conorpp / efm8-arduino-programmer Goto Github PK

https://github.com/christophe94700/efm8-arduino-programmer/blob/master/flash36.py

It seems there is fork that simplifies a bit the firmware Upload: https://github.com/christophe94700/efm8-arduino-programmer

@christophe94700 Could you please try and merge upstream?
@conorpp If possible, could you switch to using flash instead of server/client? It seem based on a few other forks that PORTD is compatible with Uno and Nano. Does mega support PORTD?

The AT mega is 5v and the EFM8bb1 is 3.3v? Do you need a level shifter in order to protect the efm8bb1?

We discovered a malicious backdoor in the project's dependencies, affected versions are 3fe73c0~4c8593fd0547803bc1c6707ef87d0d4be58d1b84. Its malicious backdoor is the request package, the requirements.txt file has a dependency request.

Even if the request has been deleted by PyPI, many mirror sites have not completely deleted this package, so it can still be installed. For example: https://mirrors.neusoft.edu.cn/pypi/web/simple/request/

Using such a mirror site to download and install this item will be vulnerable.

Analysis of malicious function of request package: 1.Remote download of malicious code When the request package is installed, the setup.py file in the package will be actively executed. The setup.py file contains the logic for the attacker to remotely download and execute malicious code. At the same time, the C2 domain name is encoded and obfuscated. The decrypted C2 address is: https://dexy.top/request/check.so. 2.Release the remote control Trojan and persist it The malicious code loaded remotely during the installation of the request package includes two functions: Release the remote control Trojan to the .uds folder of the current user's HOME directory. The Trojan name is _err.log (for example, /root/.uds/_err.log). The content of the _err.log remote control Trojan script is encoded and compressed by base64, which reduces the size and enhances the confrontation. Implant malicious backdoor commands in .bashrc to achieve persistence 3.Issue stealing instructions The attacker issues python secret stealing instructions through the remote control Trojan to steal sensitive information (coinbase account secret) After decrypting the stealing instruction, the function is to request the C2 service: http://dexy.top/x.pyx, and remotely load the stealing Trojan. Some of the functions of the remotely loaded secret stealing Trojan are shown below, which are used to steal browser cookies, coinbase accounts and passwords, etc.

Repair suggestion: replace request in requirements.txt with requests

How can I make it work with EFM8UB20F64 ? Which EFM8 parts did you use it with ?

I tried to flash the device with a new Arduino, and I might have gotten the cables reversed (CD2D and C2CK).

I get new:

Once
 * Running on http://127.0.0.1:4040/ (Press CTRL+C to quit)
Connected
x: 0x81
PI initiated
Device erased
0x0 0x0 020EF7ED24F8FEEFD39E4015ED2408FDE433FCC3EF9DEC6480F874809850028001C322020E678E438F448C458D46AB07AA06E4F9F87FE87E03FD1214039000C3E545F0A3E546F09000C1E543F0A3E544F043910422E59120E2FB2202100EE53675F00DA422F583E493FC740193FD22E4F5A92202120CD2011214A8C290C296D280E4FBFD7F101216321205CF74A4F0D2AFE4F52FF530D2960530E5307002052FB410F3E52FB427EEC2963001091213748E328F338006753201753300E5337004E532640170409000C6E07007F52FF5300202840530E5307002052FD39410E52F94274002D296D3E5309430E52F947550
x: 0x43
x: 0x43
x: 0x43

with the 0x43 going on forever

Based on the exception if I update the software to show it, I see:

Connected
x: 0x81
PI initiated
Device erased
0x0 0x0 020EF7ED24F8FEEFD39E4015ED2408FDE433FCC3EF9DEC6480F874809850028001C322020E678E438F448C458D46AB07AA06E4F9F87FE87E03FD1214039000C3E545F0A3E546F09000C1E543F0A3E544F043910422E59120E2FB2202100EE53675F00DA422F583E493FC740193FD22E4F5A92202120CD2011214A8C290C296D280E4FBFD7F101216321205CF74A4F0D2AFE4F52FF530D2960530E5307002052FB410F3E52FB427EEC2963001091213748E328F338006753201753300E5337004E532640170409000C6E07007F52FF5300202840530E5307002052FD39410E52F94274002D296D3E5309430E52F947550
Exception in prog: unpack requires a string argument of length 1
attempts: 1
Exception in conf: unpack requires a string argument of length 1
Exception in conf: unpack requires a string argument of length 1
Exception in conf: unpack requires a string argument of length 1
Exception in conf: unpack requires a string argument of length 1
x: 0x43
Exception in conf: 
x: 0x43
Exception in conf: 
x: 0x43
Exception in conf: 
x: 0x43
Exception in conf: 

I assume I get some sort of CRC error or something. Based on the error I assume the error is at line:

ret = struct.unpack('B', self.ser.read(1))[0]

Given that the efm8 quite often is embedded with the esp8266 it would be useful to have esp8266 (i.e wemos-d1 or witty cloud etc) sketches included.

I had the problem that prog_server was hanging in the conf() function. The problem was solved by adding a print '.' in the while loop.
Maybe you would like to add this to your code.