atc1441/ESP32_nRF52_SWD atc1441/ESP32_nRF52_SWD

  • Stars
    star
    229
  • Rank 174,666 (Top 4 %)
  • Language
    C++
  • License
    GNU General Publi...
  • Created over 3 years ago
  • Updated 5 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
atc1441/ESP32_nRF52_SWD
github

atc1441

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This software brings you the possibility to Read and Write the internal Flash of the Nordic nRF52 series with an ESP32

ESP32 SWD Flasher for nRF52

This software makes it possible to Read and Write the internal Flash of the Nordic nRF52 series with an ESP32 using the SWD interface. A tool to exploit the APPROTECT vulnerability is included as well.

You can support my work via PayPal: https://paypal.me/hoverboard1 this keeps projects like this coming.

To flash an nRF52 connect the following:

  • nRF52 SWDCLK to ESP32 GPIO 21
  • nRF52 SWDIO to ESP32 GPIO 19
  • nRF52 GND to ESP32 GND to N-Channel MOSFET GND (Optional: O-scope GND Clips)
  • Then power the nRF52 as needed

To bypass the Readout protection (APPROTECT) of an nRF52 connect all of the above and the following:

  • nRF52 3.3V Power VDD to ESP32 GPIO 22 (Optional: O-scope Channel 2 Probe)
  • N-Channel MOSFET PWM+ to ESP32 GPIO 5 (as shown)
  • N-Channel MOSFET VOUT- to nRF52 DEC1 (as shown) (Optional: O-scope Channel 1 Probe)
  • Then power the nRF52 as needed

This repo is explained and demonstrated in these videos (click to watch):

YoutubeVideo

YoutubeVideo

Required Hardware

  • ESP32 Development Board
  • N-Channel MOSFET Board
  • nRF52 Series Board
  • Optional: Oscilloscope

Required Software

HowTo:

Note: Use version 1.0.6 of the ESP32 core. Also use the source files vs the release packages.

Arduino:

(It is also possible to use PlatformIO)

  • Copy or install the three downloaded libraries (AsyncTCP, ESPAsyncWebServer, WifiManager) into the Arduino > libraries directory
  • Arduino > libraries: Rename:
  • AsyncTCP-master to AsyncTCP
  • ESPAsyncWebServer-master to ESPAsyncWebServer
  • WiFiManager-master to WiFiManager
  • Add the ESP32 Core to Arduino (File > Additional Boards Manager URLS > https://raw.githubusercontent.com/espressif/arduino-esp32/gh-pages/package_esp32_index.json)
  • Install the ESP32 Core (Tools > Boards Manager > Search > esp32 > Select version > 1.0.6 > Install)
  • Open the "ESP32_SWD_WIFI.ino" file with Arduino and select the "ESP32 Dev Module" (Tools > Board: > ESP32 Arduino > ESP32 Dev Module)
  • Make sure to select "No OTA (1MB App / 3MB SPIFFS)" as the partition scheme for the ESP32 to have more space available. (Tools > Partition Scheme: > "No OTA (1MB App/3MB SPIFFS)")
  • Select the ESP32 COM port (Tools > Port: > COM#)
  • Click Verify
  • Click Upload
  • Long-press the BOOT button on ESP32 after clicking Upload, until it is showing "Uploading"
  • Once it displays "Leaving... Hard resetting..." it’s done flashing and ready to setup
  • The ESP32 will now create a Wifi Network with the WifiManager called: "AutoConnectAP" after connecting to the Wifi go to the ip: 192.168.4.1 in your Browser
  • Configure the Wifi for your home network
  • Once fully connected enter: "http://swd.local" in your internet browser and it should show a first page from the ESP32
  • Go to: "http://swd.local/edit" login with admin:admin
  • Click Choose File and browse for the "data/index.htm" file and click Upload
  • Go to: "http://swd.local" again, the ESP32 SWD Flasher page should now be displayed
  • If not already done, connect the nRF52 via SWD. Click the button "Init SWD" and wait for the response in the info page or look in the Arduino UART terminal if something doesn't work. The nRF chip should be detected and it will display a notification about whether or not the nRF52 is locked
  • To flash new firmware to an nRF52 you can erase the whole chip and then flash an uploaded file via the "Flash File" button, you need to enter the correct filename
  • To dump the flash content of an nRF52 enter a filename, an offset if wanted, and a size of bytes in decimal then click the "Dump to File" button and wait for it to finish
  • To Glitch the nRF52 use the Delay Input to find the right spot to glitch, it should be near the small voltage drop of the DEC1 line, best is to have an Oscilloscope connected to see what is happening, but you can also just blindly find the delay as the delay will automatically increase and the ESP32 will notify when it achieves a successful glitch after clicking "Enable Glitcher" you can change the delay time on the fly

