ATC1441
@atc1441.bsky.social
Hack the planet!
my biggest passion is to run a custom firmware on as many devices as possible
my biggest passion is to run a custom firmware on as many devices as possible
Finally there is DOOM on a Cooking Pot...
Nice hacking challenge of a way over-engineered "Smart-device"!
Inside we can find 4 SoC's from 4 companies:
Heat control via STM32F031
Input button via PIC18F8..
Wifi via ESP32
Main FW Renesas 400Mhz ARM A9
Full video on YouTube: youtu.be/V5Jtc7wTbQ8
Nice hacking challenge of a way over-engineered "Smart-device"!
Inside we can find 4 SoC's from 4 companies:
Heat control via STM32F031
Input button via PIC18F8..
Wifi via ESP32
Main FW Renesas 400Mhz ARM A9
Full video on YouTube: youtu.be/V5Jtc7wTbQ8
January 9, 2026 at 6:23 PM
Finally there is DOOM on a Cooking Pot...
Nice hacking challenge of a way over-engineered "Smart-device"!
Inside we can find 4 SoC's from 4 companies:
Heat control via STM32F031
Input button via PIC18F8..
Wifi via ESP32
Main FW Renesas 400Mhz ARM A9
Full video on YouTube: youtu.be/V5Jtc7wTbQ8
Nice hacking challenge of a way over-engineered "Smart-device"!
Inside we can find 4 SoC's from 4 companies:
Heat control via STM32F031
Input button via PIC18F8..
Wifi via ESP32
Main FW Renesas 400Mhz ARM A9
Full video on YouTube: youtu.be/V5Jtc7wTbQ8
Crazy that the Smart BLE Ring with a Matrix Display is real🤪
But something is strange this claimed unknown PAR2860 SoC(If that is really inside the ring) looks very much like the firmware of the 7 Segment Ring (DA14585 SoC) but is still different.
maybe a cloned DA14585?
But something is strange this claimed unknown PAR2860 SoC(If that is really inside the ring) looks very much like the firmware of the 7 Segment Ring (DA14585 SoC) but is still different.
maybe a cloned DA14585?
January 5, 2026 at 10:22 PM
Crazy that the Smart BLE Ring with a Matrix Display is real🤪
But something is strange this claimed unknown PAR2860 SoC(If that is really inside the ring) looks very much like the firmware of the 7 Segment Ring (DA14585 SoC) but is still different.
maybe a cloned DA14585?
But something is strange this claimed unknown PAR2860 SoC(If that is really inside the ring) looks very much like the firmware of the 7 Segment Ring (DA14585 SoC) but is still different.
maybe a cloned DA14585?
What's better then a Smart Ring with 7 Seg Display?
A Smart Ring with matrix Display!
20€ version on Aliexpress(Affilia) s.click.aliexpress.com/e/_c4aEitU1
Main BLE SoC PXI PAR2860 with 512KB Flash and 32KB RAM
Still on order but excited to Hack it next!
Previous Hacks in next comment
A Smart Ring with matrix Display!
20€ version on Aliexpress(Affilia) s.click.aliexpress.com/e/_c4aEitU1
Main BLE SoC PXI PAR2860 with 512KB Flash and 32KB RAM
Still on order but excited to Hack it next!
Previous Hacks in next comment
December 23, 2025 at 8:51 PM
What's better then a Smart Ring with 7 Seg Display?
A Smart Ring with matrix Display!
20€ version on Aliexpress(Affilia) s.click.aliexpress.com/e/_c4aEitU1
Main BLE SoC PXI PAR2860 with 512KB Flash and 32KB RAM
Still on order but excited to Hack it next!
Previous Hacks in next comment
A Smart Ring with matrix Display!
20€ version on Aliexpress(Affilia) s.click.aliexpress.com/e/_c4aEitU1
Main BLE SoC PXI PAR2860 with 512KB Flash and 32KB RAM
Still on order but excited to Hack it next!
Previous Hacks in next comment
The Simple nRF52832 Spectrum Analyzer is now working on the Allmiibo LCD and OLED Variant🥳
Fully OTA Updateable from pixljs and back
Find the Source Code of the pixlAnalyzer now here:
github.com/atc1441/pixl...
And a YouTube Explanation Video here:
youtu.be/kgrsfGIeL9w
Fully OTA Updateable from pixljs and back
Find the Source Code of the pixlAnalyzer now here:
github.com/atc1441/pixl...
