Differences

This shows you the differences between two versions of the page.

--- disassembled_devices:vcds_clone_cable [2025/10/26 00:52] – [How to unbrick cable?] admin
+++ disassembled_devices:vcds_clone_cable [2025/10/26 01:01] (current) – [Patching RDP2 theoretically] admin
@@ Line 91: / Line 91: @@
 Updating can be done over USB if your cable is updateable and not bricked (be aware of fly-loader bricking cables intentionally!) \\
-Flashing can be done via SWD programming interface if RDP2 is not set. "brick-by-fly" sets RDP2. If RDP2 is set and your cable is bricked, the easiest choice is to replace the STM32 MCU. You can get STM32F405VGT6 [[https://aliexpress.com/item/1005006862646663.html|e.g. on aliexpress for ~3€]] (probably clones? mine works fine). Desolder bricked RDP2 MCU and replace with fresh one //(use the Flux, Luke! Always flush&Wash, this time with Isopropanol)// - better flash a RDP0 firmware then. \\
+Flashing can be done via SWD programming interface if RDP2 is not set. "brick-by-fly" sets RDP2. If RDP2 is set and your cable is bricked, the easiest choice is to replace the STM32 MCU. You can get STM32F405VGT6 [[https://aliexpress.com/item/1005006862646663.html|e.g. on aliexpress for ~3€]] (probably clones? it works fine). Desolder bricked RDP2 MCU and replace with fresh one //(use the Flux, Luke! Always flush&Wash, this time with Isopropanol)// - better flash a RDP0 firmware then. \\
 Tip to remove LQFP64 package without hot air rework station: take a rotary tool and cut through all pins carefully, then make PCB clean.
 Alternative: Coat wire with tin and solder nonstop to all pins to be able to desolder all pins concurrently with a soldering iron - [[https://www.youtube.com/watch?v=Vou2xlJkuoU|see this random YT video]] \\
@@ Line 108: / Line 108: @@
 ❌ Patching out potential security functions which use RSA keys of OTP in dump is not described here - it is probably an excessive task. \\
-**How to theoretically remove RDP2 from dump? idk, I have not tried myself (only had one spare MCU after brick-by-fly) - I imagine the easiest first approach to try it would like this:** \\
+**How to theoretically remove RDP2 from dump? idk, I have not tried myself (only had one spare MCU after brick-by-fly) - I imagine the easiest first approach to try it could be like this:** \\
 . Load the Dump into a Disassembler like Ghidra, Binary Ninja, Radare2 or IDA Pro. \\
@@ Line 139: / Line 139: @@
 . Repack the Binary \\
 Save your modified binary. \\
-Cross your fingers and reflash it to a (clean / RDP0) MCU __on your own risk__ and write up your methods. \\
+Cross your fingers that this is sufficient and reflash it to a (clean / RDP0) MCU __on your own risk__ and write up your methods -(I have no spare MCU atm, do you take the risk?:). \\
 Use STM32CubeProgrammer or OpenOCD to flash to unlocked MCU with ST-Link V2 or J-Link as programmer. \\