This page originally set out to show how to unbrick and LCP1768 after a few cases of people experimenting with Code Read Protection (CRP). Following a few cases of people experimenting with other things that lead to a brick situation, I decided to rework the page to make it more generic, and the recover process is the same. Essentially, the need is to get the LPC11U24 or the LPC1768 into its ISP port bootloader mode.

If your brick is because you have enabled CRP, then you will be able to execute ISP commands over the mbed USB serial port (from teraterm or the like). Executing a full chip erase command is the only way to clear the CRP bits.

If your brick is because your program changes settings like the PLLs, or the GPIO pins that are used for programming, all you really need is to prevent the LPC from running user code - hence the ISP bootloader.

Ingredients¶

• One mbed, bricked. If your mbed isnt bricked, you can still practice this technique.
• One small piece of wire
  • A male-female jumper wire is ideal
• For Windows users, the serial port driver for mbed
• A terminal application
  • We will be using TeraTerm
• A copy of NXP LPC1768 User Manual

Putting the mbed into ISP mode¶

Firstly, (importantly!), remove all the binary files from your mbed disk. You do not want the mbed interface to simply reprogram the binary that sets the CRP as soon as it is unlocked!

If you have a CRP brick, you will need a terminal program. Windows users must install the serial driver, and a terminal application, and confirm they are able to run serial communication with the mbed. For more information on how to do this, see the SerialPC page in the handbook.

Now that you have serial communications, unplug your mbed from any breadboard it may be in, and disconnect all power, including the USB Cable. If you are using windows, don't forget to close the Serial terminal first!

Now for the good bit. You need to connect the LPC1768 or LPC11U24 ISP (In System Programming) pin to ground while you power it up (by inserting USB Cable). To do this, put the female end of a male-female jumper on the GND DIP pin of the mbed, and then with the other end :

• For the LPC1768, short the TOP circled pad to ground
• For the LPC11U12, short the circled pad to ground

	}
What to short to ground	An action shot !

Once the ISP pin is shorted to ground, power up the mbed by inserting the USB cable. At this point your target MCU should be running the ISP ROM program. Jumper wires can be removed from the circuit.

Non-CRP Brick¶

If the nature of your brick is *not* CRP, you can can now copy a good binary (one that doesn't break the mbed, the hello world blinky is a good example!) onto the mbed flash drive and press the reset button. When you press the reset button the interface will reprogram the flash of the LPC with the new binary, thereby erasing the old one.

Now simply power cycle the mbed by unplugging and replugging in the USB, and the new binary will run.

CRP Brick¶

There is more about the CRP protection, and implementation details in "Chapter 32 - LPC17xx Flash memory interface and programming" in the User Manual, linked below.

As the interface device on the mbed uses JTAG to access the flash on the LPC1768 and load the new binary image, setting the CRP bits prevents any updates to the LPC1768 flash being loaded by the mbed interface, hence no way for it to clear the CRP bits. This leaves the mbed permanently programmed.

Part of the CRP mechanism is to stop access to the LPC1768 via JTAG. It is still possible to erase the device (thereby clearing the CRP bits) using the serial boot loader interface, and here is how to do this.

Erasing the device¶

Now that the LPC1768 is in ISP mode, it is waiting for ISP commands, which you can send over the USB serial port. First you have to establish communication.

Open your terminal application, 9600-8-N-1 is a safe set up, and make sure you have your newline settings to CR+LF for both Rx and Tx.. this will make the exchange clearer to follow.

You are now in the realms of the ISP section of the LPC1768 user manual. The part of interest is Chapter 32 - "LPC17xx Flash memory interface and programming". It makes god reading and you can do lots of interesting things.

The chances are if you're reading this page, you want to unbrick your mbed, so lets cut to the chase.

So after connection your terminal application to your mbed, this is the typing you need to do.

1. Type "?" <return>

The LPC1768 will send back "Synchronized"

2. Type "Synchronized" <return>

The LPC1768 will send back "OK"

3. Type "OK" <return>

The LPC1768 will send back another "OK"

4. Unlock the device for Erase/Write operation.

Type "U 23130" <return>

The LPC1768 will send back "0"

The device is now unlocked.

5. Prepare sectors for Erase/Write.

For the 512kB parts, the user sectors are numbered 0-26. We will erase them all.

Type "P 0 26" <return>

The LPC1768 will send back "0"

6. Erase sectors

Type "E 0 26" <return>

The LPC1768 will send back "0"

The sectors are now erased, the device is completely blank

Results¶

Now that you have completely erased the flash in your LPC1768, the CRP bits are no longer set. For this to take effect, you will need to power cycle the LPC1768. Unplug the USB cable from your mbed (dont forget to close the terminal first!).

When you plug your mbed back in, the LPC1768 should be accessible to the interface again. To test this, download and run the Blinky from the handbook, and marvel as the LED flashes once more.

Conclusions¶

CRP works. If your intention is to make your mbed fixed function, by all means set the CRP. Use with caution!

Feedback¶

Please contact support@mbed.org with any suggestions or feedback