Update: Flash_Destroyer Final Destroys EEPROM

June 14, 2010 by Mike Szczys 17 Comments

The Flash_Destroyer finally succeeded in rewriting that EEPROM until its demise. When we originally looked at the device it had already recorded 2.5 million successful rewrites. The first appearance of corrupt data occurred at 11,494,069 but that doesn’t tell the whole story. The chip kept working for another 200,000 rewrites before finally showing repeated data corruption.

We do find the writeup pretty interesting. There’s one thing that we can’t stop coming back to though. In the discussion of our original article [Tiago] pointed out that long-term data retention isn’t being tested here. If the abuse of that EEPROM had ended after say five million rewrites, would it have been able to hold the data long-term without corruption? Let us know what you think in the comments.

[Thanks Drone377]

Russian Roulette… For EEPROM

May 28, 2010 by Mike Szczys 38 Comments

There’s a loaded gun but its got only one bullet. Spin the cylinder, point at head, and pull the trigger. The game’s not over until the bullet is used and a player is done. This game’s got a twist though, the cylinder has at least one million chambers.

The Flash_Destroyer is testing the limits of EEPROM rewrites. It fills that little eight-pin chip with data, then verifies what has written. When it finds and error the game is over. The chip is rated for one million rewrites but while we were writing this it was already well over two and quarter million. We usually prefer to be creators and not destroyers with our hacks but there’s something delightful about running this chip into the ground. See the startup of this device after the break and click through the link above to see a streaming feed of the progress.

Continue reading “Russian Roulette… For EEPROM” →

2600 Game Jukebox

December 16, 2009 by Mike Szczys 22 Comments

[Yuppicide] sent us a link to a photo album of an Atari 2600 modified to play ROMs stored inside. We did some digging around and have an idea of what’s going on. It seems that the creator, [Victor] has taken his Atari 2600 cartridge emulator one step further.

Previously, he had replaced the chip in an Atari cartridge with an EEPROM that he could reprogram via a ribbon cable. This new iteration places that EEPROM inside the case of the gaming console along with a PIC development board. The PIC board interfaces an SD card with somewhere around 1200 ROMs on it. Three switches added to the front of the Atari allow the user to cycle through available games and flash the desired title to the EEPROM. As you can see, a 2×16 LCD display now resides in the cartridge opening.

This seems a little more eloquent (and less legal) than the Super Genintari.

POV Fan EEPROM Hack

October 9, 2009 by Mike Szczys 4 Comments

pov_fan_eeprom_hacking

Hacking with Gum got their hands on one of the persistence of vision display fans that Cenzic was giving away at Blackhat this year. It’s not the biggest fan-based POV display we’ve seen but it’s still a fun device to tinker with. They hacked into the EEPROM on the device in order to change the message the fan displayed.

This is very similar to the other EEPROM reading/writing we’ve seen recently. Hacking with Gum read the data off of the EEPROM and then disassembled it to discover how the message data is stored on the chip. This was made easier by noting the messages displayed when the fan is running. The first byte of data shows the number of words in the message, then each chunk of word data is preceded by one byte that represents the number of letters in that work. Data length was calculated based on the number of pixels in each display character. Once he knew the data-storage scheme, it was just a matter of formatting his own messages in the same way and overwriting the chip.

This is a great write-up if you’re looking for a primer on reverse engineering an unknown hardware system. If you had fun trying out our barcode challenges perhaps deciphering EEPROM data from a simple device should be your next quest.

[Thanks James]

Steal The Administrator Password From An EEPROM

September 24, 2009 by Mike Szczys 43 Comments

locating_atmel

Did you forget your hardware-based password and now you’re locked out? If it’s an IBM ThinkPad you may be in luck but it involves a bit more than just removing the backup battery. SoDoItYourself has an article detailing the retrieval of password data from an EEPROM.

The process is a fun one. Disassemble your laptop. Build a serial interface and solder it to the EEPROM chip where the password is stored. Connect this interface to a second computer and use it to dump the data into a file. Download a special program to decipher the dump file and dig through the hex code looking for something that resembles the password. Reassemble your laptop and hope that it worked.

We know that most people won’t be in a position to need a ThinkPad administrator password, but there must be other situations in which reading data off of an EEPROM comes in handy. What have you used this method for?

SparkFun Kegerator Goes To Eleven

September 10, 2009 by Phil Burgess 19 Comments

It started with a simple need: keep tabs on SparkFun Electronics’ in-house kegerator so the beer won’t run out at inopportune times. But of course SparkFun and “simple need” make strange bedfellows…throw beer in the mix, and you know this can’t end well. The result, as you might imagine, reads like a who’s-who of electronics hackery buzzwords.

Arduino? Check. Custom PCB? Check. Web interface? Check. Twitter feed? Check.

They’ve assembled a nice build tutorial on how this all went together, including code, example circuits, an explanation of some of the sensors used, and links to other tutorials for such things as Twittering and persistent storage in EEPROM using Arduino. Not to mention the eye candy: a custom Arduino shield (solder mask and all), custom acrylic tap handle, custom SparkFun pint glasses. They never do anything halfway, do they?

Parts: SPI EEPROM (25AA/25LC)

June 30, 2009 by Ian 11 Comments

3EEPROM-SPI

Microchip’s 25AA/25LC EEPROMs are data storage chips with a simple 3-wire interface. The 25AA/LC is an SPI version of the common 24AA/LC I2C EEPROM. It comes in capacities of 128bytes to 128kilobytes. We looked at the smallest, the 128byte 25AA010A.

There are Bus Pirate demonstrations for most types of serial EEPROMs. Check out our previous 1-wire (DS2431) and I2C (24LC1025) EEPROM posts.

Continue below to see our test circuit and a demonstration of the 25AA010 EEPROM. We used the Bus Pirate to play with this chip from our PC. For a limited time you can get your own Bus Pirate, fully assembled and shipped worldwide, for only $30.

Continue reading “Parts: SPI EEPROM (25AA/25LC)” →