sz3n · January 10, 2017 22:57 · sz3n · Jan 10, 2017
diff --git a/bus pirate & pm3 b/bus pirate & pm3
 #This post describes my "project" in:
 debricking proxmark3 with the help of a Bus Pirate 3.6 board
 as the board was shipped with a firmware inferior to 5.9, jtag was not supported
 So i began my work by upgrading the firmware to 5.9+ (jtag supported)

 #I was primarily based on http://dangerousprototypes.com/docs/Gonemad's_Bus_Pirate/OpenOCD_walk_through

 #install driver
 http://www.ftdichip.com/Drivers/CDM/CDM21224_Setup.zip

 #modify Device Manager => Ports => Properties
 Bits per second:   115200
 Data bits:         8
 Parity:            None
 Stop bits:         1
 Flow control:      None

 #fireup Tera Term Pro and 
 #Change settings in Setup => Serial Port
 Bits per second:   115200
 Data bits:         8
 Parity:            None
 Stop bits:         1
 Flow control:      None

 #Re-connect the Bus Pirate and launch Tera Term Pro, you get the following:
 HiZ>
 HiZ>i
 Bus Pirate v3b
 Firmware v5.10 (r559)  Bootloader v4.4
 DEVID:0x0447 REVID:0x3046 (24FJ64GA002 B8)
 http://dangerousprototypes.com
 HiZ>m
 1. HiZ
 2. 1-WIRE
 3. UART
 4. I2C
 5. SPI
 6. 2WIRE
 7. 3WIRE
 8. LCD
 9. DIO
 x. exit(without change)

 #Download theds30_Loader package here: http://picbootloader.com/forum/attachment.php?aid=280
 #Launch ds30_loader GUI and adjust all the settings manually in the GUI. The following settings should suffice.

 Basic:      Baudrate:   115200
            Device:      PIC24FJ    64GA002
            Port:      USB Serial Port (COMnn)
            Write program:   "True"
            Write Eeprom:   "False"
 Advanced:   De-select everything!
 Timing:      Poll time:   250
            Timeout:   5000
 Reset:      Manual
 Activation:   Manual
 Security:   De-select everything!
 Terminal:   Baudrate:   115200

 #Then follow this procedure:
 
 • Connect your BP to your PC
 • Open a terminal to your BP
 • Type "$" and then accept with "yes".
 • Close/disconnect terminal
 • Start the "ds30 Loader" GUI
 • Adjust the ds30 GUI settings according to those above, if needed
 • Load the path to the new Firmware
 • Hit "Write" button
 • Wait until the green progress bar is complete
 • Wait a few seconds more and then disconnect your BP
 • Close the "ds30 Loader"
 • Reconnect BP
 • Open a terminal and check the results.

 #Waoh!! It works!!
 HiZ>i
 Bus Pirate v3b
 Firmware v6.0RC (r572)  Bootloader v4.4
 DEVID:0x0447 REVID:0x3046 (24FJ64GA002 B8)
 http://dangerousprototypes.com
 HiZ>



 #To configure openocd
 sudo apt-get install libtool autoconf texinfo libusb-dev libftdi-dev
 #download and compile the openocd 0.8.0 http://openocd.org/2014/04/openocd-0-8-0-release/
 cd code
 ./bootstrap
 ./configure --enable-maintainer-mode --disable-werror --enable-buspirate
 make
 sudo make install

 #https://bs-security.fr/tag/buspirate.html
 #Attention: the cable pinout used out there is not correct
 #SeeedStudio Buspirate Cable PIN should be used instead, like below:
 Marron - Pin 20 - GND
 Noir - Pin 13- MISO/TDO
 Pink - Pin 9 - CLK
 Blanc - Pin 7 - TMS
 Gris - Pin 5 - MOSI/TDI

 openocd -f at91sam7s512-buspirate.cfg

 root@ubuntu:~# telnet localhost 4444
 Trying ::1...
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 Open On-Chip Debugger
 > 
 > halt
 > flash erase_sector 0 0 15
 erased sectors 0 through 15 on flash bank 0 in 0.258088s
 > flash erase_sector 1 0 15
 erased sectors 0 through 15 on flash bank 0 in 0.258331s
 > flash write_image /root/proxmark3/armsrc/obj/fullimage.elf
 Padding image section 0 with 5762 bytes
 Padding image section 1 with 6 bytes
 wrote 189104 bytes from file /root/proxmark3/armsrc/obj/fullimage.elf in 206.093323s (0.896 KiB/s)
 > flash write_image /root/proxmark3/bootrom/obj/bootrom.elf
 wrote 3424 bytes from file /root/proxmark3/bootrom/obj/bootrom.elf in 4.401909s (0.760 KiB/s)
 >
	#This post describes my "project" in:
	debricking proxmark3 with the help of a Bus Pirate 3.6 board
	as the board was shipped with a firmware inferior to 5.9, jtag was not supported
	So i began my work by upgrading the firmware to 5.9+ (jtag supported)

