Pokemon Cries And How They Work

If you grew up watching the Pokémon TV series, you’d naturally be familiar with the cries of all your favourite Pocket Monsters. Most of the creatures in the anime tend to say their own name, over and over again. Pour one out for the legions of parents who, upon hearing a distant “PIKA PIKA!”,  still involuntarily twitch to this day.

However, the games differ heavily in this area. Generation I of Pokémon was released on the Game Boy, which simply didn’t have the sound capabilities to deliver full bitstream audio. Instead, sounds were synthesized for the various Pokémon based on various parameters. It’s quite a deep and involved system, but never fear – help is at hand via [Retro Game Mechanics Explained].

The video breaks down, at a bitwise level, how the parameters are stored for each Pokémon’s cry, and how they are synthesized. It’s broken down into easily understandable chunks, explaining first how the Game Boy’s sound hardware works, with two pulse channels and a noise channel, before later expanding upon why some Pokémon have the same or similar cries.

It’s a tour de force in retro game reverse engineering, and expertly presented with high quality graphical guides as to what’s going on at the software level. There’s even an emulator you can use to explore the various cries from the original game, and generate your own, too.

Now that we’re up to speed with Pokémon, how about fixing bugs in a 37 year old game? Video after the break.

Continue reading “Pokemon Cries And How They Work”

Reverse Engineering With Sandpaper

Every once in a while, and more so now than before, you’ll find a really neat chip with zero documentation. In [David]’s case, it’s a really cool USB 3.0 eMMC/ SD MMC controller. Use this chip, attach a USB port on one end, and some memory on the other, and you have a complete bridge. There are drivers, too. There are products shipping with this chip. The problem is, there is no data sheet. Wanting to use this chip, [David] turned to sandpaper to figure out the pinout of this chip.

The best example of a product that came with this chip is a simple board from the hardkernel store that happily came with fairly high resolution product photos. While waiting for these boards to be delivered, [David] traced the top layer of copper. This was enough to get an idea of what was going on, but the real work started when the boards arrived. These were placed in a flatbed scanner and carefully photographed.

The next step was to desolder all the parts, taking care to measure and catalog each component. Then, it’s off to sanding with 200 and 600 grit wet sandpaper. Slowly, the soldermask is removed and the top copper layer appears. After that, it’s just a matter of sanding and scanning, stacking all the layers together with your image processing software of choice.

There are a few caveats to hand-sanding a PCB to reverse-engineer the copper layers. First, it makes a mess. This is wet/dry sandpaper, though, and you can and should sand with water. Secondly, even pressure should be applied. We’re not sure if [David] was holding the sandpaper or not, but the best technique is to actually hold the board itself.

Despite a few problems, [David] did get the pictures of each copper layer. After assembling these images, he could make an Eagle part for an eMMC reader for his Nintendo Switch.

Steady Hand Repurposes Cheap SSD Modules

For hackers, cheap (and arguably disposable) consumer hardware makes for a ready supply of free or low-cost components. When you can walk into a big box store and pick up a new low-end laptop for $150, how many are going to spend the money to repair or upgrade the one they have now? So the old ones go to the bin, or get sold online for parts. From an ecological standpoint our disposable society is terrible, but at least we get some tech bargains out of the deal.

Case in point, the dirt cheap 32 GB eMMC SSDs [Jason Gin] recently scored. Used by Hewlett Packard on their line of budget laptops, he was able to snap up some of these custom drives for only $12 each. Only problem was, since they were designed for a very specific market and use case, they aren’t exactly the kind of thing you can just slap in your computer’s drive bay. He had to do some reverse engineering to figure out how to talk to them, and then some impressive fine-pitch soldering to get them plugged in, but in the end he got some very handy drives for an exceptionally low price.

[Jason] starts by figuring out the drive’s pinout using the cornerstone of the hacker’s electronic toolkit: the multimeter. By putting one lead on an obvious ground point such as the PCB’s screw holes, you can work through the pins on the connector and make some educated guesses as to what’s what. Ground pins will read as a short, but the meter should read power and data pins as a forward-biased diode. With a rough idea of the pin’s identities and some luck, he was able to figure out that it was basically a standard SATA connection in a different form factor.

