Dangerous Prototypes Open Source Hardware

surfrock66@sr66-blade:~/Downloads$ r2 -a 8051 chipdump1
 -- Too old to crash
[0x00000000]>

surfrock66@sr66-blade:~/Downloads$ r2 -a 8051 chipdump1
 -- Too old to crash
[0x00000000]> q
surfrock66@sr66-blade:~/Downloads$ r2 -a 8051 chipdump1
 -- WASTED
[0x00000000]> q
surfrock66@sr66-blade:~/Downloads$ r2 -a 8051 chipdump1
 -- The '?' command can be used to evaluate math expressions. Like this: '? (0x34+22)*4'
[0x00000000]> q
surfrock66@sr66-blade:~/Downloads$ r2 -a 8051 chipdump1
 -- Run your own r2 scripts in awk using the r2awk program.
[0x00000000]>

surfrock66@sr66-darter:~/Downloads$ binwalk -Z chipdump1

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
1044734       0xFF0FE         Raw LZMA compression stream, properties: 0xA2 [pb: 3, lp: 3, lc: 0], dictionary size: 65536

binwalk -e chipdump1
binwalk -b -I -B chipdump1
binwalk -Me chipdump1
binwalk -B -E chipdump1
binwalk -W chipdump1
binwalk -X chipdump1
binwalk --deflate chipdump1
binwalk -Z chipdump1
binwalk -X -Z chipdump1
binwalk --offset=0xFF0FE --lzma -M -e chipdump1
binwalk -Z -X -M -e 2B396.7z
binwalk -Z -X -M -e 42BE.7z

sudo flashrom -p buspirate_spi:dev=/dev/ttyACM0 -r chipdump1

SPI>W
VREG too low, is there a short?
Power supplies OFF

Read Data (03h)

The Read Data instruction allows one or more data bytes to be sequentially read from the memory. The

instruction is initiated by driving the /CS pin low and then shifting the instruction code “03h” followed
by a 24-bit address (A23-A0) into the DI pin. The code and address bits are latched on the rising edge
of the CLK pin. After the address is received, the data byte of the addressed memory location will be
shifted out on the DO pin at the falling edge of CLK with most significant bit (MSB) first. The address is
automatically incremented to the next higher address after each byte of data is shifted out allowing for
a continuous stream of data. This means that the entire memory can be accessed with a single
instruction as long as the clock continues. The instruction is completed by driving /CS high.

The Read Data instruction sequence is shown in figure 9. If a Read Data instruction is issued while an
Erase, Program or Write cycle is in process (BUSY=1) the instruction is ignored and will not have any
effects on the current cycle. The Read Data instruction allows clock rates from D.C. to a maximum of fR
(see AC Electrical Characteristics).

Online Programming (the ISP)
ONProgram
Memory and Internal Data Memory Chip Programming and Hardware Support Online Programming (the ISP). Hardware's Programming in Production at Programming Programmer, IT CAN the reduce cost and at The Time. HOWEVER, IF at The Product Development at The Stage or in need at The Product to Update Firmware, Of Convenient TOO, use the ISP MODE, the make the this Process Becomes Easy. N79E815A / 814A / 813A / 8132A Support the ISP MODE android.permission Software Procedures Updating. The Update at The file aDppD5li.c5aVti o=n 3 r.e0qVu i.red Voltage: V
Not the ISP does need to Executive BE removed from at The System Controller Board. At The Common Way IS MOST through the UART at The Implementation of the Code. That IS the PC Via Serial Transmission at The new new APROM Codes, LDROM Firmware accepted and reprogrammed in APROM Command Via the ISP.
Provides the ISP Firmware The Nuvoton, Go to 'bit Microcontrollers 8The
Nuvoton at The following Website. The Select "The Nuvoton the ISP by ICPProgrammer

The ISP 20.1 the bootloader
Operation of RealTime
that Unlike at The Register, Update Data Memory Takes A Long Time. THUS, the Timing Control Complex at The need for IS ERASED, written, N79E815A / 814A / 813A / 8132A Provides A mechanism of Convenient to the Users Help Update. By Setting ISPEN (CHPCON.0 protected by TA) Enabled
After the ISP, the user can easily write 16bit
destination address ISPAH and ISPAL, ISPFD to write data to ISPCN write command, and then
Trigger ISPGO at The SET (ISPTRG.0) READY to the Perform the ISP. Note ISPTRG Also protected by at The TA.
ISPGO the Setting (ISPTRG.0), Started the ISP. Note ISPTRG Also protected by at The TA. At the this Time, the CPU to the Keep at The Program counter, the ISP Builtin
Exalted Voltage Control Power Supply's Internal, and the Timing Control Signal. The After the ISP IS Operation Completed, at The Instruction Program Continues to counter Cleared the Automatically. The If you need the ISP to the Perform Operation Again, the Users only need to REPEAT at The above Steps, the this through the User Program RAM.
Here is the ISP register.

