Hi,
i’m fiddling with accessing the external flash on a P1.
I have a working JTAG-environment (i can see the target, flash ist like i want, etc…) using openocd.
What i didn’t find, are information to access the external flash memory, where the public server key and the private device key are stored.
I want to change these keys (at least write the server key and read the private key).
I’m not sure if that’s possible since the external flash is sitting on the SPI bus…
However, you can make use of DFU commands if you populated a USB port:
Hmm. I’ve digged further down and found that the current firmware isn’t using the external flash by default.
#ifdef USE_SERIAL_FLASH
blink(10, 200, Color::RED);
#else
blink(10, 200, Color::GREEN);
#endif
It’s blinking green. So “USE_SERIAL_FLASH” is not defined. So what exactly is the flash_address of the keys then?
In the specs from particle-cli or dct.h the keys can be found at offset “34” (private) or “2082” (server).
Am i right, that i just need to know, what the base-address is, and then simply add the offset to this address, resulting in the address i’m looking for?
Thx. But i still can't find the information.
According to the issue 82, and the DCT-information, i can find the keys in DCT1 starting at 0x8004000.
With offset 34 for private key, 2082 for server public key resulting in 0x8004034 and 0x8006082.
Correct?
Looking into it with the JTAG i cannot find data. At least the private key should be there, because it will be generated if offset 34 is 0xFF.
mdb 0x8004034 420
0x08004034: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x08004054: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x08004074: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x08004094: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x080040b4: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x080040d4: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x080040f4: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x08004114: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x08004134: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x08004154: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x08004174: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x08004194: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x080041b4: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0x080041d4: ff ff ff ff
I'm not very experienced with jtag-programming, so i might do something horribly wrong, or not?
I also tried looking into the system-flags, or looking up device_id at 1852 (offset).
mdb 0x8005852 6
0x08005852: ff ff ff ff ff ff
mdb 0x8004000 32
0x08004000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff