F1r3
6th September, 2016, 02:42 PM
Kess V2 Unlock No crp
hallo and good day to you all,
i'm new on the forum, and bin reading some stuff in varieus posts..
as i wanted to buy my self a Kess v2 clone, but its quite hard to deside what firmware version one needs,
as the early Kess firmware is crp2 and the new v4.036 is even crp3.
now i have bin reading the 700+ pages datasheet of the lpc24xx and i found something iteresting that may be used to unlock the whole KESS v2
it seems when a update to the CRP code is passed, the udate only takes effect when the device goes trough a power cycle, so this means that when u have like a crp2 firmware, and update it to the latest crp3 activated firmware 4.036 that this crp code is only active after one power cycle of the device, so in other words, this way you will have a crp2 4.036 firmware untill you power cycle.
now we still have the prob of not being able to write the bootloader so we are still stuck.... BUT
there are 2 ways you can bypass this prob,
1: get a new lpc24 chip
2: or use the tempreture voltage glitch method to reset the whole chip..
this will give you a clean chip with no crp activated, then use Ksuite to udate your device to 4.036 and as before only after powecycle will it activate the crp3, when the update is done.. dont disconnect your device {dont let it powecylce}, and have your UART ISP programmer ready, in this way the ISP proticole is wide open and then u can write a new value to the CRP address so to deactivate it, now you can pull the firmware of the chip and you will have a 4.036 firmware version that is not locked with crp3. and this opens up some Jtag maddniss.. :)
some protection you might want to use, is a external power supply to make sure it can not pwr cylce after install of firmware.
this is a theoretical idea on how to bypass the crp lockout, and needs testing..
kind regards
hallo and good day to you all,
i'm new on the forum, and bin reading some stuff in varieus posts..
as i wanted to buy my self a Kess v2 clone, but its quite hard to deside what firmware version one needs,
as the early Kess firmware is crp2 and the new v4.036 is even crp3.
now i have bin reading the 700+ pages datasheet of the lpc24xx and i found something iteresting that may be used to unlock the whole KESS v2
it seems when a update to the CRP code is passed, the udate only takes effect when the device goes trough a power cycle, so this means that when u have like a crp2 firmware, and update it to the latest crp3 activated firmware 4.036 that this crp code is only active after one power cycle of the device, so in other words, this way you will have a crp2 4.036 firmware untill you power cycle.
now we still have the prob of not being able to write the bootloader so we are still stuck.... BUT
there are 2 ways you can bypass this prob,
1: get a new lpc24 chip
2: or use the tempreture voltage glitch method to reset the whole chip..
this will give you a clean chip with no crp activated, then use Ksuite to udate your device to 4.036 and as before only after powecycle will it activate the crp3, when the update is done.. dont disconnect your device {dont let it powecylce}, and have your UART ISP programmer ready, in this way the ISP proticole is wide open and then u can write a new value to the CRP address so to deactivate it, now you can pull the firmware of the chip and you will have a 4.036 firmware version that is not locked with crp3. and this opens up some Jtag maddniss.. :)
some protection you might want to use, is a external power supply to make sure it can not pwr cylce after install of firmware.
this is a theoretical idea on how to bypass the crp lockout, and needs testing..
kind regards