Thursday, October 11, 2012

Dumping BlueCore4 firmware on Linux

After a month or two of reverse engeneering BlueSuite tools and USB programmer I finally succeeded in creating simple program for dumping firmware. A lot of clues also came out from partial BlueSuite source code released by CSR. So, in short, the process of dumping is next:

  • Stop and reset processor
  • Upload helper program in RAM of BlueCore processor
  • Check the size of the flash memory
  • Download firmware page by page
  • Check data integrity by checking CRC code of every page
  • Reset and run processor

The most interesting part of this process is helper program, which does the most heavy lifting. It's responsible for reading/writing flash memory, calculating CRC code, providing info about flash memory etc. Interestingly enough, this program, along with some useful info, can be found in boot_prog_flash_bc.h file from BlueSuite source code.

If you want to use my program, you must first build USB programmer described in previous post (or buy it if you can afford). For now, this is the only supported programmer because I don't currently own any decent computer with LPT port. If anyone is interested in helping me on that or any other part, please contact me.
For now, the only dependency is libusb1.0. In Ubuntu you can install it by typing:

sudo apt-get install libusb-1.0-0-dev

Then download source code from here. Primarily I use QtCreator for developing this program, but if you don't want to install it, you can use following command to build the program:

g++ main.cpp usbdriver.cpp usbprogrammer.cpp stopwatch.cpp devicemanager.cpp flash.cpp -lusb-1.0 -o CsrUsbProg

When you finally have all things connected and compiled, you can run the program by typing:

./CsrUsbProg dump firmware.xuv

Probably you will get error message saying that the program can't connect to programmer. The problem is in USB access permissions. Quick and temporal solution would be running the program as root. Second, more permanent solution, would be adding an udev rule to set permissions. This could be achived with following commands:

sudo su
echo "SUBSYSTEM==\"usb\", ACTION==\"add\", ATTR{idVendor}==\"0a12\", ATTR{idProduct}==\"0042\", GROUP=\"usbuser\"" > /etc/udev/rules.d/10-CsrProg.rules
udevadm control --reload-rules

After that, you must re-plug programmer, create group with name "usbuser" and add yourself to it. You could do that with typing:

sudo groupadd usbuser
newgrp usbuser

Now you should finally get firmware image in XUV format, which is also supported in BlueSuite tools. Actually it is just XDV and XPV file combined together. Remember, this is only proof of concept program and it is not meant to be used for real work. A lot of error handling code is missing, among other things. Standard disclaimer applies.

Maybe if we really nicely ask CSR, they could provide us with Linux version of BlueSuite tools and I wouldn't need to develop this program anymore. Based on a lot of Linux specific code in BlueSuite source code, I think they probably already have a Linux version.


  1. Hi Jernej,

    You make my day, thank you! I was looking for a way to program BC4 dongle on Linux.

    Now I want to modify the firmware to create some AT commands to read/write BT dongle GPIO pins directly. Did you test it?

    Thank you very much! Carry on... !


    1. Actually, I found out the best way for programming BlueCore chips on Linux. Yes, it includes running BlueSuite under Wine + native dll's but it also enables to use totally custom programmers (which can be used on Windows as well). Code needs a little bit of polishing, but it already works. The secret is in a file called "remote.dll", which you can find in source code package. I expect that article will be published next week.

      How do you intent to modify firmware? Do you have source code?