Alarm System Part 3: Security System – Dumping the EEPROM

If you’re coming here looking for the dump, I can’t share it. I don’t know what the laws are on this and it feels pretty DMCA-ish. Sorry.

This Blog is part of a Series! Check out the rest if you haven’t already:

So, the EEPROM programmer arrived today. For that, I’m excited. And nothing warms a security professional’s heart than something like “The product suggests downloading the latest version from MediaFire!!!”

I did some scouring of the internet and the best solution I can find looks like this:

I’m an American so I’m skilled in two languages: American and Texan. I have no idea what that says, and frankly, it makes me a tad uncomfortable.

So let’s just go ahead and download it anyways.

Seems legit. Let’s install it, and then select our chip!

Now let’s get the chip ready, since if you recall in Part 2, I wrecked one of the pins.

If you don’t remember, here it is again with it’s snaggletooth looks.

Because I wrecked it so bad pulling it out, I ended up ordering a 5-pack of them from Mouser, who thankfully had them in stock. I probably won’t see them for ~a week, so this series is going to stall out a touch while I wait for those.

I had some ~18ga solid copper wire laying around, and while this is an ugly fix and was a pain to get into the programmer, I did end up getting it in, and that’s all that really matters.

Here’s the chip loaded into the programmer. You can tell by the depth of field, clarity / lack of blur, and color reproduction that I’m using Samsung’s latest flagship phone, the Note. Which like all Samsung products, is shit.

Got the chip in place, now going to dump and see what we get…

Yay! Results! I have no idea WTF in here is going on, I was hoping for a clean and obvious series of four numbers. Guess I’ll have to come back to this!

But for now, I have the binary off the EEPROM.

Next Steps:

  • When the replacement ICs come, “burn” the image on an IC that has new and fresh pins and won’t ruin the IC socket I put in during Part 2
  • Find any sequence of 4 digits and try them forwards and backwards. If this doesn’t work, switch the endianness and try again.

In closing, the vast majority of this IC’s memory seems to be completely blank, so that should help with eliminating options for codes.




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.