM3 Firmware upgade fail [Solved]

#10 2013-01-25 10:21:28

Re: PM3 Firmware upgade fail [Solved]

#11 2013-01-25 10:39:54

Re: PM3 Firmware upgade fail [Solved]

#12 2013-01-25 12:11:55

Re: PM3 Firmware upgade fail [Solved]

#13 2013-01-25 12:33:52

Re: PM3 Firmware upgade fail [Solved]

#14 2013-01-29 17:05:08

Re: PM3 Firmware upgade fail [Solved]

#15 2013-01-30 08:16:39

Re: PM3 Firmware upgade fail [Solved]

#16 2013-01-30 09:41:11

Re: PM3 Firmware upgade fail [Solved]

#17 2013-01-30 09:48:24

Re: PM3 Firmware upgade fail [Solved]

#18 2013-01-30 13:40:49

Re: PM3 Firmware upgade fail [Solved]

#19 2013-01-30 21:30:26

Re: PM3 Firmware upgade fail [Solved]

#20 2014-11-20 12:48:15

Re: PM3 Firmware upgade fail [Solved]

#21 2018-03-14 09:35:57

Re: PM3 Firmware upgade fail [Solved]

Board footer