How to Unlock MCU Flash - EFeru/hoverboard-firmware-hack-FOC GitHub Wiki

This wiki page explains how to unlock the flash of an STM32 or a GD32 to allow re-flashing with a custom firmware.

⚠️ WARNING ⚠️

It's not possible to dump the original firmware and flash it later. This procedure will erase the stock MCU firmware irreversibly! Perform these steps at your own risk!

Make sure you hold the power button while unlocking the chip, as the STM will release the power latch and switch itself off.

Method 1: Using ST-Link Utility

  • Step 1: Download and install the ST-Link Utility
  • Step 2: Connect the ST-Link programmer to the MCU programming pins GND, SWDIO, SWCLK. Connect the 3V3 pin only if your MCU is not powered externally.
  • Step 3: Open the ST-Link utility and press Connect to target

unlock1

  • Step 4: If you get the message Can not read memory! the MCU is most probably locked
  • Step 5: Go to Target and click Option Bytes

unlock2

  • Step 6: Select Disable in Read Out Protection drop-down menu, enable following option bytes and click Apply image

  • Step 7: Click Connect to target

unlock4

  • Step 8: If you see the window above, then you have successfully unlocked your MCU. You can now flash the MCU.

⚠️ Make sure you disconnect st-link utility if you are using another tool for flashgin the firmware later

:toolbox: Troubleshooting

If you get funny, unexpected behavior from your board after flashing (see this thread), it is most likely that the unlocking process did not succeed properly. To fix it follow these steps:

  • Step 1: Lock the GD32 following the Steps above in reverse order
  • Step 2: Unlock the GD32 as described above, however at Step 6, check all the boxes for User configuration option bytes
  • Step 3: Click OK if you get any error/warning.
  • Step 4: Flash the firmware

See this video

Please also check this.

Method 2: Using Ubuntu/Linux

  • Step 1: Install the ST-Flash Utility
  • Step 2: Install OpenOCD
  • Step 3: Connect the ST-Link programmer to the MCU programming pins GND, SWDIO, SWCLK. Connect the 3V3 pin only if your MCU is not powered externally.
  • Step 4: Open a terminal and send the following OpenOCD command:
openocd -f interface/stlink.cfg -f target/stm32f1x.cfg -c init -c "reset halt" -c "stm32f1x unlock 0"
  • Step 5: If that does not work. Try:
openocd -f interface/stlink.cfg -f target/stm32f1x.cfg -c init -c "reset halt" -c "mww 0x40022004 0x45670123" -c "mww 0x40022004 0xCDEF89AB" -c "mww 0x40022008 0x45670123" -c "mww 0x40022008 0xCDEF89AB" -c "mww 0x40022010 0x220" -c "mww 0x40022010 0x260" -c "sleep 100" -c "mww 0x40022010 0x230" -c "mwh 0x1ffff800 0x5AA5" -c "sleep 1000" -c "mww 0x40022010 0x2220" -c "sleep 100" -c "mdw 0x40022010" -c "mdw 0x4002201c" -c "mdw 0x1ffff800" -c targets -c "halt" -c "stm32f1x unlock 0"

openocd -f interface/stlink.cfg -f target/stm32f1x.cfg -c init -c "reset halt" -c "mww 0x40022004 0x45670123" -c "mww 0x40022004 0xCDEF89AB" -c "mww 0x40022008 0x45670123" -c "mww 0x40022008 0xCDEF89AB" -c targets -c "halt" -c "stm32f1x unlock 0"