To make the experience fit your profile, pick a username and tell us what interests you.
MCU: NXP LPC11U37F ARM Cortex-M0
Radio: Nordic nRF51822 Soc, ARM Cortex-M0, BLE
Create an account to leave a comment. Already have an account? Log In.
Parsed hex packets being sent during the firmware update: https://drive.google.com/file/d/0B9noT-h9uevldl9FcFU4RnFUZjA/view?usp=sharing
Already stripped out the usb header info, so just the hex data is there. Each packet starts with 92 32, so that may be some sort of pointer, and there are several packets with nothing but FF or 00 bytes. Also, near the end there is a section that says VALVE WEAK and TESTdozewipe. Not sure what those mean, but I'm running a disassembler on it to see if i can pick out any actual firmware activity
Finally captured the firmware update. It's in wireshark format. https://drive.google.com/a/projectmakeit.com/file/d/0B9noT-h9uevlaHRwUUVBVXVvV00/view?usp=sharing
I made my account only to thank you for tearing the dongle apart and upload these awesome photos, really, thank you guy!
Just got my controllers in, starting a teardown this evening.
http://blog.includesecurity.com/2015/11/NordicSemi-ARM-SoC-Firmware-dumping-technique.html might be of interest :)
@egoodchild considering they are making it "open and hackable", I doubt they have any flash security. I get both of mine on Friday, so I'll pull the flash then to be sure.
The ploy they are using with the SWD port is not uncommon. Neither is the coupling of a BLE radio of NXP parts.
Pin-out would fallow for both parts:
1.VCC
2.SWDIO
3.nRESET
4.SWCLK
5.GND
6.SWO (only needed for trace debugging)
They likely used the same IDE to develop firmware for both parts. It will be interesting to see if Valve locked the flash security in either part.
to follow this project and never miss any updates
So is this project dead already?