Would you mind dumping the winbond SPI flash and posting it here? It would definitely help with reverse engineering it! I've ordered one but it's coming on a human-powered boat from China...
I would be pleased to; how do I go about doing so? What do I need?
Awesome! You'll need a CH341A (preferred) or a Raspberry Pi (any model) or, as a last resource, a blue pill board.
If you don't own any of those devices you could order the CH341A on eBay (
https://www.ebay.com/itm/JW-USB-Programmer-CH341A-Burner-Chip-Writer-SOP-Clip-Adapter-EEPROM-BIOS-FLAS/233635841518), but in that case I think it's not worth it as I'd probably get my device before you get the programmer. However, if the open-source firmware comes along nicely and you want to flash it, you'll need one of those devices too, so it's not wasted money
In case you own a CH341A, you will need to connect it to the SPI memory and dump it using the provided software.
In case of using a Raspberry Pi, a software called "flashrom" can be used to use the GPIO as the interface to the SPI chip. (
https://www.flashrom.org/RaspberryPi)
With the blue pill board it's more tricky to do.
In all cases, the CPU will need to be held in a reset state in order to free the SPI bus for the programmer to use it. The only other way is physically de soldering the SPI chip from the board.
PD: To hold the CPU in reset, pin 70 needs to be shorted to GND. There's a convenient pad attached to it (
https://prnt.sc/tjxfnl).