And a YouTube Explanation Video here:
youtu.be/kgrsfGIeL9w
December 5, 2025 at 11:18 PM
The Simple nRF52832 Spectrum Analyzer is now working on the Allmiibo LCD and OLED Variant🥳
Fully OTA Updateable from pixljs and back
Find the Source Code of the pixlAnalyzer now here:
github.com/atc1441/pixl...
And a YouTube Explanation Video here:
youtu.be/kgrsfGIeL9w
Fully OTA Updateable from pixljs and back
Find the Source Code of the pixlAnalyzer now here:
github.com/atc1441/pixl...
And a YouTube Explanation Video here:
youtu.be/kgrsfGIeL9w
Just finished Hacking the Pill Camera that you'd swallow for an easy endoscopy
Ti CC1310 SoC Glitched and Dumped which allowed to Reverse Engineer its firmware and RF Protocol up to full Image receiving🥳
No security included but short range.
📽️🎬 here: youtu.be/qEIW5gOLzIs
Ti CC1310 SoC Glitched and Dumped which allowed to Reverse Engineer its firmware and RF Protocol up to full Image receiving🥳
No security included but short range.
📽️🎬 here: youtu.be/qEIW5gOLzIs
November 17, 2025 at 9:13 PM
Just finished Hacking the Pill Camera that you'd swallow for an easy endoscopy
Ti CC1310 SoC Glitched and Dumped which allowed to Reverse Engineer its firmware and RF Protocol up to full Image receiving🥳
No security included but short range.
📽️🎬 here: youtu.be/qEIW5gOLzIs
Ti CC1310 SoC Glitched and Dumped which allowed to Reverse Engineer its firmware and RF Protocol up to full Image receiving🥳
No security included but short range.
📽️🎬 here: youtu.be/qEIW5gOLzIs
Reposted by ATC1441
New idea - use the #Raspberrypi to directly drive parallel Eink displays. Pictured - Kindle 6" 1024x758 34pin panel driven by a RPIZ2W and (one of a kind) custom PCB.
youtube.com/shorts/LwGyG...
Benefits - the RPI (or any Linux SBC) can create/push the pixels faster than any ESP32. low cost SBC.
youtube.com/shorts/LwGyG...
Benefits - the RPI (or any Linux SBC) can create/push the pixels faster than any ESP32. low cost SBC.
RPI fast Eink
YouTube video by tdfsoftware
youtube.com
November 14, 2025 at 4:14 PM
New idea - use the #Raspberrypi to directly drive parallel Eink displays. Pictured - Kindle 6" 1024x758 34pin panel driven by a RPIZ2W and (one of a kind) custom PCB.
youtube.com/shorts/LwGyG...
Benefits - the RPI (or any Linux SBC) can create/push the pixels faster than any ESP32. low cost SBC.
youtube.com/shorts/LwGyG...
Benefits - the RPI (or any Linux SBC) can create/push the pixels faster than any ESP32. low cost SBC.
Lets take a look inside one of those Aliexpress "Smart" Car Keyfobs which you can retrofit your "Lame" Car Key with 😅
TLDR: It does not run Doom 😞
The internal RTL8762TD Hast sadly "only" 192KB of RAM
Find the Teardown video here:
youtu.be/oAmtu87EdYo
TLDR: It does not run Doom 😞
The internal RTL8762TD Hast sadly "only" 192KB of RAM
Find the Teardown video here:
youtu.be/oAmtu87EdYo
November 3, 2025 at 5:48 PM
Lets take a look inside one of those Aliexpress "Smart" Car Keyfobs which you can retrofit your "Lame" Car Key with 😅
TLDR: It does not run Doom 😞
The internal RTL8762TD Hast sadly "only" 192KB of RAM
Find the Teardown video here:
youtu.be/oAmtu87EdYo
TLDR: It does not run Doom 😞
The internal RTL8762TD Hast sadly "only" 192KB of RAM
Find the Teardown video here:
youtu.be/oAmtu87EdYo
Lets take a look inside one of those tiny Pill Cameras that you swallow to check your innards😳
Video on YouTube:
youtu.be/pf_eOLRd6B4
Video on YouTube:
youtu.be/pf_eOLRd6B4
Pill Camera Teardown, Capsule endoscopy
YouTube video by Aaron Christophel
youtu.be
