[Nick] over at Gadget Gangster has a new version of his prototyping hardware for Propeller microcontrollers, called the Propeller Platform USB. A little more than a year ago we looked at the last version which was larger, used a DIP processor, and came unassembled. The new version does come assembled because of the migration to surface mount components (which may take some of the fun out of it if you just love soldering kits). This not only reduces the board footprint, but makes room for more goodies. As the name implies, there’s now a mini-USB socket with a USB to UART bridge, a microSD card slot as been added, and the onboard EEPROM has been doubled. This is a nice hardware upgrade but the price has been upgraded by $25 as well. No worries, it’s open source so you can roll your own if you have the parts on hand.
I took a little time to look into porting code written for AVR in order to run it on the MSP430 architecture. It’s easier than you think, being mostly small differences like an extra step to enable pull-up resistors. But there is a lot to be learned in order to transition away from using EEPROM.
Since the TI chips don’t have EEPROM you need to use the Info Flash, a topic which I detail in the article linked at the top. This flash memory must be erased before writing because a write operation can only change high bits to low, not the other way around. And an erase operation clears an entire 64 kB segment, not just the bytes you want to write to. It’s different but manageable.
Oh, and if you were wondering, I ported the code I wrote for the garage door coded entry project.
This bricked Eee PC came to [Janzo] for about $50. Everything was fine with it, except for the failed bios update that rendered it useless to the last owner. [Janzo] set to work with an Arduino on a quest to repair the bios. He looked up the datasheet for the EEPROM that stores the bios and did some delicate soldering to gain access to the power and data pins on the device. A bit of trial and error and he was able to read the registers. Some comparisons between the output file and the official Eee PC bios file in a HEX editor confirmed that the first 80 bytes were fine but after that something went wrong. After coding a quick Python script [Janzo] reflashed the chip and had the computer up and running again.
We’ve seen Eee PC bios recovery before. This is a very simple method because it makes use of the simplicity we find in the Arduino. Nice job.
The Flash_Destroyer finally succeeded in rewriting that EEPROM until its demise. When we originally looked at the device it had already recorded 2.5 million successful rewrites. The first appearance of corrupt data occurred at 11,494,069 but that doesn’t tell the whole story. The chip kept working for another 200,000 rewrites before finally showing repeated data corruption.
We do find the writeup pretty interesting. There’s one thing that we can’t stop coming back to though. In the discussion of our original article [Tiago] pointed out that long-term data retention isn’t being tested here. If the abuse of that EEPROM had ended after say five million rewrites, would it have been able to hold the data long-term without corruption? Let us know what you think in the comments.
There’s a loaded gun but its got only one bullet. Spin the cylinder, point at head, and pull the trigger. The game’s not over until the bullet is used and a player is done. This game’s got a twist though, the cylinder has at least one million chambers.
The Flash_Destroyer is testing the limits of EEPROM rewrites. It fills that little eight-pin chip with data, then verifies what has written. When it finds and error the game is over. The chip is rated for one million rewrites but while we were writing this it was already well over two and quarter million. We usually prefer to be creators and not destroyers with our hacks but there’s something delightful about running this chip into the ground. See the startup of this device after the break and click through the link above to see a streaming feed of the progress.
Continue reading “Russian Roulette… for EEPROM”
[Yuppicide] sent us a link to a photo album of an Atari 2600 modified to play ROMs stored inside. We did some digging around and have an idea of what’s going on. It seems that the creator, [Victor] has taken his Atari 2600 cartridge emulator one step further.
Previously, he had replaced the chip in an Atari cartridge with an EEPROM that he could reprogram via a ribbon cable. This new iteration places that EEPROM inside the case of the gaming console along with a PIC development board. The PIC board interfaces an SD card with somewhere around 1200 ROMs on it. Three switches added to the front of the Atari allow the user to cycle through available games and flash the desired title to the EEPROM. As you can see, a 2×16 LCD display now resides in the cartridge opening.
This seems a little more eloquent (and less legal) than the Super Genintari.
Hacking with Gum got their hands on one of the persistence of vision display fans that Cenzic was giving away at Blackhat this year. It’s not the biggest fan-based POV display we’ve seen but it’s still a fun device to tinker with. They hacked into the EEPROM on the device in order to change the message the fan displayed.
This is very similar to the other EEPROM reading/writing we’ve seen recently. Hacking with Gum read the data off of the EEPROM and then disassembled it to discover how the message data is stored on the chip. This was made easier by noting the messages displayed when the fan is running. The first byte of data shows the number of words in the message, then each chunk of word data is preceded by one byte that represents the number of letters in that work. Data length was calculated based on the number of pixels in each display character. Once he knew the data-storage scheme, it was just a matter of formatting his own messages in the same way and overwriting the chip.
This is a great write-up if you’re looking for a primer on reverse engineering an unknown hardware system. If you had fun trying out our barcode challenges perhaps deciphering EEPROM data from a simple device should be your next quest.