https://devzone.nordicsemi.com/f/nordic-q-a/45982/reverse-engineering-a-toy-based-on-an-nrf52832I have some questions that I hope some of you fine engineers can shed some light on. First, some story time is probably in order. Skyrocket Toys developed a line of IR tag toys called Recoil, then some BadThings and they had to abandon the line of toysen-USTelligent Community 13Wed, 10 Apr 2019 12:06:57 GMThttps://devzone.nordicsemi.com/thread/181317?ContentTypeID=1Wed, 10 Apr 2019 12:06:57 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f4b34fbf-3f6f-4854-908e-7b4176130a34bjorn-spockeli<p>As to Q1:&nbsp;<a href="https://reverseengineering.stackexchange.com/questions/11650/how-can-i-decompile-an-arm-cortex-m0-hex-file-to-c">https://reverseengineering.stackexchange.com/questions/11650/how-can-i-decompile-an-arm-cortex-m0-hex-file-to-c</a>. You can get hold of the assembler code, but thats about it I think</p> <p>Q2: The application&nbsp;is linked with the SoftDevice headers, so if you update the SoftDevice you need to make sure that it is compatible with the SoftDevice present. Otherwise, the device will probably hardfault when the SD API is called from the application.&nbsp;</p> <p>Best regards</p> <p>Bjørn</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/181186?ContentTypeID=1Tue, 09 Apr 2019 21:03:29 GMT137ad170-7792-4731-bb38-c0d22fbe4515:3d4aa4ba-421b-4c70-92a8-1d8ad6f61979Frank<p>The chips have protection 1 (readout) enabled but not 2 so they are still erasable/writeable, but we do not have a copy of the bootloader. Can the SoftDevice be bundled with the application replaced over BLE DFU, or is that in of itself a function of the soft device&nbsp;and as such be in use?&nbsp;&nbsp;</p> <p></p> <p>The primary reason I am curious&nbsp;about replacing the SoftDevice is that there are several&nbsp;models of smartphones that fail to communicate with the toys and I was hoping&nbsp;to increase compatibility.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/181185?ContentTypeID=1Tue, 09 Apr 2019 20:57:20 GMT137ad170-7792-4731-bb38-c0d22fbe4515:7bfb22a8-0b0f-4a38-a198-c7241708aed2Frank<p><a href="https://github.com/SkyRocketToys">https://github.com/SkyRocketToys</a>&nbsp;Not a lot left there, but the&nbsp;Recoil_Documentation repo is the best information so far.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/181183?ContentTypeID=1Tue, 09 Apr 2019 20:50:04 GMT137ad170-7792-4731-bb38-c0d22fbe4515:e5d660e0-bbbc-4c71-a103-b009419548a4awneil[quote userid="74434" url="~/f/nordic-q-a/45982/reverse-engineering-a-toy-based-on-an-nrf52832"]what is left is available&nbsp;on GitHub[/quote] <p>Where?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/181182?ContentTypeID=1Tue, 09 Apr 2019 20:46:31 GMT137ad170-7792-4731-bb38-c0d22fbe4515:0ccd362e-607f-4385-b8fc-42b113c250c2awneil[quote userid="74434" url="~/f/nordic-q-a/45982/reverse-engineering-a-toy-based-on-an-nrf52832"]#1: Is it possible&nbsp;to decompile a program bin back into a semblance of human read/editable code?[/quote] <p>It is largely possible to disassemble binary code to assembler source, but you will have no meaningful names or labels for anything - variables, functions, etc.</p> <p>For any non-trivial program, Getting back to useful, readable code at the &#39;C&#39; level is pretty much a dead end.</p> <p>It would probably be easier &amp; more productive to just re-write from scratch.</p> [quote userid="74434" url="~/f/nordic-q-a/45982/reverse-engineering-a-toy-based-on-an-nrf52832"]can the underlying SoftDevice be updated without having to modify the application?[/quote] <p>It should be <em>possible</em> via SWD - provided the chip is not locked.</p> <p>Whether a bootloader would support that is another question.</p> <p>Whether the app would work with any other SoftDevice is another question still.</p><div style="clear:both;"></div>