If you’re coming here looking for the dump, I can’t share it. I don’t know what the laws are on this and it feels pretty DMCA-ish. Sorry.
This Blog is part of a Series! Check out the rest if you haven’t already:
- Home Security & I’m Back: A story about how I built my own security system and wrote some software for it.
- Alarm System Part 1: The Old Security System: What came with the house when I bought it, and an overview of the chips on the board and a deep dive into how the EEPROM works.
- Alarm System Part 2: System Teardown: Tearing out the EEPROM and socketing it for testing.
- Alarm System Part 3: Dumping the EEPROM
- Alarm System Part 4: The Keypad: What’s making this thing work?
- Alarm System Part 5: How to Hack a Home Security System: Getting in!
So, the EEPROM programmer arrived today. For that, I’m excited. And nothing warms a security professional’s heart than something like “The product suggests downloading the latest version from MediaFire!!!”
I did some scouring of the internet and the best solution I can find looks like this:
I’m an American so I’m skilled in two languages: American and Texan. I have no idea what that says, and frankly, it makes me a tad uncomfortable.
So let’s just go ahead and download it anyways.
Seems legit. Let’s install it, and then select our chip!
Now let’s get the chip ready, since if you recall in Part 2, I wrecked one of the pins.
If you don’t remember, here it is again with it’s snaggletooth looks.
Because I wrecked it so bad pulling it out, I ended up ordering a 5-pack of them from Mouser, who thankfully had them in stock. I probably won’t see them for ~a week, so this series is going to stall out a touch while I wait for those.
I had some ~18ga solid copper wire laying around, and while this is an ugly fix and was a pain to get into the programmer, I did end up getting it in, and that’s all that really matters.
Here’s the chip loaded into the programmer. You can tell by the depth of field, clarity / lack of blur, and color reproduction that I’m using Samsung’s latest flagship phone, the Note. Which like all Samsung products, is shit.
Got the chip in place, now going to dump and see what we get…
Yay! Results! I have no idea WTF in here is going on, I was hoping for a clean and obvious series of four numbers. Guess I’ll have to come back to this!
But for now, I have the binary off the EEPROM.
- When the replacement ICs come, “burn” the image on an IC that has new and fresh pins and won’t ruin the IC socket I put in during Part 2
- Find any sequence of 4 digits and try them forwards and backwards. If this doesn’t work, switch the endianness and try again.
In closing, the vast majority of this IC’s memory seems to be completely blank, so that should help with eliminating options for codes.