Juyawa da shiga ba tare da izini ba na sirrin sirri na waje shine tsohon abin sha'awa na. A baya, na sami damar yin aiki tare da irin waɗannan samfuran kamar Zalman VE-400, Zalman ZM-SHE500, Zalman ZM-VE500. Kwanan nan, wani abokin aiki ya kawo mani wani nuni: Patriot (Aigo) SK8671, wanda aka gina bisa ga ƙira na yau da kullun - alamar LCD da maɓalli don shigar da lambar PIN. Abin da ya fito kenan…

1. Gabatarwa
2. Hardware gine
- 2.1. Babban allon
- 2.2. LCD allon nuni
- 2.3. Allon madannai
- 2.4. Kallon wayoyi
3. Jerin matakan kai hari
- 3.1. Ɗaukar jujjuya bayanai daga faifan SPI
- 3.2. Hanyoyin sadarwa

1. Gabatarwa

Gidaje

Упаковка

Samun damar yin amfani da bayanan da aka adana akan faifai, waɗanda ake zaton an rufaffen su, ana yin su ne bayan shigar da lambar PIN. Bayanan gabatarwa kaɗan akan wannan na'urar:

Don canza lambar PIN, dole ne ka danna F1 kafin buɗewa;
Dole ne lambar PIN ta ƙunshi daga lambobi 6 zuwa 9;
Bayan yunƙurin kuskure 15, ana share diski.

2. Hardware gine

Da farko, muna rarraba na'urar zuwa sassa don fahimtar abubuwan da ta kunsa. Babban aikin da ya fi gajiyawa shine buɗe shari'ar: yawancin sukurori da filastik. Bayan buɗe karar, mun ga abubuwan da ke biyowa (ku kula da mai haɗin fil biyar na siyarwa):

2.1. Babban allon

Babban allon yana da sauƙi:

Mafi shaharar sassanta (duba daga sama zuwa kasa):

mai haɗawa don nuna alamar LCD (CN1);
tweeter (SP1);
PM25LD010ƙayyadaddun bayanaiSPI flash drive (U2);
Jmicron JMS539 mai kulaƙayyadaddun bayanai) don USB-SATA (U1);
Mai haɗa USB 3 (J1).

SPI flash drive yana adana firmware don JMS539 da wasu saitunan.

2.2. LCD allon nuni

Babu wani abu mai ban mamaki akan allon LCD.

Kawai:

Alamar LCD na asalin da ba a sani ba (wataƙila tare da saitin rubutun Sinanci); tare da sarrafawar tsari;
Ribbon haɗin don allon madannai.

2.3. Allon madannai

Lokacin nazarin allon madannai, abubuwa suna ɗaukar mafi ban sha'awa.

Anan, a gefen baya, muna ganin mai haɗin ribbon, da kuma Cypress CY8C21434 microcontroller PSoC 1 (nan gaba za mu kira shi kawai PSoC)

CY8C21434 yana amfani da saitin umarni na M8C (duba takardun shaida). A kan [shafin samfur]((http://www.cypress.com/part/cy8c21434-24ltxi) an nuna cewa yana tallafawa fasahar CapSense (mafini daga Cypress, don maɓallan maɓalli masu ƙarfi). Anan za ku iya ganin haɗin haɗin fil biyar na siyar - wannan daidaitaccen tsari ne don haɗa mai shirye-shiryen waje ta hanyar sadarwa ta ISSP.

2.4. Kallon wayoyi

Bari mu gano abin da ke da alaƙa a nan. Don yin wannan, kawai gwada wayoyi tare da multimeter:

Bayanin wannan zanen da aka zana akan gwiwa:

An kwatanta PSoC a cikin ƙayyadaddun fasaha;
mai haɗa na gaba, wanda ke hannun dama, shine cibiyar sadarwa ta ISSP, wanda, bisa ga nufin ƙaddara, yayi daidai da abin da aka rubuta game da shi akan Intanet;
Mafi kyawun haɗin haɗin kai shine tashar tashar mai haɗin ribbon zuwa allon madannai;
Baƙin rectangle zane ne na mai haɗin CN1, wanda aka tsara don haɗa babban allon zuwa allon LCD. P11, P13 da P4 an haɗa su zuwa PSoC fil 11, 13 da 4, akan allon LCD.

3. Jerin matakan kai hari

Yanzu da muka san abubuwan da wannan drive ɗin ya ƙunshi, muna buƙatar: 1) tabbatar da cewa ainihin aikin ɓoyewa yana nan; 2) gano yadda ake ƙirƙirar maɓallan ɓoyewa / adanawa; 3) nemo inda ainihin lambar PIN ɗin za a duba.

Don yin wannan na yi matakai masu zuwa:

ya ɗauki jujjuya bayanai daga faifan SPI;
yayi ƙoƙarin zubar da bayanai daga faifan PSoC;
tabbatar da cewa sadarwa tsakanin Cypress PSoC da JMS539 a zahiri sun ƙunshi maɓalli;
Na tabbata cewa lokacin canza kalmar sirri, ba a sake rubuta wani abu a cikin filasha ta SPI;
ya yi kasala sosai don juyawa firmware 8051 daga JMS539.

