Mastodawn

✧✦Catherine✦✧3d ago

first impressions of the Lego smart brick, before I do any actual tearing down: wow, I forgot how good they are at working with plastic. the injecton molding remains impeccable, at least for this specific piece (I know about their recent QC issues elsewhere)

it's hard for me to look at the positively microscopic (I am literally using a microscope to look at it) "Li-Ion" lettering and think of anything but "showing off!"

(treehouse doesn't let me attach the full size images, you can grab them here: front, side)

✧✦Catherine✦✧3d ago

on the side, there are microscopic openings for the speaker to move air through. I would have really liked to be a fly on the wall in a meeting with the mold engineer who had to make this happen

✧✦Catherine✦✧3d ago

I'm not yet sure how I'll open it up. I don't have a hacksaw (somehow... I should fix that), so my options are somewhat limited: it's either cracking or melting plastic. from what others have done I know I there's plastic welding all around the joined region.

✧✦Catherine✦✧3d ago

okay I've decided on an idea: I will heat up the plastic to make it pliable and then cut it with a knife

as a knfe girl, this is my professional obligation.

✧✦Catherine✦✧3d ago

here's a video that shows in more detail the moldwork in the transparent plastic part

✧✦Catherine✦✧

if you've never heard of anybody opening welded plastic this way, i can now tell you why: because it's a bad idea. until you heat ABS to the point where it flows (which you don't want here, as it'll make later teardown even worse), it acts rubbery. imagine cutting hot rubber. doesn't work

✧✦Catherine✦✧3d ago

it did however let me lop off the top of it easily

this is I think a 2.4G antenna?

next step is sanding

✧✦Catherine✦✧3d ago

yep that did the thing. probably should've started with sanding at the beginning.

it was somewhat more destructively than i wanted, but that's ok: i was trying to challenge my (incorrect) belief that sanding is always a tedious pan in the arse

✧✦Catherine✦✧3d ago

took it apart. there's a sort of a plastic "carrier" that gets manufacured first, then inserted into the final package that's welded shut

✧✦Catherine✦✧3d ago

okay, i've extracted the firmware-bearing parts. this is a tiny 45 mAh battery. (part of the lettering was torn off by the glue it was attached with)

✧✦Catherine✦✧3d ago

close-ups of the component side (well, the side with more components)

originals: 1 2

✧✦Catherine✦✧3d ago

EM9305 is an em|bleu microcontroller in QFN

✧✦Catherine✦✧3d ago

it has over half a megabyte of flash!

✧✦Catherine✦✧3d ago

ok so this would be the JTAG pins

✧✦Catherine✦✧3d ago

also, here's a close-up of the markings on the tiny WLCSP between the BGA and QFN

✧✦Catherine✦✧3d ago

decided the next thing to do would be to dump the presumed Winbond flash WLCSP

here it is mounted on a SOIC-8 pinout with a tiny bit of UV epoxy, like a particularly exotic dead bug

✧✦Catherine✦✧3d ago

connected half of the pads

this is my first time soldering a 0.3mm pitch WLCSP, so it took me a bit to set up the workspace the way that makes it possible, but it's not too bad

✧✦Catherine✦✧3d ago

finally done. no shorts and (as far as i can tell under mag) no opens

✧✦Catherine✦✧3d ago

complete success

✧✦Catherine✦✧3d ago

contrary to everything i've seen online, this is a Winbond W25Q16JWBY part (but one person got the closest, they thought it is a W25Q16JVBY. the difference is major: one is 3.3V, the other is 1.8V)

✧✦Catherine✦✧3d ago

NotImplementedError: quad enablement SFDPJEDECQuadEnableRequirements.Reg2Bit1_Read35h_Write05h not implemented yet

ah yes. i remember why i hate SPI flashes now

✧✦Catherine✦✧3d ago

tried using dual mode and the SFDP tells me to transmit half a byte

once i dump it this flash is definitely going into the naughty pile (of unit tests in glasgow)

✧✦Catherine✦✧3d ago

here's the flash contents https://upload.whitequark.org/1775953651-lego_brick_00F2MZ_749DF5_W25Q16JWBY.bin

✧✦Catherine✦✧3d ago

here's how the flash was mounted in its natural environment, in absence of feline predators

the SPI bus seems to be shared with something else & they're definitely using ViP

✧✦Catherine✦✧3d ago

alright let's dump the ARC chip now

✧✦Catherine✦✧3d ago

not my best work but it should do the trick

feat. comically big q-tip

Mutesplash 3d ago

@whitequark 🤘

artemist 3d ago

@whitequark very important pad

@artemist @whitequark 🅱️IP

Nicolás Alvarez 3d ago

@whitequark hey @zhuowei does this match anything you found in the LEGO Smart Brick app? Or does the app have a newer firmware version?

@nicolas17 @whitequark @zhuowei for everyone else who got invested now, I think you're referring to this thread: https://notnow.dev/objects/cccfc047-da57-444a-be6f-63a5a766bcf7

Zhuowei Zhang: “The Lego Smart Assist app is out: https://play.google.com/store/apps/details?id=com.lego.smartassist I expect homebrewers to run Doom on the Lego Smart Brick at 1x1 resolution, a week before its of...”

