Building a USB bootloader for an STM32


Kevin Cuzner writes:

As my final installment for the posts about my LED Wristwatch project I wanted to write about the self-programming bootloader I made for an STM32L052 and describe how it works. So far it has shown itself to be fairly robust and I haven’t had to get out my STLink to reprogram the watch for quite some time.
The main object of this bootloader is to facilitate reprogramming of the device without requiring a external programmer.

More details on Projects & Libraries’ homepage.

Arduino bootloader and ISP

After having developed a sketch using the Arduino IDE, you can compile and load it on the Arduino board connected to your PC with just a click on the upload button:


The program is stored in the flash memory of the microcontroller (on Arduino Uno boards this is the ATmega328p).

You can upload your program on the microcontroller without the need of a dedicated programmer because of the microcontroller itself runs a small program named bootloader.

The bootloader is indeed a program, already flashed in every microcontroller of the Arduino boards, that is executed everytime the microcontroller is reset. The first operation the bootloader does is to check if on the serial/USB connection there’s a request to flash a new program. If so, the bootloader talks with the Arduino IDE, receives the new program and stores it in the flash memory:


The bootloader used as of now on the Arduino Uno boards is named optiboot.

If you buy an ATmega328p chip and you want to upload your sketches on it using the Arduino IDE you have first to flash the bootloader in the chip. You usually need a dedicated programmer to program the chip. ATmega microcontrollers support a programming method named In System Programming (ISP), designed to program the chips directly on the board where theyt are located.

This method requires to connect 6 pins of the chip to the programmer:

  • 5V and ground
  • reset
  • MISO, MOSI and SCK

For example every Arduino Uno has a dedicated connector which allows to re-program the ATmega328p chip without removing it from the board:


On the Internet you can find several ATmega programmers (for example this by Adafruit); very interesting is the possibility to use an Arduino as a programmer, thanks to the work of Randall Bohn.

First you have to upload on your Arduino the ArduinoISP sketch which is included in the Examples shipped with the IDE:


then you have to create – for example on a breadboard – a minimal circuit with the chip to be programmed, a 16MHz crystal and two 22pF capacitors:


using some jumpers, connect your Arduino Uno to this circuit as it follows:

  • 5V -> pin 7 and 20
  • Ground -> pin 8, 22 and the two capacitors
  • pin 10 of Arduino or RESET of the ICSP connector -> pin 1
  • pin 11 of Arduino or MOSI of the ICSP connector -> pin 17
  • pin 12 of Arduino or MISO of the ICSP connector -> pin 18
  • pin 13 of Arduino or CLK of the ICSP connector -> pin 19

isp-014 isp-015

Configure the IDE to use Arduino as programmer:


then burn the bootloader:


after few seconds, the IDE should confirm that the bootloader was programmed on the chip:



On some webstores I found an Arduino shield which makes it simple to program ATmega chips. It’s named AVR ISP Shield and manufactured by a company called “OPEN-SMART”:


This shield has a ZIF (Zero Insertion Force) socket where the chip goes, some pins to connect it to external boards and a buzzer that is used to confirm the burn process with two beeps.

On the Internet I found an archive with the documentation about this shield and the “official” sketch. You can also use the sketch shipped with the IDE, it won’t only activate the buzzer when the burning process ends successfully.

If you need to program several ATmega328p chips (for example if you’re building your Arduino-compatible boards) the use of this shield makes the programming process much easier and faster!


How To Add More Games to the NES Classic

The hype around the NES Classic in 2016 was huge, and as expected, units are already selling for excessively high prices on eBay. The console shipped with 30 games pre-installed, primarily first-party releases from Nintendo. But worry not — there’s now a way to add more games to your NES Classic!

Like many a good hack, this one spawned from a forum community. [madmonkey] posted on about their attempts to load extra games into the console. The first step is using the FEL subroutine of the Allwinner SOC’s boot ROM to dump the unit’s flash memory. From there, it’s a matter of using custom tools to inject extra game ROMs before reburning the modified image to the console. The original tool used, named hakchi, requires a Super Mario savegame placed into a particular slot to work properly, though new versions have already surfaced eliminating this requirement.

While this is only a software modification, it does come with several risks. In addition to bricking your console, virus scanners are reporting the tools as potentially dangerous. There is confusion in the community as to whether these are false positives or not. As with anything you find lurking on a forum, your mileage may vary. But if you just have to beat Battletoads for the umpteenth time, load up a VM for the install process and have at it. This Reddit thread (an expansion from the original pastebin instructions) acts as a good starting point for the brave.

Only months after release, the NES Classic is already a fertile breeding ground for hacks — last year we reported on this controller mod and how to install Linux. Video of this ROM injection hack after the break.

Filed under: nintendo hacks

Reverse Engineering An ST-Link Programmer

We’re not sure why [lujji] would want to hack ST’s ST-Link programmer firmware, but it’s definitely cool that he did, and his writeup is a great primer in hacking embedded devices in two parts: first he unpacks and decrypts the factory firmware and verifies that he can then upload his own encrypted firmware through the bootloader, and then he dumps the bootloader, figures out where it’s locking the firmware image, and sidesteps the protection.

[lujji]’s project was greatly helped out by having the firmware’s encryption keys from previous work by [Taylor Killian]. Once able to run his own code on an intact device, [lujji] wrote a quick routine that dumped the entire flash ROM contents out over the serial port. This gave him the bootloader binary, the missing piece in the two-part puzzle.

If you’ve ever broken copy protection of the mid-1990’s, you won’t be surprised what happened next. [lujji] located the routine where the bootloader adds in the read protection, and NOPped it out. After uploading firmware with this altered bootloader, [lujji] found that it wasn’t read-protected anymore. Game over!

We glossed over a couple useful tips and tricks along the way, so if you’re into reversing firmware, give [lujji]’s blog a look. If you just want a nice ARM programmer with UART capabilities, however, there’s no reason to go to these extremes. The Black Magic Probe project gives you equal functionality and it’s open source. Or given that the official ST-Link programmers are given away nearly free with every Nucleo board, just buying one is clearly the path of least resistance. But a nice hack like this is its own reward for those who want to take that path. Thanks, [lujji] for writing it up.

Filed under: ARM

Dual-boot Your Arduino

There was a time, not so long ago, when all the cool kids were dual-booting their computers: one side running Linux for hacking and another running Windows for gaming. We know, we were there. But why the heck would you ever want to dual-boot an Arduino? We’re still scratching our heads about the application, but we know a cool hack when we see one; [Vinod] soldered the tiny surface-mount EEPROM on top of the already small AVR chip! (Check the video below.)

aAside from tiny-soldering skills, [Vinod] wrote his own custom bootloader for the AVR-based Arduino. With just enough memory to back up the AVR’s flash, the bootloader can shuffle the existing program out to the EEPROM while flashing the new program in. For more details, read the source.

While you might think that writing a bootloader is deep juju (it can be), [Vinod]’s simple bootloader application is written in C, using a style that should be familiar to anyone who has done work with an Arduino. It could certainly be optimized for size, but probably not for readability (and tweakability).

Why would you ever want to dual boot an Arduino? Maybe to be able to run testing and stable code on the same device? You could do the same thing over WiFi with an ESP8266. But maybe you don’t have WiFi available? Whatever, we like the hack and ‘because you can’ is a good enough excuse for us. If you do have a use in mind, post up in the comments!

Filed under: Arduino Hacks, Microcontrollers