To actually hook it up to his computer, he pulled the PCB off of a dead SATA hard drive, cut it down to size, and was able to use fine magnet wire to attach the conductors in the drive’s ribbon cable to the appropriate pads. He sealed everything up with a healthy dose of hot glue to make sure it didn’t pull loose, and then ran some drive diagnostics on his cobbled together SSD to make sure it was behaving properly. [Jason] reports the drive isn’t exactly a speed demon, but given the low cost and decent performance he still thinks it’s worth the work to use them for testing out different operating systems and the like.

[Jason] seems to have something of an obsession with eMMC hacking. Last time we heard from him, he was bringing a cheap Windows tablet back from the dead by replacing its shot eMMC chip.

Reverse Engineering CMOS

ICs have certainly changed electronics, but how much do you really know about how they are built on the inside? While decapsulating and studying a modern CPU with 14 nanometer geometry is probably not a great first project, a simple 54HC00 logic gate is much larger and much easier to analyze, even at low magnification. [Robert Baruch] took a die image of the chip and worked out what was going on, and shares his analysis in a recent video. You can see that video, below.

The CMOS structures are simple because a MOSFET is so simple to make on an IC die. The single layer of aluminum conductors also makes things simple.

Continue reading “Reverse Engineering CMOS”

Listen To A Song Made From Custom Nintendo LABO Waveform Cards

[Hunter Irving] has been busy with the Nintendo LABO’s piano for the Nintendo Switch. In particular he’s been very busy creating his own custom waveform cards, which greatly expands the capabilities of the hackable cardboard contraption. If this sounds familiar, it’s because we covered his original method of creating 3D printed waveform cards that are compatible with the piano, but he’s taken his work further since then. Not only has he created new and more complex cards by sampling instruments from Super Nintendo games, he’s even experimented with cards based on vowel sounds in an effort to see just how far things can go. By layering the right vowel sounds just so, he was able to make the (barely identifiable) phrases I-LIKE-YOU, YOU-LIKE-ME, and LET’S-A-GO.

Those three phrases make up the (vaguely recognizable) lyrics of a song he composed using his custom waveform cards for the Nintendo LABO’s piano, appropriately titled I Like You. The song is at the 6:26 mark in the video embedded below, but the whole video is worth a watch to catch up on [Hunter]’s work. The song is also hosted on soundcloud.

Continue reading “Listen To A Song Made From Custom Nintendo LABO Waveform Cards”

Ken Shirriff Chats About A Whole World Of Chip Decapping

Reverse engineering silicon is a dark art, and when you’re just starting off it’s best to stick to the lesser incantations, curses, and hexes. Hackaday caught up with Ken Shirriff at last year’s Supercon for a chat about the chip decapping and reverse engineering scene. His suggestion is to start with an old friend: the 555 timer.

Ken is well-known for his work photographing the silicon die at the heart of an Integrated Circuit (IC) and mapping out the structures to create a schematic of the circuit. We’re looking forward to Ken’s talk in just a few weeks at the Hackaday Superconference. Get a taste of it in the interview video below.

Continue reading “Ken Shirriff Chats About A Whole World Of Chip Decapping”

Source Of Evil – A Botnet Code Collection

In case you’re looking for a variety of IRC client implementations, or always wondered how botnets and other malware looks on the inside, [maestron] has just the right thing for you. After years of searching and gathering the source code of hundreds of real-world botnets, he’s now published them on GitHub.

With C++ being the dominant language in the collection, you will also find sources in C, PHP, BASIC, Pascal, the occasional assembler, and even Java. And if you want to consider the psychological aspect of it, who knows, seeing their malicious creations in their rawest form might even give you a glimpse into the mind of their authors.

These sources are of course for educational purposes only, and it should go without saying that you probably wouldn’t want to experiment with them outside a controlled environment. But in case you do take a closer look at them and are someone who generally likes to get things in order, [maestron] is actually looking for ideas how to properly sort and organize the collection. And if you’re more into old school viruses, and want to see them run in a safe environment, there’s always the malware museum.