This software brings you the possibility to Read and Write the internal Flash of the Nordic nRF52 series with an ESP32

Last update: Dec 31, 2022

Related tags

Overview

ESP32 nRF52 SWD flasher

This software brings you the possibility to Read and Write the internal Flash of the Nordic nRF52 series with an ESP32 using the SWD interface. A tool to exploit the APPROTECT vulnerability is included as well.

You can support my work via PayPal: https://paypal.me/hoverboard1 this keeps projects like this coming.

To flash an nRF52 connect the SWD pins: CLK to GPIO 21 and DIO to GPIO 19 of the ESP32. Also connect the nRF52 GND to the ESP32 and power the nRF52 as needed.

To bypass the Readout protection of an nRF52 connect the following:

3.3V Power of the nRF to GPIO 22 of the ESP32 NFet Mosfet like shown to GPIO 5 of the ESP32 - the Gate from the Mosfet to the DEC1 pin of the nRF SWD pins as mentioned above

This repo is made together with these explanation videos:(click on it)

Needed Software

Arduino IDE https://www.arduino.cc/
ESP32 core Library https://github.com/espressif/arduino-esp32
This version of the WifiManager https://github.com/tzapu/WiFiManager/tree/feature_asyncwebserver
AsyncTCP https://github.com/me-no-dev/AsyncTCP
ESPAsyncWebServer https://github.com/me-no-dev/ESPAsyncWebServer

HowTo:

Open the "ESP32_SWD_WIFI.ino" file with Arduino and select the "ESP32 Dev Module", Make sure to select "No OTA (1MB App / 3MB SPIFFS)" as config for the ESP32 to have more space available.
Select the ESP32 COM port
Click on Upload and wait for a succesfull upload
The ESP32 will now create a Wifi Network with the WifiManage called "AutoConnectAP" with your Browser go to the ip 192.168.4.1 after connecting to the Wifi
Configure the Wifi to your Home network
If fully connected enter "http://swd.local" in your internet browser and it should show a first page from the ESP32
Go to "http://swd.local/edit" log in with admin:admin browse for the "index.htm" file and upload it via the supplied webpage
Got to "http://swd.local" again, the SWD Flasher paged should be shown now.
Connect the nRF via SWD if not already done. Click the button "Init SWD" and wait for the response in the info page or look in the Arduino UART terminal if something doesnt work, The nRF chip should be detected, if the nRF is locked it will notify about that.
To flash a new firmware to an nRF you can erase the whole chip to then flash an uploaded file via the "Flash file" button, you need to enter the correct filename.
To dump the flash content of an nRF enter a filename an offset if wanted and a size of bytes in dezimal then click the "Dump to file" button and wait for it.
To Glitch the nRF use the Delay input to find the right spot on where to glitch, it should be near the small voltage drop of the DEC1 line, best is to have an Osci connected to see what is happening but you can also just blindly find the Delay as the delay will increase and the ESP32 will notify about a suffesfull glitch after clicking "Enable Glitcher" you can change the delay time on the fly.

ESP32 Glitcher schematic:

Credits go to LimitedResults for finding the Power glitching Exploit: https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass-part-2/

Comments

Flashing two files (code and SoftDevice) using offsets

I'm trying to flash an nRF52840 with code for the b-parasite project (https://github.com/rbaron/b-parasite/wiki/How-to-Program). That project requires the SoftDevice protocol stack to be copied as well as the custom program code. I assume I need to use offsets for this, but it's unclear to me how to know what the offsets should be. Any suggestions? Thanks.

opened by ryanmillerwork 0
Support for STM32 series

Please could you adapt this to STM32 series that use SWD? I tried using this on an STM32 but it seems the protocol layout for the memory is different even though they use SWD and ARM-based

opened by fedy0 0
swd.local/edit upload bar not showing
Hello,

Issue is going to swd.local/edit for the index.htm upload

I installed everything like normal, Connected to a WiFi AP I have access to swd.local/ with the webpage saying go to /edit

once in /edit there is no way to upload everything is blank.

I tried completely reinstalling Arduino and removing everything, and I used a different devices.

different browsers and different devices.

Same issue keeps happening, thank you.
opened by ANTI443 3
Problems compiling the ESP32_SWD_wifi
`In file included from C:\Users\L\Downloads\ESP32_nRF52_SWD-main\ESP32_nRF52_SWD-main\ESP32_SWD_WIFI\ESP32_SWD_WIFI.ino:1:

C:\Users\L\Documents\Arduino\libraries\WiFiManager-feature_asyncwebserver/strings_en.h:371:7: error: 'wifi_country_t' does not name a type; did you mean 'fsfilcnt_t'?

const wifi_country_t WM_COUNTRY_US{"US",1,11,CONFIG_ESP32_PHY_MAX_TX_POWER,WIFI_COUNTRY_POLICY_AUTO};

^~~~~~~~~~~~~~ fsfilcnt_t

C:\Users\L\Documents\Arduino\libraries\WiFiManager-feature_asyncwebserver/strings_en.h:372:7: error: 'wifi_country_t' does not name a type; did you mean 'fsfilcnt_t'?

