A Toothbrush Hacked, In Three Parts

It’s official, we’re living in the future. Certainly that’s the only explanation for how [wrongbaud] was able to write a three-part series of posts on hacking a cheap electric toothbrush off of AliExpress.

As you might have guessed, this isn’t exactly a hack out of necessity. With a flair for explaining hardware hacking, [wrongbaud] has put this together as a practical “brush-up” (get it?) on the tools and concepts involved in reverse engineering. In this case, the Raspberry Pi is used as a sort of hardware hacking multi-tool, which should make it relatively easy to follow along.

Modified image data on the SPI flash chip.

The first post in the series goes over getting the Pi up and running, which includes setting up OpenOCD. From there, [wrongbaud] actually cracks the toothbrush open and starts identifying interesting components, which pretty quickly leads to the discovery of a debug serial port. The next step is harassing the SPI flash chip on the board to extract its contents. As the toothbrush has a high-res color display (of course it does), it turns out this chip holds the images which indicate the various modes of operation. He’s eventually able to determine how the images are stored, inject new graphics data, and write it back to the chip.

Being able to display the Wrencher logo on our toothbrush would already be a win in our book, but [wrongbaud] isn’t done yet. For the last series in the post, he shows how to extract the actual firmware from the microcontroller using OpenOCD. This includes how to analyze the image, modify it, and eventually flash the new version back to the hardware — using that debug port discovered earlier to confirm the patched code is running as expected.

If you like his work with a toothbrush, you’ll love seeing what [wrongbaud] can do with an SSD or even an Xbox controller.

Hackaday Links Column Banner

Hackaday Links: March 16, 2025

“The brickings will continue until the printer sales improve!” This whole printer-bricking thing seems to be getting out of hand with the news this week that a firmware update caused certain HP printers to go into permanent paper-saver mode. The update was sent to LaserJet MFP M232-M237 models (opens printer menu; checks print queue name; “Phew!) on March 4, and was listed as covering a few “general improvements and bug fixes,” none of which seem very critical. Still, some users reported not being able to print at all after the update, with an error message suggesting printing was being blocked thanks to non-OEM toner. This sounds somewhat similar to the bricked Brother printers we reported on last week (third paragraph).

Continue reading “Hackaday Links: March 16, 2025”

Hackaday Links Column Banner

Hackaday Links: March 9, 2025

It’s been a busy week in space news, and very little of it was good. We’ll start with the one winner of the week, Firefly’s Blue Ghost Mission 1, which landed successfully on the Moon’s surface on March 2. The lander is part of NASA’s Commercial Lunar Payload Services program and carries ten scientific payloads, including a GPS/GNSS receiver that successfully tracked signals from Earth-orbiting satellites. All of the scientific payloads have completed their missions, which is good because the lander isn’t designed to withstand the long, cold lunar night only a few days away. The landing makes Firefly the first commercial outfit to successfully soft-land something on the Moon, and being the first at anything is always a big deal.

Continue reading “Hackaday Links: March 9, 2025”

Supercon 2024: Joshua Wise Hacks The Bambu X1 Carbon

Bambu Labs have been in the news lately. Not because of the machines themselves, but because they are proposing a firmware change that many in our community find restricts their freedom to use their own devices.

What can be done? [Joshua Wise] gave a standout talk on the Design Lab stage at the 2024 Hackaday Superconference where he told the tale of his custom firmware for the Bambu X1 Carbon. He wasn’t alone here; the X1 Plus tale involves a community of hackers working on opening up the printer, but it’s also a tale that hasn’t ended yet. Bambu is striking back. Continue reading “Supercon 2024: Joshua Wise Hacks The Bambu X1 Carbon”

Custom Firmware Adds Capabilities To Handie Talkie

Although ham radio can be an engaging, rewarding hobby, it does have a certain reputation for being popular among those who would fit in well at gated Florida communities where the preferred mode of transportation is the golf cart. For radio manufacturers this can be a boon, as this group tends to have a lot of money and not demand many new features in their technology. But for those of us who skew a bit younger, there are a few radios with custom firmware available that can add a lot of extra capabilities.