October 13, 2025 at 5:55 PM
Lets take a look inside one of those tiny Pill Cameras that you swallow to check your innards😳
Video on YouTube:
youtu.be/pf_eOLRd6B4
Video on YouTube:
youtu.be/pf_eOLRd6B4
Finally there is code execution on this Shi**y Realtek RTL8752H and RTL8762ESL ARM SoC🥳
Full custom firmware goes Brrrrr
These chinese vendors like Realtek Bluetrum and Jieli only care about copy protection and cribble down a perfectly fine ARM Core with their tooling🙄
Full custom firmware goes Brrrrr
These chinese vendors like Realtek Bluetrum and Jieli only care about copy protection and cribble down a perfectly fine ARM Core with their tooling🙄
October 9, 2025 at 2:32 PM
Finally there is code execution on this Shi**y Realtek RTL8752H and RTL8762ESL ARM SoC🥳
Full custom firmware goes Brrrrr
These chinese vendors like Realtek Bluetrum and Jieli only care about copy protection and cribble down a perfectly fine ARM Core with their tooling🙄
Full custom firmware goes Brrrrr
These chinese vendors like Realtek Bluetrum and Jieli only care about copy protection and cribble down a perfectly fine ARM Core with their tooling🙄
Teardown of the Tuya KWS-303WF Wifi Power Meter including cut-off Relay
Inside we can find:
- Tuya CBU Modul with Beken BK7231N ARM SoC 2MB Flash 256KB RAM
- Relay claimed 63A
- Power Meter
- LCD 60x160 Pixel
- External NTC Temp Sensor
aliexpress.com/item/1005008...
Inside we can find:
- Tuya CBU Modul with Beken BK7231N ARM SoC 2MB Flash 256KB RAM
- Relay claimed 63A
- Power Meter
- LCD 60x160 Pixel
- External NTC Temp Sensor
aliexpress.com/item/1005008...
September 20, 2025 at 2:09 PM
Teardown of the Tuya KWS-303WF Wifi Power Meter including cut-off Relay
Inside we can find:
- Tuya CBU Modul with Beken BK7231N ARM SoC 2MB Flash 256KB RAM
- Relay claimed 63A
- Power Meter
- LCD 60x160 Pixel
- External NTC Temp Sensor
aliexpress.com/item/1005008...
Inside we can find:
- Tuya CBU Modul with Beken BK7231N ARM SoC 2MB Flash 256KB RAM
- Relay claimed 63A
- Power Meter
- LCD 60x160 Pixel
- External NTC Temp Sensor
aliexpress.com/item/1005008...
Teardown of an OBD Find My Adapter from Aliexpress
aliexpress.com/item/1005007...
As expected as simple as it could get,
3.3V Voltage Regulator with an currently unknown BLE SoC ESM412 2449XFD
No connection to CAN and OBD just for power
aliexpress.com/item/1005007...
As expected as simple as it could get,
3.3V Voltage Regulator with an currently unknown BLE SoC ESM412 2449XFD
No connection to CAN and OBD just for power
September 20, 2025 at 2:02 PM
Teardown of an OBD Find My Adapter from Aliexpress
aliexpress.com/item/1005007...
As expected as simple as it could get,
3.3V Voltage Regulator with an currently unknown BLE SoC ESM412 2449XFD
No connection to CAN and OBD just for power
aliexpress.com/item/1005007...
As expected as simple as it could get,
3.3V Voltage Regulator with an currently unknown BLE SoC ESM412 2449XFD
No connection to CAN and OBD just for power
DOOM on a Vape via ScreenSharing and custom Firmware 😁
Source code on Github here:
github.com/atc1441/Vape...
And find a full video on Youtube with more details:
youtu.be/rVsvtEj9iqE
Source code on Github here:
github.com/atc1441/Vape...
And find a full video on Youtube with more details:
youtu.be/rVsvtEj9iqE
September 20, 2025 at 12:17 AM
DOOM on a Vape via ScreenSharing and custom Firmware 😁
Source code on Github here:
github.com/atc1441/Vape...
And find a full video on Youtube with more details:
youtu.be/rVsvtEj9iqE
Source code on Github here:
github.com/atc1441/Vape...
