• tal@lemmy.today
      link
      fedilink
      English
      arrow-up
      24
      ·
      edit-2
      10 days ago

      The thing the guy is poking at is a synthesizer, a device that lets you compose music and synthesizes the audio.

      He got a service manual that showed some technical information about a similar synthesizer that indicated that some of the pins on one of the chips were used for a standard interface used to diagnose problems on devices, called JTAG. He guessed correctly that his similar synthesizer also used the same pins for this.

      He made some guesses about what functionality was present, and was able to identify the microprocessor and download the device firmware using this port.

      He then went looking for interesting bits of text in the firmware. What he ran across was something that appeared to be a diagnostic shell (I.e. you enter commands and can see a response) as well as the password to access it.

      He didn’t know how one reached the shell. He went digging in the firmware further and discovered that the device – which acted as a MIDI device over USB to a host computer – took in special MIDI commands that would go to this shell.

      Now he had a way to access the shell any time he had one of these synths plugged into his computer via USB – he didn’t need to physically connect to the diagnostic pins on the chip.

      One feature of the shell permitted modifying RAM on the synthesizer. It wasn’t intended to let one upload executable code, but he uploaded it into some unused memory and then overwrote the frame pointer on the stack used by the shell program to point to that code (which a processor uses to know where to continue executing after running a subroutine) and then returned into his code, which let him get to the point where he could not just upload code to the microprocessor but also run it.

      He wrote his own transfer program for high-speed data transfer over USB and modified the in-RAM code that displayed video.

      This then let him upload video to part of the display and display it at a relatively high frame rate, which is the anime video shown in the last section. I believe that the laptop in the foreground is showing the original frames.

      My understanding from two articles recently posted here is that it is a fad for hardware hackers to play this “bad apple” anime video on all sorts of old and low end devices.