Place        Name      Description
6              ISPF         The ISP the Error Sign In Flag ( the Read Only )
                              When these conditions are met, the hardware sets this bit:
                              1. The following access is not allowed, such as,
                              (A) When APROM code at runtime, erased or programmed APROM itself.
                              (B) when APROM code at runtime, but LDUEN 0, erasing or programming LDROM.
                              (C) When APROM code at runtime, erase, program or read CONFIG bytes.
                              (D) When LDROM code at runtime, erased or programmed LDROM.
                              (E) access over the region of its size.
                              2. ISP is done by the internal program space into the external program space.
                              This bit is cleared by software
5              LDUEN    The Update LDROM Enabled
                              0 = When APROM code at runtime, prohibited from being erased or programmed LDROM, LDROM remain readonly.
                              1 = APROM code at runtime, allowing access LDROM.
4: 2          -             Retention
1              BS           Select Start
                              This bit is written or read in different ways.
                              write:
                              After resetting MCU defines the start blocks.
                              From the time you start APROM 0 = under.
                              From the time you start LDROM 1 = lower.
                              read:
                              After defining the starting blocks last reset MCU.
                              0 = last start from APROM.
                              1 = previous boot from LDROM.
0              ISPEN      The ISP the Enable
                              0 = ISP function.
                              1 = disable ISP.
                              Will the enable function at The Internal the ISP 22.1184MHz the RC Oscillator Clock. The ISP Operations SHOULD BE the Clear ISPEN
                              After the last instruction, which can stop the internal RC to reduce power consumption.

The ISP 20.4 the User Guide
ISP users can easily update the contents of the memory, however, the user must follow certain restrictions to ensure that the ISP is performed properly, it may cause
A Result AS, Damage to the even at The Device. Meanwhile, at The segment IS Useful for correct at The Implementation of the ISP.
(1) Not have have AN the ISP, the User of MUST at The ISPEN the Clear (CHPCON.0) of 0. The IS It Prevents Accidental at The System in Triggering from the ISP.
The RC Oscillator 22.1184MHz. The If you SELECT External Clock at The Source at The STOP IS Prohibited Will the ISP Internal 22.1184MHz the RC, CAN Achieve Note ISPEN protected by the TA.
(2) only the when CONFIG byte code at The LDROM Startup CAN BE Full Access the ISP. The After All RESET, the except bits of the CBS, new new
All bytes are activated CONFIG. The After All Software RESET RESETS the except Outside, the CBS 'bit at The new new IS activated.
(3) When the LOCK bit (CONFIG0.1) is activated, ISP read, write or erase still valid.
(4) at The the ISDPD= W 3o.0rkVin 5g. 5OVN. V
(5) APROM and LDROM own content can be read by ISP method.
Their own the Users CAN Start the Notes the ISP Program, in the Order to Protect Data Security, and Program ERASE CONFIG byte at The Last of MUST BE STEP.

the InCircuit Programming (by ICP)
ICP (In Circuit Programming) model is another way to access the EPROM memory, requires only three pins execution ICP functions, one is / RST input lead
During at The Work of MUST by ICP Foot BE pulled to the GND, the INPUT A Clock, and P1.7 Reuse, at The Device Receives AN External Serial Clock. Another IS I / O pins multiplexed with P1.6 external ICP programming at P1.7 through P1.6 pin synchronous clock data into N79E815A / 814A / 813A / 8132A memory EPROM.

By ICP at The MODE Entering the when, Will All pins quasiBidirectional BE SET MODE, at The Output IS "1." N79E815A / 814A / 813A / 8132A Memory Support
The EPROM (16K / 8K / 4K bytes APROM the EPROM), Data Memory (Page 128 bytes) and LDROM Programming. The Userselectable is Programming APROM, data memory and LDROM.

The NOTE :
1. When using the ICP update the code, /RST,P1.6 and P1.7 must be disconnected from the system board load.
2. After the ICP program, the proposed power off the system removed ICP tool, and then connect the power.
3. recommends that customers continuously erasing and editing configuration bits in two steps, do not break.