About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

BasicFUN Series Part 1: Hardware Analysis / SPI Flash Extraction- 1011

WrongBaudPosted 3 Years Ago
  • Recently, the author of this post received an Arcade cabinet as a gift. Different cabinets have emulators for different older consoles, such as NES, Atari and many others.
  • The physical device had already been torn down, allowing other ROMs being played. The author was curious what the actual ROM looked for the games looked like. So, they started reviewing the board for the different components.
  • On the board, next to the chip with the emulator on it, is a Winbond 25Q16VNIQ SPI FLASH chip. This is a super standard chip with a standard SPI FLASH interface, off the shelf tools can be used to communicate with this chip.
  • First, they hooked up an Arduino. They wrote a super simple SPI implementation to send read commands via the GPIO pins. However, this took a ton of time and had many faults in it.
  • The second go was using the swiss army knife tool Bus Pirate. There is an open source tool called FlashROM that can be used to extract EEPROM memory. The SPI flash interface is universal as well.
  • The author hooked up a SOIC clip onto the SPI flash chip. Then, they mapped the pins from the clip onto the bus pirate for SPI. From there, simply using the flashroom interface with the bus pirate configuration dumps the memory!
  • At the very end, they open up the blob in a hex editor to view the dump of the Rampage NES rom. They compare it to the actual Rampage NES rom. The ROM is included twice on the chip for a backup method. Overall, good post from a solid hardware hacker.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed