|
Hello, all! We made our own programming device for HCS12 via BDM and playing with it: read/write registers, writing to SRAM, etc... Today we trying to write flash (i.e. program FCNFG, FCMD, FADDR, FDATA registers). All working fine, untill we do mass erase. After that all flash bytes, including 0xFF0F become 0xFF. But byte 0xFF0F is copy to FSEC and after reset....ooooooopssssss! SEC[1:0] = 11b Now write and read to flash is not possible. I read about backdoor mechanism. So I think backdoor keys after mass erase become 0xff too. I try write it to 0xFF00 - 0xFF07 location but there is no result. And some stranger thing: BDM don't set UNSEC bit in status regsiter ... :( Maybe i do something wrong.... Please, help me! |
|
|
How to unsecure HSC12 via BDM?
Started by ●June 19, 2003
Reply by ●June 19, 20032003-06-19
|
Hi, Motorola AN2400/D, available on their web site, has a lot of useful information about HCS-12 flash and EEPROM. It is well worth reading and understanding if you plan to program flash or EEPROM. This document has a 27 step procedure for un-securing an HCS-12 part. This procedure should work on all HCS-12 parts, and has worked with our BDM pod on all the parts that I have tried. It is necessary to know the clock frequency of the target for the BDM connection to work and to set the flash and EEPROM clock divider registers. There are no other timing requirements for the procedure. Note also that the latest revisions of the HCS-12 have the additional restriction the backdoor key cannot be all 0's or all 1's. Steve At 09:14 AM 6/19/2003, you wrote: >Hello, all! >We made our own programming device for HCS12 via BDM and playing with it: >read/write registers, writing to SRAM, etc... Today we trying to write >flash (i.e. program FCNFG, FCMD, FADDR, FDATA registers). >All working fine, untill we do mass erase. After that all flash bytes, >including 0xFF0F become 0xFF. But byte 0xFF0F is copy to FSEC and after >reset....ooooooopssssss! SEC[1:0] = 11b Now write and read to flash is not >possible. I read about backdoor mechanism. So I think >backdoor keys after mass erase become 0xff too. I try write it to 0xFF00 - >0xFF07 location but there is no result. And some stranger thing: BDM don't >set UNSEC bit in status regsiter ... :( >Maybe i do something wrong.... Please, help me! > > >Yahoo! Groups Sponsor ><http://hits.411web.com/cgi-bin/autoredir?campU6&lineid179269&prop=egroupweb&pos=HM>1fb1c6.jpg" target="_blank" rel="nofollow">http://rd.yahoo.com/M$9982.3179269.4495679.1261774/D=egroupweb/S06554205:HM/A24963/R=0/SIGongbbsq/*http://hits.411web.com/cgi-bin/autoredir?campU6&lineid179269&prop=egroupweb&pos=HM>1fb1c6.jpg > >1fb22a.jpg > >-------------------- >>http://www.motorola.com/mcu >">http://docs.yahoo.com/info/terms/>Yahoo! Terms of Service. ************************************************************************* Steve Russell mailto: Senior Software Design Engineer http://www.nohau.com Nohau Corporation phone: (408)866-1820 51 East Campbell Avenue fax: (408)378-7869 Campbell, CA 95008 ************************************************************************* |
|
|
Reply by ●June 20, 20032003-06-20
|
--- In , Steve Russell <stever@n...> wrote: > > Motorola AN2400/D, available on their web site, has a lot of useful > information about HCS-12 flash and EEPROM. It is well worth reading and understanding if you plan to program flash or EEPROM. > > This document has a 27 step procedure for un-securing an HCS-12 part. This procedure should work on all HCS-12 parts, and has worked with our BDM pod on all the parts that I have tried. Big thanks, Steve. It's helps! |
