Author Topic: AVR "modding", adding features or removing them [help]  (Read 316 times)

0 Members and 1 Guest are viewing this topic.

Offline ESXi

  • Regular Contributor
  • *
  • Posts: 51
  • Country: nl
AVR "modding", adding features or removing them [help]
« on: June 29, 2019, 12:03:13 pm »
Hi,

I have been reading and looking at some mods for chips and such. Back in the days I have seen some small tricks like reading AVR chip output and at some pattern of which the chip is doing some security check or executing some bull$hit the chip's VCC/VDD is quickly (μs) turned off and then on again so it skips this part of the code basically or corrupts the instruction at that time (technically not the best approach because the timing is critical and kinda hard to get right each time & reliability because if its timed wrong the chip can crash/reset..)


So I came up with another approach that might work better. Read ISP data from the AVR that goes to the 8 bit Led display and if a specific signal pattern is detected send simulated button press to AVR (simulate button press with p or n channel mosfet). So for example my small portable speaker has gone completely flat(empty battery), I charge it up and power it up again. Now it wants me to set the time clock again. I want to check if the data sent to the display is "00:00" blinking, if it detects this, it has to simulate two button presses and the clock set feature is like skipped basically, so the volume knob can be used again without having to skip it manually.. By the way I think it was more than just two button presses, but ok you get the idea.

Like this;
https://forum.mysensors.org/topic/9061/how-to-automate-devices-with-existing-buttons

?
Thing now is, how and is it even possible to read ISP and do a specific thing if it sees a pattern of data how difficult is this?
Probably need a Bus Pirate or a Oscilloscope? Will a Attiny85 be good enough for the job?

At first I wanted to mod the firmware on the megawin mpc82. But I gave up at that, a debugger dongle is like 70 dollars on Ali, it doesn't guarantee anything and also the chip is completely non documented (the protocol to read/write the chip). So forget about dumping the chip anyway..


Was thinking about it because of this topic I made a while ago..
https://www.eevblog.com/forum/projects/360-speaker-time-clock-removal-megawin-mpc82-(help)/

Briefly but good example of glitching avr chip
https://flawed.net.nz/2017/01/29/avr-glitch-modifying-code-execution-paths-using-only-voltage/
« Last Edit: June 29, 2019, 12:15:33 pm by ESXi »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf