Reverse Engineering

305 Articles

Inside A Compact Intel 3000 W Water-Cooled Power Supply

February 22, 2026 by 2 Comments

Recently [ElecrArc240] got his paws on an Intel-branded 3 kW power supply that apparently had been designed as a reference PSU for servers. At 3 kW in such a compact package air cooling would be rather challenging, so it has a big water block sandwiched between the two beefy PCBs. In the full teardown and analysis video of the PSU we can see the many design decisions made to optimize efficiency and minimize losses to hit its 80 Plus Platinum rating.

For the power input you’d obviously need to provide it with 240 VAC at sufficient amps, which get converted into 12 VDC at a maximum of 250 A. This also highlights why 48 VDC is becoming more common in server applications, as the same amount of power would take only 62.5 A at that higher voltage.

The reverse-engineered schematic shows it using an interleaved totem-pole PFC design with 600 V-rated TI LMG3422 600V GaN FETs in the power stages. After the PFC section we find a phase-shifted full bridge rectifier with OnSemi’s SiC UF3C065030K4S Power N-Channel JFETs.

There were a few oddities in the design, such as the Kelvin source of the SiC JFET being tied into the source, which renders that feature useless. Sadly the performance of the PSU was not characterized before it was torn apart which might have provided some clues here.

Continue reading “Inside A Compact Intel 3000 W Water-Cooled Power Supply”

How The Intel 8087 FPU Knows Which Instructions To Execute

February 21, 2026 by 1 Comment

An interesting detail about the Intel 8087 floating point processor (FPU) is that it’s a co-processor that shares a bus with the 8086 or 8088 CPU and system memory, which means that somehow both the CPU and FPU need to know which instructions are intended for the FPU. Key to this are eight so-called ESCAPE opcodes that are assigned to the co-processor, as explained in a recent article by [Ken Shirriff].

The 8087 thus waits to see whether it sees these opcodes, but since it doesn’t have access to the CPU’s registers, sharing data has to occur via system memory. The address for this is calculated by the CPU and read from by the CPU, with this address registered by the FPU and stores for later use in its BIU register. From there the instruction can be fully decoded and executed.

This decoding is mostly done by the microcode engine, with conditional instructions like cos featuring circuitry that sprawls all over the IC. Explained in the article is how the microcode engine even knows how to begin this decoding process, considering the complexity of these instructions. The biggest limitation at the time was that even a 2 kB ROM was already quite large, which resulted in the 8087 using only 22 microcode entry points, using a combination of logic gates and PLAs to fully implement the entire ROM.

Only some instructions are directly implemented in hardware at the bus interface (BIU), which means that a lot depends on this microcode engine and the ROM for things to work half-way efficiently. This need to solve problems like e.g. fetching constants resulted in a similarly complex-but-transistor-saving approach for such cases.

Even if the 8087 architecture is convoluted and the ISA not well-regarded today, you absolutely have to respect the sheer engineering skills and out-of-the-box thinking of the 8087 project’s engineers.

HD On A VHS Tape? How Did They Do It?

February 20, 2026 by 7 Comments

There was a period from the 1970s to the mid-2000s or so when a fixture underneath the family TV set was a VHS videocassette recorder. These were a masterpiece of cramming a color video signal into the restricted bandwidth of an affordable 1970s helical-scan tape deck, which was achieved by clever use of frequency shifting and FM carrier modulation. Very few of us will have had the ultimate iteration of the VHS format though, W-VHS, which managed the same trick but with HD video. But how? [Superchromat] is here with the answer.

W-VHS used a frequency modulated carrier, but instead of splitting luminance and chrominance in the frequency domain like its VHS ancestor, it did so in the time domain in the same way as some 1980s satellite TV standards did. Each line first contained the color information, then the brightness. Thus it sacrificed some color resolution and a little horizontal image resolution, but kept a much higher vertical image resolution. In the video below the break we go into significant detail about the compromises required to pull this off, and if you watch it through you’ll learn something about magnetic tape recording as well as FM.

The W-VHS standard is largely forgotten now as a last hurrah for the format, but it’s still in the sights of the VHS Decode project. The work in this video is helping them retrieve the highest quality images from these tapes, by capturing the raw RF from the heads and using DSP techniques to decode them.

