Have Hammer, Will Hack

A project log for OM127-reboot

repair currupt firmware system in OM127 OBD2 scanner from AUTOPHIX

darkspr1tedarkspr1te 05/24/2018 at 18:100 Comments

Ok, so I left off last time telling you about the default aspect of the STM32F to have the debug pins high and that on our device they are tied into two parts of the system, namely CAN bus and K-Line in some way. Well we had already lifted PIN8 of the CAN chip to enable us to talk back to can devices, this is in fact thanks to the great HardwareCAN lib on the arduino STM32 forums, with just a few tweaks it was working (once we figured out the board mechanics)  but we didnt want to lift all the none working pads or pads tied into the debug system or other parts, so along comes gpio remapping of debug pins and once triggered to one map will stay like that until reset so if you do something silly like us and put that call in the setup() then you're asking for trouble and head scratching. Did I mention I know nothing about STM's until this project, all my prior STM troubles were STM8 based, 

So after i finished my small angry dance I looked back at the data sheets, to my pleasure there are two boot control pins, BOOT0 & BOOT1, between them they control the boot order like your bios does except this is raw board level stuff that only louis talks about.  

So we have a way to get back in as I am not fast enough to catch the reset and trigger the STLINK before it runs my debug disable code, oh, that points to a design choice, did they use the debug pins on purpose ? anyway back to the story, So looking at the board we see PIN60/BOOT0 tied to GND via a resistor R17, so if we put 3.3v to the PIN side of the resistor and reset the STM32F then we boot to system memory, if this is done after power up there is no code there so we can let go of our probes and send the new firmware without debug disable included, or at least a way to reactivate it, that is why the git code now has a pause to display clock speeds,can status, eeprom status. that is not to impress but allow me time to reflash without having to use boot0/boot1 pins, oh BOOT1 is PB2 connected to R7 and on to GND. 

Ok, we are back onto working device, 

And thats where we are currently, The next steps are doing a better menu system to speed up testing the OBD code in the field, right now it's a jumble of test code and silly remarks. 

Next weeks episode, Of course Captain  I can give you more