What's your approach to reverse engineering a product?
Stephen , 08-04-2023, 01:00 PM
I'd like to try my hand at a bit of in-depth reverse engineering (for educational purposes). I'm looking for any tips from others on what helps to understand a PCB layout/design when you don't have access to the design files themselves. The target is the controller from a Dyson V11 vacuum that has a Renesas MCU and an OLED display. I think it would be fun to break it down and try to get my own image onto the screen.
QDrives , 08-04-2023, 08:14 PM
Your own image, but the rest of the system (vacuum cleaner) should remain working?
Stephen , 08-04-2023, 08:16 PM
No, completely overwriting the firmware is fine by me and that's what I intend to do. The controller is actually a spare I removed from a mechanically broken unit. I was just hoping to have a little fun and learn a bit about reverse engineering practices.
QDrives , 08-04-2023, 08:19 PM
Well, in this case it starts by finding out exactly which MCU it is (Renesas has many families). 2) Checking the hardware manual of the programming system/pins. 3) Finding the pins on the board. 4) Know how the display is driven. 5) Create your own software and load it in the MCU.
Stephen , 08-04-2023, 08:21 PM
I figured as much that would be the general process. I also figured I might start by taking a top down photo of the board and overlaying the MCU pin-out over the image to try and get a better estimation as to what traces are leaving the MCU and then start probing around with a multi-meter. Just from visual inspection I'm fairly certain the SWD and even USB lines are broken out to J2. It's a DA14683 MCU btw.
QDrives , 08-04-2023, 08:25 PM
A former Dialog Semiconductor MCU. 64kB OTP.... Although I would not expect that the bootloader would be in there (at least I do not hope this for you).
Stephen , 08-04-2023, 08:40 PM
Hmm, well I wasn't expecting to need the OTP memory since there appears to be SPI flash connected?
QDrives , 08-04-2023, 08:42 PM
If the bootloader resides in the OTP memory, it may be very difficult to your application working as the bootloader may have multiple checks to make sure that the code in (external) flash is correct.
Stephen , 08-04-2023, 08:43 PM
Ah, I see what you mean. Yeah that would be a bummer. I'll have to read into the boot order for the part but I'm wondering if there would be ways around that if necessary
QDrives , 08-04-2023, 08:44 PM
RTFM, or should I say, datasheet.
Use our interactive Discord forum to reply or ask new questions.