Microcontrollers

2276 Articles

Using An MCU’s Own Debug Peripheral To Defeat Bootrom Protection

September 10, 2025 by 2 Comments
The patient hooked up for some reverse-engineering. (Credit: Caralynx, Twitter)
The patient hooked up for some reverse-engineering. (Credit: Caralynx, Twitter)

Released in July of 2025, the Tamagotchi Paradise may look somewhat like the late 90s toy that terrorized parents and teachers alike for years, but it’s significantly more complex and powerful hardware-wise. This has led many to dig into its ARM Cortex-M3-powered guts, including [Yukai Li] who recently tripped over a hidden section in the bootrom of the dual-core Sonix SNC73410 MCU that makes up most of the smarts inside this new Tamagotchi toy.

Interestingly, [Yukai] did see that the visible part of the bootrom image calls into the addresses that make up the hidden part right in the reset handler, which suggests that after reset this hidden bootrom section is accessible, just not when trying to read it via e.g. SWD as the hiding occurs before the SWD interface becomes active. This led [Yukai] to look at a way to make this ROM section not hidden by using the Cortex-M3’s standard Flash Patch and Breakpoint (FPB) unit. This approach is covered in the project’s source file.

With this code running, the FPB successfully unset the responsible ROM hide bit in the OSC_CTRL register, allowing the full bootrom to be dumped via SWD and thus defeating this copy protection with relatively little effort.

Heading image: PCB and other components of a torn-down Tamagotchi Paradise. (Credit: Tamagotchi Center)

Bare Metal STM32: The Various Real Time Clock Flavors

September 10, 2025 by 8 Comments

Keeping track of time is essential, even for microcontrollers, which is why a real-time clock (RTC) peripheral is a common feature in MCUs. In the case of the STM32 family there are three varieties of RTC peripherals, with the newest two creatively called ‘RTC2′ and RTC3’, to contrast them from the very basic and barebones RTC that debuted with the STM32F1 series.

Commonly experienced in the ubiquitous and often cloned STM32F103 MCU, this ‘RTC1’ features little more than a basic 32-bit counter alongside an alarm feature and a collection of battery-backed registers that requires you to do all of the heavy lifting of time and date keeping yourself. This is quite a contrast with the two rather similar successor RTC peripherals, which seem to insist on doing everything possible themselves – except offer you that basic counter – including giving you a full-blown calendar and today’s time with consideration for 12/24 hour format, DST and much more.

With such a wide gulf between RTC1 and its successors, this raises the question of how to best approach these from a low-level perspective.

Continue reading “Bare Metal STM32: The Various Real Time Clock Flavors”

Electronic Wizard in his lab wearing his wizards hat

How To Use The AT24C32 EEPROM For 4KB External Memory For Microcontrollers

September 8, 2025 by 27 Comments

Over on YouTube [Electronic Wizard] explains how to use the AT24C32 EEPROM for external memory for microcontrollers.

He begins by explaining that you don’t want to try modifying your microcontroller flash memory for storing settings, you want to use a separate EEPROM for that. Sometimes your microcontroller will have EEPROM memory attached, but you might still find yourself needing to attach more. The AT24C32 EEPROM is a 4KB non-volatile memory chip. It’s available in various 8-pin packages and two voltage levels, either 2.7 to 5.5 volts or 1.8 to 5.5 volts, and it’s programmed using the I2C protocol.

Continue reading “How To Use The AT24C32 EEPROM For 4KB External Memory For Microcontrollers”

A hand holding a One ROM with a Commodore 64 in the background

One ROM: The Latest Incarnation Of The Software Defined ROM

September 3, 2025 by 25 Comments

Retrocomputers need ROMs, but they’re just so read only. Enter the latest incarnation of [Piers]’s One ROM to rule them all, now built with a RP2350, because the newest version is 5V capable. This can replace the failing ROMs in your old Commodore gear with this sweet design on a two-layer PCB, using a cheap microcontroller.

[Piers] wanted to use the RP2350 from the beginning but there simply wasn’t space on the board for the 23 level shifters which would have been required. But now that the A4 stepping adds 5 V tolerance [Piers] has been able to reformulate his design.

The C64 in the demo has three different ROMs: the basic ROM, kernel ROM, and character ROM. A single One ROM can emulate all three. The firmware is performance critical, it needs to convert requests on the address pins to results on the data bus just as fast as it can and [Piers] employs a number of tricks to meet these requirements.

