Originally Posted by PhracturedBlue
The next question is if someone is willing to take the risk to wipe the ROM entirely and reload the bootloader and firmware with read-protect disabled (so that the SWD port can be used for debugging). I'm not yet ready to go there, it will probably depend on how much progress I can make with the firwmare as it is.
Yep, let me wake up properly and drink some tea then I will go for it.
Did you find the code that is actually doing the descrambling? That should be our next target along with nailing the checks when the app is launched. Then we can build our own .dfus from C code