reading flash content of GD32F407zgt6

[Greg J]

I got a chinese made device , with GD32F407zgt6 on board.
It's got port that's labelled OSBDM(1) on the PCB and a reset switch next to it.
This port has all JTAG pins of the uC exposed:
OSBDM1 connector on board

top row: PA14/SWCLK,   PA13/SWDIO,   PA15/JDTI,   NRST/RESET(also button next to the socket),   VDDA
bottom row: GND,   GND,   PB3/JDTO, NC,  VDD


I never delt with GD devices, it seems like an ST knockoff.

I got STLink , and some other hacking tools. Pretty sure they didn't bother to protect it using fuses etc. Firmware can be updated via USB.
How would you suggest I go about extracting the firmware ?

Hydrabus, stlink, other means?

Please help

[peter-h]

Maybe this chip?
https://www.eevblog.com/forum/microcontrollers/opinions-on-st-32f407vgt6-versus-gigadevice-gd32f407vgt6/

It copies flash to ram at startup and runs code from ram, but ST tools like STLINK ought to be able to read the flash, if not protected?

Firmware can be updated via USB

You can still do that even with L2 protection enabled, because internal code can write the cpu flash. Obviously the firmware would be crypto protected...

[Greg J]

Firmware files are not encrypted. I can see strings in them.

Can I read flash content using ARM SWD? or does that need full blown jtag?

[peter-h]

SWD is STM's version of JTAG.

[eutectique]

SWD is STM's version of JTAG.

Technically speaking, it is not.

https://developer.arm.com/documentation/101636/0100/Debug-and-Trace/JTAG-SWD-Interface