And find a full video on Youtube with more details:
youtu.be/rVsvtEj9iqE
Teardown of the 2" LCD Screen Mirror device
~20€ From Aliexpress
s.click.aliexpress.com/e/_oCyfENx
Surprisingly packed
- Unknown DH390D HT2522A SoC likely HiChip HC15xx 4MB SPI Flash
- Battery Powered
- Speaker
- Realtek WiFi Chip
- Jieli BLE SoC
Similar to youtu.be/pFBn6lMJ7q8
~20€ From Aliexpress
s.click.aliexpress.com/e/_oCyfENx
Surprisingly packed
- Unknown DH390D HT2522A SoC likely HiChip HC15xx 4MB SPI Flash
- Battery Powered
- Speaker
- Realtek WiFi Chip
- Jieli BLE SoC
Similar to youtu.be/pFBn6lMJ7q8
September 18, 2025 at 4:53 PM
Teardown of the 2" LCD Screen Mirror device
~20€ From Aliexpress
s.click.aliexpress.com/e/_oCyfENx
Surprisingly packed
- Unknown DH390D HT2522A SoC likely HiChip HC15xx 4MB SPI Flash
- Battery Powered
- Speaker
- Realtek WiFi Chip
- Jieli BLE SoC
Similar to youtu.be/pFBn6lMJ7q8
~20€ From Aliexpress
s.click.aliexpress.com/e/_oCyfENx
Surprisingly packed
- Unknown DH390D HT2522A SoC likely HiChip HC15xx 4MB SPI Flash
- Battery Powered
- Speaker
- Realtek WiFi Chip
- Jieli BLE SoC
Similar to youtu.be/pFBn6lMJ7q8
Fun fact this 3€ USB-C to Headphone converter has more Flash and RAM then the first moon landing.
de.aliexpress.com/item/1005009...
The internal RISCV Bluetrum SoC AB136D got:
128 KB Flash
60 KB RAM
Perfect USB Rubber Ducky, easy to reflash without opening via the USB DP Pin🤪
de.aliexpress.com/item/1005009...
The internal RISCV Bluetrum SoC AB136D got:
128 KB Flash
60 KB RAM
Perfect USB Rubber Ducky, easy to reflash without opening via the USB DP Pin🤪
September 11, 2025 at 2:24 PM
Fun fact this 3€ USB-C to Headphone converter has more Flash and RAM then the first moon landing.
de.aliexpress.com/item/1005009...
The internal RISCV Bluetrum SoC AB136D got:
128 KB Flash
60 KB RAM
Perfect USB Rubber Ducky, easy to reflash without opening via the USB DP Pin🤪
de.aliexpress.com/item/1005009...
The internal RISCV Bluetrum SoC AB136D got:
128 KB Flash
60 KB RAM
Perfect USB Rubber Ducky, easy to reflash without opening via the USB DP Pin🤪
Also got the OLED Amiibo Emulator😅
Sometimes for < 8€ in the combo offers!
aliexpress.com/item/1005008...
They are just too cute and a nice Hackable gadget with everything included in a small case.
nRF52832 SoC
SPI Flash
LCD/OLED
NFC
Battery
Arduino able
x.com/atc1441/stat...
Sometimes for < 8€ in the combo offers!
aliexpress.com/item/1005008...
They are just too cute and a nice Hackable gadget with everything included in a small case.
nRF52832 SoC
SPI Flash
LCD/OLED
NFC
Battery
Arduino able
x.com/atc1441/stat...
September 9, 2025 at 7:43 PM
Also got the OLED Amiibo Emulator😅
Sometimes for < 8€ in the combo offers!
aliexpress.com/item/1005008...
They are just too cute and a nice Hackable gadget with everything included in a small case.
nRF52832 SoC
SPI Flash
LCD/OLED
NFC
Battery
Arduino able
x.com/atc1441/stat...
Sometimes for < 8€ in the combo offers!
aliexpress.com/item/1005008...
They are just too cute and a nice Hackable gadget with everything included in a small case.
nRF52832 SoC
SPI Flash
LCD/OLED
NFC
Battery
Arduino able
x.com/atc1441/stat...
Teardown massacre of random 2€ Aliexpress Airpod clones 😅
80% Bluetrum (AB) and 20% Jieli
80% Bluetrum (AB) and 20% Jieli
September 9, 2025 at 1:56 PM
Teardown massacre of random 2€ Aliexpress Airpod clones 😅
80% Bluetrum (AB) and 20% Jieli
80% Bluetrum (AB) and 20% Jieli
While not a full custom firmware you can find the current Bluetrum AB5682 SoC Hacking results here
github.com/atc1441/Blue...
This SoC Is used in the A9 Pro Airpod Clones and many more cheap BLE Gadgets.
Quite Beefy for its price:
RISCV
2MB Flash
162KB RAM
98KB ROM
github.com/atc1441/Blue...
This SoC Is used in the A9 Pro Airpod Clones and many more cheap BLE Gadgets.
