Tamagotchi Hacking, In Depth

In this strangely fascinating talk, you can follow along as [Natalie Silvanovich] reverse engineers some Tamagotchi. Even if you have no interest whatsoever in digital pets, you’ll probably pick up a trick or two by listening to how she went about taking over the toy. She can now push her own images to the screen, and evolve her Tamagotchi at will.

Listening to her story you might be able to pick up a few tricks as she takes almost every angle possible. She uncovers the black blobs, she attempts to socially engineer her way into datasheets, decaps chips, she dumps and breaks down code. It is also worth noting that, in the beginning, internet electronics enthusiasts were adamant that it just had a PIC processor inside and they were wrong. Having an internet full of experts is a wonderful thing, except when it isn’t.

Then again, having that internet full of experts might be her savior in the end, she’s missing a piece of software and asking if anyone has it available.

26 thoughts on “Tamagotchi Hacking, In Depth

  1. I love how there’s a lot of armchair hackers… ooops, morons that insist that every microcontroller based device out there uses an AVR, PIC or more recently, ARM. It’s like those morons can’t conceptualize the idea that a 6502, or any other architecture for that matter, can actually be a microcontroller core.

      1. Don’t know what generation number I’m in, but circa early 90’s I grew up desoldering IC’s from matrix printers, vcr’s and anything with a hint of digital to salvage whatever looked like a controller or RAM/EEPROM. Then off to the library with a list of numbers to photocopy the specs from the dead tree catalogues. Most of us (we had a club) were programming without knowing the controller family – the serial numbers were often variations with long suffixes.

    1. Isn’t that where everyone hacks from? Their armchair.

      My pet peeve is EE types that don’t know much about OS design, network integration or much anything bigger than a microcontroller yet claim they know all about computers, servers, and networks. It’s like a dentist deciding he is an expert on knee replacement surgery.

  2. In the talk she mentions that there are high resolution die photographs on her blog. I could not find any at http://www.kwartzlab.ca/author/natalies/ . Any pointers?

    Other than suspected in the talk, the mask version of the chip still has the test interface present: The datasheet lists a test input pin and in the memory layout, there is a “test program area” and a “test interrupt vector”! I would guess that toggling that pin (or holding+reset) will execute a test program.

    The only challenge might be that the test pin is not accessible on the pcb or it might not be bonded to the pcb (high resolution photographs!). It you are lucky, the epoxy removal process could leave the chips working tough!

    1. The highest resolution that I could find is uploaded to Travis Goodspeed’s flickr account (assuming they’re the person that graciously decapped the chip). You can see it here: http://www.flickr.com/photos/travisgoodspeed/5713302509/ (go to Original Size; It’s 5684 x 5715px)

      Wish the pictures were a better, but it gives an better idea of the IC at least.. I’d like to decap them on my own but I have neither the nitric acid nor the necessary microscope.. Being able to “dump” the mask ROM right from the chip itself would be a dream.

      -returns to hours of looking at datasheets and trying to find FortisIDE and everything else Tamagotchi-hacking related..-

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.