Extracting Program from Atmel Device

[Sparky49]

Hi,

I've opened a digital pressure meter in the hopes of adding a serial interface for PC logging. When opening the device I noticed that the device (AT89S52 http://ww1.microchip.com/downloads/en/devicedoc/doc1919.pdf) already has five headers broken out. These are connected to 9V (battery voltage), GND, 10 (RXD), 11 (TXD) and 13 (interrupt). Seems like a serial interface already exists! However, it just remains at idle - I suspect it is waiting for something on the interrupt, but I would like to examine the code if possible.

However, I have no experience with this device, nor with extracting the code from a device. I suspect that it was programmed out of circuit as there are no other connections for programming. in this case, what hardware do I need? What software? I've tried researching, but haven't found any clear information regarding this. I'm a little hesitant to just dive in myself, as I'd prefer to avoid doing something stupid.

If some pics would help, I'd be happy to provide. Thanks in advance.

[Sparky49]

Thanks for the reply, Blueskull.

I think I might have explained things a little incorrectly, I don't think that it was programmed from UART, just that UART connections exist and no other pins do. Maybe it was programmed on another board, and placed into the circuit?

That second part is a little disheartening though... I might go to my original plan and try to use another mcu to intercept the data to the lcd and then send that out through a uart.

I took some pics for reference, the headers on the top left are for the lcd.

[Sparky49]

Thanks again, Blueskull.

If that is the best course, I may have to end up doing that. However, I think in the meantime I'll at least attempt to read and decode the data going to the LCD and spit that out over uart from another uC I make myself. Might be a little less hassle, and lower in cost too. Unfortunately it isn't a standard interface I've come across, but that might make it more interesting.

[magic]

Without decapping, there is a possibility of power/clock glitch attack. I've found vague information on the Internet about successes with Atmel MCUs but no detailed procedures, I'm afraid.

It is possible to extract code from factory configured ATmega32U4, although certain fuse settings thwart the attack

[mikerj]

Have you tried injecting serial data into the RX pin using all the common baud rates and frame configurations?