	#I was primarily based on http://dangerousprototypes.com/docs/Gonemad's_Bus_Pirate/OpenOCD_walk_through

	#install driver
	http://www.ftdichip.com/Drivers/CDM/CDM21224_Setup.zip

	#modify Device Manager => Ports => Properties
	Bits per second: 115200
	Data bits: 8
	Parity: None
	Stop bits: 1
	Flow control: None

	#fireup Tera Term Pro and
	#Change settings in Setup => Serial Port
	Bits per second: 115200
	Data bits: 8
	Parity: None
	Stop bits: 1
	Flow control: None

	#Re-connect the Bus Pirate and launch Tera Term Pro, you get the following:
	HiZ>
	HiZ>i
	Bus Pirate v3b
	Firmware v5.10 (r559) Bootloader v4.4
	DEVID:0x0447 REVID:0x3046 (24FJ64GA002 B8)
	http://dangerousprototypes.com
	HiZ>m
	1. HiZ
	2. 1-WIRE
	3. UART
	4. I2C
	5. SPI
	6. 2WIRE
	7. 3WIRE
	8. LCD
	9. DIO
	x. exit(without change)

	#Download theds30_Loader package here: http://picbootloader.com/forum/attachment.php?aid=280
	#Launch ds30_loader GUI and adjust all the settings manually in the GUI. The following settings should suffice.

	Basic: Baudrate: 115200
	Device: PIC24FJ 64GA002
	Port: USB Serial Port (COMnn)
	Write program: "True"
	Write Eeprom: "False"
	Advanced: De-select everything!
	Timing: Poll time: 250
	Timeout: 5000
	Reset: Manual
	Activation: Manual
	Security: De-select everything!
	Terminal: Baudrate: 115200

	#Then follow this procedure:

	• Connect your BP to your PC
	• Open a terminal to your BP
	• Type "$" and then accept with "yes".
	• Close/disconnect terminal
	• Start the "ds30 Loader" GUI
	• Adjust the ds30 GUI settings according to those above, if needed
	• Load the path to the new Firmware
	• Hit "Write" button
	• Wait until the green progress bar is complete
	• Wait a few seconds more and then disconnect your BP
	• Close the "ds30 Loader"
	• Reconnect BP
	• Open a terminal and check the results.

	#Waoh!! It works!!
	HiZ>i
	Bus Pirate v3b
	Firmware v6.0RC (r572) Bootloader v4.4
	DEVID:0x0447 REVID:0x3046 (24FJ64GA002 B8)
	http://dangerousprototypes.com
	HiZ>



	#To configure openocd
	sudo apt-get install libtool autoconf texinfo libusb-dev libftdi-dev
	#download and compile the openocd 0.8.0 http://openocd.org/2014/04/openocd-0-8-0-release/
	cd code
	./bootstrap
	./configure --enable-maintainer-mode --disable-werror --enable-buspirate
	make
	sudo make install

	#https://bs-security.fr/tag/buspirate.html
	#Attention: the cable pinout used out there is not correct
	#SeeedStudio Buspirate Cable PIN should be used instead, like below:
	Marron - Pin 20 - GND
	Noir - Pin 13- MISO/TDO
	Pink - Pin 9 - CLK
	Blanc - Pin 7 - TMS
	Gris - Pin 5 - MOSI/TDI

	openocd -f at91sam7s512-buspirate.cfg

	root@ubuntu:~# telnet localhost 4444
	Trying ::1...
	Trying 127.0.0.1...
	Connected to localhost.
	Escape character is '^]'.
	Open On-Chip Debugger
	>
	> halt
	> flash erase_sector 0 0 15
	erased sectors 0 through 15 on flash bank 0 in 0.258088s
	> flash erase_sector 1 0 15
	erased sectors 0 through 15 on flash bank 0 in 0.258331s
	> flash write_image /root/proxmark3/armsrc/obj/fullimage.elf
	Padding image section 0 with 5762 bytes
	Padding image section 1 with 6 bytes
	wrote 189104 bytes from file /root/proxmark3/armsrc/obj/fullimage.elf in 206.093323s (0.896 KiB/s)
	> flash write_image /root/proxmark3/bootrom/obj/bootrom.elf
	wrote 3424 bytes from file /root/proxmark3/bootrom/obj/bootrom.elf in 4.401909s (0.760 KiB/s)
	>