Micro::bit
Extract source code from firmware
When the source has been build from makecode.microbit.org, the Javascript code is embedded into the firmware.
import bincopy
import lzma
import sys
import subprocess
import json
# split firmware into raw and code
with open(sys.argv[1],'r') as f:
fwstring = f.read()
fwsplit = fwstring.split('\n\n')
with open('fw_raw.hex', 'w') as g:
g.write(fwsplit[0])
with open('fw_code.hex', 'w') as g:
g.write(fwsplit[1])
# Convert ihex to bin
f = bincopy.BinFile()
f.add_ihex_file('fw_code.hex')
binary = f.as_binary()
print("[+] ihex converted to binary")
## Extract code firmware, bruteforce offset
for i in range(200):
with open('firmware.bin', 'w+b') as g:
g.write(binary[i:])
try:
data = subprocess.run(["lzma", "firmware.bin", "-d", "--stdout"], capture_output=True)
data = data.stdout.decode().split('}',1)
data = data[1][1:]
data = json.loads(data)
print(data)
print("\n[+] Javascript code")
print(data['main.ts'])
except Exception as e:
continue
Extract firmware using SWD
Connection
Solder wires on SWD pins:
Connect to an ST-LINK v2:
OpenOCD profile
Official datasheet of the nRF51822: nRF51822_PS_v3.4.pdf
Code section size:
hex(1024*256) = 0x40000 => 0x00040000
init
reset init
halt
dump_image image.bin 0x00000000 0x00040000
exit
sudo openocd -f /home/maki/tools/hardware/openocd/tcl/interface/stlink-v2-1.cfg -f /home/maki/tools/hardware/openocd/tcl/target/nrf51.cfg -f dump_fw.cfg
Python code
Content of image.dd file:
$ strings image.bin
[...]
main.py# Add your Python code here. E.g.
from microbit import *
while True:
display.scroll('Hello, World!')
displa
y.show(Image.HEART)
sleep(1000)
print("coucou")
sleep(2000)