Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

0x04 PIC16
Table: Parameters for QUERY_DEVICE response type field
Value Family
0x01 Program Memory
0x02 Data EEPROM
0x03 Config Words
0x04 User ID
0xFF End of list
1.6.3.2.1.2 UNLOCK_CONFIG
The UNLOCK_CONFIG (0x03) command is used to unlock protected sections of the program memory.
Description
The UNLOCK_CONFIG (0x03) command is used to unlock protected sections of the program memory (ex: configuration bit
reprogramming, and on PIC18FxxJxx devices, reprogramming of the last page of program flash memory). The Lock/Unlock
field allows the bootloader to either lock or unlock the configuration and other sensitive regions. A value of 0x00 unlocks the
configuration range, and a value of 0x01 locks it.
This command will cause the QUERY_DEVICE results of the device to change. To re-discover the valid memory ranges,
issue a second QUERY_DEVICE command.
This command does not directly have an associated response (although the host application is responsible for sending
another QUERY_DEVICE request, which will have a response).
Table: UNLOCK_CONFIG command format
Packet Byte Content
0 UNLOCK_CONFIG (0x03)
1 Lock (0x01) / Unlock (0x00)
2-63 (padding – init to 0x00)
1.6.3.2.1.3 ERASE_DEVICE
The ERASE_DEVICE (0x04) command erases all of the reprogrammable memory regions indicated by the response to the
QUERY_DEVICE command.
Description
The ERASE_DEVICE (0x04) command erases all of the reprogrammable memory regions indicated by the response to the
QUERY_DEVICE command. If it is necessary to erase the protected memory regions, issue the UNLOCK_CONFIG
command before the ERASE_DEVICE command.
The command does not have any data payload or associated response. Typically, the host application would issue a
QUERY_DEVICE following the ERASE_DEVICE command, as a means to “poll” for when the erasing process inside the
microcontroller has completed (since the firmware doesn’t respond to the QUERY_DEVICE command until the internal erase
operation completes).
Table: ERASE_DEVICE command format
Packet Byte Content
0 ERASE_DEVICE (0x04)
1-63 (padding)
1.6 Demos MLA - USB Library Help Device - Boot Loader - HID
245

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh