I was able to unwrap the DFU header. It flashes to address 0x00000000 so a complete rewrite. I also noticed that the payload grew by 10kB between 0.4.5 (0.7.6) and 0.5.29 (0.7.46? something not yet published I have 3 versions). I may not yet have it perfect, I had a problem validating the DFU suffix meaning its either not there or is in a format other than I expected it to be in.
This means that I can start looking at the code. Hopefully the rest is more straightforward.
EDIT:
I started on this and have most of it "done". There is the Ti library that I have to weed out, and because the padding bits are known standards for the arm (well unknown to me as this is my first arm reverse engineering project) I discovered it is thumb so if anyone else starts set IDA T=1 or whatever tools you use set it to use thumb.
By done I mean that I have marked data sections, code, disassembled the code, know what some of the functions are, but that is the easier part. Disassembly is rarely perfect, and converting it to equivalent C code is troublesome in most instances. So the real work will be the next step which is extremely time consuming. I honestly do not think I will have any time for the next week maybe more. If anyone else feels they are qualified to actually do something meaningful with what I have done I can provide the work I have done so far and maybe get something going. PM me if you are interested, have time and can help
This means that I can start looking at the code. Hopefully the rest is more straightforward.
EDIT:
I started on this and have most of it "done". There is the Ti library that I have to weed out, and because the padding bits are known standards for the arm (well unknown to me as this is my first arm reverse engineering project) I discovered it is thumb so if anyone else starts set IDA T=1 or whatever tools you use set it to use thumb.
By done I mean that I have marked data sections, code, disassembled the code, know what some of the functions are, but that is the easier part. Disassembly is rarely perfect, and converting it to equivalent C code is troublesome in most instances. So the real work will be the next step which is extremely time consuming. I honestly do not think I will have any time for the next week maybe more. If anyone else feels they are qualified to actually do something meaningful with what I have done I can provide the work I have done so far and maybe get something going. PM me if you are interested, have time and can help