Hacking CRP3 – Update Kess Ktag to the Latest Version

 

kess ktag update to latest version how to guide hacking crp3:

 

So, JustJames wrote the guide hacking crp3 to help kess v2 and ktag update to latest version

LPC chips have 4 levels of security
none, cpr1, crp2 and crp3

It is a common mistake that when in crp3 you can not reflash the chip
think about it, when you have a gen tool on subs it updates how is this done?

it is done by an iap call to invoke isp done by software
this call drops the chip to crp2
and at crp2 you can reflash the chip with a matching image

so if you want to reflash a programmed crp3 chip you need to find the iap call and then flash with a correct image
iap can be found using wireshark – to get the data string – and hard work to decompile the code
however the iap code is the same on every kess!
this is made easier because having got any old image 4.036 etc you have all the other information “structure” so you only need to identify the other parts of the code
as every chip has a uid if you snapshot a later firmware and change the uid to that of your chip then you have a matching image to upload and you do not need to buy new chips etc

getting the firmware?
you can wireshark or whisper it depending on your abilities as they are software or hardware approaches