Continue reading “HD On A VHS Tape? How Did They Do It?”

Poking At The ESP32-P4 And -C6 Dies In An ESP32-P4-M3 Module

February 19, 2026 by 7 Comments
The RF section of the ESP32-C6 die. (Credit: electronupdate, YouTube)
The RF section of the ESP32-C6 die. (Credit: electronupdate, YouTube)

With the ESP32-P4 not having any wireless functionality and instead focusing on being a small SoC, it makes sense to combine it with a second chip that handles features like WiFi and Bluetooth. This makes the Guition ESP32-P4-M3 module both a pretty good example of how the P4 will be used, and an excellent opportunity to tear into, decap and shoot photos of the dies of both the P4 and the ESP32-C6 in this particular module, courtesy of [electronupdate]. There also the blog post for those who just want to ogle the shinies.

After popping the metal shield on the module, you can see the contents as in the above photo. The P4 inside is a variant with 32 MB of PSRAM integrated along with the SoC die. This results in a die shot both of this PSRAM and the P4 die, though enough of the top metal seems to remain to clearly see the latter.

The Boya brand Flash chip is quite standard inside, and along with a glance at the inside of one of the crystal oscillators we get to glance at the inside of the C6 MCU. This is a much more simple chip than the P4, with the RF section quite obvious. The total die sizes are 2.7 x 2.7 mm for the C6 and 4.29 x 3.66 mm for the P4.

Continue reading “Poking At The ESP32-P4 And -C6 Dies In An ESP32-P4-M3 Module”

A marketing image of a Dash educational robot is shown. It is made of a triangle pyramid of four plastic spheres. Two of the base spheres house wheels, and the top sphere houses a speaker, lights, and sensors.

Reverse Engineering A Dash Robot With Ghidra

February 14, 2026 by No comments

One of the joys of browsing secondhand shops is the possibility of finding old, perhaps restorable or hackable, electronics at low prices. Admittedly, they usually seem to be old flat-screen TVs, cheap speakers, and Blu-ray players, but sometimes you find something like the Dash, an educational toy robot. When [Jonathan] came across one of these, he decided to use it as a turtle robot. However, he found the available Python libraries insufficient, and improving on them required some reverse-engineering.

Continue reading “Reverse Engineering A Dash Robot With Ghidra”

Vintage Canadian Video Hardware Becomes Homebrew Computer

February 14, 2026 by 7 Comments

Are you in the mood for a retrocomputing deep dive into the Scriptovision Super Micro Script? It was a Canadian-made vintage video titler from the 80s, and [Cameron Kaiser] has written up a journey of repair and reverse-engineering for it. But his work is far more than just a refurbish job; [Cameron] transforms the device into something not unlike 8-bit homebrew computers of the era, able to upload and run custom programs with a limited blister keypad for input, and displaying output on a composite video monitor.

Continue reading “Vintage Canadian Video Hardware Becomes Homebrew Computer”

Inside Raiders Of The Lost Ark (Atari Style)

February 13, 2026 by 5 Comments

It’s a bit ironic that an Atari 2600 game based on Raiders of the Lost Ark — a movie about archaeology — is now the subject of its own archaeological expedition as [Dennis Debro] and [Halkun] spent time reverse-engineering the game. Luckily, they shared their findings, so you can enjoy it the same way you can visit a king’s tomb without having to discover it and dig for it. If you don’t remember the game, you might enjoy the demo from [Speedy Walkthroughs] in the video below.

If you are only used to modern software, you might think this is little more than someone dumping the program code and commenting it. However, on these old, limited systems, you have to really understand the actual architecture because there are so many things you have to manage that are specific to the hardware.

For example, the game has two 4K ROM banks that use a strange switching mechanism. The entire game is built around the NTSC television signal. Everything is oriented toward generating the 60 Hz frame rate. Game logic runs during the vertical blanking and over-scan sections to prevent strange visible artifacts due to software running.

This is a fascinating look inside game coding as it existed around 1982. Of course, you can also run everything using emulation. Usually, our reverse engineering is more hardware-related. But we do love these old games, too.

Continue reading “Inside Raiders Of The Lost Ark (Atari Style)”