Once again about GPG hardware keys for a penny

In February 2020, a fascinating article appeared on Habré about converting the ST-Link v2 programmer into a hardware encryption key. Even then, in the comments there were complaints that the result could not be repeated, but they remained unanswered.

Over the past time, a couple of parcels from Aliexpress reached me and now, having independently gone all the way, I will try to submit a more or less complete instruction with comments that will help a layman reflash the microprocessor in the Chinese clone ST-Link v2 . I will try not to repeat what is already known, so see the source article about soldering contacts and using GPG with a hardware key.

Hardware

, , — Aliexpress. , - STM32***, . , , , .

— - . , USB USB , , , , .

ST-Link v2 STMicroelectronics STM32F103 , 128 -.

STM32F103 — CKS32F103C8*. . CS32F CKS32F. - , , 64 K -. , CKS32F103CB* 128 K , .

STM32GC102CB. , , , 64 K - (, , USB).

, 64 . ST-Link v2 .

- Linux, Debian. antiX Linux Debian 9 Stretch.

make git , :

sudo apt install gcc-arm-none-eabi
sudo apt install libnewlib-arm-none-eabi
sudo apt install openocd

, .

- c Arm Embedded Toolchain CentOS. .

Windows :

• GNU Arm Embedded Toolchain
• OpenOCD
• GNUWin32

, .

, , . .

, . , , , , . , , . .

, OpenOCD.

- , ( ).

1: ST32F1** ( STM32GC102CB)

$ openocd -f interface/stlink-v2.cfg -f target/st32f1x.cfg -c 'init; reset halt; stm32f1x unlock 0; reset halt;exit'
...
Info : device id = 0x20036410
Info : flash size = 64kbytes
stm32x unlocked.
INFO: a reset or power cycle is required for the new settings to take effect.

2: CKS32F1**

$ openocd -f interface/stlink-v2.cfg -f target/st32f1x.cfg -c 'init; reset halt; stm32f1x unlock 0; reset halt;exit'
...
Info : STLINK v2 JTAG v29 API v2 SWIM v7 VID 0x0483 PID 0x3748
Info : using stlink api v2
Info : Target voltage: 3.174295
Warn : UNEXPECTED idcode: 0x2ba01477
Error: expected 1 of 1: 0x1ba01477

interface/stlink-v2.cfg target/st32f1x.cfg — OpenOCD, . ID 0x2ba01477, STM321F1*** 0x1ba01477. , OpenOCD ID, , STM321F1**, ID set _CPUTAPID 0x1ba01477.

 mkdir ~/.openocd/{target}
 cp /usr/share/openocd/scripts/target/stm32f1x.cfg ~/.openocd/target/cks32f1x.cfg
 sed -i 's/0x1ba01477/0x2ba01477/' /.openocd/target/cks32f1x.cfg

, CKS32F1** -f target/cks32f1x.cfg.

. , , 128 -. OpenOCD :

Error: checksum mismatch - attempting binary compare
diff 0 address 0x08010000. Was 0x00 instead of 0x7d
diff 1 address 0x08010001. Was 0x50 instead of 0x40

:

$ openocd -f interface/stlink-v2.cfg -f target/cks32f1x.cfg -c 'init; reset halt; stm32f1x unlock 1; reset halt;exit'
...
Error: flash bank 1 does not exist
...

— , .

GNUK

- , GNUK, .

, 2003 g10^code, GnuPG, , OpenPGP, , ISO/IEC 7816. — ZeitControl , , Card OS ( -). FLOSS-Shop OpenPGP Smart Card 17,90 €. , -, .

Free Software Initiative of Japan — FSF. GNUK STM32*, - OpenPGP Smart Card.

GNUK — 1.0 1.2, . , STABLE-BRANCH-1-0 STABLE-BRANCH-1-2 .

PolarSSL, 1.0 ChibiOS_2.0.8, 1.2 chopstx.

, 1.0 62 , 1.2 — 112 .

, 128 , 1.2

git clone https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
cd gnuk
git checkout  STABLE-BRANCH-1-2
#   'chopstx'
git submodule update --init
cd src
# --target   ,       USB
#  --target   - FST_01 -    ST-LINK v2
# --vidpid="234b:0000"  USB  -
# --enable-factory-reset -       PIN
./configure --target=ST_DONGLE --vidpid="234b:0000" --enable-factory-reset
make

64 , 1.0

git clone https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
cd gnuk
git checkout STABLE-BRANCH-1-0
cd src
#  ,       - OLIMEX_STM32_H103 -   ST-LINK v2
# --enable-keygen -     
./configure --vidpid="234b:0000" --enable-keygen
make

, :

usb_lld.o: In function `usb_lld_set_data_to_recv':
usb_lld.c:(.text.usb_lld_set_data_to_recv+0x0): multiple definition of `usb_lld_set_data_to_recv'
main.o:/mnt/f/DocSasha/devzone/gnuk/src/usb_lld.h:136: first defined here
...

, inline usb_lld.h usb_lld_set_data_to_recv , .

inline- #define make. patch, , , , .

--- a/src/usb_lld.h
+++ b/src/usb_lld.h
@@ -131,10 +131,7 @@ extern void usb_lld_set_feature (uint8_t feature);

 extern void usb_lld_set_data_to_send (const void *p, size_t len);

-extern inline void usb_lld_set_data_to_recv (void *p, size_t len)
-{
-  usb_lld_set_data_to_send ((const void *)p, len);
-}
+#define usb_lld_set_data_to_recv(p, len)  usb_lld_set_data_to_send ((const void *)p, len)

 extern void usb_lld_prepare_shutdown (void);
 extern void usb_lld_shutdown (void);

. cfg , 1.2 src/build/gnuk.elf, 1.0 src/gnuk.elf

#  
openocd -f interface/stlink-v2.cfg -f target/stm32f1x.cfg -c 'program build/gnuk.elf verify reset exit'
#     
openocd -f interface/stlink-v2.cfg -f target/stm32f1x.cfg -c init -c "reset halt" -c "stm32f1x lock 0" -c reset -c exit

Since I have all the processors with 64 Kbytes of flash memory, I could not check whether the stm32f1x lock 1 command should be used to block access to the second memory bank.

Conclusion

So that is all. I managed. I hope you succeed.

Other links

• OpenOCD: user guide
• Discussion of CS32F103C8T6
• History of reverse engineering of the clone ST-Link 2015-2018
• The first English-language instruction for remaking ST-Link into a key 02/08/2018
• The second English-language instruction for remaking ST-Link into a key 02/26/2018