Quite Beefy for its price:
RISCV
2MB Flash
162KB RAM
98KB ROM
September 8, 2025 at 5:01 PM
While not a full custom firmware you can find the current Bluetrum AB5682 SoC Hacking results here
github.com/atc1441/Blue...
This SoC Is used in the A9 Pro Airpod Clones and many more cheap BLE Gadgets.
Quite Beefy for its price:
RISCV
2MB Flash
162KB RAM
98KB ROM
github.com/atc1441/Blue...
This SoC Is used in the A9 Pro Airpod Clones and many more cheap BLE Gadgets.
Quite Beefy for its price:
RISCV
2MB Flash
162KB RAM
98KB ROM
Thats Code execution on the infamous
AB5682B BLE SoC used in the cheap headsets and other BLE hardware🥳
This Bluetrum Chip series is ugly 😅 Debug via 1 Wire UART and a somewhat secured proto
This code now runs from RAM since we next need a loader to dump an write to Flash
AB5682B BLE SoC used in the cheap headsets and other BLE hardware🥳
This Bluetrum Chip series is ugly 😅 Debug via 1 Wire UART and a somewhat secured proto
This code now runs from RAM since we next need a loader to dump an write to Flash
September 2, 2025 at 11:04 PM
Thats Code execution on the infamous
AB5682B BLE SoC used in the cheap headsets and other BLE hardware🥳
This Bluetrum Chip series is ugly 😅 Debug via 1 Wire UART and a somewhat secured proto
This code now runs from RAM since we next need a loader to dump an write to Flash
AB5682B BLE SoC used in the cheap headsets and other BLE hardware🥳
This Bluetrum Chip series is ugly 😅 Debug via 1 Wire UART and a somewhat secured proto
This code now runs from RAM since we next need a loader to dump an write to Flash
Why does this aspire PIXO Vape got a hidden BLE Chip inside? 🤔
Internals:
Puya PY32F403 ARM SoC 256kb flash 64kb RAM
16MB External flash
LCD with Full touch
Unmentioned WS8000 BLE Module
Full hackability with an USB Flash drive update not including any CRC or sign checking🙌
Internals:
Puya PY32F403 ARM SoC 256kb flash 64kb RAM
16MB External flash
LCD with Full touch
Unmentioned WS8000 BLE Module
Full hackability with an USB Flash drive update not including any CRC or sign checking🙌
August 29, 2025 at 12:41 PM
Why does this aspire PIXO Vape got a hidden BLE Chip inside? 🤔
Internals:
Puya PY32F403 ARM SoC 256kb flash 64kb RAM
16MB External flash
LCD with Full touch
Unmentioned WS8000 BLE Module
Full hackability with an USB Flash drive update not including any CRC or sign checking🙌
Internals:
Puya PY32F403 ARM SoC 256kb flash 64kb RAM
16MB External flash
LCD with Full touch
Unmentioned WS8000 BLE Module
Full hackability with an USB Flash drive update not including any CRC or sign checking🙌
One more Doom port^^
This time on an Epaper Translator🥳
Running an XR872at SoC and an 296x152 BW E-Paper display with around 400ms of refresh time
Find a teardown done some time ago here:
x.com/atc1441/stat...
Full Youtube video here:
youtu.be/PvTJpbVPxUo
This time on an Epaper Translator🥳
Running an XR872at SoC and an 296x152 BW E-Paper display with around 400ms of refresh time
Find a teardown done some time ago here:
x.com/atc1441/stat...
Full Youtube video here:
youtu.be/PvTJpbVPxUo
August 28, 2025 at 9:54 PM
One more Doom port^^
This time on an Epaper Translator🥳
Running an XR872at SoC and an 296x152 BW E-Paper display with around 400ms of refresh time
Find a teardown done some time ago here:
x.com/atc1441/stat...
Full Youtube video here:
youtu.be/PvTJpbVPxUo
This time on an Epaper Translator🥳
Running an XR872at SoC and an 296x152 BW E-Paper display with around 400ms of refresh time
Find a teardown done some time ago here:
x.com/atc1441/stat...
Full Youtube video here:
youtu.be/PvTJpbVPxUo
Lets take a closer look inside an 20€ Aliexpress Alarmo clone "Smart AI Kids clock" based on the XR872ats SoC
And of course port Doom to it😅
Full Teardown Youtube video:
youtu.be/QutpZBTJRDY
Github repo with full source code:
github.com/atc1441/XR87...
And of course port Doom to it😅
Full Teardown Youtube video:
youtu.be/QutpZBTJRDY
Github repo with full source code:
github.com/atc1441/XR87...
