135
edits
Changes
m
→Stealing the firmware -
</syntaxhighlight>
=='Stealing ' the firmware -==
I've been thinking: "how would I get the firmware off the flash, with no access to a programmer or firmware files?"
If the device was sent into Show Version Mode, it accesses flash to read version and then send over UART to external device.
After this (according to Roland's notes) the device must be powered off and rebooted, to return to normal boot mode. : '''''ie''''' - stays in an idle or wait / sleep loop.
I'm sure that it's not accessing flash after the version string is collected. (though this could easily be checked with a scope)
This is probably the ideal time to use the 50 pin header pin and send . Send a manual BREQ bus request(pull BREQ low); thus taking control of the flash access from the Bus Arbitrator (Alesis IC). As long as WE# and CE# are also low (they should be if bus access is granted, though they could also be held low in case something woke up). Again this could easily be determined by entering the Show Ver. routine and looking at the pin activity. Sure it's possible.
==Roland RBUS==