first impressions of the Lego smart brick, before I do any actual tearing down: wow, I forgot how good they are at working with plastic.
-
finally done. no shorts and (as far as i can tell under mag) no opens
@whitequark This is wonderful
-
@whitequark but the most important question remains unanswered: Can you make it play actual star wars sounds instead of the unintelligible gibberish now?
@triplef that would have to involve the totally undocumented ASIC
-
@triplef that would have to involve the totally undocumented ASIC
@triplef honestly the easiest way would be to join LEGO and get all the docs. I probably could do this if I wanted
-
@sounddrill if you're in the area I can teach you how to do it as cleanly as this. nothing special about it
@whitequark I'm way out in South India but hey, thanks!
I first learned basics of PCB design years ago over a discord server so I'll be sure to ask if I need to pick something up
-
@ldcd the datasheet explicitly says the JTAG pins are GPIO'd
@whitequark yup i only mention because TMSC (GPIO11) and TCKC (GPIO10) both go straight to vias (and then maybe to the array of testpoints on the back?); Wheras TDO (GPIO9) seems to go to the flash and TDI (GPIO8) seems to go ??.
So I was thinking there's a chance they might be explicitly configuring it as cJTAG and using it for a boundary scan test after manufacture.
-
@whitequark yup i only mention because TMSC (GPIO11) and TCKC (GPIO10) both go straight to vias (and then maybe to the array of testpoints on the back?); Wheras TDO (GPIO9) seems to go to the flash and TDI (GPIO8) seems to go ??.
So I was thinking there's a chance they might be explicitly configuring it as cJTAG and using it for a boundary scan test after manufacture.
@whitequark if the REd schematic is to believed TCKC goes only to a testpoint
-
@whitequark if the REd schematic is to believed TCKC goes only to a testpoint
@ldcd hm it's possible but i haven't implemented cJTAG yet so can't easily test
-
@ldcd hm it's possible but i haven't implemented cJTAG yet so can't easily test
@whitequark yeah it's a PITA I was trying to bring up a CC1354 and just could not get it to respond
-
@whitequark yeah it's a PITA I was trying to bring up a CC1354 and just could not get it to respond
-
@whitequark in theory you can use openocd to wake it up and switch it to 4 wire mode but thats also not very fun;
in the TI parts the GPIO mux is subordinate to the JTAG TAP so if you wake up 4 wire mode it takes over the other two pins no matter what the GPIO mux is set to afaict
-
after reading the datasheet a bit more carefully, i know why i couldn't: the JTAG port is simply not exposed unless the firmware configures the pin mux that way. i'd have to dump the firmware in some other way
@whitequark Just in case this were really the end... would you give away your PCB in the state it is right now? And maybe some advice how to dump it? I guess you mean the configuration mode thingie?
-
@whitequark Just in case this were really the end... would you give away your PCB in the state it is right now? And maybe some advice how to dump it? I guess you mean the configuration mode thingie?
@maehw I am open to giving it away; I might consider doing a little bit more of RE work e.g. to probe if maybe the LEGO ASIC has a JTAG port available
-
@maehw I am open to giving it away; I might consider doing a little bit more of RE work e.g. to probe if maybe the LEGO ASIC has a JTAG port available
@whitequark I won't stop you doing more RE'ing! Just curious if the internal flash could still be dumped and before it goes to the trash. Even though I may be lacking the skills to do so.
-
not my best work but it should do the trick
feat. comically big q-tip
@whitequark Monkey Island Q-tip comes to mind
-
@whitequark I won't stop you doing more RE'ing! Just curious if the internal flash could still be dumped and before it goes to the trash. Even though I may be lacking the skills to do so.
@maehw ah I don't trash boards like that unless I 100% know there's nothing more to be gained from them
-
@whitequark I know this seems like an ordinary jump to you but if I managed to get one as clean as this, I'd feel like a goddamn hero
I ruined a beautiful rf01(one of those xbox 360 donor rf recievers wired through usb) with my soldering
Then it died but I think that was because I wasn't supplying the right power the right way(iirc it wanted a stable 3.3v and I just gave it a nodemcu 3v3) which was a common problem on these boards
@sounddrill @whitequark you need MacGyver, a paperclip and two elastic bands, clearly… This is the closest I could find to an appropriate MacGyver picture…
-
ok so this would be the JTAG pins
@whitequark
How did you guess these GPIO would be JTAG?EDIT: explained further down the thread --> https://social.treehouse.systems/@whitequark/116389802932543329
-
@pdo have you ever heard the life story of the Saint Equal-to-the-Apostles Princess Olga of Kyiv? I'm similar.
-
@whitequark @drwho oh boy i want one so bad, shame i don't have the time of day to use it though
-
here's the flash contents https://upload.whitequark.org/1775953651-lego_brick_00F2MZ_749DF5_W25Q16JWBY.bin
@whitequark Just in case, others want to dig deeper: I cut out the binary starting from offset 0x105000 and can confirm, that I can parse the unencrypted, uncompressed read-only file system (ROFS) there:
https://codeberg.org/maehw/SmartBrickToolkit/src/branch/main/kaitai/smart_brick_decompressed_rofs_segment.ksy + other parts in the repo
I guess that the remaining parts are meta data... and probably also diagnostic data which are collected by the brick and may be transmitted to TLG via their companion app.
