Sunplus Loader ((full)) -

Feature Specification: Sunplus Loader (Bootloader)

Full Review: The Sunplus (SPMP) Loader Tool

Detection & indicators

• Unexpected USB/serial activity during boot.
• Boot time messages on UART not matching vendor documentation.
• Devices entering recovery/bootloader mode unexpectedly or after benign triggers.
• Firmware images that fail integrity checks or images with mismatched headers/version numbers.

The "Test Point" Method

If the driver installs but the loader software says "Wait for Device," your device is not entering Loader mode automatically. You must manually short a test point on the PCB.

• How to: Open the device. Locate the NAND flash chip. Look for two small copper dots labeled "TP" (Test Point) or pins 29 & 30 on the chip. Short them with tweezers while plugging in the USB cable. Release once the PC detects the "Sunplus USB Download Device."

Recommended next steps for engineers or auditors

1. Obtain a target device and document visible boot messages via UART at common baud rates (115200, 57600, 38400).
2. Extract flash contents (SPI/NAND) with appropriate tools or via loader dumping commands.
3. Analyze loader binary for integrity checks, image header formats, and cryptographic routines.
4. Fuzz image parsing and USB/DFU handlers to find parsing bugs.
5. Attempt to build and test signed-boot countermeasures; if not possible, add hardware protections (write-protect pins, fuse blow).

Step 5: Completion

• After the loader says "Pass" or "Verify OK," disconnect the USB cable.
• Press and hold the Power button for 15 seconds to reset.
• The device should boot into its new firmware.