If you want to go hack a microprocessor-based device, the first thing you usually do after cracking the case and identifying all the chips, is look for a serial port. Regardless of the type of device (Linux-based, running WinCE, working on some kind of RTOS, maybe even with no OS at all), the majority of them have a serial port for debugging purposes. Most of these ports have useful info on them even with non-debug firmware, so it's a nice and easy way to learn more on the device.
Finding the serial port can be a bit of a hassle though. After finding the correct pins, you still need to know the baudrate the port works on. This usually means trying out every single rate on the receiving PC until you're lucky. Having a digital oscilloscope can simplify things a little, but even if you have one, it's still no fun to fire it up and try and deduce the baudrate from a trace you manage to capture.
As you may have deduced from the rest of my site, I've hacked my fair share of devices in the past. The procedure for most them included the routine described above to get the correct serial port parameters. After doing this for the umphteenth time, I decided I wanted to automate the process: if I myself could figure out the baudrate using only my PC or a 'scope, there's no reason a microcontroller couldn't be taught the same trick.
1 Next »