August 27, 2025 at 3:22 PM
Lets take a closer look inside an 20€ Aliexpress Alarmo clone "Smart AI Kids clock" based on the XR872ats SoC
And of course port Doom to it😅
Full Teardown Youtube video:
youtu.be/QutpZBTJRDY
Github repo with full source code:
github.com/atc1441/XR87...
And of course port Doom to it😅
Full Teardown Youtube video:
youtu.be/QutpZBTJRDY
Github repo with full source code:
github.com/atc1441/XR87...
It had to be done 😅
DOOM on the Xiaomi Mi Band 8 Fitnessband
Running super smooth on the Amoled Display and the custom firmware with toom on just 2MB of Flash
Full video on Youtube:
youtu.be/iqyR_LNp9vc
DOOM on the Xiaomi Mi Band 8 Fitnessband
Running super smooth on the Amoled Display and the custom firmware with toom on just 2MB of Flash
Full video on Youtube:
youtu.be/iqyR_LNp9vc
August 23, 2025 at 11:27 PM
It had to be done 😅
DOOM on the Xiaomi Mi Band 8 Fitnessband
Running super smooth on the Amoled Display and the custom firmware with toom on just 2MB of Flash
Full video on Youtube:
youtu.be/iqyR_LNp9vc
DOOM on the Xiaomi Mi Band 8 Fitnessband
Running super smooth on the Amoled Display and the custom firmware with toom on just 2MB of Flash
Full video on Youtube:
youtu.be/iqyR_LNp9vc
DOOM on the ANKER Prime Charging station😅
The internal SWM34S MCU is just way too nice!
8MB RAM + 16MB Flash directly mapped to memory goes brrrr
Video on Youtube: youtu.be/MdOU8SqCqeY
The internal SWM34S MCU is just way too nice!
8MB RAM + 16MB Flash directly mapped to memory goes brrrr
Video on Youtube: youtu.be/MdOU8SqCqeY
August 18, 2025 at 7:23 PM
DOOM on the ANKER Prime Charging station😅
The internal SWM34S MCU is just way too nice!
8MB RAM + 16MB Flash directly mapped to memory goes brrrr
Video on Youtube: youtu.be/MdOU8SqCqeY
The internal SWM34S MCU is just way too nice!
8MB RAM + 16MB Flash directly mapped to memory goes brrrr
Video on Youtube: youtu.be/MdOU8SqCqeY
Quick teardown video of an Battery powered 4" LCD Screen Mirror device around 25€ from Aliexpress
TLDR: Main SoC is an HCSEMI C3100 which is very similar to the one used in the 20€ Handheld Console SF2000
Video Here:
youtu.be/pFBn6lMJ7q8
TLDR: Main SoC is an HCSEMI C3100 which is very similar to the one used in the 20€ Handheld Console SF2000
Video Here:
youtu.be/pFBn6lMJ7q8
August 16, 2025 at 3:28 PM
Quick teardown video of an Battery powered 4" LCD Screen Mirror device around 25€ from Aliexpress
TLDR: Main SoC is an HCSEMI C3100 which is very similar to the one used in the 20€ Handheld Console SF2000
Video Here:
youtu.be/pFBn6lMJ7q8
TLDR: Main SoC is an HCSEMI C3100 which is very similar to the one used in the 20€ Handheld Console SF2000
Video Here:
youtu.be/pFBn6lMJ7q8
That's a success 🥳
Glitched and fully Dumped MSP430F417 in a non destructive way
Doing a Read data CMD and glitching the check if the password was entered we can dump 240bytes at once
By dumping the pass(vector) area we can read the full flash after one glitch
bsky.app/profile/atc1...
Glitched and fully Dumped MSP430F417 in a non destructive way
Doing a Read data CMD and glitching the check if the password was entered we can dump 240bytes at once
By dumping the pass(vector) area we can read the full flash after one glitch
bsky.app/profile/atc1...
August 14, 2025 at 1:48 PM
That's a success 🥳
Glitched and fully Dumped MSP430F417 in a non destructive way
Doing a Read data CMD and glitching the check if the password was entered we can dump 240bytes at once
By dumping the pass(vector) area we can read the full flash after one glitch
bsky.app/profile/atc1...
Glitched and fully Dumped MSP430F417 in a non destructive way
Doing a Read data CMD and glitching the check if the password was entered we can dump 240bytes at once
By dumping the pass(vector) area we can read the full flash after one glitch
bsky.app/profile/atc1...