Skip to main content
Math86
Math86
Associate II
June 1, 2021
Question

Possible to read program stored in STM32F103C8T6 ?

  • June 1, 2021
  • 5 replies
  • 8827 views

Hello everyone,

I bought a tool that uses a STM32F103C8T6 with a program on it to transmit some CAN data. I would like to read the program that is currently on the tool and edit it.

Is it feasible ? Or is the memory protected ?

Thanks in advance for your help ! :grinning_face:

5 replies

TDK
TDK
Super User
June 1, 2021

I would expect most companies selling commercial tools to enable read protection.

If read protection is off, you can read the compiled assembly code, but not the source code. Editing the program to do something useful would require a significant technical ability and time investment.

"If you feel a post has answered your question, please click ""Accept as Solution""."
Math86
Math86Author
Associate II
June 1, 2021

Thanks for the quick and detailed answer.

I'll try it out and see if I can get something. Do you know where I can find some info on how to connect to the STM32F103 and check if the read protection is activated ? The PCB I have provides some pins that are connected to VDD_1, PA09, PA10, PA13 and PA14. I also have a "FT232RL FTDI Mini USB to TTL Serial Converter Adapter Module" that I bought for that purpose.

Kind regards

Andrew Neil
Andrew Neil
Super User
June 1, 2021

If you need to ask that question, it suggests that you're not in a position to do much with the code if you do manage to read it.

You would need to connect to the microcontroller's SWD/JTAG Debug port using an ST-Link or similar debug probe.

A complex system that works is invariably found to have evolved from a simple system that worked.A complex system designed from scratch never works and cannot be patched up to make it work.
Math86
Math86Author
Associate II
June 1, 2021

Indeed I don't have much experience with micro processors. I do have a bit of experience with coding tho and I'm pretty sure the code is very simple (only a few lines). So I'll give shot, nothing to lose anyway.

Tesla DeLorean
Tesla DeLorean
Guru
June 1, 2021

I don't think the code is in the form you're imagining, a few lines becomes a needle in the haystack.

Tips, Buy me a coffee, or three.. PayPal VenmoUp vote any posts that you find helpful, it shows what's working..
Javier1
Javier1
Principal
June 1, 2021

If what you want to do is read what is written inside the microcontroller so you can change some code.

Short answer no.

Long answer:

What the microcontroller memory contains is the already compiled machine code (unless youre using micropython or some other satanic scripting engine).

This means youre just going to be able to read BIP BUP BIP, maybe some static strings. Reverse engineering that would be VEEERY HARD.

0693W00000BZofNQAT.png

hit me up in https://www.linkedin.com/in/javiermuñoz/
Math86
Math86Author
Associate II
June 2, 2021

Indeed this looks very complicated. I read online that there are some "disassemblers" that can partly retrieve some code or at least make some sense of the compiled code. Do you think this could work here ?

Javier1
Javier1
Principal
June 2, 2021

@Math86​ 

Take this as an opportunity to learn about it, if it were up to me i would find another way.

With dissasembler tools you can translate compiled machine code back into Simple assembly languaje

Is the programm you want to reverse engineer very simple?

Because this languaje is Harsh, and you would need to have an advanced knowledge about your hardware

hit me up in https://www.linkedin.com/in/javiermuñoz/
Math86
Math86Author
Associate II
June 2, 2021

The micro controller is embedded on a PCB that is connected to the ODB port of a car to read and transmit CAN messages.

I expect the program to read the can messages carrying the details of the car and based on that send a predefined set of CAN messages (probably 3-4 scenarios depending on the details of the car).

It will also read the VIN number and store it to block usage on another car. Accessing and changing that VIN number would already a good achievement for me.

But if I understand all of this is only possible if the read protection is off so I'll already try to figure out if that's the case or not.

Javier1
Javier1
Principal
June 2, 2021

So you just want to code your own programm and flash it in the microcontroller?

It would be easyer than reverse engineering binaries and then add your code

I have no experience with read protections, you should try , are the SW pins of the microcontroller accesible to you?

hit me up in https://www.linkedin.com/in/javiermuñoz/
Math86
Math86Author
Associate II
June 2, 2021

I need to keep the CAN messages that are stored in the program as I have no idea what ID and data they contain.

Let's say that for now I want to keep the exact same program but I just want to remove the lock on a certain VIN number to be able to use that tool on multiple cars.

The tool has been connected to a car once, it read the ​VIN number of the car, then it sent certain CAN messages that triggered an action on the car.

Now, if the tool is connected to another car, it'll see that the VIN number doesn't match the one that he registered at the first use and it won't do anything.

I tried connecting through UART without any success. Here is the thread where I explain my setup : ​https://community.st.com/s/question/0D53W00000qvHtNSAU/help-connecting-to-stm32-on-cube-programmer

Thanks a lot for your time that you spend helping me.​

Terms & ConditionsAccessibility statement