Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Back in the day, there was a device called the TV Guardian. The idea was that captions and spoken word with foul language could be removed from a stream in real time using this device. How does this actually work? Ben Eater takes apart the device to find out!

They reverse engineer the board to get a good idea of what each chip does. From there, the author removes an EEPROM chip from the board by removing a large amount of the solder then using a hot air gun to pull off the chip. Dead bug debugging time!

They find the documentation for this specific chip and begin trying to understand how it works. While reading the docs, the author is unsure what addressing mode it is using. However, by looking at the traces on the PCB where the chip was at, pins 5-7 are all connected! This tells us that the 8-bit memory organization is set and the the program enable pin is disabled.

The author puts the chip onto a breadboard and hooks up the pins. First, they connect GND and power to the proper locations. After that, they connect the Memory Organization Pin and Program Enable Pin to ground, just as it was on the actual board. Finally, they hook up the reminder SPI interface pins to GPIO pins on an Arduino.

Ben writes up an implementation of the protocol in an Arduino sketch, but this could also be done via a standard EEPROM reader too. This is done by reading the documentation and putting the GPIO pins high and low at specific times to emulate the SPI interface. For a read command, the opcode 10 is sent, followed by an 11 bit address. Following this, the chip will send back 8 bits of data.

Simply writing to the GPIO lines with the protocol implemented will simulate the SPI interface. In order to make this work, we have to make sure the Serial timing is correct. Luckily for us, since we are now the controller, we control the clock rate and how fast data is sent out.

After running this and using a hexdump, a bunch of words appear! In particular, most of them are obscene words that children shouldn't be hearing. After the bad words was a list of good words, likely used for the replacements.

However, the format was a little weird. Each word was followed by a small value (0, 1 or 2) then a larger byte. The author throws all of the data into a spreadsheet then analyzes what the bytes actually mean. Excel has some pretty powerful functions for quickly testing stuff!

In the list of words, some of the phrases are explicitly allowed. The author noticed that all words with a 1 in the 6th most significant bit were allowed. Secondly, there are exactly 32 replacement words - which can be represented in 5 bits. The final 5 bits of the strange byte are an index for the replacement words. For instance, ass goes to tail.

The most significant bit is always set. The 2nd most significant bit determines if the word is ONLY restricted in strict mode or not, such as religious things or butt. There are still some things that Ben doesn't understand about the format though.

Overall, awesome post showing off the capabilities of an Arduino, dumping memory and pattern matching. Thanks for all of the work Ben!