pickit3

2 Articles

An image showing a water cooler PCB on the desk, with probes and jumper wires connected to it.

Taking Water Cooler UX Into Your Own Hands With Ghidra

January 2, 2022 by 12 Comments

Readers not aware of what Ghidra is might imagine some kind of aftermarket water cooler firmware or mainboard – a usual hacker practice with reflow ovens. What [Robbe Derks] did is no less impressive and inspiring:  A water cooler firmware mod that adds hands-free water dispensing, without requiring any hardware mods or writing an alternative firmware from scratch.

Having disassembled the cooler, [Robbe] found a PIC18F6527 on the mainboard, and surprisingly, it didn’t have firmware readback protection. Even lack of a PICkit didn’t stop him – he just used an Arduino to dump the firmware, with the dumper code shared for us to reuse, and the resulting dumps available in the same repository.

From there, he involved Ghidra to disassemble the code, while documenting the process in a way we can all learn from, and showing off the nifty tricks Ghidra has up its sleeves. Careful planning had to be done to decide which functions to hook and when, where to locate all the extra logic so that there’s no undesirable interference between it and the main firmware, and an extra step taken to decompile the freshly-patched binary to verify that it looks workable before actually flashing the cooler with it.

The end result is a water cooler that works exactly as it ought to have worked, perhaps, if the people defining its user interaction principles were allowed to make it complex enough. We could argue whether this should have been a stock function at all, but either way, it is nice to know that we the hackers still have some of the power to make our appliances friendly — even when they don’t come with an OS. Certainly, every single one of us can think of an appliance long overdue for a usability boost like this. What are your examples?

We’ve covered quite a few Ghidra-involving hacks, but it never feels like we’ve had enough. What about patching an air quality meter to use Fahrenheit? Or another highly educational write-up on cracking GBA games? Perhaps, liberating a Linux-powered 4G router to reconfigure it beyond vendor-defined boundaries? If you have your own goal in mind and are looking to start your firmware reverse-engineering journey, we can say with certainty that you can’t go wrong with our HackadayU course on Ghidra.

MCP2200 USB To Serial Chip Hacked To Do Your Bidding

January 18, 2011 by 24 Comments

Mircrochip has a new USB to Serial converter available called the MCP2200. [Sjaak] suspected that it may have been made from an existing 20-pin PIC and found that reading the device signature with the PICKIT3 shows that the chip is an 18F14K50. Most likely this is running Microchip’s USB stack but it’s hard to tell because chip is code-protected, reading back all zeros. So he set out to write some replacement firmware which would provide the same functionality and give you access to the rest of the chip’s features.

There were some speed bumps along the way. The first one is that Microchip’s licensing for their USB stack won’t allow you to open source your firmware. That’s okay, it seems there is already a USB stack that can be ported which doesn’t have this restriction. The second wrinkle in the plan is that [Sjaak’s] code doesn’t come with a VID/PID pair that you can use like V-USB does for AVR chips. But that doesn’t diminish the accomplishment of getting the device to work by echoing back characters it receives. Full USB to serial support with the replacement firmware is on the way.

[Thanks Chris]