Yair Reshef
2014-09-24 09:19:48 UTC
hey
i was asked by my local college to hack their industrial weaving machine.
the problem
only method to upload patterns to the machine is by export to
image/text file from a pc and write it line by line to the UV EPROM
card > . http://imgur.com/a/TeQcG#8
that means countless hours of writing line by line into the eeprom
writer > http://imgur.com/a/TeQcG#0
what way would you attack this problem?
PDF of EEPROM -
http://www.st.com/web/en/resource/technical/document/datasheet/CD00000515.pdf
On Wed, Sep 24, 2014 at 12:06 PM, Udi Finkelstein
***@gmail
050-6301212
tlv, israel
i was asked by my local college to hack their industrial weaving machine.
the problem
only method to upload patterns to the machine is by export to
image/text file from a pc and write it line by line to the UV EPROM
card > . http://imgur.com/a/TeQcG#8
that means countless hours of writing line by line into the eeprom
writer > http://imgur.com/a/TeQcG#0
what way would you attack this problem?
PDF of EEPROM -
http://www.st.com/web/en/resource/technical/document/datasheet/CD00000515.pdf
On Wed, Sep 24, 2014 at 12:06 PM, Udi Finkelstein
http://blackstufflabs.com/2013/11/18/conversione-programmatore-tl866cs-a-tl866a/?lang=en
http://www.eevblog.com/forum/blog/eevblog-411-minipro-tl866-universal-programmer-review/
archive and web access >https://groups.google.com/forum/#!forum/hasadna
---
קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
--http://www.eevblog.com/forum/blog/eevblog-411-minipro-tl866-universal-programmer-review/
notice that there are two models, the TL866 and the TL866CS which lacks
the ICSP programming port, and is cheaper by 10$-15$. there is a hack for
converting a CS model to noon - CS, but since the hack is at least 6 months
old, the manufacturer may have already implemented countermeasures. so if
you don't need ICSP programming, want to save a few bucks, and be
adventurous, pick up the CS model.
--the ICSP programming port, and is cheaper by 10$-15$. there is a hack for
converting a CS model to noon - CS, but since the hack is at least 6 months
old, the manufacturer may have already implemented countermeasures. so if
you don't need ICSP programming, want to save a few bucks, and be
adventurous, pick up the CS model.
Hardcore :-)
I will check the data sheet of the chip,
Ibeleive it needs to be written there.
I think I will also order from Ebay the one you said you have
I had seen the TL866 at about 50$
Thank you very much for the help.
archive and web access >https://groups.google.com/forum/#!forum/hasadna
---
קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
I will check the data sheet of the chip,
Ibeleive it needs to be written there.
I think I will also order from Ebay the one you said you have
I had seen the TL866 at about 50$
Thank you very much for the help.
It's not a question of passwords. Usually when a Micro is
read-protected, it simply cannot be read back, period.
The only way to crack these kind of micros is either via an intended
backdoor in the firmware, unsecure code (buffer overflow on your micro??) -
both are unlikely, but the common tricks are to play with the power supply.
sometimes running it on a marginal voltage can be used to bypass the
security uses.
In extreme cases, you can find examples where people have decapped the
IC (using hot nitric acid), shielded part of the die and the exposed it to
UV to clear the security fuse.
http://www.bunniestudios.com/blog/?page_id=40
--read-protected, it simply cannot be read back, period.
The only way to crack these kind of micros is either via an intended
backdoor in the firmware, unsecure code (buffer overflow on your micro??) -
both are unlikely, but the common tricks are to play with the power supply.
sometimes running it on a marginal voltage can be used to bypass the
security uses.
In extreme cases, you can find examples where people have decapped the
IC (using hot nitric acid), shielded part of the die and the exposed it to
UV to clear the security fuse.
http://www.bunniestudios.com/blog/?page_id=40
Thanks Udi,
I will check the numbers of my PICs
and I really don't know if they have password,
I hope not :-(
archive and web access >https://groups.google.com/forum/#!forum/hasadna
---
קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
I will check the numbers of my PICs
and I really don't know if they have password,
I hope not :-(
Hi Gal,
I don't visit TAMI very frequently, I'm mostly active on the mailing
list (not facebook).
As for your PICs, it would help if you specify the exact model you
have.
Do these have a code protection option, and do you know if your PICs
are protected?
If yes, I don't think I can help much (there are techniques for
bypassing that, but they are not straightforward, and I'm not an expert on
the subject).
Udi
--I don't visit TAMI very frequently, I'm mostly active on the mailing
list (not facebook).
As for your PICs, it would help if you specify the exact model you
have.
Do these have a code protection option, and do you know if your PICs
are protected?
If yes, I don't think I can help much (there are techniques for
bypassing that, but they are not straightforward, and I'm not an expert on
the subject).
Udi
Udi,
I would really like to sit with you some time in the close future and
talk about that
or even try to read the info from some pics I have.
When you will have the time.
בתאריך יום שלישי, 23 בספטמבר 2014 16:30:38 UTC+3, מאת Udi
archive and web access
קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
I would really like to sit with you some time in the close future and
talk about that
or even try to read the info from some pics I have.
When you will have the time.
בתאריך יום שלישי, 23 בספטמבר 2014 16:30:38 UTC+3, מאת Udi
I have two programmers - one is an old Labtool 48, which requires
Windows XP at most and stopped receiving updates years ago, and the other is
a newer chinese TL866
(http://www.eevblog.com/forum/blog/eevblog-411-minipro-tl866-universal-programmer-review/).
