2.3 KiB
2.3 KiB
Micro::bit
Extract source code from firmware
When the source has been build from https://makecode.microbit.org/#editor, the Javascript code is embedded into the firmware.
import bincopy
import lzma
import sys
import subprocess
import json
# split firmware into raw and code
with open(sys.argv[1],'r') as f:
fwstring = f.read()
fwsplit = fwstring.split('\n\n')
with open('fw_raw.hex', 'w') as g:
g.write(fwsplit[0])
with open('fw_code.hex', 'w') as g:
g.write(fwsplit[1])
# Convert ihex to bin
f = bincopy.BinFile()
f.add_ihex_file('fw_code.hex')
binary = f.as_binary()
print("[+] ihex converted to binary")
## Extract code firmware, bruteforce offset
for i in range(200):
with open('firmware.bin', 'w+b') as g:
g.write(binary[i:])
try:
data = subprocess.run(["lzma", "firmware.bin", "-d", "--stdout"], capture_output=True)
data = data.stdout.decode().split('}',1)
data = data[1][1:]
data = json.loads(data)
print(data)
print("\n[+] Javascript code")
print(data['main.ts'])
except Exception as e:
continue
Extract firmware using SWD
Connection
Solder wires on SWD pins:
Connect to an ST-LINK v2:
OpenOCD profile
Official datasheet of the nRF51822:
Code section size:
hex(1024*256) = 0x40000 => 0x00040000
init
reset init
halt
dump_image image.bin 0x00000000 0x00040000
exit
$ sudo openocd -f /home/maki/tools/hardware/openocd/tcl/interface/stlink-v2-1.cfg -f /home/maki/tools/hardware/openocd/tcl/target/nrf51.cfg -f dump_fw.cfg
Python code
Content of image.dd
file:
$ strings image.bin
[...]
main.py# Add your Python code here. E.g.
from microbit import *
while True:
display.scroll('Hello, World!')
displa
y.show(Image.HEART)
sleep(1000)
print("coucou")
sleep(2000)