3.1. Ɗaukar jujjuya bayanai daga faifan SPI

Wannan hanya mai sauqi ce:

haɗa bincike zuwa ƙafafu na filasha: CLK, MOSI, MISO da (na zaɓi) EN;
sadarwar “sniff” tare da maharba ta amfani da na’urar nazari (I used Saleae Logic Pro 16);
yanke ka'idar SPI da fitarwa sakamakon zuwa CSV;
yi amfani yanke_spi.rbdon tantance sakamakon da samun juji.

Da fatan za a lura cewa wannan hanyar tana aiki da kyau musamman a yanayin mai sarrafa JMS539, tunda wannan mai sarrafa yana ɗaukar dukkan firmware daga filasha a matakin farawa.

$ decode_spi.rb boot_spi1.csv dump
0.039776 : WRITE DISABLE
0.039777 : JEDEC READ ID
0.039784 : ID 0x7f 0x9d 0x21
---------------------
0.039788 : READ @ 0x0
0x12,0x42,0x00,0xd3,0x22,0x00,
[...]
$ ls --size --block-size=1 dump
49152 dump
$ sha1sum dump
3d9db0dde7b4aadd2b7705a46b5d04e1a1f3b125 dump

Bayan da na ɗauki juji daga faifan SPI, na yanke shawarar cewa aikin sa kawai shine adana firmware don na'urar sarrafa JMicron, wanda aka gina a cikin microcontroller 8051. Abin takaici, ɗaukar jujjuyar filasha ta SPI ya zama mara amfani:

lokacin da aka canza lambar PIN, jujiwar filasha ta kasance iri ɗaya;
Bayan matakin ƙaddamarwa, na'urar ba ta shiga cikin filasha ta SPI.

3.2. Hanyoyin sadarwa

Wannan hanya ɗaya ce don nemo wanne guntu ke da alhakin duba sadarwa don lokacin/abun ciki na sha'awa. Kamar yadda muka riga muka sani, ana haɗa mai sarrafa USB-SATA zuwa Cypress PSoC LCD ta hanyar haɗin CN1 da ribbons guda biyu. Don haka, muna haɗa masu binciken zuwa ƙafafu masu dacewa guda uku:

P4, gabaɗaya shigarwa/fitarwa;
P11, I2C SCL;
P13, I2C SDA.

Sa'an nan kuma mu kaddamar da Saleae Logic analyzer da kuma shigar a kan keyboard: "123456 ~". A sakamakon haka, muna ganin zane mai zuwa.

A kan shi muna iya ganin tashoshi na musayar bayanai guda uku:

akwai gajerun fashe da yawa akan tashar P4;
akan P11 da P13 - kusan ci gaba da musayar bayanai.

Zuƙowa kan karu na farko akan tashar P4 (rektangulu mai shuɗi a cikin adadi na baya), muna ganin masu zuwa:

Anan za ku iya ganin cewa akan P4 akwai kusan 70ms na sigina guda ɗaya, wanda da farko a gare ni ya yi kama da siginar agogo. Duk da haka, bayan shafe lokaci mai tsawo ina duba hasashe na, na gano cewa wannan ba alamar agogo ba ne, amma sautin murya ne wanda ake fitarwa zuwa tweeter lokacin da aka danna maballin. Saboda haka, wannan sashe na siginar kanta ba ta ƙunshi bayanai masu amfani a gare mu ba. Koyaya, ana iya amfani dashi azaman mai nuna alama don sanin lokacin da PSoC yayi rijistar latsa maɓalli.

Koyaya, sabon rafi mai jiwuwa na P4 ya ɗan bambanta: sauti ne don "PIN mara inganci"!

Komawa kan jadawali na maɓalli, zuƙowa a kan jadawali mai jiwuwa na ƙarshe (sake duba shuɗin rectangle), muna samun:

Anan muna ganin sigina masu kama da juna akan P11. Don haka yana kama da wannan siginar agogo. Kuma P13 shine data. Kula da yadda tsarin ke canzawa bayan ƙarar ƙarar. Zai zama mai ban sha'awa don ganin abin da ya faru a nan.

Ka'idojin da ke aiki da wayoyi guda biyu yawanci SPI ne ko I2C, kuma ƙayyadaddun fasaha akan Cypress sun faɗi cewa waɗannan fil ɗin sun dace da I2C, wanda muke gani gaskiya ne a cikin yanayinmu:

Kebul-SATA chipset koyaushe yana jefa kuri'a ga PSoC don karanta yanayin maɓallin, wanda ta tsohuwa shine "0". Sannan idan ka danna maballin "1" zai canza zuwa "1". Watsawa ta ƙarshe nan da nan bayan danna "~" ya bambanta idan an shigar da lambar PIN mara kyau. Koyaya, a halin yanzu ban bincika ainihin abin da ake yadawa a can ba. Amma ina zargin cewa da wuya wannan ya zama maɓallin ɓoyewa. Ko ta yaya, duba sashe na gaba don fahimtar yadda na cire firmware na ciki na PSoC.

source: www.habr.com

Juyawa da shiga ba tare da izini ba Aigo mai ɓoye bayanan HDD na waje. Sashe na 1: Rarraba cikin sassa