const wifi_country_t WM_COUNTRY_CN{"CN",1,13,CONFIG_ESP32_PHY_MAX_TX_POWER,WIFI_COUNTRY_POLICY_AUTO};

^~~~~~~~~~~~~~ fsfilcnt_t

C:\Users\L\Documents\Arduino\libraries\WiFiManager-feature_asyncwebserver/strings_en.h:373:7: error: 'wifi_country_t' does not name a type; did you mean 'fsfilcnt_t'?

const wifi_country_t WM_COUNTRY_JP{"JP",1,14,CONFIG_ESP32_PHY_MAX_TX_POWER,WIFI_COUNTRY_POLICY_AUTO};

^~~~~~~~~~~~~~ fsfilcnt_t

In file included from C:\Users\L\Documents\Arduino\libraries\WiFiManager-feature_asyncwebserver/WiFiManager.h:109,

from C:\Users\L\Downloads\ESP32_nRF52_SWD-main\ESP32_nRF52_SWD-main\ESP32_SWD_WIFI\web.cpp:15:

C:\Users\L\Documents\Arduino\libraries\WiFiManager-feature_asyncwebserver/strings_en.h:371:46: error: 'CONFIG_ESP32_PHY_MAX_TX_POWER' was not declared in this scope

const wifi_country_t WM_COUNTRY_US{"US",1,11,CONFIG_ESP32_PHY_MAX_TX_POWER,WIFI_COUNTRY_POLICY_AUTO};

^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C:\Users\L\Documents\Arduino\libraries\WiFiManager-feature_asyncwebserver/strings_en.h:371:46: note: suggested alternative: 'CONFIG_ESP_PHY_MAX_TX_POWER'

const wifi_country_t WM_COUNTRY_US{"US",1,11,CONFIG_ESP32_PHY_MAX_TX_POWER,WIFI_COUNTRY_POLICY_AUTO};

^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CONFIG_ESP_PHY_MAX_TX_POWER

C:\Users\L\Documents\Arduino\libraries\WiFiManager-feature_asyncwebserver/strings_en.h:372:46: error: 'CONFIG_ESP32_PHY_MAX_TX_POWER' was not declared in this scope

const wifi_country_t WM_COUNTRY_CN{"CN",1,13,CONFIG_ESP32_PHY_MAX_TX_POWER,WIFI_COUNTRY_POLICY_AUTO};

^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C:\Users\L\Documents\Arduino\libraries\WiFiManager-feature_asyncwebserver/strings_en.h:372:46: note: suggested alternative: 'CONFIG_ESP_PHY_MAX_TX_POWER'

const wifi_country_t WM_COUNTRY_CN{"CN",1,13,CONFIG_ESP32_PHY_MAX_TX_POWER,WIFI_COUNTRY_POLICY_AUTO};

^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CONFIG_ESP_PHY_MAX_TX_POWER

C:\Users\L\Documents\Arduino\libraries\WiFiManager-feature_asyncwebserver/strings_en.h:373:46: error: 'CONFIG_ESP32_PHY_MAX_TX_POWER' was not declared in this scope

const wifi_country_t WM_COUNTRY_JP{"JP",1,14,CONFIG_ESP32_PHY_MAX_TX_POWER,WIFI_COUNTRY_POLICY_AUTO};

^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C:\Users\L\Documents\Arduino\libraries\WiFiManager-feature_asyncwebserver/strings_en.h:373:46: note: suggested alternative: 'CONFIG_ESP_PHY_MAX_TX_POWER'

const wifi_country_t WM_COUNTRY_JP{"JP",1,14,CONFIG_ESP32_PHY_MAX_TX_POWER,WIFI_COUNTRY_POLICY_AUTO};

^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CONFIG_ESP_PHY_MAX_TX_POWER

Multiple libraries were found for "WiFi.h"`
opened by lwlbeng 9
Problems Glitching nrf52832

Thank you for this nice little SWD programmer GUI and the glitcher for the ESP32 :D

I am currently trying to glitch an nrf52832. I narrowed down the glitching width in the source code to 6-10us, as this should do the trick according to other researchers. I try to find the right timing for glitching the nrf52832 for quite some time now. Somehow I am either glitching at the wrong timing or just doing something wrong. Has anyone a hint for me? I recorded some scope recordings:

Where should the glitch be applied? I thought somewhere around +7ms in Zoom1/Zoom2 - is this correct?

opened by pascal-gujer 20

Owner

GitHub

RemixDB: A read- and write-optimized concurrent KV store. Fast point and range queries. Extremely low write-amplification.

REMIX and RemixDB The REMIX data structure was introduced in paper "REMIX: Efficient Range Query for LSM-trees", FAST'21. This repository maintains a

81 Dec 3, 2022

AMD K6-2 (CXT) / K6-2+ / K6-3 / K6-3+ Write Allocate / Write Combine / Write Ordering / Frequency Multiplier Initialization driver for MS-DOS

K6INIT What is this? This is a driver for MS-DOS to replace k6dos.sys which is a bit useless and unflexible. It does not support the CXT versions of t

10 Sep 11, 2022

NightDriverStrip is a source code package for building a flash program that you upload to the ESP32 microcontroller.

