Repair And Reverse-Engineering Of Nespresso Vertuo Next Coffee Machines

January 21, 2026 by Maya Posch 37 Comments

Well there’s your problem. (Credit: Mark Funeaux, YouTube)

Akin to the razor-and-blades model, capsule-based coffee machines are an endless grind of overpriced pods and cheaply made machines that you’re supposed to throw out and buy a new one of, just so that you don’t waste all the proprietary pods you still have at home. What this also means is a seemingly endless supply of free broken capsule coffee makers that might be repairable. This is roughly how [Mark Furneaux] got into the habit of obtaining various Nespresso VertuoLine machines for attempted repairs.

The VirtuoLine machines feature the capsule with a bar code printed on the bottom of the lip, requiring the capsule to be spun around so that it can be read by the optical reader. Upon successful reading, the code is passed to the MCU after which the brewing process is either commenced or cruelly halted if the code fails. Two of the Vertuo Next machines that [Mark] got had such capsule reading errors, leading to a full teardown of the first after the scanner board turned out to work fine.

Long story short and many hours of scrubbed footage later, one machine was apparently missing the lens assembly on top of the photo diode and IR LED, while the other simply had these lenses gunked up with spilled coffee. Of course, getting to this lens assembly still required a full machine teardown, making cleaning it an arduous task.

Unfortunately the machine that had the missing lens assembly turned out to have another fault which even after hours of debugging remained elusive, but at least there was one working coffee machine afterwards to make a cup of joe to make [Mark] feel slightly better about his life choices. As for why the lens assembly was missing, it’s quite possible that someone else tried to repair the original fault, didn’t find it, and reassembled the machine without the lens before passing the problem on to the next victim.

Continue reading “Repair And Reverse-Engineering Of Nespresso Vertuo Next Coffee Machines” →

Hacking The Krups Cook4Me Smart Cooking Pot For Doom

January 13, 2026 by Maya Posch 7 Comments

With more and more kitchen utilities gaining touch screens and capable microcontrollers it’d be inconceivable that they do not get put to other uses as well. To this end [Aaron Christophel] is back with another briefly Doom-less device in the form of the Krups Cook4Me pressure cooking pot with its rather sizeable touch screen and proclaimed smarts in addition to WiFi and an associated smartphone app.

Inside is an ESP32 module for the WiFi side, with the brains of the whole operation being a Renesas R7S721031VC SoC with a single 400 MHz Cortex-A9. This is backed by 128 MB of Flash and 128 MB of RAM. The lower touch interface is handled by a separate Microchip PIC MCU to apparently enable for low standby power usage until woken up by touch.

The developers were nice enough to make it easy to dump the firmware on the SoC via SWD, allowing for convenient reverse-engineering and porting of Doom. With the touch screen used as the human input device it was actually quite playable, and considering the fairly beefy SoC, Doom runs like a dream. Sadly, due to the rarity of this device, [Aaron] is not releasing project files for it.

As for why a simple cooking pot needs all of this hardware, the answer is probably along the lines of ‘because we can’.

Continue reading “Hacking The Krups Cook4Me Smart Cooking Pot For Doom“ →

The Intel 8087 And Conditional Microcode Tests

January 11, 2026 by Maya Posch 19 Comments

Continuing his reverse-engineering of the Intel 8087, [Ken Shirriff] covers the conditional tests that are implemented in the microcode of this floating point processing unit (FPU). This microcode contains the details on how to perform the many types of specialized instructions, like cos and arctan, all of which decode into many microcode ops. These micro ops are executed by the microcode engine, which [Ken] will cover in more detail in an upcoming article, but which is effectively its own CPU.

Conditional instructions are implemented in hardware, integrating the states of various functional blocks across the die, ranging from the instruction decoder to a register. Here, the evaluation is performed as close as possible to the source of said parameter to save on wiring.

Implementing this circuitry are multiplexers, with an example shown in the top die shot image. Depending on the local conditions, any of four pass transistors is energized, passing through that input. Not shown in the die shot image are the inverters or buffers that are required with the use of pass transistors to amplify the signal, since pass transistors do not provide that feature.

Despite how firmly obsolete the 8087 is today, it still provides an amazing learning opportunity for anyone interested in ASIC design, which is why it’s so great that [Ken] and his fellow reverse-engineering enthusiasts keep plugging away at recovering all this knowledge.

