Tag: reverse engineering

  • scanlime051 – Four Buttons

    In which one button gets four stylish buddies, via forward and reverse engineering. Thanks to my patrons for their continued support.

  • scanlime030 – Why Reverse a Gimbal

    Why do all this gimbal reversing? It works so nicely now, and I didn’t need to design the whole thing from scratch! Notes and tools are in GitHub: https://git.approximate.life/fygimbal.git/ https://github.com/TucoFlyer Music for this episode is “I Don’t See the Branches, I See the Leaves” by Chris Zabriskie, licensed under CC BY 3.0 Please consider supporting…

  • Feiyu Gimbal Serial Hack – scanlime:021

    Join this reverse-engineering journey where I wind through software and hardware in a Feiyu Tech Mini3D gimbal, in order to give it serial controls more suitable for my Tuco Flyer robot project. I start out by taking apart the wire protocol used by the settings app, then after accidentally breaking the gimbal we have to…

  • scanlime:015 / Glitchy Descriptor Firmware Grab

    To understand a program, it helps to see it first. This episode is all glitching and USB, turning a chip’s environment against it to slurp out hidden code. Get the source and play along: https://git.approximate.life/facewhisperer.git/ The tool I use here is the ChipWhisperer. I’m not being paid or anything, I’m just a fellow hardware engineer…

  • scanlime:007 / USB Disk Recorder Part 2

    Continuing the adventures from Part 1, this video wanders along several tangential paths, trying to get some data out of this device worthy of reversing. This time we spend a bit more time in IDA looking for Z80 code, tinker with SCSI trying to break things, and we even do some necromancy in trying to…

  • scanlime:006 / USB Disk Recorder Part 1

    This time I find something in my junk drawer with a few teeth marks on it, and it leads to a weirdly specialized CPU built on a super oldschool core.

  • scanlime:003 / Robot Odyssey DS

    A quick look back at my partially complete console port of an old DOS game. Source on github: https://github.com/scanlime/robot-odyssey-ds

  • scanlime:002 / Coastermelt Part 2

    Part 2 in the series on hacking optical drives for fun! Source code at https://github.com/scanlime/coastermelt

  • scanlime:001 / Coastermelt Part 1

    The first in a series about reverse engineering optical drives for fun and maybe laser graffiti.

  • Hacking My Vagina

    Hacking My Vagina

    To me, a good sex toy helps form feedback loops. It doesn’t get in the way. A good toy gives you simple ways of exchanging signals with a partner or with your own body. It acts as a conduit. A good sex toy is analog.

  • Another Reason to Beware Bargain Basement Bluetooth

    Another Reason to Beware Bargain Basement Bluetooth

    I was debugging a Bluetooth-related problem on a Windows 7 machine recently, and I found another great example of why sometimes you get what you pay for, even when buying something as nominally standardized and homogeneous as a Bluetooth adapter. It so happens that this machine was using one of these $5 adapters with the…

  • Cube64 GameCube to N64 Adaptor

    Cube64 GameCube to N64 Adaptor

    Enjoy retro N64 games, but can’t stand the controller? That’s the situation I found myself in about 7 years ago, back in 2004. So I built an adaptor, to use Game Cube controllers on the N64. (tl;dr… Cube64-DX on Google Code) The adaptor hardware is very simple- all you need is a PIC microcontroller. I…

  • Temporal Hex Dump

    Temporal Hex Dump

    After building some hardware to trace and inject data on the Nintendo DSi’s RAM bus, it became obvious pretty fast that there’s a lot of data there, and (as far as I know) no good tools for analyzing these sorts of logs. The RAM tracer has already given us a lot of insight into how…

  • DSi RAM tracing

    DSi RAM tracing

    It seems like a lot of people have been seeing my Flickr photostream and wondering what I must be up to- especially after my photos got linked on hackaday and reddit. Well, I’ve been meaning to write a detailed blog post explaining it all- but I keep running out of time. So I guess a…

  • DSi hacking, BGA rework

    DSi hacking, BGA rework

    I got a Nintendo DSi earlier this month. It’s a really cute little console, and a nice revision to the DS Lite. Screens are slightly larger, CPU is about twice as fast, 4x the RAM. And of course it has these camera thingies. Other folks have teardowns online with internal photos aplenty 🙂 So, I…

