Pulling code off of an existing project

  • Hi,

    I've been tasked with reverse engineering a device used in an experimental project at our organisation. I am new to pyboards and was curious if there exists any tools to 'download' the existing code off of a project. It has worked for the past 18 months and is now beginning to fail. We suspect it's a checksum drifting issue and information is rejected when exchanged with thingspeak, but we can't test this without access to the original code.

    The engineer(s) that have worked on this are no longer with the organisation.

    We are clutching at straws on how to approach this. If we don't get anywhere, we're able to start it from scratch. I'm here to see if this can be solved before committing lots of time to creating a new one from scratch.

    Thanks in advance.

  • @Miguel-Moreno Thank you for the response. We're using a Wipy board to talk to a wifi enabled cellular router that connects to thingspeak. I will attempt what you're suggesting.

    @robert-hh You're right! I was surprised as well. We do have some source code, but there is a sense that there may be a later version of this on the device instead (we need to be sure). We're basically picking apart a project that other engineers built and are working with the technical documentation that they've left behind to get the system up and running again. We're aware that it may all be for nothing but it's worth a try before we commit time and resources to the next iteration of the application with better record keeping.

  • @Scott-Stewart It's kind of surprising that your organization has not information about a product which was developed for you. If you ask someone else to do that for you, you have obviously to prove ownership of the data and product.
    Anyhow, the previous posters gave already most of the information that can be given. If the device is not locked, the content of the flash can always be extracted using the esptool.py program, which is also used for programming. The flash image contains the firmware and the file system. The addresses are available at the firmware source code, which is public.
    If you have the file system image in a file, you can mount it on a PC with littlefs-fuse (https://github.com/littlefs-project/littlefs-fuse.git). Then you have access to the files, may it be Python source code or compiled files.
    If the engineers who have set up the device made their own firmware with embedded application code, which is compiled, then extracting it is more complicated. It's still in the flash image, but the place is not so obvious.
    If the device is encrypted, then things get really tricky. The device encryption uses device local random keys. Extracting these may be possible, but is advance crypt-analysis, which may take some time and is expensive.

  • Scott:

    Are you using a Pycom board ( WiPy, LoPy, GPy, FiPy, etc. ) ?

    The term "Pyboard" has two meanings:

    • It can refer to a specific development board hardware called "Pyboard" (https://store.micropython.org/product/PYBv1.1)
    • It is also used as a generic term for any development board that supports MicroPython development, just like the ones manufactured by Pycom.

    Anyway, this forum is specific for the Pycom family of MicroPython development boards.

    All MicroPython boards have an internal file system based on the internal flash memory. Therefore, you should be able to access the MicroPython program files stored in the board flash memory.

    There are two possible formats of the MicroPython program files:

    If you are lucky, the internal file system will have the program files in the "plain text" format, which you will be able to retrieve from the board, modify, and upload again after you have made some changes. The precompiled (.mpy) files may be able to be "decompiled" or "reverse compiled", but the process depends on the board and development tools used.

    You can inspect and retrieve all files stored in the internal file system by connecting your computer to the development board serial port and using any of these popular MicroPython serial transfer utilities:

    Good luck !!

  • You may well get a better answer from someone else, but I'll attempt to give you the first answer. Maybe.
    The code might enable "the network server", which would probably provide telnet and FTP access. If so, then it may or may not require login credentials.
    If it doesn't require login or you can obtain/guess the credentials, then you might be able to grab source via FTP. Probably. There may be many reasons why you might not be able to. This is mostly a guess, based on my experience using these devices as a hobbyist.

    I suppose there might also be a way to enable the network server (or re-enable it without credentials) by faffing in the REPL if you can access it, or something even more cunning, but that's just a guess really.

Log in to reply

Pycom on Twitter