I just got a sample of an Envi/Drip'n Blast disposable vape that uses a 2.08" LCD (presumably 128x160), a Chipsea CS32F031K8V6 MCU, and a 32Mbit SPI NOR Flash. Dumping the firmware was frustrating due to what I assume are readout protection (ROP/RDP) measures. Flash contents were only readable just after a reset, and while the SWDIO/SWCLK lines were exposed on the USB-C CC lines, connectivity was not possible without also connecting the nRST signal to a test pad. Even then, random strings of bytes would read zeroes, so multiple reads and a merge were required to get a good firmware dump.
The SPI Flash does not appear to use the usual raw headerless bitmap format like the previously reverse-engineered vapes. It might be some kind of lightweight compression like RLE but I have not yet confirmed this.
DripN Blast Disposable Vape.zip
I just got a sample of an Envi/Drip'n Blast disposable vape that uses a 2.08" LCD (presumably 128x160), a Chipsea CS32F031K8V6 MCU, and a 32Mbit SPI NOR Flash. Dumping the firmware was frustrating due to what I assume are readout protection (ROP/RDP) measures. Flash contents were only readable just after a reset, and while the SWDIO/SWCLK lines were exposed on the USB-C CC lines, connectivity was not possible without also connecting the nRST signal to a test pad. Even then, random strings of bytes would read zeroes, so multiple reads and a merge were required to get a good firmware dump.
The SPI Flash does not appear to use the usual raw headerless bitmap format like the previously reverse-engineered vapes. It might be some kind of lightweight compression like RLE but I have not yet confirmed this.
DripN Blast Disposable Vape.zip