Using An MCU’s Own Debug Peripheral To Defeat Bootrom Protection

September 10, 2025 by 2 Comments
The patient hooked up for some reverse-engineering. (Credit: Caralynx, Twitter)
The patient hooked up for some reverse-engineering. (Credit: Caralynx, Twitter)

Released in July of 2025, the Tamagotchi Paradise may look somewhat like the late 90s toy that terrorized parents and teachers alike for years, but it’s significantly more complex and powerful hardware-wise. This has led many to dig into its ARM Cortex-M3-powered guts, including [Yukai Li] who recently tripped over a hidden section in the bootrom of the dual-core Sonix SNC73410 MCU that makes up most of the smarts inside this new Tamagotchi toy.

Interestingly, [Yukai] did see that the visible part of the bootrom image calls into the addresses that make up the hidden part right in the reset handler, which suggests that after reset this hidden bootrom section is accessible, just not when trying to read it via e.g. SWD as the hiding occurs before the SWD interface becomes active. This led [Yukai] to look at a way to make this ROM section not hidden by using the Cortex-M3’s standard Flash Patch and Breakpoint (FPB) unit. This approach is covered in the project’s source file.

With this code running, the FPB successfully unset the responsible ROM hide bit in the OSC_CTRL register, allowing the full bootrom to be dumped via SWD and thus defeating this copy protection with relatively little effort.

Heading image: PCB and other components of a torn-down Tamagotchi Paradise. (Credit: Tamagotchi Center)

The weaving is on the left, a microphoto of the chip die is on the right.

The 555 As You’ve Never Seen It: In Textile!

September 10, 2025 by 12 Comments

The Diné (aka Navajo) people have been using their weaving as trade goods at least since European contact, and probably long before. They’ve never shied from adopting innovation: churro sheep from the Spanish in the 17th century, aniline dies in the 19th, and in the 20th and 21st… integrated circuits? At least one Navajo Weaver, [Marilou Schultz] thinks they’re a good match for the traditional geometric forms. Her latest creation is a woven depiction of the venerable 555 timer.

“Popular Chip” by Marilou Schultz. Photo courtesy of First American Art Magazine, via righto.com

This isn’t the first time [Marilou] has turned an IC into a Navajo rug; she’s been weaving chip rugs since 1994– including a Pentium rug commissioned by Intel that hangs in USA’s National Gallery of Art–but it’s somehow flown below the Hackaday radar until now. The closest thing we’ve seen on these pages was a beaded bracelet embedding a QR code, inspired by traditional Native American forms.

That’s why we’re so thankful to [VivCocoa] for the tip. It’s a wild and wonderful world out there, and we can’t cover all of it without you. Are there any other fusions of tradition and high-tech we’ve been missing out on? Send us a tip.

FLOSS Weekly Episode 846: Mastering Embedded Linux Programming

September 10, 2025 by 2 Comments

This week Jonathan and Dan chat with Frank Vasquez and Chris Simmonds about Embedded Linux, and the 4th edition of the Mastering Embedded Linux Programming book. How has this space changed in the last 20 years, and what’s the latest in Embedded Linux?

Continue reading “FLOSS Weekly Episode 846: Mastering Embedded Linux Programming”

Everything In A Linux Terminal

September 10, 2025 by 49 Comments

Here at Hackaday Central, we fancy that we know a little something about Linux. But if you’d tasked us to run any GUI program inside a Linux terminal, we’d have said that wasn’t possible. But, it turns out, you should have asked [mmulet] who put together term.everything.

You might be thinking that of course, you can launch a GUI program from a terminal. Sure. That’s not what this is. Instead, it hijacks the Wayland protocol and renders the graphics as text. Or, if your terminal supports it, as an image. Performance is probably not your goal if you want to do this. As the old saying goes, “It’s not that the dog can sing well; it’s that the dog can sing at all.”

If, like us, you are more interested in how it works, there’s a write up explaining the nuances of the Wayland protocol. The article points out that Wayland doesn’t actually care what you do with the graphical output. In particular, “… you could print out the graphics and give them to a league of crochet grandmas to individually tie together every single pixel into the afghan of legend!” We expect to see this tested at an upcoming hacker conference. Maybe even Supercon.

We generally don’t like Wayland very much. We use a lot of hacks like xdotool and autokey that Wayland doesn’t like. We also think people didn’t understand X11’s network abilities until it was too late. If you think of it as only a video card driver, then you get what you deserve. But we have to admit, we are humbled by term.everything.