ESP32 Glitcher schematic:

nRF52832 Glitch Tip, way better results with these 2 caps removed

Credits go to LimitedResults for finding the Power glitching Exploit: https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass-part-2/

More Repositories

1

ATC_MiThermometer

Custom firmware for the Xiaomi Thermometer LYWSD03MMC and Telink Flasher via USB to Serial converter
C
2,682
star
2

ATC_TLSR_Paper

Custom BLE firmware for Hanshow E-Paper Shelf Labels / Price Tags
C
284
star
3

E-Paper_Pricetags

C
230
star
4

CH559sdccUSBHost

USB host to Arduino Interface with the Cheap CH559 uC
C++
220
star
5

ATCmiBand8fw

A custom firmware for the Xiaomi Mi Band 8
HTML
186
star
6

ATCwatch

Custom Arduino C++ firmware for the P8 and PineTime plus many more DaFit Smartwatches
C
175
star
7

ZBS_Flasher

Arduino C++ Library and interface to flash the ZBS243 / SEM9110 8051 Microcontroller
C
132
star
8

DaFlasherFiles

Additional files for the DaFlasher App and the ATCwatch Firmware for the P8 Smartwatch
108
star
9

TCSintercomArduino

Arduino C++ interface for the TCS intercom system
C++
69
star
10

NETSGPClient

Arduino Interface for cheap 2.4ghz RF enabled Solar Micro Inverters
C++
60
star
11

ESP_CC_Flasher

Arduino Library and code to flash CC2510, CC1110 or other Texas Instruments CCxxx Microcontroller
C++
55
star
12

DiyArduinoESP232AlarmSystem

Simple Alarmsystem with the ESP8266 or ESP32 and 433mhz sensors
C++
48
star
13

ATC_stc_solder_iron

Custom firmware for cheap STC Based Soldering iron using PlatformIO and SDCC 8051 based
C
44
star
14

atc1441.github.io

HTML
38
star
15

CustomCanDecoderBox

C++
36
star
16

Waveshare_NFC_E-Paper_Display_custom_firmware

A basic custom firmware to show a running example on the TN2115S2 SoC inside of the Passive NFC E-Paper Displays from Waveshare
C++
35
star
17

88MZ100

C++
26
star
18

chflasher

Python
26
star
19

ATC_Wifi_Toothbrush

The fitting firmware to update the Wifi Toothbrush plus an example custom firmware for the ESP32-C3
C
25
star
20

QRcode_clock

64x64 RGB LED Matrix QR code clock using ESP32 and Espruino
JavaScript
25
star
21

CH_HID_Arduino

C++
25
star
22

Disno_band_NRF31512

Hacking of the Disno Band Version 2 and its internal NRF31512
C++
22
star
23

CH55xOneClickCompiler

CH551 to CH554 One Click SDCC Compiler
C
19
star
24

D6Emulator

D6 Fitness Tracker Custom Firmware for Arduino
C++
13
star
25

D6Flasher

Java
11
star
26

ATC_GICISKY_ESL

Informations and Example code to control the GICISKY / PICKSMART E-Paper Shelf Labels
11
star
27

HINKeinkDisplayLibrary

Driver for HINK E-Ink E-Paper Displays Arduino
C++
10
star
28

TI_CC_Ghidra_CPU

Ghidra Plugin for Texas Instrument CC 8051 SOC's especially CC1110 and CC2510
Java
10
star
29

ESP32-I2S-RGB-Matrix-Clock

C++
10
star
30

Magic3_DaFit

Code repo for infos and demos on the DaFit Magic 3 Smartwatch
C
9
star
31

ZBS243_SEM9110_Ghidra_CPU

Ghidra CPU Plugin which makes Reversing of the Samsung ZBS243 8051 SOC more simple
Java
8
star
32

HRS3300-Arduino-Library

Arduino Library for the HRS3300 Heartrate sensor for the nRF52 Bluetooth Micro
C
6
star
33

D6Notification

Companion App for the ATCwatch Arduino Smartwatch Firmware mainly for nRF52832
Java
5
star
34

ArduinoHoverboardAPI

C
2
star
35

smart-watch-socs

A list of smart watches and their corresponding SoC and price (USD)
2
star
36

CH55xDuino

1
star