Reverse Engineering a GPS Watch to Upload Custom Firmware

 

Sometimes GPS watches are too good to be left with their stock firmware. [Renaud] opened his Kalenji 300 GPS watch, reverse engineered it in order to upload his own custom firmware.

The first step was to sniff the serial traffic between the PC and the microcontroller when upgrading firmware to understand the protocol and commands used. [Renaud] then opened the watch, figured out what the different test points and components were. He used his buspirate with OpenOCD to extract the existing STM32F103 firmware. The firmware helped him find the proper value to store in a dedicated register for the boot loader to start.

By looking at the disassembly code he also found the SPI LCD initialization sequence and discovered that it uses a controller similar to the ST7571. He finally compiled his own program which uses the u8glib graphics library. Follow us after the break for the demonstration video.

Comments

  1. gravatarnonsense says:

    There is no s in firmware.

    • Shannon says:

      No, but there is a ‘s’ in ‘firmwares’. You see, in the English language we often add an ‘s’ to the end of a noun when we want to indicate there are more than one of a thing.
      Basically Renaud has managed to open up this watch to upload any of many firmwares.

      • huub8 says:

        Yes, but there is no possibility to upload more then one firmware to this device, so its still either inproper English, factually incorrect, or this device can be used to upload custom firmware to other devices (unlikely).

        • Shannon says:

          It is possible to upload more than one firmware. Not all at once perhaps, but I don’t think that’s relevant. I have a plate that can be loaded with many custom dinners, but not all at once.

      • Dai Pole says:

        Incorrect. Firmware is a mass noun like software, hardware, water, and Lego. You can upload firmware programs to the device, but not firmwares.

        No wonder the English language is going down the toilet when people can’t even be bothered to open a dictionary before they correct others.

        • dodddummy says:

          If you insist on being such a bad word and comment on grammar rather that the hack, you might want to think a bit about ‘water’. Waters is perfectly valid and firmwares in this context is similar to waters. At the very least you should look for a replacement for water in future corrections.

          I suppose you’d also criticize the hack because it’s using the watch in a manner not intended.

          • dodddummy says:

            Interestingly enough, scrabblefinder.com gives a definition for firmwares and claims it’s a Scrabble word.

            http://www.scrabblefinder.com/word/firmwares/

          • Dai Pole says:

            I don’t need to think about anything of the kind. My usage of water was correct. Firmwares is not similar in context to waters at all as waters is not a pluralisation of the word water. Try an actual dictionary rather than rely on a Scrabble website for you English knowledge.

            You can assume anything you like. Doesn’t make you right.

        • Shannon says:

          Firmware is mass noun, but it is also a countable noun. Hence I can say that I loaded a firmware onto a device, and I can load firmwares onto a device.
          In my understanding firmware becomes the mass noun when we’re talking about the concept which is what you’re using when you say ‘firmware programs’.

    • Mithrandir says:

      Ouch.

    • Occam49 says:

      Don’t be such a tight-ass

  2. Howard says:

    Ignoring any possible grammar issues, I tip my hat to Renaud for a fine hack.

    • Indyaner says:

      Geez, I’ve read the News post as well and took a closer look to his video and pinout sheet and was amazed by the effort that went into it… I then scrolled down, to hope for some additional discussion… nope, just someone having a grammatical complain. Dang you HaD Comments. Chris Gammel was right…

  3. HL King says:

    I’m not sure “firmware” is considered a mass noun any more than is “operating system.” Pluralization of a mass noun is used to signify differences, to make clear that there are distinctions. I have in front of me several U.S. coins of varying denominations, a Canadian quarter, a Deutsche mark, and an Australian 20-cent piece. Can I combines these monies to pay for a pint at my local pub? I have two firmwares installed on my Sansa Clip MP3 player. The stock firmware is rather limited, so I often boot into Rockbox which allows greater control over the device. I have two operating systems installed on my desktop. It boots into Linux and runs XP as a virtual machine.

    • Blue Footed Booby says:

      Yeah, I don’t know if this sort of nonsense is an engineer thing (I only see people get this wrapped around the axle on grammar here and on other similar sites) or what, but actual linguists understand that communication is the paramount goal of language. Even children understand that it’s alright to occasionally fudge the rules to allow them to succinctly make a distinction that would otherwise either take sentences, or at the very least require more time to compose than the content is actually worth. Being imperfect writers in other respects doesn’t somehow make these sorts of liberties unacceptable.

      Most of all, if you’re going to write a giant wall of text on grammar while totally ignoring the topic at hand, you had better be completely and objectively correct, and have accounted for all regional differences.

    • We could’ve asked Ascher Opler’s opinion but he died 2-years after inventing this American-English noun in his article “Fourth-Generation Software” in Datamation Jan-67.

    • A Reader who sometimes posts says:

      GNU Linux, not LINUX

  4. jaromirs says:

    Now this is what I call hack!

    • eanao says:

      Very neat.
      I wish he’d show how it operated before the mod though. I checked out the decathlon website and all but didn’t find any clear “what it looked like before and after” comparison material. A list of new features he’s unlocked/added is the sort of thing I’m after.

      I have an older garmin forerunner and for the same money these days you get way less features. Watches capable of lat long read out or entering way points now cost far more. I’m sure their cheaper models are still capable with the right firmware.
      The day it dies I’ll see what I can sniff out.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,369 other followers