631 Dec 28, 2022

Haxe native extension to read and write windows clipboard.

Haxe Clipboard This is a native library to read and write clipboard data from Haxe. It uses Ammer to generate bindings. Note: This is a Windows only l

12 Nov 11, 2022

Ntfs-3g - NTFS-3G Safe Read/Write NTFS Driver

INTRODUCTION ============ The NTFS-3G driver is an open source, freely available read/write NTFS driver for Linux, FreeBSD, macOS, NetBSD, OpenIndia

461 Jan 8, 2023

Android PoC to read/write Huawei's NVME image

hisi-nve Android PoC to read/write Huawei's NVME image Disclaimers Use this tool at your own risk and always backup NVME. This tool was made for educa

19 Dec 15, 2022

ESP32-Skid-Steer - Bruder Catepillar Skid Steer model converted to RC, controlled by an ESP32 with 2 analog joysticks and a receiver that is an ESP32 on the model.

ESP32-Skid-Steer Bruder Catepillar Skid Steer model converted to RC, controlled by an ESP32 with 2 analog joysticks and a receiver that is an ESP32 on

6 Oct 27, 2022

MHPatches is a plugin that brings some of PS2 features of Manhunt to the PC.

MHPatches Intro MHPatches is a plugin that brings some of PS2 features of Manhunt to the PC. Requirements UAL (https://github.com/ThirteenAG/Ultimate-

30 Dec 20, 2022

ESP32 firmware to read and control EMS and Heatronic compatible equipment such as boilers, thermostats, solar modules, and heat pumps

EMS-ESP is an open-source firmware for the Espressif ESP8266 and ESP32 microcontroller that communicates with EMS (Energy Management System) based equipment from manufacturers like Bosch, Buderus, Nefit, Junkers, Worcester and Sieger.

274 Jan 8, 2023

An internal training software base for csgo linux

Winter-linux An internal training software base for csgo linux Installation Install packages Arch: sudo pacman -S --needed base-devel git cmake gdb sd

13 Jan 20, 2022

Internal Software Development Kit for Battlefield 2042

battlefield-2042-internal-sdk Internal Software Development Kit for Battlefield 2042 SDK Includes the following: Entity Classes Player Classes Vehicle

11 Nov 29, 2022

Had a tough time playing Microsoft Wordament ? Well WORDament_Solver has your back. It suggests you meaningful words you can use while playing the game and help you top the leaderboard.

WORDament_Solver Had a tough time playing Microsoft Wordament ? Well WORDament_Solver has your back. It suggests you meaningful words you can use whil

3 Aug 19, 2021

Exploit allowing you to read registry hives as non-admin on Windows 10 and 11

HiveNightmare aka SeriousSam, or now CVE-2021–36934. Exploit allowing you to read any registry hives as non-admin. What is this? An zero day exploit f

618 Jan 1, 2023

Get Next Line is a project at 42. It is a function that reads a file and allows you to read a line ending with a newline character from a file descriptor

Get Next Line is a project at 42. It is a function that reads a file and allows you to read a line ending with a newline character from a file descriptor. When you call the function again on the same file, it grabs the next line

5 Nov 15, 2022

bl_mcu_sdk is MCU software development kit provided by Bouffalo Lab Team for BL602/BL604, BL702/BL704/BL706 and other series of RISC-V based chips in the future.

bl mcu sdk is an MCU software development kit provided by the Bouffalo Lab Team for BL602/BL604, BL702/BL704/BL706 and other series of chips in the future

165 Dec 23, 2022

LM75A temperature sensor library that you can use with STM32F10x series microcontrollers.

STM32F10x-LM75A-Library LM75A temperature sensor library that you can use with STM32F10x series microcontrollers. Launching the LM75A sensor in your a

12 Nov 25, 2022

The Time Series Visualization Tool that you deserve.

Gold Sponsor: Greenzie PlotJuggler 3.3 PlotJuggler is a tool to visualize time series that is fast, powerful and intuitive. Noteworthy features: Simpl

3.2k Jan 8, 2023

X-CUBE-AZRTOS-F4 (Azure RTOS Software Expansion for STM32Cube) provides a full integration of Microsoft Azure RTOS in the STM32Cube environment for the STM32F4 series of microcontrollers.

X-CUBE-AZRTOS-F4 Azure RTOS Software Expansion for STM32Cube With Azure RTOS complementing the extensive STM32Cube ecosystem providing free developmen

28 Dec 7, 2022

X-CUBE-AZRTOS-F7 (Azure RTOS Software Expansion for STM32Cube) provides a full integration of Microsoft Azure RTOS in the STM32Cube environment for the STM32F7 series of microcontrollers.

X-CUBE-AZRTOS-F7 Azure RTOS Software Expansion for STM32Cube With Azure RTOS complementing the extensive STM32Cube ecosystem providing free developmen

7 Nov 17, 2022