conorpp / efm8-arduino-programmer Goto Github PK
View Code? Open in Web Editor NEWProgram EFM8 devices using an arduino
Program EFM8 devices using an arduino
It seems there is fork that simplifies a bit the firmware Upload: https://github.com/christophe94700/efm8-arduino-programmer
@christophe94700 Could you please try and merge upstream?
@conorpp If possible, could you switch to using flash instead of server/client? It seem based on a few other forks that PORTD is compatible with Uno and Nano. Does mega support PORTD?
The AT mega is 5v and the EFM8bb1 is 3.3v? Do you need a level shifter in order to protect the efm8bb1?
We discovered a malicious backdoor in the project's dependencies, affected versions are 3fe73c0~4c8593fd0547803bc1c6707ef87d0d4be58d1b84. Its malicious backdoor is the request package, the requirements.txt file has a dependency request.
Even if the request has been deleted by PyPI, many mirror sites have not completely deleted this package, so it can still be installed. For example: https://mirrors.neusoft.edu.cn/pypi/web/simple/request/
Using such a mirror site to download and install this item will be vulnerable.
Analysis of malicious function of request package: 1.Remote download of malicious code When the request package is installed, the setup.py file in the package will be actively executed. The setup.py file contains the logic for the attacker to remotely download and execute malicious code. At the same time, the C2 domain name is encoded and obfuscated. The decrypted C2 address is: https://dexy.top/request/check.so. 2.Release the remote control Trojan and persist it The malicious code loaded remotely during the installation of the request package includes two functions: Release the remote control Trojan to the .uds folder of the current user's HOME directory. The Trojan name is _err.log (for example, /root/.uds/_err.log). The content of the _err.log remote control Trojan script is encoded and compressed by base64, which reduces the size and enhances the confrontation. Implant malicious backdoor commands in .bashrc to achieve persistence 3.Issue stealing instructions The attacker issues python secret stealing instructions through the remote control Trojan to steal sensitive information (coinbase account secret) After decrypting the stealing instruction, the function is to request the C2 service: http://dexy.top/x.pyx, and remotely load the stealing Trojan. Some of the functions of the remotely loaded secret stealing Trojan are shown below, which are used to steal browser cookies, coinbase accounts and passwords, etc.
Repair suggestion: replace request in requirements.txt with requests
How can I make it work with EFM8UB20F64 ? Which EFM8 parts did you use it with ?
I tried to flash the device with a new Arduino, and I might have gotten the cables reversed (CD2D and C2CK).
I get new:
Once
* Running on http://127.0.0.1:4040/ (Press CTRL+C to quit)
Connected
x: 0x81
PI initiated
Device erased
0x0 0x0 020EF7ED24F8FEEFD39E4015ED2408FDE433FCC3EF9DEC6480F874809850028001C322020E678E438F448C458D46AB07AA06E4F9F87FE87E03FD1214039000C3E545F0A3E546F09000C1E543F0A3E544F043910422E59120E2FB2202100EE53675F00DA422F583E493FC740193FD22E4F5A92202120CD2011214A8C290C296D280E4FBFD7F101216321205CF74A4F0D2AFE4F52FF530D2960530E5307002052FB410F3E52FB427EEC2963001091213748E328F338006753201753300E5337004E532640170409000C6E07007F52FF5300202840530E5307002052FD39410E52F94274002D296D3E5309430E52F947550
x: 0x43
x: 0x43
x: 0x43
with the 0x43 going on forever
Based on the exception if I update the software to show it, I see:
Connected
x: 0x81
PI initiated
Device erased
0x0 0x0 020EF7ED24F8FEEFD39E4015ED2408FDE433FCC3EF9DEC6480F874809850028001C322020E678E438F448C458D46AB07AA06E4F9F87FE87E03FD1214039000C3E545F0A3E546F09000C1E543F0A3E544F043910422E59120E2FB2202100EE53675F00DA422F583E493FC740193FD22E4F5A92202120CD2011214A8C290C296D280E4FBFD7F101216321205CF74A4F0D2AFE4F52FF530D2960530E5307002052FB410F3E52FB427EEC2963001091213748E328F338006753201753300E5337004E532640170409000C6E07007F52FF5300202840530E5307002052FD39410E52F94274002D296D3E5309430E52F947550
Exception in prog: unpack requires a string argument of length 1
attempts: 1
Exception in conf: unpack requires a string argument of length 1
Exception in conf: unpack requires a string argument of length 1
Exception in conf: unpack requires a string argument of length 1
Exception in conf: unpack requires a string argument of length 1
x: 0x43
Exception in conf:
x: 0x43
Exception in conf:
x: 0x43
Exception in conf:
x: 0x43
Exception in conf:
I assume I get some sort of CRC error or something. Based on the error I assume the error is at line:
ret = struct.unpack('B', self.ser.read(1))[0]
Given that the efm8 quite often is embedded with the esp8266 it would be useful to have esp8266 (i.e wemos-d1 or witty cloud etc) sketches included.
I had the problem that prog_server was hanging in the conf() function. The problem was solved by adding a print '.' in the while loop.
Maybe you would like to add this to your code.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.