diff --git a/3_backup_internal_flash.sh b/3_backup_internal_flash.sh index 2c221d2..cfcc494 100755 --- a/3_backup_internal_flash.sh +++ b/3_backup_internal_flash.sh @@ -15,12 +15,22 @@ if test -f backups/internal_flash_backup.bin; then exit 1 fi +echo "This step will overwrite the contents of the SPI flash that we backed up in step 2." +echo "It will be restored in step 5. Continue? (Y/y)" +read -n 1 -r +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + echo "Aborted." + exit 1 +fi + echo "Generating encrypted flash image from backed up data..." if ! python3 python/tcm_encrypt.py backups/flash_backup.bin backups/itcm_backup.bin payload/payload.bin new_flash_image.bin; then echo "Failed to build encrypted flash image." exit 1 fi + echo "Running flashloader..." if ! ./scripts/flashloader.sh $ADAPTER new_flash_image.bin; then diff --git a/README.md b/README.md new file mode 100644 index 0000000..1adeb60 --- /dev/null +++ b/README.md @@ -0,0 +1,47 @@ +# Game and Watch Backup and Restore tools + +This repository contains pre-built tools for backing up & restoring the original Game and Watch firmware. + +What you'll need: +- A Game & Watch in original state +- An ARM debug probe (Tested with J-Link and ST-Link compatible devices) +- Connections to the [debug port](https://twitter.com/ghidraninja/status/1326860677353512960) - testclips or soldered wires work well! +- A computer with Ubuntu 20.04 or compatible. + + +## Warnings & disclaimer + +The tools in this repository will modify both the internal and the external flash of the Game and Watch. +While we tested the scripts to our best ability, we can not guarantee that there won't be failures that will leave your +Game & Watch damaged. Use these tools at your own risk. If you feel like you don't understand what you're doing it might be best to let someone with more experience help (and teach) you! + + +## Connecting the debugger + +When connecting the debugger ensrue that at least SWDIO, SWDCLK and GND are connected. Do *not* under any circumstances connect 3.3V to the VDD connection. If your debug probe (for example ST-Link clones) does not have a VTREF connector, just leave VDD unconnected. Connecting 3.3V to VDD will likely destroy your SPI flash. + + +## Ubuntu setup + +Install the required tools: + +``` +sudo apt-get install gcc-arm-none-eabi binutils-arm-none-eabi gdb-arm-none-eabi openocd python3 +``` + +## Usage + +The scripts are split into 5 parts: + +- 1_sanity_check.sh - Performs sanity check and makes sure all required tools are available +- 2_backup_flash.sh - Backs up the contents of the SPI flash. Does not modify device contents. +- 3_backup_internal_flash.sh - Backs up the internal flash. To do this the contents of the SPI flash are modified. Your device will stop working until it's restored in step 5. +- 4_unlock_device.sh - This will disable the active read protection. This will erase the internal flash of the STM32. +- 5_restore.sh - This will restore the original firmware. + +## What if something goes wrong + +As long as your electrical connections are right and you didn't short/overvolt anything, chances are high that it's rescuable: + +If a script fails and the device does not work after power-cycling, repeat the script. If it fails again, try to hold the power button of the device while executing the script. +