

Dumping the Gameboy Color boot ROM (w/ commented disassembly) - makmanalp
http://www.fpgb.org/?page_id=17

======
joshuaxls
Reminds me of the incredibly creative hack where one of the iPodLinux
developers dumped the iPod's bootloader by sounding out ticks on its crappy
piezo.

Archive.org link:
[http://web.archive.org/web/20070519081643/http://www.ipodlin...](http://web.archive.org/web/20070519081643/http://www.ipodlinux.org/stories/piezo/)

------
jey
Decapping, staining, and reading ROMs with a microscope?? Using some clock
timing trick to electrically dump ROMs? Holy crap that is some insane
dedication.

~~~
sp332
The Mifare Classic hackers cut slices off the chip, scanned the slices and
used a buggy Matlab script to recreate the circuitry inside.
<http://news.ycombinator.com/item?id=825150>

------
tjic
This is quite interesting, but being a CS guy who just took a few hardware
courses 15 years ago, there's something I'm missing here.

I thought that if you took a ROM and just fed addresses and a clock signal
into it, you'd get the data on the data out lines.

Clearly there's something trickier going on here.

Can anyone explain?

Thanks!

~~~
wmf
I think the ROM in question is not a separate chip but buried inside the
processor.

