cancel
Showing results for 
Search instead for 
Did you mean: 

Best way to clone stm32f103 to new board

Jarrid Graham
Associate II
Posted on February 09, 2017 at 19:33

What I have are two identical boards except for the firmware on one is newer than the other. I thought it should be fairly easy to copy the memory from one to the other . I have a st-link v2 and can copy the firmware (no protection) out and flash it to the other but to does not work after being programmed.

I can get access to the UART1 and boot pins if need be but when I write the memory and compare it, it has been written and checks out , I was just curious what I might be missing.

I will admit that I am not very familiar with the STM32 family of stuff but have worked with other micros over the years

14 REPLIES 14
Posted on February 09, 2017 at 20:04

Perhaps it is dependent on unique serial number, external hardware, or has information programmed in OTP/Options.

You could compare the memory image between two devices which already have the same firmware, and see if any of the FLASH is committed to configuration/calibration data which is part/board unique.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
Jarrid Graham
Associate II
Posted on February 09, 2017 at 20:32

I do have two devices that are supposed to be the same, I will check them and see, I am guessing I only need to look at the 0x08000000 area ? someone suggested copying 64k from the device and clear the other and program I end up with the same result. I did try to change some of the option bytes and I get an error but when I go back to check they have changed.

Ok I read both the boards and there were 4 bytes different , two were basically +0x40 and the other two were +0x01 more. these devices are pretty generic it doesnt look like there is anything to identify any kind of serial or anything but I don't know.

I did try flashing that image and had the same result.

Thanks

Jarrid Graham
Associate II
Posted on February 09, 2017 at 23:19

What is basically is that there is a jig to reprogram theses boards being shipped to customers to reflash them, I was supposed to have it almost 2 months ago, in the mean time my thousands of dollars in equipment is not working. I have contacted them and have told them what I am doing and have done, they have not said go or stop other than now the only jig is broke and will be a while. What I did was early on I sent some boards to the person that had it jig at the time to be updated is why I have the newer version. If I could get them flashed they could bypass me and go on to the next. At some point I will get them but being down do long has been a pain.

The actual part number is STM32F103RCT6 

I really hate asking such a basic question and I do appreciate the help and info, I didn't think it would be more involved than this.

What I know about the jig is it has an updated board that it is reading from, as far as how I don't know had some support electronics wrapped in white tape, just needs usb for power only. Put your board in and push the pogo pins down and hit a switch.

What have been told is many times it has to be flashed multiple times or you get a red flashing led which is what I am getting now, i assume it is the same but don't know, some code must be running to flash the led.

Thanks

Posted on February 09, 2017 at 22:58

Each device has a unique serial number. Data can also be stored in BKPRAM and erased via tamper detection.

The most probable reason, beyond basic copy protection, is that you aren't copying the entire flash. What is the exact part number of the STM32 being used.

Going to presume you don't actually have the approval of programs author to do what you are trying.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
Posted on February 09, 2017 at 23:37

So 256KB of FLASH not 64KB 

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
Jarrid Graham
Associate II
Posted on February 10, 2017 at 01:57

First thing I did was hook up the new board and pulled 0x3FFFF size from 0x08000000 and wrote that I though since is was unprotected that would get it but it didn't.  So started banging around for a bit then decided there must be something simple I am missing.

Posted on February 10, 2017 at 02:05

0x40000 

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
Jarrid Graham
Associate II
Posted on February 10, 2017 at 03:10

Ha, yes you are correct, I will try it tomorrow, hey at this point if it works I will be happy and feel bad at the same time.

Posted on February 10, 2017 at 03:24

Really depends if the memory is fully populated, and there is a checksum or CRC right at the end, then being one byte short is enough to derail things. I usually do this by inspection. If the firmware was still not starting I'd disassemble and debug. If there is integrity checking that's the first thing to verify that you are starting with a clean image.

0x08000000..0x0803FFFF [0x40000]

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..