This treadmill I found on the trash has two boards, let's call them: display and control. Both have STM8S ICs performing different functions.
The display board, other than displaying numbers on the display (via discrete SMD LEDs), has a proprietary 2.4GHz radio module which supposedly communicated with a remote control that was not present at the dumping site (street) :/ ... thus, we have a reason to reverse, fix and having this working again for desk workouts :)
Dumping firmware is (luckily) very straightforward because there's no ROP (Read Out Protection), so there's no need to glitch the target. Current OpenOCD 0.12.x from Homebrew fails to connect to the target, perhaps it's just outdated:
openocd -f interface/stlink-dap.cfg -f target/stm8s105.cfg -c "init" -c "reset halt"Fortunately, stm8flash does the job just fine out of the box.
From the top level directory:
./r2/anal.sh [display|control]Depending on which PCB's firmware you want to explore.
If you want to browse the slides presented at the radare2 conference 2024, here's the command:
./bin/slides.sh
And if you want to generate a PDF out of them:
./bin/slides.sh pdf
