bus pirate

60 Articles

Swapping The ROMs In Mini Arcade Cabinets

December 6, 2019 by 10 Comments

You’ve probably seen a few of these miniature arcade games online or in big box retailers: for $20 USD or so you get scaled-down version of a classic arcade cabinet, perfect for a desk toy or to throw up on a shelf as part of your gaming collection. Like any good Hackaday reader, you were probably curious about what makes them tick. Thanks to [wrongbaud], we don’t have to wonder anymore.

Over the course of several blog posts, [wrongbaud] walks readers through the hardware and software used in a few of these miniature games. For example, the Rampage cabinet is using a so-called “NES on a Chip” along with a SPI flash chip to hold the ROM, while Mortal Kombat is using a Genesis emulation solution and parallel flash. It wouldn’t be interesting if they didn’t throw you a few curves now and again, right?

But these are more than simple teardowns. Once [wrongbaud] gives an overview of the hardware, the next step is reading the respective flash storage and trying to make sense of the dumped data. These sort of games generally reuse the hardware among a number of titles, so by isolating where the game ROM is and replacing it, they can be made to play other games without hardware modification. Here, this capability is demonstrated by replacing the ROM data for Rampage with Yoshi’s Cookie. Naturally it’s one of those things that’s easier said than done, but it’s an interesting proof of concept.

The Mortal Kombat cabinet is a newer addition to the collection, so [wrongbaud] hasn’t progressed quite as far with that one. The parallel flash chip has been dumped with the help of an ESP32 and a MCP23017 I/O expander, and some Genesis ROM headers are identifiable in the data, but there’s still some sifting to be done before the firmware structure can be fully understood.

Even if you’re not in the market for a diminutive arcade experience, the information that [wrongbaud] has collected here is really phenomenal. From understanding protocols such as I2C and SPI to navigating firmware dumps with a hex editor, these posts are an invaluable resource for anyone looking to get started with reverse engineering.

Hands-On: GreatFET Is An Embedded Tool That Does It All

July 2, 2019 by 43 Comments

There’s a new embedded hacking tool on the scene that gives you an interactive Python interface for a speedy chip on a board with oodles of GPIO, the ability to masquerade as different USB devices, and a legacy of tricks up its sleeve. This is the GreatFET, the successor to the much loved GoodFET.

I first heard this board was close to launch almost a year ago and asked for an early look. When shipping began at the end of April, they sent me one. Let’s dig in for a hands-on review of the GreatFET from Great Scott Gadgets.

Continue reading “Hands-On: GreatFET Is An Embedded Tool That Does It All”

Hacking Your Way To A Custom TV Boot Screen

December 7, 2018 by 44 Comments

More and more companies are offering ways for customers to personalize their products, realizing that the increase in production cost will be more than made up for by the additional sales you’ll net by offering a bespoke product. It’s great for us as consumers, but unfortunately we’ve still got a ways to go before this attitude permeates all corners of the industry.

[Keegan Ryan] recently purchased a TV and wanted to replace its stock boot screen logo with something of his own concoction, but sadly the set offered no official way to make this happen. So naturally he decided to crack the thing open and do it the hard way The resulting write-up is a fascinating step by step account of the trials and tribulations that ultimately got him his coveted custom boot screen, and just might be enough to get you to take a screw driver to your own flat panel at home.

The TV [Keegan] brought was from a brand called SCEPTRE, but as a security researcher for NCC Group he thought it would be a fun spin to change the boot splash to say SPECTRE in honor of the infamous x86 microarchitecture attack. Practically speaking it meant just changing around two letters, but [Keegan] would still need to figure out where the image is stored, how it’s stored, and write a modified version to the TV without letting the magic smoke escape. Luckily the TV wasn’t a “smart” model, so he figured there wouldn’t be much in the way of security to keep him from poking around.

He starts by taking the TV apart and studying the main PCB. After identifying the principle components, he deduces where the device’s firmware must be stored: an 8 MB SPI flash chip from Macronix. He connects a logic analyzer up to the chip, and sure enough sees that the first few kilobytes are being read on startup. Confident in his assessment, he uses his hot air rework station to lift the chip off the board so that he can dive into its contents.

With the help of the trusty Bus Pirate, [Keegan] is able to pull the chip’s contents and verify its integrity by reading a few human-readable strings from it. Using the binwalk tool he’s able to identify a JPEG image within the firmware file, and by feeding its offset to dd, pull it out so he can view it. As hoped, it’s the full screen SCEPTRE logo. A few minutes in GIMP, and he’s ready to merge the modified image with the firmware and write it back to the chip.

He boots the TV back up and finds…nothing changed. A check of the datasheet for the SPI flash chip shows there are some protection bits used to prevent modifying particular regions of the chip. So after some modifications to the Bus Pirate script and another write, he boots the TV and hopes for the best. Finally he sees the object of his affection pop up on the big screen, a subtle change that reminds him every time the TV starts about the power of reverse engineering.

