reverse engineering

386 Articles

Digital Picture Frame Reverse Engineering

May 7, 2011 by 22 Comments

coby_frame_hack

A few months ago [Jason] got his hands on a free Coby DP700WD digital picture frame and thought it would be fun to hack. After realizing that the frame did not run any sort of Linux-based OS he figured his options were pretty limited, but he gave it a shot anyways.

The frame came with a set of built in images, and his goal was to swap them out for pictures of his own. He started by trying to read data from the frame’s serial flash chip, but found that the processor was preventing him from doing so. He de-soldered the chip from the frame, mounted it on a makeshift breakout board, and started reading up on SPI.

He was eventually able to read the device’s flash chip and swapped out the built-in images with his own. After a bit of trial and error, he was able to replace the frame’s boot screen with his own custom image as well.

If you are looking to do something similar, be sure to swing by his site – all of the tools and code he used to hack his frame are available for the taking.

Continue reading to see his modified picture frame in action.

Continue reading “Digital Picture Frame Reverse Engineering”

Blackberry LCD Reverse Engineering

April 21, 2011 by 23 Comments

blackberry_lcd

[Scott] was looking to source some LCD screens for an upcoming project, and was considering buying them from SparkFun. While the Nokia panels they sell are not expensive, they aren’t necessarily the cheapest option either – especially when building in volume.

He searched around for something he could use instead, and settled on Blackberry screens. Old Blackberry models were even more durable than the current offerings, plus companies are trying to get rid of old handsets by the truckload. The only problem was that he could not find any information online that would show him how to write to the screens.

It took a bit of digging, but he eventually determined which ICs were used to drive the LCD screen. He had no luck finding screen pinout information online, so after spending a few hours testing things with his multimeter, he came up with a full listing on his own.

He wired up a connector so that he could use the screen on a breadboard, then got busy writing code to display some text on the screen. Everything came together nicely as you can see in the video below, and he has released his code in case anyone else is looking to repurpose some old Blackberry screens.

All we want to know is what sort of project all these screens are going to be used in.

Continue reading “Blackberry LCD Reverse Engineering”

Reverse Engineering The Playstation Move

March 13, 2011 by 12 Comments

playstation_move

[Kenn] is working on building a quadrocopter from the ground up for a university project. Currently, his main focus is building an Inertial Measurement Unit, or rather re-purposing a PS3 Move controller as the IMU for his copter. He previously considered using a Wiimote Motion Plus, but the Move has a three-axis magnetometer, which the Wii controller does not.

The ultimate goal for this portion of his project is building custom firmware to run on the Move’s STM32-Cortex microcontroller, allowing him to obtain data from each of the controller’s sensors. Through the course of his research, he has thoroughly documented each sensor on his site, and dumped a full working firmware image from the Cortex chip as well. Recently, he was even able to run arbitrary code on the controller itself, which is a huge step forward.

[Kenn’s] project is coming along very nicely, and will undoubtedly be a great resource to others as he continues to dig through the inner workings of the Move. Be sure to swing by his site if you are looking for information, or if you have something to contribute.

Reverse Engineering The PSP

March 13, 2011 by 14 Comments

The original PSP may be old news but there is an interesting relic of a website (translated) dedicated to the reverse engineering of a PSP (and exploring Saturn?). To determine the true capabilities of the PSP they desoldered most of the ball grid array chips and then hand soldered 157 jumper wires to allow for direct memory access. In later pictures it shows the PSP hooked up to external hardware for on the fly memory modification. Unfortunately the details are sparse and it doesn’t appear as if they will be updated anytime soon because the website has been “deleted and freezed because of spam. may ineffaceable curse prevail on the spammers.” Still this doesn’t detract too much some very impressive soldering.

Hacking A Hack: Disassembly And Sniffing Of IM-ME Binary

November 2, 2010 by 9 Comments

It’s fun to pick apart code, but it gets more difficult when you’re talking about binaries. [Joby Taffey] opened up the secrets to one of [Travis Goodspeed’s] hacks by disassembling and sniffing the data from a Zombie Gotcha game binary.

We looked in on [Travis’] work yesterday at creating a game using sprites on the IM-ME. He challenged readers to extract the 1-bit sprites from an iHex binary and that’s what got [Joby] started. He first tried to sniff the LCD data traces using a Bus Pirate but soon found the clock signal was much too fast for the device to reliably capture the signals. After looking into available source code from other IM-ME hacks [Joby] found how the SPI baud rate is set, then went to work searching for that in a disassembly of [Travis’] binary. Once found, he worked through the math necessary to slow down communication from 2.7 Mbit/s to 2400 bps and altered the binary data to match that change. This slower speed is more amenable to the Bus Pirate’s capabilities and allowed him to dump the sprite data as it was sent to the LCD screen.

[Thanks Travis]

Tools: Saleae Logic, Logic Analyzer

March 6, 2009 by 65 Comments

A logic analyzer records bus communications between two chips. If you’ve ever had a problem getting two chips to talk, or wanted to reverse engineer a protocol, a logic analyzer is the tool you need to spy on the bus.

The Logic is a USB logic analyzer with eight channels and sampling rates up to 24MHz. Among hobby-level logic analyzers, the Logic has a good mix of features and decent sampling rates. We’ve been following Joe Garrison’s work on the Logic for a long time. If you’ve ever considered bringing a product to market, you can learn a lot from Joe’s blog that documents his development process.

When it debuted, the Logic was so popular that it was hard to buy one. It’s now widely available, and Saleae gave us one to try. Read our review below.

Continue reading “Tools: Saleae Logic, Logic Analyzer”

Announcing The Ruckingenur Challenge

October 1, 2008 by 7 Comments

Back in August, we posted a fantastic reverse engineering game called Ruckingenur II created by [Zach Barth]. Apparently he got an overwhelmingly positive responce as well as many requests for a level editor. [Zach] decided to open this up as a contest, giving wonderful prizes and fame to the winner. Go read the rules and send him some entries. We can’t wait to see what you come up with.

[thanks Zach]