Tamagotchi hacking, in depth

In this strangely fascinating talk, you can follow along as [Natalie Silvanovich] reverse engineers some tomogotchi. Even if you have no interest whatsoever in tomogotchi, you’ll probably pick up a trick or two by listening to how she went about taking over the toy. She can now push her own images to the screen, and evolve her tomogatchi at will.

Listening to her story you might be able to pick up a few tricks as she takes almost every angle possible. She uncovers the black blobs, she attempts to socially engineer her way into datasheets, decaps chips, she dumps and breaks down code. It is also worth noting that, in the beginning, internet electronics enthusiasts were adamant that it just had a PIC processor inside and they were wrong. Having an internet full of experts is a wonderful thing, except when it isn’t.

Then again, having that internet full of experts might be her savior in the end, she’s missing a piece of software and asking if anyone has it available.

[via Adafruit]

25 thoughts on “Tamagotchi hacking, in depth

  1. Thank you for posting this. A lot of people tweeted that it was one of the better talks, but then I couldn’t find it anywhere.

  2. I wonder if she’s willing to share the data she managed to pull of the chips. Sounds like it’d be a trivial thing to get up and running in MESS.

  3. I love how there’s a lot of armchair hackers… ooops, morons that insist that every microcontroller based device out there uses an AVR, PIC or more recently, ARM. It’s like those morons can’t conceptualize the idea that a 6502, or any other architecture for that matter, can actually be a microcontroller core.

    1. I guess it’s a second generation of Internet Experts. The first one grew up with PICs being synonymous with microcontrollers. The current one does not even know much about microcontrollers but remembers some PICs.

      1. Don’t know what generation number I’m in, but circa early 90′s I grew up desoldering IC’s from matrix printers, vcr’s and anything with a hint of digital to salvage whatever looked like a controller or RAM/EEPROM. Then off to the library with a list of numbers to photocopy the specs from the dead tree catalogues. Most of us (we had a club) were programming without knowing the controller family – the serial numbers were often variations with long suffixes.

    2. Isn’t that where everyone hacks from? Their armchair.

      My pet peeve is EE types that don’t know much about OS design, network integration or much anything bigger than a microcontroller yet claim they know all about computers, servers, and networks. It’s like a dentist deciding he is an expert on knee replacement surgery.

  4. For the longest time, I was given to believe that PIC was Programmable Integrated Circuit, which would make it synonymous with microcontroller. People are idiots.

  5. In the talk she mentions that there are high resolution die photographs on her blog. I could not find any at http://www.kwartzlab.ca/author/natalies/ . Any pointers?

    Other than suspected in the talk, the mask version of the chip still has the test interface present: The datasheet lists a test input pin and in the memory layout, there is a “test program area” and a “test interrupt vector”! I would guess that toggling that pin (or holding+reset) will execute a test program.

    The only challenge might be that the test pin is not accessible on the pcb or it might not be bonded to the pcb (high resolution photographs!). It you are lucky, the epoxy removal process could leave the chips working tough!

    1. The highest resolution that I could find is uploaded to Travis Goodspeed’s flickr account (assuming they’re the person that graciously decapped the chip). You can see it here: http://www.flickr.com/photos/travisgoodspeed/5713302509/ (go to Original Size; It’s 5684 x 5715px)

      Wish the pictures were a better, but it gives an better idea of the IC at least.. I’d like to decap them on my own but I have neither the nitric acid nor the necessary microscope.. Being able to “dump” the mask ROM right from the chip itself would be a dream.

      -returns to hours of looking at datasheets and trying to find FortisIDE and everything else Tamagotchi-hacking related..-

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s