Hacking a UART where there never was before

The Omron RS8 met several of our design requirements, small, battery operated, quiet and entirely wrist mounted. So no heavy base unit. With the initial attack vector expected to be the NFC interface the case was opened and warranty voided. Thankfully the PCB was not too complicated, although populated on both sides the dual layer design made circuit tracing easy.

Hacking a UART where there never was before

Working through the ICs on the top of the PCB and searching for data sheets showed the main IC to be something somewhat obscure and difficult to source information for. A Similar scenario again for the NFC chip, little available information in data sheets or examples on the web. Reviewing the product documentation gave the impression the NFC interface was designed to upload logs and not stream real time data. The rear side of the PCB however held promise. A separate IC was used to drive the segmented LCD display built into the housing, the BU9795A. Whilst still an obscure component a data sheet was available and it listed an SPI interface with a nice clear protocol.

Bring on the bus pirate!

With a USB microscope and the data sheet for the LCD driver the traces for MOSI, SCK and CS were traced and bodge wires connected. A quick confirmation with the scope to observe traffic and it is time to connect the bus pirate.

For more detail: Hacking a UART where there never was before

Current Project / Post can also be found using:

  • hacking uart
  • Pic16f1827 circuit
READ  Serial communication with Pic 16f877 using UART

Leave a Comment

= 5 + 4

Read previous post:
Digital logic probe
Digital logic probe for troubleshooting TTL and CMOS circuits using PIC12F683

A logic probe is considered as a stethoscope for engineers and technicians for debugging digital logic circuits that consists of...

Scroll to top