Continue to Site

Welcome to EDAboard.com

Welcome to our site! EDAboard.com is an international Electronics Discussion Forum focused on EDA software, circuits, schematics, books, theory, papers, asic, pld, 8051, DSP, Network, RF, Analog Design, PCB, Service Manuals... and a whole lot more! To participate you need to register. Registration is free. Click here to register now.

Register Log in

UNlocking Micro controller

Status
Not open for further replies.
Fragrance

Fragrance

Advanced Member level 4
Joined
Jul 26, 2002
Messages
1,190
Helped
248
Reputation
496
Reaction score
202
Trophy points
1,343
Location
East Of Earth
Activity points
8,933
trap adress 8052

hi

all these info only for education purpose only

--------------------------------------------------------------------------------
Found this on the web a while ago. Haven't had time to try it out. Let me
know if it works. Maybe it will force manufacturers to improve their
products.
***********************************************************
With HACK.ASM program, it's possible to read most of the 8051/52 chips.
Unprotection of chip is based on possibility to read the 8052 having
the two security bits setted with help of the instruction MOV a,@DPTR, if
that
instruction will be executed by internal Eprom. If the 8052 will be run in a
particular mode, the instruction can be called via an external Eprom.
You must operate in this way :
1) Put ON processor of the internal Eprom
2) When the 8052 is executing the internal Eprom, switch to external Eprom.
The
8052 will see only 0FFh, means MOV R7,A
3) Control of the processor will be under external Eprom, you will be able
after to return executing program of internal Eprom.
It seems difficult, but if you try it you will understand easily yourself.
Usefull hardware :
1) 8051/52 chip
2) A latch and the program stored on an eprom
3) A switch to pin 31 to be able to switch from internal and external Eprom.
4) A MAX232 or something compatible to interface with a Rs232c
5) A quartz 11.0592 Mhz
6) A terminal program for your computer
Have fun !
;**********************************************************************
;THIS SOURCECODE HACKS 8052 MICROCONTROLLERS WITH ITS TWO SECURITY
;BIT SETTED. YOU CAN USE THIS SOFTWARE ON ANY 8051 EVALUATION BOARD AND THE
;HACK IS DONE BY SWITCHING FROM INTERNAL TO EXTERNAL PROGRAM MEMORY. WHAT
;YOU NEED IS A TERMINAL PROGRAM WITH CAPTURE ON, SERIAL DATA IS
;COMING OUT FROM THE TXD PIN ON THE MICROCONTROLLER, GOOD LUCK!!!
;NOTE: PLEASE USE A 11.0592 MHZ X-TAL
;**********************************************************************
BEGIN:
CALL RS_INIT
MOV DPTR,#TEKST1
CALL RS_DPTR
SJMP $
CSEG AT 2000H
CALL RS_INIT
MOV DPTR,#TEKST2
CALL RS_DPTR
MOV DPTR,#LOGO
CALL RS_DPTR
MOV A,#32
CALL DELAY
MOV DPTR,#0000H
CALL GETTER
MOV DPTR,#TEKST3
CALL RS_DPTR
MOV A,#32
CALL DELAY
MOV DPTR,#0000H
LOOP: CALL GETTER
MOV B,A
MOV A,DPH
CALL RS_HEX
MOV A,DPL
CALL RS_HEX
MOV A,#':'
CALL RS_ASC
MOV A,B
CALL RS_HEX
CALL RS_CR
INC DPTR
MOV A,DPH
CJNE A,#20H,LOOP
MOV DPH,#0
SJMP LOOP
GETTER: PUSH DPH
PUSH DPL
MOV R2,#1
MOV R0,#0
CLR A
MOV @R0,A
;**************************************************
;TRAP ADRESS, PLEASE TRY ONE OF THESE
;**************************************************
CALL 016B1H; 012DAH ;17ACH
POP DPL
POP DPH
RET
;**************************************************************************
;**************************************************************************
; BEGIN MODULE RS-232
;**************************************************************************
;**************************************************************************
RS_INIT: MOV TMOD,#20H
MOV TH1,#0FDH ;BEPAALD BAUDRATE
MOV TCON,#040H
MOV SCON,#058H
MOV 87H,#000H ;DUBBELE BAUDRATE=80, ANDERS 00
SETB P3.1
MOV A,#1
CALL DELAY ;HERSTEL RS-232
CLR TI
RET
RS_CR: PUSH ACC
MOV A,#0AH
CALL RS_ASC
MOV A,#0DH
CALL RS_ASC
POP ACC
RET
RS_DPTR: CLR A
MOVC A,@A+DPTR
CJNE A,#'~',RS_DPTR_1
RET
RS_DPTR_1: CJNE A,#'`',RS_DPTR_2
CALL RS_CR
INC DPTR
SJMP RS_DPTR
RS_DPTR_2: CALL RS_ASC
INC DPTR
SJMP RS_DPTR
RS_ASC: MOV SBUF,A
JNB TI,$
CLR TI
RET
RS_HEX: PUSH DPH
PUSH DPL
PUSH ACC
MOV DPTR,#HEXTABEL
SWAP A
ANL A,#00FH
MOVC A,@A+DPTR
CALL RS_ASC
POP ACC
PUSH ACC
ANL A,#00FH
MOVC A,@A+DPTR
CALL RS_ASC
POP ACC
POP DPL
POP DPH
RET
HEXTABEL: DB '0123456789ABCDEF'
RS_DEC: PUSH ACC
PUSH B
MOV B,#100
DIV AB
ADD A,#30H
CALL RS_ASC
MOV A,B
MOV B,#10
DIV AB
ADD A,#30H
CALL RS_ASC
MOV A,B
ADD A,#30H
CALL RS_ASC
POP B
POP ACC
RET
TEKST1: DB 'GOOD LUCK```````````````````'
DB '*******************************************`'
DB '* CHIP COPIER VERSION 2.02 *`'
DB '*******************************************`'
DB '`'
DB '1. SWITCH TO INTERNAL ROM`'
DB '2. RESET CHIP`'
DB '3. SWITCH BACK TO EXTERNAL ROM`'
DB '4. WAIT FOR THE MESSAGE READY TO COPY`'
DB '5. SWITCH BACK TO INTERNAL ROM``'
TEKST2: DB '``````````READY TO COPY`SWITCH TO INTERNAL ROM`~'
TEKST3: DB '``````````HEY-LOW-FUCK.... HERE IT COMES....`~'
LOGO: DB ' `~'
DELAY: PUSH 050H
PUSH 051H
PUSH 052H
MOV 50H,A
MOV 51H,#00H
MOV 52H,#00H
DELAY_2: DJNZ 52H,DELAY_2
DJNZ 51H,DELAY_2
DJNZ 50H,DELAY_2
POP 052H
POP 051H
POP 050H
RET
END
--------------------------------------------------------------------------------
 

Status
Not open for further replies.

Similar threads

Part and Inventory Search

Welcome to EDABoard.com

Sponsor

Back
Top