They are not at TAMI, but if you have specific needs maybe we can arrange
something. I also have an old EPROM eraser (with a UV lamp), but I've never
checked it.
Ahh... the old days... When I was really young (high school, in the
mid-80's) I used to work on various commodore hardware, mostly adding Hebrew
characters to commodore dot matrix printers. I had a Promenade C1 programmer
for my C64
(http://mikenaberezny.com/hardware/c64-128/promenade-c1-eprom-burner/) , and
my debug cycle was a function of the # of EPROMs I had at hand, and the
cycle time of the EPROM erase UV lamp I had :-)
And remember, you can always write a '1' bit to '0' but not the
other way around, so I would make incremental changes and test them.
I think my biggest achievement was neutralizing a checksum check at
the beginning of the EPROM, with the firmware written for an obscure NEC
8-bit controller. I fed the mnemonics and opcodes into a primitive C64
database I had so I could sort them by opcode and have a more convenient
table for my pencil and paper disassembly.
Udi
--Windows XP at most and stopped receiving updates years ago, and the other is
a newer chinese TL866
(http://www.eevblog.com/forum/blog/eevblog-411-minipro-tl866-universal-programmer-review/).
They are not at TAMI, but if you have specific needs maybe we can arrange
something. I also have an old EPROM eraser (with a UV lamp), but I've never
checked it.
Ahh... the old days... When I was really young (high school, in the
mid-80's) I used to work on various commodore hardware, mostly adding Hebrew
characters to commodore dot matrix printers. I had a Promenade C1 programmer
for my C64
(http://mikenaberezny.com/hardware/c64-128/promenade-c1-eprom-burner/) , and
my debug cycle was a function of the # of EPROMs I had at hand, and the
cycle time of the EPROM erase UV lamp I had :-)
And remember, you can always write a '1' bit to '0' but not the
other way around, so I would make incremental changes and test them.
I think my biggest achievement was neutralizing a checksum check at
the beginning of the EPROM, with the firmware written for an obscure NEC
8-bit controller. I fed the mnemonics and opcodes into a primitive C64
database I had so I could sort them by opcode and have a more convenient
table for my pencil and paper disassembly.
Udi
Hi Jr,
This is what I am looking for,
I just don't want to buy a new one and using it every two years.
I know it is some sort of ancient history but still, there are many
working things with burned IC's that needs to be replace.
I have some work parts that there are a few PIC chip's that I need
to replace but the manufacturer will not sell them only
a new set that cost about 600 Euro.
I will check it next time I will be at TAMI,
Thanks
archive and web access
קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
This is what I am looking for,
I just don't want to buy a new one and using it every two years.
I know it is some sort of ancient history but still, there are many
working things with burned IC's that needs to be replace.
I have some work parts that there are a few PIC chip's that I need
to replace but the manufacturer will not sell them only
a new set that cost about 600 Euro.
I will check it next time I will be at TAMI,
Thanks
there is actually an eprom burner with several vintage IC's having
clear windows on them
i think it was last in the white shelves on left back wall of
hackerspace, around the 3rd/4th shelf
this is ancient tech btw , maybe not what you were looking for??
On Monday, September 22, 2014 4:05:52 AM UTC-4, Udi Finkelstein
--clear windows on them
i think it was last in the white shelves on left back wall of
hackerspace, around the 3rd/4th shelf
this is ancient tech btw , maybe not what you were looking for??
On Monday, September 22, 2014 4:05:52 AM UTC-4, Udi Finkelstein
What IC do you specifically need to burn?
Hi all,
I am new here and wanted to know if there is an EPROM/IC burner
at TAMI ?
Thanks,
Gal
--
archive and web access
קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות
Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
I am new here and wanted to know if there is an EPROM/IC burner
at TAMI ?
Thanks,
Gal
--
archive and web access
https://groups.google.com/forum/#!forum/hasadna
---קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות
Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
archive and web access
https://groups.google.com/forum/#!forum/hasadna
---קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
archive and web access
https://groups.google.com/forum/#!forum/hasadna
---קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
archive and web access >https://groups.google.com/forum/#!forum/hasadna
---
קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
archive and web access >https://groups.google.com/forum/#!forum/hasadna
---
קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
archive and web access >https://groups.google.com/forum/#!forum/hasadna
---
קיבלת את ההודעה הזו מפני שאתה רשום לקבוצה 'TAMI' של קבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל
לאפשרויות נוספות, בקר ב-https://groups.google.com/d/optout.
***@gmail
050-6301212
tlv, israel
--
archive and web access >https://groups.google.com/forum/#!forum/hasadna
---
קיבלת הודעה זו מכיוון שאתה מנוי לקבוצה 'TAMI' בקבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל hasadna+***@googlegroups.com.
כדי לפרסם הודעות בקבוצה זו, שלח דוא"ל ל-***@googlegroups.com.
לאפשרויות נוספות בקר ב-https://groups.google.com/d/opt
archive and web access >https://groups.google.com/forum/#!forum/hasadna
---
קיבלת הודעה זו מכיוון שאתה מנוי לקבוצה 'TAMI' בקבוצות Google.
כדי לבטל את הרישום לקבוצה הזו ולהפסיק לקבל ממנה דוא"ל, שלח דוא"ל אל hasadna+***@googlegroups.com.
כדי לפרסם הודעות בקבוצה זו, שלח דוא"ל ל-***@googlegroups.com.
לאפשרויות נוספות בקר ב-https://groups.google.com/d/opt
