Ivor HewittJul 26, 2025
Inspired by @azzeloof 's hacking... I can now pull files off my RM200 in python in Linux. 😄 I *think* I've got all the messages I need to upload a firmware from Linux too... but I might wait until I've got the code vaguely *safe* before attempting that.
But first... I think I can upload an arbitrary bitmap to the display, so might try a fake doom. 🤣
Priorities....
Show threadIvor HewittJul 26, 2025
Let's take a look inside ...
Show threadIvor HewittJul 26, 2025
Ok. really must put this on a blog... but for now. lets pop this open:
#projects
Show threadIvor HewittJul 26, 2025
Main board pulled out, lets see what's on it.
Show threadIvor HewittJul 26, 2025
Ok we have 2Gb Flash, some DRAM, an ARM9 chip and an RN42 bluetooth module.
Show threadIvor HewittJul 26, 2025
Hmm some testpoints with traces running from the ARM chip, in a 12 pin array...
Have we got a JTAG/SWD connection here?
Show threadIvor HewittJul 26, 2025
ok. lets figure out these BGA pin traces.... 👍😁🔍
bit like battleships.. need to locate P17 and N18.
Show threadIvor HewittJul 26, 2025
YES! There you are you cheeky little P17... these *are* the trace/debug pins.
{does a little dance}
Show threadIvor HewittJul 26, 2025
V15.. Reset. Boom. yay. ok.... might need to continue when I've got the board and I'm not sitting in the back of Hugo's car. 🕺
Show threadIvor HewittJul 26, 2025
Ok there we go.... debugging pins.
Haven't located/figured out the others yet, but will have to hook these up and see what happens.
#hacking #rm200 #colorimeter #reverseengineering
Show threadIvor HewittJul 27, 2025
I can haz debug cable... 👍
Show threadIvor Hewitt
And there we have it! Pins connected to a #BusPirate, #openocd, and contact! Direct memory access. 👌 bootloader from the capsure dumped.
#hacking
Jul 27, 2025 at 7:07pmWeb