  • Robot Odyssey DS: First screenshots

    Robot Odyssey DS: First screenshots

    This is nowhere near ready for prime-time, but: Yep, it’s Robot Odyssey for the Nintendo DS. I literally just got this working yesterday, so please don’t ask for any precompiled binaries. If you don’t already know where the source code is, you really don’t want to see it 🙂 Before you ask, this is not…

  • Robot Odyssey Chip Disassembler

    Robot Odyssey Chip Disassembler

    I’ve been spending more time hacking on Robot Odyssesy lately. Most of it has had a specific purpose… I’ll write a separate blog post on that project once it’s a bit more fully baked. In the mean time, the reverse engineering has had some useful side-effects. Chip Simulation If you haven’t heard of Robot Odyssey,…

  • Robot Odyssey Mouse Hack 1

    Robot Odyssey Mouse Hack 1

    Yesterday I spent some more time reverse engineering Robot Odyssey. This was a great game, and it’s kind of a nostalgic pleasure for me to read and figure out all of this old 16-bit assembly. So far I’ve reverse engineered nearly all of the drawing code, big chunks of the world file format, and most…

  • A Binary Patch for Robot Odyssey

    A Binary Patch for Robot Odyssey

    Robot Odyssey is one of the games that I have the fondest childhood memories of. It’s both a high-quality educational game, and a gentle (but very challenging) introduction to digital logic. There’s a Wikipedia article on the game. There’s also DroidQuest which is a Java-based clone of Robot Odyssey. The DroidQuest site also contains some…

  • Self-contained TED receiver

    Self-contained TED receiver

    My previous entry introduced a homebrew receiver for the powerline-based data protocol used by The Energy Detective. I just designed a second revision of that receiver. This one is self-contained: It gets power and modulated data from a 9V AC wall-wart transformer, and decoded data leaves via an RS-232 serial port at 9600 baud. Best…

  • Interfacing with The Energy Detective

    Interfacing with The Energy Detective

    I recently bought The Energy Detective (TED), a pretty inexpensive and friendly way to keep tabs on your whole house’s electricity usage. It’s a lot like having a more featureful version of your utility company’s power meter, sitting on your kitchen counter. It can estimate your utility bill, and tell you how much electricity and…

  • Using an AVR as an RFID tag

    Using an AVR as an RFID tag

    Experiments in RFID, continued… Last time, I posted an ultra-simple “from scratch” RFID reader, which uses no application-specific components: just a Propeller microcontroller and a few passive components. This time, I tried the opposite: building an RFID tag using no application-specific parts. Well, my solution is full of dirty tricks, but the results aren’t half…

  • Playstation 2 Dual Shock protocol, revisited

    Playstation 2 Dual Shock protocol, revisited

    Last summer I did some hard-core reverse engineering of the Playstation 2 Dual Shock controller protocol, so I could build a fully-featured Playstation controller emulator/extender device. I wrote up a fairly minimal protocol document, and published source code (navi-misc/unicone2/psx-base/psx_controller_emulator.spin) for an emulator that could impersonate a Dual Shock 2 controller well enough to fool every…

  • NOP 0x004031A9

    NOP 0x004031A9

    It’s like circuit bending for digital art. Medium: Fyre 1.0 (Win32), IDA Pro (The Interactive Disassembler). (Okay, maybe I’m just having too much fun with my new copy of IDA…)

  • Playstation controller extender

    Playstation controller extender

    The little hardware project I started almost 2 months ago is finally done. Completely finished. Bug free! Well, almost. It is, however, in a fully assembled state with firmware that is actually pretty usable. The Unicone2 is the result of my mini-quest to extend Playstation 2 controllers over long lengths of cat5 cable. A while…

  • Hardware hackery and the Dual Shock protocol

    Hardware hackery and the Dual Shock protocol

    The hardware-tinkering mood I’ve been in lately shows no sign of subsiding. The theme this time: Everything over cat5. Backing up a bit… It’s summer! Hooray. So, how does one make the most of the season without actually doing something crazy like going outdoors? Of course the answer is to play video games in a…