Bus Pirate Commandeers I2C

February 7, 2017 by 19 Comments

The Bus Pirate is one of our favorite tool for quick-and-dirty debugging in the microcontroller world. Essentially it makes it easy to communicate with a wide variety of different chips via a serial terminal regardless of the type of bus that the microcontroller uses. Although it was intended as a time-saving prototyping device, there are a lot of real-world applications where a Bus Pirate can be employed full-time, as [Scott] shows us with his Bus Pirate data logger.

[Scott] needed to constantly measure temperature, and the parts he had on hand included an LM75A breakout board that has a temperature sensor on board. These boards communicate with I2C, so it was relatively straightforward to gather data from the serial terminal. From there, [Scott] uses a Python script to automate the process of gathering the data. The process he uses to set everything up using a Raspberry Pi is available on the project site, including the code that he used in the project.

[Scott] has already used this device for a variety of different projects around his house and it has already proven incredibly useful. If you don’t already have a Bus Pirate lying around there are a few other ways to gather temperature data, but if you have an extra one around or you were thinking about purchasing one, then [Scott]’s project is a great illustration of the versatility of this device.

Hack Mobile With A Bus Pirate GUI For Your Phone

January 30, 2016 by 6 Comments

You need to get an SPI bus on something right now, but you left your laptop at home. No problems, because you’ve got your Bus Pirate and cellphone in your pocket. And a USB OTG cable, because you’re going to need one of those. And some probes. And maybe a soldering iron for tacking magnet wire onto those really small traces. And maybe a good magnifying glass. And…

OK, our fantasy of stepping away from the party for a quick JTAG debugging session is absurd, but what’s not at all absurd is the idea of driving your Bus Pirate from a nice GUI app on your Android phone. [James Newton] wrote DroidScriptBusPirate so that he wouldn’t have to hassle with the Bus Pirate’s nested single-character menu system, and could easily save complete scripts to do common jobs from pleasant menus on his phone.

The setup depends on downloading DroidScript, a free Javascript and HTML5 IDE, and then pasting and saving [James]’ code. He’s written up full instructions to help you with the install. It’s not so hard, and once you’re done you’ll be ready to drive the Pirate from the comfort of your phone.

In fact, now that we think of it, we’re missing a Bus Pirate GUI for our desktop as well. Whenever we have complex tasks, we end up scripting something in Python, but there ought to be something more user-friendly. Anyone know of a good GUI solution?

Embed With Elliot: I2C Bus Scanning

June 25, 2015 by 15 Comments

A lot of great ICs use I2C to communicate, but debugging a non-working I2C setup can be opaque, especially if you’re just getting started with the protocol/bus. An I2C bus scanner can be a helpful first step in debugging an I2C system. Are all the devices that I think should be present actually there and responding? Do they all work at the bus speed that I’m trying to run? If you’ve got an Arduino or Bus Pirate sitting around, you’re only seconds away from scanning your I2C bus, and answering these questions.

Continue reading “Embed With Elliot: I2C Bus Scanning”

Caption CERN Contest – Not Your Father’s POV Display

May 21, 2015 by 15 Comments

Accidents happen – but the awesome quotes you all sent in for Week 15 of the Caption CERN Contest were no accident. A huge thank you for our biggest week yet! The scientists in this week’s image are definitely cleaning up after some type of nasty accident. At first blush it looks like an electrical problem in the coils of what appears to be part of a beam line. With all that soot and radiation dangers to boot, only the photographer and the people in the image know for sure!

The Funnies:

  • “This is the second server these idiots have fried! What the hell’s a Hulu, and why are they trying to watch Gilligan’s Island with it?” Thanks to some unplanned quantum tunneling, Berners-Lee was even further ahead of his time than he thought” – [The Green Gentleman] (Two weeks in a row!)
  • “I found the bug. Who gets to tell Joe he’s sterile?”- [jonsmirl]
  • “‘I told the Captain that she couldn’t take any more’ – Scotty” – [md_reeves]

The winner for this week is [Mr. mmWave] himself, [Tony Long] with “Hardware Accelerator moto – Fail Fast, Fail Often. Also applies to Accelerator Hardware.” [Tony] will be debugging his next microwave mm band ham radio with a Logic Pirate From The Hackaday Store! Congratulations [Tony]!

Week 16: This is not your father’s POV Display!

cern-16-smScientists at CERN have come up with some amazing science advancements. They’ve also needed ways to display the data they collect. This image may depict some incredible new way to display data collected from a high power physics experiment – or it could be a scientist’s project for the CERN science fair. We may never know.

The album is titled CHAMBRE A ETINCELLES DANS EXPO TECHNOL, which roughly translates to “Sparks in the technology expo room”. The lines traveling between the three horizontal display devices definitely appear to be aligned. Are they sparks of electricity? You tell us!

buspirate2Last week’s prize was a Logic Pirate. This week we’re giving away a Bus Pirate from The Hackaday Store.

Add your humorous caption as a comment to this project log. Make sure you’re commenting on this contest log, not on the contest itself.

As always, if you actually have information about the image or the people in it, let CERN know on the original image discussion page.

Good Luck!