[Lee] continues with his exploration of the U8Plus (a cheap smartwatch). He hasn’t got it all cracked, yet, but he did manage to get a dump of the device’s ROM using an unusual method. At first, [Lee] thought that the JTAG interface (or, at least, the pins presumed to be the JTAG interface) would be a good way to explore the device. However, none of the people experimenting with the device have managed to get it to work.
Instead, [Lee] went through the serial bootloader and dumped the flash memory. He found out, though, that the bootloader refused to read the ROM area. It would, however, load and run a program. Unfortunately, no one has found how to access the UART device directly, but they have found how to drive the vibration motor.
[Lee] took off the vibration motor and used it as an output port for a simple program to dump the ROM. An Arduino picked up the data at a low baud rate and produced an output file. This should allow more understanding of how to drive the watch hardware.
We covered the initial teardown of this watch earlier this year. Of course, if you don’t want to reverse engineer a smartwatch, you could always build your own.