Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Raphael Profile picture
@rbaron_
May 30, 2021 17 tweets 5 min read Read on X
Scrolly
I spent some time this weekend looking into another cheap smart watch. This ones sells for $17 on AliExpress Watch & box
There is no product name in the box & the marketing pics are a little misleading. The display is not even round, but just a square of 240x240 pixels. It's just glued to the middle of the dial
Inside there's the mysterious HS6620 system-on-a-chip. It's an ARM Cortex-M3 with 128KB of RAM. We can also see an external 1MB SPI flash chip in there
As far as I can tell, all the info around this SoC is private. This includes the SDK, internal details, memory map. I couldn't find much, except a high level 30-page datasheet. It does look to draw a lot of inspiration from Nordic's nRF52 series
I naively assumed the SCL & SD pads on the back were SWD programming ports and wasted many hours trying to talk to them 🤦‍♂️
So I looked at the pinout in the datasheet and followed the real SWDCLK and SWDIO pins, beginning from the SoC
It turns out they arrive neatly at these little through holes. I soldered four wires there and hooked it up to my JLink
Success! We can now inspect its memory. For example, we can read the first 32 bytes at address 0x0
And we can dump the whole 128KB of RAM to a file
Next I turned to the SPI flash. My original idea was to desolder it and use another microcontroller to talk to it via... well, SPI
But here's where things take an interesting turn. Searching for HS6620 on GitHub yields very few results, but among them are someone's dotfiles, and they contain a set of Python extensions for talking to HS6620 through gdb! 🤯 Here it is: github.com/fengyichui/.do…
I don't know where this comes from, but it seems part of the workflow of someone that has great, non-public info about working with these chips.
What I find most amazing is that in there there's a way to talk to the SPI flash through the CPU itself. The HS662X.GDB.FLM file in that repo seems to be a little firmware that acts as the middleman between gdb <-> CPU <-> SPI flash.
So when gdb starts, it loads this little firmware to the SoC's RAM and now gdb has a very convenient read/write access to flash. This is where this firmware is loaded up: github.com/fengyichui/.do…
So I got these gdb scripts, modified them a little for macOS and lo and behold... It actually works flawlessly as far as I can tell!
If we compare the RAM and flash dumps, we can see where the program starts in flash - at 0x3000
If you've made it this far, I put all the info & dumps in github.com/rbaron/HS6620D…
Thanks for reading! 🤓

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Raphael

Raphael Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @rbaron_

Raphael Profile picture
Aug 1, 2022
This is the story of how daisy-chained a bunch of electronic shelf labels into a panel to decorate my office (a thread)
I had bought two dozen of these little displays after coming across @atc1441’s work. I played around with them for a little while and even made a small contribution to the project ​​github.com/atc1441/ATC_TL…
Flash forward to a month ago. I watched @scottbez’s excellent “How a Split-Flap Display Works” video and was inspired by the idea of stringing the ESLs together to make a larger panel.
Read 21 tweets
Raphael Profile picture
Feb 9, 2022
When I started working on my soil moisture sensor, I had little idea about how harsh an environment the soil really is. In this 🧵, cool failure modes & solutions when sticking electronics in the ground: A rusty printed circuit board
If left completely unprotected, water will slowly creep in when we stick a PCB in soil. In my tests, this takes from a few weeks to a couple of months.
The solder mask adds some protection to the top and bottom of the board, but the edges of the PCB are completely exposed and usually where water gets in first.
Read 18 tweets
Raphael Profile picture
Aug 15, 2021
I recently joined the very exclusive club of cat printer owners. I spent some time reverse engineering its Bluetooth Low Energy protocol and wrote a little open source client for it. 🧵👇
This is a tiny, battery-powered thermal printer that sells on AliExpress for around $20. It’s meant to be controlled by its proprietary & closed source iOS/Android app. The app connects to the printer via Bluetooth Low Energy (BLE).
I used github.com/skylot/jadx to decompile the iPrint Android app back into Java code and hopefully figure out how it talks to the printer. The result of this decompilation is surprisingly good, but not perfect.
Read 23 tweets
Raphael Profile picture
Mar 3, 2021
Here’s the fascinating way these capacitive soil moisture sensors work. Image
If we stick them in the ground, we can monitor the moisture level in the soil via its analog output. It spits out a voltage that is proportional to how wet the soil is.
At its heart, it packs a humble resistor and capacitor circuit, like this one. An RC circuit
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(