Author Topic: Reverse Engineering firmware for LCD screen (Read 1182 times)

Yamaha32088 · « **on:** December 03, 2022, 03:56:41 am »

I am trying to learn how to reverse engineer firmware and figured it would be cool to pull the firmware off a chip. I purchased a BusPirate and have successfully pulled data off a couple chips but ran into an issue on one for an LCD screen.
The BusPirate connects to the chip and reads back the device identifier, but when I read the flash and the EEPROM they come back empty. The microcontroller I am reading the flash and EEPROM from is an ATmega48PA. The microcontroller I assume is the "brains" of how it communicated to the LCD but I find it strange that the memory is seemingly empty. The way the LCD works is through 3 wires, RX, 5v and GND. Looking at the pins on the microcontroller it is connected to PD0 which is part of USART. My question is if it is possible that the LCD is driven through USART and requires no firmware on the microcontroller at all? Or is it more likely something else is going on inside the microcontroller that is causing it to think it is empty when read from?

Doctorandus_P · « **Reply #1 on:** December 03, 2022, 04:22:38 am »

There are all sorts of LCD's which can be controlled by serial data.
For example, here is a small character display with a uC on it's back:

https://www.sparkfun.com/tutorials/289

There are also bigger TFT modules with integrated uSD connector on which you can load an uSD card with pictures, and then these are contolled by a single uart. These usually are bundled with PC software to create pictures for the menu's and other things. Use the magic word "nextion" to find more info about this sort of displays.

ledtester · « **Reply #2 on:** December 03, 2022, 05:19:59 am »

Quote from: Yamaha32088 on December 03, 2022, 03:56:41 am

... but when I read the flash and the EEPROM they come back empty. The microcontroller I am reading the flash and EEPROM from is an ATmega48PA.
... Or is it more likely something else is going on inside the microcontroller that is causing it to think it is empty when read from?

It is possible the lock bits have been programmed:

Protecting AVR flash from reading through ISP?
https://electronics.stackexchange.com/a/53293

DavidAlfa · « **Reply #3 on:** December 03, 2022, 08:06:20 am »

Get a cheap $6 24MHz logic analizer from Ali, capture the data stream, figure out the protocol from the waveform, run a decoder on it...
And always post pictures, can't understand why people keep asking without pictures.
Otherwise, asking what it could be from the existing 39 trillions LCD types ?

james_s · « **Reply #4 on:** December 03, 2022, 08:16:56 am »

Do you mean the flash and EEPROM that are inside the atmega? If so then the code protection bit is set, as is usually the case with commercial products. When the memory is protected it will read out as blank.

Yamaha32088 · « **Reply #5 on:** December 03, 2022, 05:10:46 pm »

Thank you for the link that is really helpful.

Yamaha32088 · « **Reply #6 on:** December 03, 2022, 05:11:19 pm »

That sounds like a good idea. Thanks for the tip.

Yamaha32088 · « **Reply #7 on:** December 03, 2022, 05:12:49 pm »

Yes that is the flash and EEPROM I am talking about. The link posted earlier seems to go into more detail about it. Thanks for your input


EEVblog Main Site	EEVblog on Youtube	EEVblog on Twitter	EEVblog on Facebook	EEVblog on Odysee

EEVblog Electronics Community Forum

Author Topic: Reverse Engineering firmware for LCD screen (Read 1182 times)

Yamaha32088

Reverse Engineering firmware for LCD screen

Doctorandus_P

Re: Reverse Engineering firmware for LCD screen

ledtester

Re: Reverse Engineering firmware for LCD screen

DavidAlfa

Re: Reverse Engineering firmware for LCD screen

james_s

Re: Reverse Engineering firmware for LCD screen

Yamaha32088

Re: Reverse Engineering firmware for LCD screen

Yamaha32088

Re: Reverse Engineering firmware for LCD screen

Yamaha32088

Re: Reverse Engineering firmware for LCD screen

Share me