04/24/2019 at 01:01 •
I want to write this down somewhere. Just had a really fun experience using a bus pirate to dump the contents of an SPI memory chip. I had no clue what I was doing, I'm in the midst of figuring out how to make a shitty add-on for Defcon and I got curious about some gear I have access to at work.
Essentially I bought a test clip to reprogram ATtiny85's and started to look for other chips I could attach it to, to see what I could see.
I currently have access to some LED display tiles and they are chock-full of electronics so I started taking one apart. I quickly found a chip I could clip onto on the board with a small TFT display. There was also an STM microcontroller next door that looked worthy of investigating.
I looked up the datasheet for the chip (GD25Q16(B)) and wired it up to a bus pirate accordingly. Following the steps in this post I was able to pretty easily copy the contents of the chip onto my computer.
This in and of itself was a small victory in my book. I sort of couldn't believe I had gotten this far when I got to the step in the process where it said to run binwalk on the file that was dumped off the chip.
At this point I started thinking back to the Steganography and CTF challenges I've participated in, wondering how deep I would need to dig into this file to find something that made sense to me. I ran binwalk and strings on the file and didn't really see anything obvious so I loaded it into a hex editor.
This is what I saw. Without even scrolling, this clearly looked like ASCIII art or something similar. It also looked strikingly similar to the image that is displayed on the TFT screen when the LED tile boots up.
I thought to myself that there was no way that it could be that simple. I mean, I have no idea what I was doing and still don't understand the method of displaying graphics/text on the TFT screen, but I assumed there would be more to it than what I saw in front of me. To verify my ASCII art theory, I played with the sizing of the hex editor's font and window until I confirmed my initial suspicion.
There you have it.
Next I want to see if I can edit this file, upload it to the chip and see if it displays as I would expect on the TFT. Unfortunately, after dumping the contents of the chip, I've not been able to get flashrom to reconnect to chip. It wont detect it at all. Not sure if I damaged something in the process of dumping the memory. I don't think I did because I put the LED tile back together and everything, including the TFT screen, is working as expected. Maybe I just got really lucky aligning the chip clip with the IC pins on my first try? I don't know for certain but I'm going to let it rest here for now and come back another day.
I wanted to share this because through Hackaday and Defcon I've been exposed to the hardware hacking scene and I really like this realm. I've been trying to find more ways to explore the subject and being able to peel back a few layers of mystery with some of the technology I work with daily is really fascinating. I want to continue learning about what makes all the technology around me tick.
I remember being a senior in high school looking through a community college's schedule of classes and being confused/bummed out by there not being a straight up 'electronics' class I could take. I didn't pursue it like I should've, I didn't ask the right people for direction. Ultimately I think I missed out on getting into a field I was genuinely interested in because of a string of unimpressive events.
However, I'm beyond excited that I'm finally making my way towards learning more about all these things that I'm curious about. Who knew trying to design something called a 'shitty add-on' would end up exposing me to so much.