I’ve got a device but I don’t know what it is. Logic-wise, it’s only got an 8-pin SOIC, no other chips, and the numbers have been scraped off.
What I want to do is attach my brand-new BP6 to it, pick a menu option, and let the BP figure out which pins are which: Vcc, GND, inputs and outputs, at which point I can try to figure out what the chip does.
Since I didn’t see a menu option like that, can anyone tell me a manual procedure to do the same?
I tried W 3.3 100; @ 0; @ 1; @ 2; @3; @4; @5; @6; @7, and then A x; @ x for each pin to see what I could see. When I did A 4, the voltage of IO5 went to 1.7V; when I did A 5 instead, the voltage of IO4 went to 2.5V. Does this indicate these are Vcc and GND?
It’s got a 9-volt battery clip, a phone jack, and a buzzer. It has some unpopulated spots for a switch (SW1), two more jacks (J2 and J4), something with 4 pins labeled RL1, a transistor-like component labelled Q6, and five holes in a row labeled PGM (J1).
I don’t recall where I got it, it’s been in my junk drawer seemingly forever, but it was the primary reason I got a BP: I’m hoping the BP will let me open it up like an oyster.
I see the unpopulated connector J1 is labeled PGM on the silkscreen. It’s easy enough to find the ground pin with a multimeter, then I’d try the JTAG/BlueTag function on that to automatically detect some really useful pins.
I would also use the logic analyzer function on all pins as it operates to see what’s happening.
The Bus Pirate is pretty amazing, but one still has to do the basic beginning footwork: figure out power supplies, try to work out basic schematic or functionality based on observation…
I’m guessing #3 is RESET, MCLR, VPP or similar because of R12.
Is there a brand mark or anything on the chip? I’d discount PIC because MCLR is usually pin 1, though I could be miss remembering. I’d discount AVR because it’s not enough programming pins.
You could try Jtag mode blue tag command to probe for SWD interface, but are SWD chips made in SOIC8 packages?
The (a?) problem I’m having is that I’m not entirely sure I have the pins wired up correctly to my BP. I’ve got an 8-pin SOIC clip with pin 1 marked in red, going to a socket on a tiny PCB with 8 un-numbered pins sticking out the back, to which I clip the 8 IO probes from the BP:
You may be able to read out the raw machine code from the chip, but you will need a 9 to 13 volt supply to program it. It also depends if the chip is write protected.
Have a look at the programming documentation for this PIC chip. It’s a two wire interface as I recall, but I’ve not worked with it much. You’d sent instructions to read memory ranges and then examine the bytes.
We are working on the infrastructure to do this from Python et al but this is still in progress.
Given the components and sockets on the board, there’s not a lot that this circuit could do. It could be plugged into the phone network, and it could buzz. I don’t think it has enough memory to answer phonecalls and respond to DTMF signals, let alone record and playback voices. Maybe it’s just a remote telephone ringer? Would it require beefier circuit isolation before it could be attached to a landline?
Well, that’s thing, I got this board preassembled, with no documentation, part numbers or anything to google. The only thing that kept me from throwing it away was the 9-volt battery connector, because at least I knew how to power it up, and maybe make some sense of it.
At this point it’s a reverse-engineering puzzle to solve, and a way to learn how to use a BP.
My wife asked me what I wanted for my birthday this year, and I came up with either a Flipper Zero or a Bus Pirate. Eventually I settled on the BP, because it’s got more potential!
I figure that using the BP to identify pins on a powered-on device is a lot easier; the power and ground pins shine like beacons, the inputs are HiZ, and everything else is an output.
I’d read a magazine article years ago showing how to use a multimeter to measure pin-to-pin resistance on an isolated IC in order to find the same thing, and just thought that the method had been brought forward and perfected, because ICs have only increased in popularity since then.
There are some probes that do similar things, but it’s a pretty bespoke tool. The bus pirate cam scan for JTAG and swd pins, which is a lot more common scenario on routers and similar.
In this case it was easy, the part number was clear. Any cheap pickit clone can program the device and microchip has free compilers for all their chips.
Sometimes they sand it off, pot it in epoxy, or use die packages so you can’t see what it is. Then following the traces, number of programming interface pins, how they’re pulled up or down, those are all clues to help hunt down a possible part number.
