Dumping the ST-LINK/V2-1: an exploration into buffer overflows and lack of input validation
I have recently been messing around with my Game & Watch: Super Mario Bros., which uses a STM32 MCU. As a part of trying to support others trying to get into modding it, I purchased a few different debug probes to test out. Two of them feature an on-board ST-LINK/V2-1 (herein called ST-Link)
I’m not the first to become curious about how the ST-Link works. I found two people whose explorations I found useful. The first is by Taylor Killian, who documented the encryption that the ST-Link uses when upgrading firmware. This offered some clues on what I might have to do with the payload if I was to send data to the firmware update system. The writeup also detailed a key string used for the encryption, which helped me find an open-source library for communicating with the ST-Link’s bootloader, which would become a useful reference later. The second is by lujji, who detailed how they extracted the ST-Link bootloader through UART, which is the approach I decided to use later to extract the entire firmware.
Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.