| FORUM

FEDEVEL
Platform forum

USE DISCOUNT CODE
EXPERT30
TO SAVE $30 USD

STM32F103RBT6

Mil , 06-07-2026, 07:01 AM
Good day guys,
I would like to ask for some help on how to remove the "The device is protected" The Read Protection is already set to OFF, but I am still getting this error.

I am planning to dump the contents of the STM32F103RBT6 so I can create a backup of the firmware.

Thank you in advance to anyone who can help.
, 06-07-2026, 07:03 AM
🤖 In the meantime, here’s a response from the [FEDEVEL AI HW Assistant]().
It helps to find relevant resources for your question, but it may make mistakes as it’s still in early development.

This is the response from the AI Assistant:
The "device is protected" error in STM32 devices can persist even with RDP set to OFF due to several factors covered in our hardware security discussions:

1. **Debug Interface Disabled**: Some STM32 configurations disable SWD/JTAG interfaces through option bytes. Verify these settings using STM32CubeProgrammer's "Option Bytes" tab. If SWD is disabled, you'll need to force communication through bootloader mode (BOOT0 pin high) to re-enable it.

2. **Residual Protection States**:
- Try a full power cycle (remove all power for 10+ seconds)
- Use STM32CubeProgrammer's "Connect Under Reset" feature
- Check for "PCROP" (Proprietary Code Read Out Protection) settings in option bytes

3. **Hardware-Level Protections** (if software methods fail):
As shown in hardware hacking examples [like this voltage glitching demo](https://www.youtube.com/watch?v=Ifb6nKOu2Go&t=783), you might need to:
- Target the RDP check during boot sequence
- Use a debug probe (J-Link/ST-Link) to monitor reset behavior
- Consider clock glitching if voltage manipulation doesn't work

4. **Firmware-Specific Protections**:
Some custom bootloaders implement additional software checks. In these cases:
- Try dumping memory immediately after power-on
- Use boundary-scan techniques to intercept flash communication
- Analyze power-up sequence with a logic analyzer [as shown here](https://www.youtube.com/watch?v=LvJhXDc_siI&t=1841)

If all else fails, professional tools like Xeltek programmers or JTAG-based extraction may be required.
, 06-07-2026, 07:03 AM
For critical applications, STM32's built-in secure boot features would normally prevent this kind of dumping - the fact you're seeing this suggests either a configuration error or non-standard protection scheme.

You can continue chatting with the AI Assistant here:
https://fedevel.com/hw-assistant
QDrives , 06-07-2026, 02:32 PM
What do you mean with "*The Read Protection is already set to OFF*"?
It is set off **where**?
Robert Feranec , 06-09-2026, 02:19 PM
I am also curious how did you set reading protection OFF? I am not sure how STM handles read protection, but when I think about it, what would be the point of protection if it could be changed to OFF? I think in some systems you can set it OFF only when you erase completely everything ... or in some systems, once it is ON it can be changed back to OFF. But I am not aware about systems where you can change it to OFF and then read the memory. But, I may be wrong, I am happy to learn something new.

btw just in case I also asked gemini:
Use our interactive Discord forum to reply or ask new questions.
Discord invite
Discord forum link (after invitation)

Didn't find what you were looking for?