
Mediatek MT6261 ROM dumping via the vibration motor - sodnpoo
http://www.sodnpoo.com/posts.xml/mediatek_mt6261_rom_dumping_via_the_vibration_motor.xml
======
jamiek88
The article Links through to how the original iPod was ROM dumped which I
found interesting.

[https://web.archive.org/web/20070126061215/http://ipodlinux....](https://web.archive.org/web/20070126061215/http://ipodlinux.org/stories/piezo/)

------
ChuckMcM
Awesome, side channels for the win. That said, I'm really surprised that JTAG
couldn't read out the ROM, in theory that is how you would program it. And
given that you couldn't program it, if instead of a minimal USB driver you
wrote a program that read a 16 bit word at a time from ROM and stored it in a
static variable you should be able to use the JTAG data watch function to
stream out the words as you read them.

~~~
josteink
> That said, I'm really surprised that JTAG couldn't read out the ROM, in
> theory that is how you would program it.

I'm no embedded expert, but I would _assume_ some devices let you write to
them and upload new code using the JTAG interface, but still prevent you from
reading if the author have signalled that he wants his code protected.

Quick DDGing seems to suggest this is indeed a vendor/chip-specific
capability:

[https://duckduckgo.com/?q=jtag+read+protection&t=ffsb](https://duckduckgo.com/?q=jtag+read+protection&t=ffsb)

------
oxplot
CHDK project [1] early on used to dump flashes of Canon cameras through their
LEDs [2].

[1]: [http://chdk.wikia.com/wiki/CHDK](http://chdk.wikia.com/wiki/CHDK)

[2]:
[http://chdk.wikia.com/wiki/Obtaining_a_firmware_dump#Hardwar...](http://chdk.wikia.com/wiki/Obtaining_a_firmware_dump#Hardware-
software_solution)

------
userbinator
The MT6261 is actually a full feature-phone SoC (includes a GSM modem); a bit
odd to see it in a smartwatch with no actual phone functionality.

This is basically a form of PWM. [https://en.wikipedia.org/wiki/Pulse-
width_modulation#Telecom...](https://en.wikipedia.org/wiki/Pulse-
width_modulation#Telecommunications)

~~~
fra
The mediatek chipsets are the only thing out there if you need a lot of ram
with reasonable power consumption for cheap.

------
smcl
This is a delightful hack and was nicely written up- I love reading such
articles. The URL is pretty great too :)

~~~
sodnpoo
(thanks :) )

