Name: nsec-badge
Owner: NorthSec
Description: Software from the NorthSec badge
Created: 2016-07-03 18:26:39.0
Updated: 2018-05-23 14:53:45.0
Pushed: 2018-05-23 19:37:44.0
Homepage: https://nsec.io
Size: 14241
Language: C
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
The NorthSec 2018 badge has two programmable micro-controllers:
nRF52832
(nRF52) andSTM32F070F6P6
(stm32).The nRF52 is based on the ARM Cortex-M4F core and runs the armv7-m
instruction set, it takes care of:
The stm32 is based on the ARM Cortex-M0 core and runs the armv6-m
instruction set, it takes care of:
The badge can be supplied by 1 ICR14500 3.7v Li-ion rechargeable battery and/or the USB port. The battery can be charged from the USB port but the power switch must be turned ON for the duration of the charge.
The schematic are available.
If you wish to build your own badge:
There is a Makefile
for each micro-controller, but here are some stuff you'll
need to make it work.
To compile the badge firmware from source, your gcc need to be able
generating armv6-m
code and link with the nano variant of
newlib.
On OS X or macOS, you can use my formula for Homebrew:
tap marc-etienne/stm32
install arm-none-eabi-gcc
On Arch Linux, you will need the package arm-none-eabi-gcc, arm-none-eabi-newlib and arm-none-eabi-gdb.
On Debian Jessie, install gcc-arm-none-eabi
and libnewlib-arm-none-eabi
.
On Ubuntu, check the the GNU ARM Embedded Toolchain PPA.
Pre-built packages are also available for Windows, Linux and OS X here: https://launchpad.net/gcc-arm-embedded.
You will also need some python libraries, on Ubuntu / Debian:
apt install python-pil python-pycparser
The nF52 firmware depends on the Nordic SDK v14.2.0. You can download and extract
the SDK by typing make nordicsdk
in the nrf52
directory. I will also be done
automatically when building the first time.
The nRF52 also uses the s132 “SoftDevice” v5.0.0 to painlessly enable Bluetooth
Low Energy (BLE), which comes with the SDK. Use
make builds/s132_nrf52_5.0.0_softdevice.elf
to create the ELF file
from Nordic's binary distribution.
NOTE: The Nordic SDK and the SoftDevice isn't free software. The licence
agreements (nordicsdk_licence_agreement.txt
and
s132_nrf52_5.0.0_licence_agreement.txt
) will be downloaded as well.
The stm32 requires the opencm3 library. The library
is setup as a git submodule. Typing git submodule init
and git submodule
update
in the stm32 directory will fetch the latest version of the library.
Each micro-controller can be programmed using 6-pin Tag-Connect cable, the TC2030-CTX-NL, and a probe to talk to the chip via SWD. We used the Blacksphere Blackmagic probe. There is a version 2 out there now.
The following gdb
commands will load the firmware into the nRF52:
gnutarget elf32-littlearm
ne hook-quit
set confirm off
et extended-remote /dev/sttyXXX # Replace with your Black magic serial port
tor tpwr enable
tor swdp_scan
ch 1
mem inaccessible-by-default off
debug arm
builds/s132_nrf52_5.0.0_softdevice.hex
builds/nsec18_nrf52_conf.elf
The stm32 can be flashed in a similar fashion, although you will want to
load builds/nsec18_stm32_debugger.elf
instead.
You can also use the (more expensive) STLink, but we do not have the hardware to test instructions for it.
The stm32 can also be flashed by holding the PROGRAM
button behind the badge
while pressing the RESET
button. The stm32 will boot a specific on-chip bootloader
that implements the DFU
interface.
Reset the board with the PROGRAM
button pressed, then release the button.
You should now see a DFU device appearing on your computer:
% lsusb
...
Bus 001 Device 057: ID 0483:df11 STMicroelectronics STM Device in DFU Mode
...
Use a DFU compliant software to flash the STM32:
To make a bin
file from an ELF, run the following:
% arm-none-eabi-objcopy -O binary builds/nsec18_stm32_debugger.elf builds/nsec18_stm32_debugger.bin
Run the following command:
% dfu-util --reset --device 0483:df11 --alt 0 --dfuse-address 0x08000000 --download builds/nsec18_stm32_debugger.bin
The STM32 should reset automagically, running the newly downloaded firmware. The address of 0x08000000 is important, this is where the stm32 flash is mapped into memory.
There were 6 firmware images built for the NorthSec 2018 event.
nsec18_stm32_debugger.elf
The firmware of the stm32 used during the NorthSec conference. It has the BlackMagic gdb stub exposed via the USB to reprogram and debug the nRF52 chip.
nsec18_stm32_crossdebug.elf
Same as the stm32 conference firmware, except the debugger uses the external pins to allow programming and debugging the stm32 micro-controller of another badge.
nsec18_nrf52_{conf,admin,speaker,ctf}.elf
The firmware of the nRF52 used during the NorthSec conference and CTF. It
exposes a BLE service to change you avatar image and name. admin
, speaker
and ctf
has a special label in the status bar at the top of the display, all
the rest is the same.
Here are the steps to get you started. Lets say you've downloaded the source into the
nsec-badge
folder.
The blackmagic firmware that runs on the stm32 let you debug and flash firmware on the nRF52.
To compile the blackmagic firmware for the stm32:
% git submodule init
% git submodule update
% make builds/nsec18_stm32_debugger.bin
To flash the firmware on the stm32, boot the uController into DFU mode by
pressing and holding the PROGRAM
button, press RESET
, then releasing the
PROGRAM
button.
Make sure you see a DFU device:
% lsusb
Bus 001 Device 057: ID 0483:df11 STMicroelectronics STM Device in DFU Mode
Use dfu-util to flash the firmware:
% dfu-util --reset --device 0483:df11 --alt 0 --dfuse-address 0x08000000 --download builds/nsec18_stm32_debugger.bin
To compile the binary for the nRF52:
% cd nrf52
% make
To flash the binary on the nRF52, you'll need to either:
Use the blackmagic exposed ACM device to flash the firmware using GDB.