Hacking the VPx500 - The hardware

Welcome

• Hardware stuff
• Hacks
  • Hacking the VPx500
  • DMGPlus
  • Hard disk hacking
  • Hacking the Kodak Zx3
  • Frekvens LED box hack
  • Dumb to managed switch conversion
  • Magic Printer Cartridge Paintbrush
  • Snake on a Keyboard
  • Twittering vintage arcade game
  • Fluke 15B+ WiFi
  • LEDs replacing CCFL backlight
  • Laptop keyboard LED
  • Convert a SMC WSKP100 to use SIP
  • Optical mouse-cam
  • Use a cheap digital photoframe as a second display for your PC
  • Add USB to a Sweex LB000021 router
  • Standalone HPLJ display hack
  • Damocles' Swordfish
  • Cluster using WT-300s
• Console hacking
• Security
• Software
• Nabaztag
• About Spritesmods

The hardware

The first thing I noticed was the testpoints behind the batteries, easily accessible even when the device itself was fully assembled. I did manage to find out that a single line was spat out in serial on these testpoints, but that was it, so I proceeded opening up the device.

The hardware in there is fairly impressive: there's an ARM9 at 266MHz, some flash, 64MB of RAM (which is quite impressive for an embedded system) and quite some testpoints.

After a bit of fiddling around, I found out that my first guess actually was correct: the serial port was indeed on the testpoints that were behind the batteries. It just didn't work because another pin had to be pulled low for it all to work:

When the pin marked 'tin' is pulled low, a complete Linux bootlog can be seen, ending in a login prompt. I didn't had the password, but the bootloader was accessible too and by changing a few kernel commandline options I could bypass the login prompt and change the root password. The phone was mine!

« Prev 2 Next »