Hi, this is a newbie question and I’d appreciate your advice on it.
I have a TI/Chipcon 8051-based board - TI CC2430 - from which I’d like to extract an RF key. There’s debug access over 2 pins, plus clock and reset, so 4 lines; firmware is protected by the DBGLOCK bit. The debug clock line can run up to 7.1MHz; the 8051 is running at 32MHz.
There are no headers, so just solder the lines onto the board.
I think the easiest way to read the firmware will be to glitch the lock; will the checking code be running at debug clock speed, or at the 8051’s 32MHz?
I’m looking for a simple setup for a one-off use. I thought a combination of Goodfet42 and ChipWhisperer, with Goodfet.cc to talk to the debugger should work. Are there any other alternatives I should consider?
The goodfet.cc offers instructions for reading the entire memory; I’m not sure if those are based on repeating 8051 debug commands - I can’t find a reference for these - in which case would they trigger the DBGLOCK repeatedly?