Zhuowei Zhang (@[email protected]): “The Lego Smart Assist app is out: https://play.google.com/store/apps/details?id=com.lego.smartassist I expect homebrewers to run Doom on the Lego Smart Brick at 1x1 resolution, a week before its of...”

@whitequark Just in case, others want to dig deeper: I cut out the binary starting from offset 0x105000 and can confirm, that I can parse the unencrypted, uncompressed read-only file system (ROFS) there:

https://codeberg.org/maehw/SmartBrickToolkit/src/branch/main/kaitai/smart_brick_decompressed_rofs_segment.ksy + other parts in the repo

I guess that the remaining parts are meta data... and probably also diagnostic data which are collected by the brick and may be transmitted to TLG via their companion app.

@whitequark Help in finding checksum or hash algorithms... timestamps or whatsoever in the data structure is more then welcome. Happy to get pull aka merge requests on Codeberg.

Edit: Also let me know if there should be a more proper "getting started" or "what am I doing here" guide in the README.md. Also planning to give a talk.. an intro to Smart Play/ Smart Brick. Maybe in German... unless there's interest here -- then it could be in English.

The Doctor 3d ago

@whitequark What are you using to dump the chips?

✧✦Catherine✦✧3d ago

@drwho https://glasgow-embedded.org/

Glasgow Interface Explorer

A highly capable and extremely flexible open source multitool for digital electronics

The Doctor 3d ago

@whitequark Cool! Thank you.

@whitequark @drwho oh boy i want one so bad, shame i don't have the time of day to use it though

Chris Friedt 3d ago

@whitequark xtra smol 🤏🏼

arclight 3d ago

@whitequark This is wonderful :)

@whitequark its...

a brick

with an arm core, wifi and speakers?

✧✦Catherine✦✧3d ago

@Viss bluetooth le, but yes

@whitequark hah, wow

@whitequark someone had identified it as a Winbond SPI flash (to be confirmed, I guess).

✧✦Catherine✦✧3d ago

@maehw lemme dump this flash then

@whitequark yeah, I'd love to see that being done. What's your plan of how to do it? I think you'd need to un-power or desolder the Bluetooth SoC as this one connects the the CS signals and hence should be the bus master. Or desolder the flash? It's so teeny tiny... I can't do it. You could have it from my second PCB.

✧✦Catherine✦✧3d ago

@maehw oh i'll just desolder and mount it manually

@whitequark Great to see that you got yourself a #LEGO #SmartBrick. Curious to know what set you got yourself. And eben more curious if you can get JTAG working... or find the relevant test pins. Yesterday, I started sniffing the SPI bus. Unfortunately, the ASIC Chip Select pin was not identified in the test pad matrix when I last looked up published schematics.

Andres Jalinton 3d ago

@whitequark
The nick on the battery 😨
It always gives me goosebumps when opening devices with glued / soldered batteries.

✧✦Catherine✦✧3d ago

@Andres this is a tiny battery, i'd be fine

Andres Jalinton 3d ago

@whitequark
I know, I'd made worst, but still

Claudius 3d ago

@whitequark content of the data matrix code

Hauke Musicaloris 🥔✨3d ago

@claudius Can you point me to the tool(s) you used to get to this decoded view of the DMC? I could use that for a totally different use case I have where I need to reverse-engineer DMCs

Claudius 3d ago

@Musicaloris this is what "binary eye" QR-Code/Barcode/Datamatrix/... scanner shows you after recognizing a code.

Neat thing: you can throw a static image at it, not just live camera view!

https://f-droid.org/de/packages/de.markusfisch.android.binaryeye/

Binary Eye | F-Droid – Freies und quelloffenes Android-App-Repository

Einfach ein weiterer Barcode-Scanner

Hauke Musicaloris 🥔✨3d ago

@claudius Thanks so much! I even have that app already installed, just never got around to using it apparently 😁

ms_nonbinary_flag

@whitequark 32Ω 0.7W? interesting choice of driver specs, but i guess it is easier to drive a higher impedance one given the power constraints.
probably made at the same plant as many headphone drivers and similar. wonder if it's an off-the-shelf part though?

✧✦Catherine✦✧3d ago

@NULLderef it looks exactly like every smartphone driver ever

ms_nonbinary_flag

@whitequark fair :P

@whitequark do you have a hot wire?

✧✦Catherine✦✧3d ago

@bob i don't have any nichrome at hand and i'm pretty sure i'd give myself burns if i tried

@whitequark @bob

8-year-old me discovered copper works just fine when attached to a sufficiently large transformer.

much older me is banned from hot tools.

@whitequark @bob

8 year olds should be allowed nowhere near these. https://dfarq.homeip.net/all-about-the-lionel-zw/

doubly so, two of them, with the knowledge you could run them back-to-back to do interesting things.

All about the Lionel ZW

The Lionel ZW transformer is one of Lionel's most iconic products. Lionel ZW instructions can be hard to find online. Here's what you need to know about it.

The Silicon Underground

Dan Lyke 3d ago

@whitequark somewhere I got a little saw blade for my rotary cutter. It isn't a Dremel brand blade, and I've never seen it again, but it is perfect for stuff like this.

✧✦Catherine✦✧3d ago

@danlyke yep. but I don't have any rotary cutter atm, had to get rid of 90% of my tools when moving to the UK

@whitequark That certainly matches my experiences of working with ABS!