Bare Metal STM32: The Various Real Time Clock Flavors

September 10, 2025 by 8 Comments

Keeping track of time is essential, even for microcontrollers, which is why a real-time clock (RTC) peripheral is a common feature in MCUs. In the case of the STM32 family there are three varieties of RTC peripherals, with the newest two creatively called ‘RTC2′ and RTC3’, to contrast them from the very basic and barebones RTC that debuted with the STM32F1 series.

Commonly experienced in the ubiquitous and often cloned STM32F103 MCU, this ‘RTC1’ features little more than a basic 32-bit counter alongside an alarm feature and a collection of battery-backed registers that requires you to do all of the heavy lifting of time and date keeping yourself. This is quite a contrast with the two rather similar successor RTC peripherals, which seem to insist on doing everything possible themselves – except offer you that basic counter – including giving you a full-blown calendar and today’s time with consideration for 12/24 hour format, DST and much more.

With such a wide gulf between RTC1 and its successors, this raises the question of how to best approach these from a low-level perspective.

Continue reading “Bare Metal STM32: The Various Real Time Clock Flavors”

Rackintosh Plus Is The Form Factor Nobody Has Been Waiting For

September 10, 2025 by 20 Comments

For all its friendly countenance and award-winning industrial design, there’s one thing the venerable Macintosh Plus can’t do: fit into a 1U rack space. OK, if we’re being honest with ourselves, there are a lot of things a Mac from 1986 can’t do, but the rack space is what [identity4] was focused on when they built the 2025 Rackintosh Plus.

Some folks may have been fooled by this ad to think this was an actual product.

For those of you already sharpening your pitchforks, worry not: [identity4]’s beloved vintage Mac was not disassembled for this project. This rack mount has instead become the home for a spare logic board they had acquired Why? They wanted to use a classic Mac in their studio, and for any more equipment to fit the space, it needed to go into the existing racks. It’s more practical than the motivation we see for a lot of hacks; it’s almost surprising it hasn’t happened before. (We’ve seen Mac Minis in racks, but not the classic hardware.)

Aside from the genuine Apple logic board, the thin rack also contains a BlueSCSI hard drive emulator, a Floppy Emu for SD-card floppy emulator, an RGB-to-HDMI converter to allow System 7 to shine on modern monitors, and of course a Mean Well power supply to keep everything running.The Floppy Emu required a little light surgery to move the screen so it would fit inside the low-profile rack. [identity4] also broke out the keyboard and mouse connectors to the front of the rack, but all other connectors stayed on the logic board at the rear.

Sound is handled by a single 8-ohm speaker that lives inside the rack mount, because even if the Rackintosh can now fit into a 1U space, it still can’t do stereo sound…or anything else a Macintosh Plus with 4 MB of RAM couldn’t do. Still, it’s a lovely hack. and the vintage-style advertisement was an excellent touch.

Now they just need the right monochrome display.

A Look At Not An Android Emulator

September 10, 2025 by 14 Comments

Recently, Linux has been rising in desktop popularity in no small part to the work on WINE and Proton. But for some, the year of the Linux desktop is not enough, and the goal is now for the year of the Linux phone. To that end, an Android Linux translation layer called Android Translation Layer (we never said developers were good at naming) has emerged for those running Linux on their phones.

Android Translation Layer (ATL) is still in very early days, and likely as not, remains unpackaged on your distro of choice. Fortunately, a workaround is running an Alpine Linux container with graphics pass through via a tool like Distrobox or Toolbox. Because of the Alpine derived mobile distribution postmarketOS, ATL is packaged in the Alpine repos.

In many ways, running Android apps on Linux is much easier then Windows apps. Because Android apps are architecture independent, hardware emulation is unnecessary. With such similar kernels, on paper at least, Android software should run with minimal effort on Linux. Most of what ATL provides is a Linux/Android hardware abstraction layer glue to ensure Android system calls make their way to the Linux kernel.

Of course, there is a lot more to running Android apps, and the team is working to implement the countless Android system APIs in ATL. For now, older Android apps such as Angry Birds have the best support. Much like WINE, ATL will likely devolve into a game of wack-a-mole where developers implement fresh translation code as new APIs emerge and app updates break. Still, WINE is a wildly successful project, and we hope to see ATL grow likewise!

If you want to get your Android phone to talk to Linux, make sure to check out this hack next!