Generator Control Panel Unlocked With Reverse Engineering Heroics

Scoring an interesting bit of old gear on the second-hand market is always a bit of a thrill — right up to the point where you realize the previous owner set some kind of security code on it. Then it becomes a whole big thing to figure out, to the point of blunting the dopamine hit you got from the original purchase.

Fear not, though, because there’s dopamine aplenty if you can copy what [Buy it Fix it] did to decode the PIN on a used generator control panel. The panel appears to be from a marine generator, and while it powered up fine, the menu used to change the generator’s configuration options is locked by a four-digit PIN. The manufacturer will reset it, but that requires sending it back and paying a fee, probably considerable given the industrial nature of the gear.

Instead of paying up, [Buy it Fix it] decided to look for a memory chip that might store the PIN. He identified a likely suspect, a 24LC08B 8-Kb serial EEPROM, and popped it off to read its contents. Nothing was immediately obvious, but blanking the chip and reinstalling it cleared the PIN, so he at least knew it was stored on the chip. Many rounds of soldering and desoldering the chip followed, blanking out small sections of memory each time until the PIN was located. The video below edits out a lot of the rework, but gives the overall gist of the hack.

To be honest, we’re not sure if the amount of work [Buy it Fix it] put into this was less than taking a couple of hours to punch in PINs and brute-force it. Then again, if he hadn’t done the reverse engineering he wouldn’t have stumbled upon where the generator parameters like running time and power figures were stored. And it’s not really his style, either; we’ve seen him perform similar heroics on everything from tractors to solar inverters, after all.

11 thoughts on “Generator Control Panel Unlocked With Reverse Engineering Heroics

  1. This is a neat write up.
    The panel is an older unit made by Deep Sea Electronics in the UK (pre-2012, by the looks of it). They’re incredibly helpful when I’ve had tech support questions on some units I own.
    This issue aside; they’re one of the Good Guys of modern hardware.

  2. It would’ve taken a lot longer to brute force it than what he did. This was a nice glimpse at how things are stored in EEPROM on various devices. Working out where the metrics were stored on the EEPROM was a nice ,interesting little extra.
    He did another good one not so long ago, also featured on HAD, where he pulled his tractor control panel to pieces, dumped the EEPROM and sent the contents to a guy in Australia so he could get his own tractor fixed.
    These things may seem quite simple to some people but they are the prime definition of a “hack”. Kudos to BuyItFixIt. I know I certainly learnt a few things from that video, and others on his channel.

    1. If the button contacts are easily accessible, the brute forcing could be automated using a cheap USB relay board. With about 10 seconds per PIN using that slow input method, it would take about 30 hours.

      1. But he didn’t brute force it. He did a binary diff of two different EEPROM dumps to locate the code.
        Admittedly, the first time he wiped the EEPROM completely and managed to wipe the code that way, but that would’ve permanently knackered any calibration settings that were stored.

    1. Was just about to post the same sentiment.
      Although for the life of me, I still can’t figure out why Youtube thinks I’m also interested in model railways, Australian drain unblocking and Phil Collins and continually recommends them no matter how many times I click on the ‘not interested’ thingy.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.