Reverse-Engineering The Tamagotchi IR Connection

January 10, 2026 by Maya Posch 7 Comments

The Tamagotchi Connection is a series of Tamagotchi toys that took the original portable pet concept and mixed things up with a wireless connection, which allowed you to interact with the pets of other proud Tamagotchi owners. This wireless connection is implemented using an infrared transceiver, somewhat like IrDA, but as [Zach Resmer] discovered while reverse-engineering this connection, it’s actually what is called ‘Nearly NEC’ by [Natalie Silvanovich], who has a GitHub repository full of related Tamagotchi hacking tools and ROM dumps.

With the protocol figured out, creating a transceiver for low-bitrate infrared communication isn’t particularly hard. In this case, it was implemented using an RP2040 MCU and an appropriate IR LED and receiver pair. This Tamagometer project was also implemented as an app for the Flipper Zero, and a custom PCB called the Pico TamaBadge by [Daniel Weidman].

There’s a web application associated with [Zach]’s project using a Web Serial-enabled browser (i.e. Chrome). The serial protocol is somewhat documented in the patent for the device’s connection feature, which makes it relatively easy to implement yourself.

The Issue With Wii U Gamepads And How To Clone Them

January 8, 2026 by Maya Posch 12 Comments

The Wii U running Mario Kart with the Gamepad duplicating the main screen. (Credit: MattKC, YouTube)

How hard would it be to clone the Wii U gamepad, the quirky controller with its unique embedded screen? This is the question that [MattKC] faced as he noticed the complete lack of Wii U gamepad replacements from either Nintendo or third-parties, leading him down the rabbit hole of answering said question.

Although unloved and even despised in compared to the Nintendo Wii, the Wii U was a solid system in its own right. One of its interesting additions was the gamepad controller, whose screen games used for features like a private screen during multiplayer and 3DS-like map screens. Its main weakness is however that the Wii U gamepad was considered an irreplaceable part of the console, which is obviously not fun if your gamepad breaks and your console along with it.

The Wii U console and gamepad communicate via 5 GHz 802.11n WiFi, but in order to deter other parties from simply hopping onto the access point, Nintendo slightly obfuscated this WiFi standard. Specifically the WPA authentication was modified by a byte swap in the PTK, rendering every existing WiFi stack incompatible with the Wii U.

Continue reading “The Issue With Wii U Gamepads And How To Clone Them” →

Ken Shirriff working on the Commodore PET

This 8-Bit Commodore PET Was Hard To Fix

January 6, 2026 by John Elliot V 13 Comments

Over on [Ken Shirriff]’s blog is a tricky Commodore PET repair: tracking down 6 1/2 bad chips. WARNING: contains 8-bit assembly code.

The Trinity of 1977 which started the personal computer revolution were the Apple II, the Commodore PET, and the TRS-80. In this project it’s a failing Commodore PET which is being restored.

Continue reading “This 8-Bit Commodore PET Was Hard To Fix” →

39C3: Recreating Sandstorm

December 29, 2025 by Elliot Williams 8 Comments

Some synthesizer sounds are just catchy, but some of them are genre-defining. We think you could make that case for the Roland JP-8000 patch “Sandstorm”, which you’ve heard if you listened to any trance from the 90’s, but especially the song that was named after it.

“Sandstorm” is powered by the Roland Supersaw, and synth nerds have argued for a decade about how it’s made. The JP-8000 is a digital synthesizer, though, so it’s just code, run through custom DSP chips. If you could reverse engineer these chips, make a virtual machine, and send them the right program, you could get the sound 100% right. Think MAME but for synthesizers.

That brings us to [giulioz]’s talk at the 39th Chaos Communication Congress, where he dives deep into the custom DSP chip at the heart of the JP-8000. He and his crew had approached older digital synths by decapping and mapping out the logic, as you often do in video game emulation. Here, getting the connections right turned out to be simply too daunting, so he found a simpler device that had a test mode that, combined with knowledge of the chip architecture, helped him to figure out the undocumented DSP chip’s instruction set.

After essentially recreating the datasheet from first principles for a custom chip, [guiloz] and team could finally answer the burning question: “how does the Supersaw work”? The horrifying answer, after all this effort, is that it’s exactly what you’d expect — seven sawtooth waves, slightly detuned, and layered over each other. Just what it sounds like.

The real end result is an emulation that’s every bit (tee-hee!) as good as the original, because it’s been checked out on a logic analyzer. But the real fun is the voyage. Go give the talk a watch.