This bricked Eee PC came to [Janzo] for about $50. Everything was fine with it, except for the failed bios update that rendered it useless to the last owner. [Janzo] set to work with an Arduino on a quest to repair the bios. He looked up the datasheet for the EEPROM that stores the bios and did some delicate soldering to gain access to the power and data pins on the device. A bit of trial and error and he was able to read the registers. Some comparisons between the output file and the official Eee PC bios file in a HEX editor confirmed that the first 80 bytes were fine but after that something went wrong. After coding a quick Python script [Janzo] reflashed the chip and had the computer up and running again.
We’ve seen Eee PC bios recovery before. This is a very simple method because it makes use of the simplicity we find in the Arduino. Nice job.
The Flash_Destroyer finally succeeded in rewriting that EEPROM until its demise. When we originally looked at the device it had already recorded 2.5 million successful rewrites. The first appearance of corrupt data occurred at 11,494,069 but that doesn’t tell the whole story. The chip kept working for another 200,000 rewrites before finally showing repeated data corruption.
We do find the writeup pretty interesting. There’s one thing that we can’t stop coming back to though. In the discussion of our original article [Tiago] pointed out that long-term data retention isn’t being tested here. If the abuse of that EEPROM had ended after say five million rewrites, would it have been able to hold the data long-term without corruption? Let us know what you think in the comments.
There’s a loaded gun but its got only one bullet. Spin the cylinder, point at head, and pull the trigger. The game’s not over until the bullet is used and a player is done. This game’s got a twist though, the cylinder has at least one million chambers.
The Flash_Destroyer is testing the limits of EEPROM rewrites. It fills that little eight-pin chip with data, then verifies what has written. When it finds and error the game is over. The chip is rated for one million rewrites but while we were writing this it was already well over two and quarter million. We usually prefer to be creators and not destroyers with our hacks but there’s something delightful about running this chip into the ground. See the startup of this device after the break and click through the link above to see a streaming feed of the progress.
Continue reading “Russian Roulette… for EEPROM”
[Yuppicide] sent us a link to a photo album of an Atari 2600 modified to play ROMs stored inside. We did some digging around and have an idea of what’s going on. It seems that the creator, [Victor] has taken his Atari 2600 cartridge emulator one step further.
Previously, he had replaced the chip in an Atari cartridge with an EEPROM that he could reprogram via a ribbon cable. This new iteration places that EEPROM inside the case of the gaming console along with a PIC development board. The PIC board interfaces an SD card with somewhere around 1200 ROMs on it. Three switches added to the front of the Atari allow the user to cycle through available games and flash the desired title to the EEPROM. As you can see, a 2×16 LCD display now resides in the cartridge opening.
This seems a little more eloquent (and less legal) than the Super Genintari.
Hacking with Gum got their hands on one of the persistence of vision display fans that Cenzic was giving away at Blackhat this year. It’s not the biggest fan-based POV display we’ve seen but it’s still a fun device to tinker with. They hacked into the EEPROM on the device in order to change the message the fan displayed.
This is very similar to the other EEPROM reading/writing we’ve seen recently. Hacking with Gum read the data off of the EEPROM and then disassembled it to discover how the message data is stored on the chip. This was made easier by noting the messages displayed when the fan is running. The first byte of data shows the number of words in the message, then each chunk of word data is preceded by one byte that represents the number of letters in that work. Data length was calculated based on the number of pixels in each display character. Once he knew the data-storage scheme, it was just a matter of formatting his own messages in the same way and overwriting the chip.
This is a great write-up if you’re looking for a primer on reverse engineering an unknown hardware system. If you had fun trying out our barcode challenges perhaps deciphering EEPROM data from a simple device should be your next quest.
Did you forget your hardware-based password and now you’re locked out? If it’s an IBM ThinkPad you may be in luck but it involves a bit more than just removing the backup battery. SoDoItYourself has an article detailing the retrieval of password data from an EEPROM.
The process is a fun one. Disassemble your laptop. Build a serial interface and solder it to the EEPROM chip where the password is stored. Connect this interface to a second computer and use it to dump the data into a file. Download a special program to decipher the dump file and dig through the hex code looking for something that resembles the password. Reassemble your laptop and hope that it worked.
We know that most people won’t be in a position to need a ThinkPad administrator password, but there must be other situations in which reading data off of an EEPROM comes in handy. What have you used this method for?
It started with a simple need: keep tabs on SparkFun Electronics’ in-house kegerator so the beer won’t run out at inopportune times. But of course SparkFun and “simple need” make strange bedfellows…throw beer in the mix, and you know this can’t end well. The result, as you might imagine, reads like a who’s-who of electronics hackery buzzwords.
Arduino? Check. Custom PCB? Check. Web interface? Check. Twitter feed? Check.
They’ve assembled a nice build tutorial on how this all went together, including code, example circuits, an explanation of some of the sensors used, and links to other tutorials for such things as Twittering and persistent storage in EEPROM using Arduino. Not to mention the eye candy: a custom Arduino shield (solder mask and all), custom acrylic tap handle, custom SparkFun pint glasses. They never do anything halfway, do they?