The new firmware is developed by [NicSure] for the Tidradio TD-H3 and TD-H8 models and also includes a browser-based utility for flashing it to the radio without having to install any other utilities. Once installed, users of these handheld radios will get extras like an improved S-meter and detection and display of CTCSS tones for repeater usage. There’s also a programmer available that allows the radio’s memory channels to be programmed easily from a computer and a remote terminal of sorts that allows the radio to be operated from the computer.

One of the latest firmware upgrades also includes a feature called Ultra Graph which is a live display of the activity on a selected frequency viewable on a computer screen. With a radio like this and its upgraded firmware, a lot of the capabilities of radios that sell for hundreds of dollars more can be used on a much more inexpensive handheld. All of this is possible thanks to an on-board USB-C interface which is another feature surprisingly resisted by other manufacturers even just for charging the batteries.

Continue reading “Custom Firmware Adds Capabilities To Handie Talkie”

Hackaday Links Column Banner

Hackaday Links: December 22, 2024

Early Monday morning, while many of us will be putting the finishing touches — or just beginning, ahem — on our Christmas preparations, solar scientists will hold their collective breath as they wait for word from the Parker Solar Probe’s record-setting passage through the sun’s atmosphere. The probe, which has been in a highly elliptical solar orbit since its 2018 launch, has been getting occasional gravitational nudges by close encounters with Venus. This has moved the perihelion ever closer to the sun’s surface, and on Monday morning it will make its closest approach yet, a mere 6.1 million kilometers from the roiling photosphere. That will put it inside the corona, the sun’s extremely energetic atmosphere, which we normally only see during total eclipses. Traveling at almost 700,000 kilometers per hour, it won’t be there very long, and it’ll be doing everything it needs to do autonomously since the high-energy plasma of the corona and the eight-light-minute distance makes remote control impossible. It’ll be a few days before communications are re-established and the data downloaded, which will make a nice present for the solar science community to unwrap.

Continue reading “Hackaday Links: December 22, 2024”

Unexpectedly Interesting Payphone Gives Up Its Secrets

Reverse engineering a payphone doesn’t sound like a very interesting project, at least in the United States, where payphones were little more than ruggedized versions of residential phones with a coin mechanism attached. Phones in other parts of the world were far more interesting, though, as this look at the mysteries of a payphone from Israel reveals (in Hebrew; English translation here.)

This is a project [Inbar Raz] worked on quite a while ago, but only got around to writing up recently. The payphone in question was sourced from the usual surplus market channels, and appears to have been removed from service by Israeli telecommunications company Bezeq only shortly before he found it. It was in pretty good shape, and was even still locked tight, making some amateur locksmithing the first order of the day. The internals of the phone are surprisingly complex, with a motherboard that looks more like something from a PC. Date codes on the chips and through-hole construction date the device to the early- to mid-1990s.

With physical access gained, [Inbar] turned to the firmware. An Atmel flash chip seemed a good place to look, and indeed he was able to pull code off the chip. That’s where things took a turn thanks to the CPU the code was written for — the CDP1806, a later version of the more popular but still fringe CDP1802. This required [Inbar] to fall down the rabbit hole of writing a new processor definition file for Ghidra so that the firmware could be reverse-engineered. This got him to the point of understanding 1806 assembly well enough that he was able to re-flash the phone to print debugging messages on the built-in 16×2 LCD screen, which allowed him to figure out which routines were being called under various error conditions.

It doesn’t appear that [Inbar] ever completed the reverse engineering project, but as he points out, what does that even mean? He got inside, took a look around, and made the phone do some cool things it couldn’t do before, and in the process made things easier for anyone working with 1806 processors in Ghidra. That’s a pretty complete win in our books.