The PCB layout for the RP2350 required extensive changes from the larger STM32 in the previous version. Because the RP2350 uses large power and ground pads underneath the IC this area, which was originally used to drop vias to the other side of the board, was no longer available for signal routing. And of course [Piers] is constrained by the size of the board needing to fit in the original form factor used by the C64.

The One ROM code is available over on GitHub, and the accompanying video from [Piers] is an interesting look into the design process and how tradeoffs and compromises and hacks are made in order to meet functional requirements.

Continue reading “One ROM: The Latest Incarnation Of The Software Defined ROM”

A photo of an RPi and a note about the first lecture.

The Latest Projects From Cornell’s ECE 4760/5730

August 30, 2025 by 13 Comments

ECE 4760/5730 is the Digital Systems Design Using Microcontrollers course at Cornell University taught by [Hunter Adams]. The list of projects for spring this year includes forty write-ups — if you haven’t got time to read the whole lot you can pick a random project between 1 and 40 with: shuf -i 1-40 -n 1 and let the cards fall where they may. Or if you’re made of time you could spend a few days watching the full playlist of 119 projects, embedded below.

We won’t pick favorites from this semester’s list of projects, but having skimmed through the forty reports we can tell you that the creativity and acumen of the students really shines through. If the name [Hunter Adams] looks familiar that might be because we’ve featured his work here on Hackaday before. Earlier this year we saw his Love Letter To Embedded Systems.

While on the subject, [Hunter] also wanted us to know that he has updated his lectures, which are here: Raspberry Pi Pico Lectures 2025. Particularly these have expanded to include a bunch of Pico W content (making Bluetooth servers, connecting to WiFi, UDP communication, etc.), and some fun lower-level stuff (the RP2040 boot sequence, how to write a bootloader), and some interesting algorithms (FFT’s, physics modeling, etc.).

Continue reading “The Latest Projects From Cornell’s ECE 4760/5730”

RP2040 Assembly Language Mix And Match

August 24, 2025 by 8 Comments

[David] is building a project with an OLED, a keyboard, and an RP2040. He’s perfected a scanning routine in C to work with the keyboard, but he still had some places he wanted to use even lower-level instructions. That was as good an excuse as any to experiment with inline assembly language inside the C program.

The goal was to grab the keyboard’s input and stick it into a memory address register so the data at that address could be shown on the display. However, there was a complication because memory access of this type has to be word-aligned.

Sure, you could mask the low bits of the address, do the read, and then set an index to pick the specific byte, but assembly is easy, and it is good to know how to put it in your code, anyway.

Continue reading “RP2040 Assembly Language Mix And Match”

ESP32 bus pirate

ESP32 Sets Sail As A Modern Bus Pirate Powerhouse

August 24, 2025 by 5 Comments

Bus Pirate is nearly a household name in the hardware hacking world. The first version came out way back in 2008, and there have been several revisions since then. You can buy pre-built Bus Pirate devices, but there’s also the option now to build our own. The ESP32 Bus Pirate project has everything you need to turn an ESP32 device into a protocol sniffing/decoding powerhouse—all on a board you may have sitting around from another project.

There are a ton of solutions when it comes to talking to different buses —I2C, UART, JTAG, you name it, there’s a purpose-built device for it. Over a decade ago, Dangerous Prototypes released the Bus Pirate, offering a Swiss Army knife of a tool to interface with this ever-expanding list of communications standards. The ESP32 Bus Pirate project is open-source firmware for ESP32s that gives them the ability to be the multi-tool that lets us communicate with a long list of protocols.

It supports a wide variety of devices, from the straightforward ESP32 S3 Dev Kit available from a long list of suppliers to the more specialized M5 Cardputer equipped with its own keyboard. The original Bus Pirate required plugging the board into a PC to use it; with this being ESP32-based, that’s no longer a limitation. So long as you can supply power to the ESP32, you can connect and control it via WiFi and a web browser. In addition to the Bus Pirate protocols, the project allows us to directly control the pins on the ESP32 board, should you want to do more with it besides interfacing with one of the supported protocols. Be sure to check out some of our other articles about Bus Pirate, as it’s been a fantastic tool for the hacker community over the years.