Purchased a device - can I reconfigure?

Discussion in 'Programmer's Corner' started by theta, Dec 6, 2012.

  1. theta

    Thread Starter New Member

    Sep 25, 2012
    I recently purchased a GPS / GSM tracker. The device has a built in vibration sensor (not sure what type - possible accelerometer).

    I would like to provide an external logic input (switch etc) so that I could trigger the "send sms" functions at will. This normally only triggers when vibration is detected, or if I text it a set numeric (8880000). I would also like to re-program certain elements (if possible) so that I can control the output SMS - currently returns a string pointing to a chinese GPS website. I would just like a the coordinates, no URL.

    The first step is trying to figure out how this device works - hardware used, language used, ROM, sensor(s) used and way to capture or override their output.

    Components :

    XL1509-ADJE1 2350P
    ARM MT6223DA
    SEC 007 0270


    Pictures below...


  2. kubeek


    Sep 20, 2005
    without the numbers of those chips anyone would just be stabbing in the dark.
  3. theta

    Thread Starter New Member

    Sep 25, 2012
    I listed the names of all the components that were visible - the main one being an ARM processor...
  4. vortmax


    Oct 10, 2012
    You are going to want an oscilloscope and a logic analyzer

    The trigger should be quasi-easy. You need to identify the accelerometer and figure out how the MCU reads it to trigger the message, then spoof the message. If it is an analog sensor, you might be able to just hijack the pin and send a TTL to simulate movement. If it's digital, you will need to figure out the bus type, sniff the traffic and reverse the protocol...possibly hot-airing the sensor off the board first. That's where some quality time with the oscope and logic analyzer come in.

    I don't mean to be a debbie downer, but I don't have high hopes for reprogramming the MCU. Most manufactures burn the reprogram fuse to prevent ISP access and keep you from doing what you plan to do. Even if you had access to reprogram it, without the original source, it would be quite a task. You could always dump the chips memory and attempt to disassemble it, but that would probably be a big task on an ARM.

    Does the device have any sort of interface? Like to set the cell number to text? It is possible that it is running a small Kernel to handle everything. If this is the case, and the developers were nice, there might be a debug UART left open. If you can find that and access a shell, you might be able to modify the base system and make it do all kinds of cool stuff.