FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Read out Start-Up RAM values

an
Associate II

‎2012-10-12 02:28 AM

Posted on October 12, 2012 at 11:28

Hey there,

I am pretty new to micrcontrollers and such. I recently bought a STM32VL Discovery, which I am programming with CoCoox IDE.

My goal is to read out the start-up values of internal RAM. By start-up values I mean the values of RAM cells just after the power-up of the device when no other application interferred with the ram.

Is this possible somehow? Could you guys guide me to some literature or give me some hints?

Thanks in advance!

#describe-the-goal-not-the-step
0 Kudos
27 REPLIES 27
M0NKA
Senior

‎2012-11-14 07:14 AM

Posted on November 14, 2012 at 16:14

Yes, there is crypto processor, random number generator and hash processor.

From Section 20.1 of the pdf:

The RNG processor is a random number generator, based on a continuous analog noise,

that provides a random 32-bit value to the host when read. The RNG is expected to provide

a success ratio of more than 85% to FIPS 140-2 tests for a sequence of 20 000 bits,

measured on corner conditions by device characterization.

�? It delivers 32-bit random numbers, produced by an analog generator

�? 40 periods of the PLL48CLK clock signal between two consecutive random numbers

�? Monitoring of the RNG entropy to flag abnormal behavior (generation of stable values,

or of a stable sequence of values)

�? It can be disabled to reduce power-consumption

I still didn't get from your reply if you are going to use the ram values for some security,

but if it is, i think i have read about some attacks on this using low temperatures and stuff.

And lets not forget that almost any microcontroller code extraction these days cost

400-500 USD in Shenzhen, so maybe such effort is overkill. If you are not going to

use this for security, just ignore my post.

BR

0 Kudos
Tesla DeLorean
Guru

‎2012-11-14 08:01 AM

Posted on November 14, 2012 at 17:01

The chip could be flashed from blank via USB, so i assume there is some kind of

 

bootrom with USB/USART drivers. The actual reset is probably sent to the bootrom, boot pins checked, and reset vectors then read, and execution passed ?

 

 

Or the bootrom is not even mapped without boot request, the actual logic reads

 

the reset vector and passes execution to flash ?

 

The BOOTx pins define what memory is mapped at ZERO during startup, this can be FLASH, RAM or ROM. The ROM where the system loader is present always exists in it's native location 0x1FFFFxxx or whatever. It's possible to call this loader from a user application.

RAM retains it's content across a processor reset, how it clears/sets at a power on event is another matter. Some of the memory has a TAMPER based clear.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
M0NKA
Senior

‎2012-11-15 05:56 AM

Posted on November 15, 2012 at 14:56

Hi,

Tnx for the info. In this case disassembly of the bootrom is useless. The OP just need

to code a small asm routine to init one of the USARTs and loop all ram bytes on the

TX pin as you suggested earlier. ARM offers enough registers anyway to code this

without touching the RAM.

Regards

0 Kudos
an
Associate II

‎2012-11-15 07:27 AM

Posted on November 15, 2012 at 16:27

Hi folks,

first off thanks for your help. M0NKA could you give me more detail on what would be a good solution?

You suggest to write some ASM code to iterate over 0x20000000-0x20002000 and put every byte on USART TX to send ot to some kind of hyperterminal?

Furthermore the ASM code can only work with the mcu's registers so it doesn't interfer with the ram.

But where would i need to put the asm code? At the position we already have been talkin about: right at the beginning of the reset handler?

Cheers

0 Kudos
Tesla DeLorean
Guru

‎2012-11-15 09:41 AM

Posted on November 15, 2012 at 18:41

You'd put the code at the point I have identified, and use a fairly simple loop to output to the serial port. This could be done with registers, and without calling or stacking.

If you put this in a .C file you've probably already lost control. You'd need to disassemble the prologue code and confirm it wasn't doing anything.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
M0NKA
Senior

‎2012-11-16 01:25 AM

Posted on November 16, 2012 at 10:25

Hi,

I just checked, there is quite a lot of init needed for USART, and not forget the CPU

clocks, PLL, etc. The easiest way is to create a new project, in C that reads the whole

ram via USART. Then slowly start to remove all library calls and implementing it in

a single function (main), using max optimization. You can continuously disassemble

the result (IDAPro, your tool, etc) and see if the stack usage is completely removed.

Finally you can copy the resulting asm (from IDAPro dump or asm output of compilier)

and build new project in asm only.

Not sure if it is possible to use the USART with default clock/pll values on startup. Also

it is too much code to do by hand only in ASM, so maybe best to use the above method.

Hope this helps.

0 Kudos
an
Associate II

‎2012-11-16 01:40 AM

Posted on November 16, 2012 at 10:40

Hey M0NKA,

thanks for your help. Phew..Looks like this exceeds my skills. It would take ages for me to accomplish this. I guess I'm kind of stuck here. I will have to postpone this when I've got more spare time.

Thanks anyway.

0 Kudos
Andrew Neil
Evangelist III

‎2012-11-16 02:49 AM

Posted on November 16, 2012 at 11:49

Why not just use the debugger to read the RAM contents?

Then you wouldn't need any code in the chip at all!

(well, maybe just an infinite loop in the reset vector to stop it executing rubbish).
0 Kudos
Tesla DeLorean
Guru

‎2012-11-16 03:43 AM

Posted on November 16, 2012 at 12:43

Not sure if it is possible to use the USART with default clock/pll values on startup. Also it is too much code to do by hand only in ASM, so maybe best to use the above method.

Everything is runs at 16 MHz, you have to enable the peripheral/pin clocks, obviously, but USART setting only requires that you know what the core is actually running at.

Your assembler coding methodology seems unnecessarily complicated. I can't see this taking more than a few dozen lines of code, figure about 20-30 minutes of effort. Now I've written Flashing libraries for these parts in assembler, as well as boot loaders, so my perspective here is a bit skewed.

In this case disassembly of the bootrom is useless.

Got one of those too.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
M0NKA
Senior

‎2012-11-16 04:33 AM

Posted on November 16, 2012 at 13:33

Hi,

I guess just the code generated by GCC, even with best optimization is bit rubish.

Got spoiled by many years using ADS 1.2. But agree with you, the best would be

to dig all registers and flags from the pdf and quickly code by hand. But this

apply only for somebody who does a lot of assembler, on everyday basis.

My method is maybe best for people who don't usually do asm coding/debugging.

About the default clock, yeah i recalled that CoIDE startup do not include the SystemInit() call by default and all works, but was too late, already posted.

BR, Chris

0 Kudos
Top