E-ink shows are nice, however working with them can nonetheless be a bit tough should you aren’t an OEM. [Jasper Devreker] obtained his palms on three e-ink shelf shows to reverse engineer.

After cracking the tag open, [Devreker] discovered a CC2510 microcontroller operating the present. Whereas the spec sheet exhibits a debug mode, this explicit gadget has been debug locked making studying the gadget’s code problematic. Undaunted, he eliminated the decoupling capacitor from the DCOUPL pin and positioned a MOSFET between it and the bottom pin to carry out a voltage glitch assault.

A Pi Pico was used to function the MOSFET over PIO with the chip overclocked to 250 MHz to extend the precision and period of the glitch. After some testing, a profitable glitch pathway was discovered, however with solely a 5% success fee. With two successive glitches in a row wanted to learn out a byte from the gadget, the method shouldn’t be a quick one. Knowledge pulled to this point has proven to be legitimate code when fed into Ghidra, and this challenge web page is being up to date as progress continues.

If you wish to delve additional into hacking e-ink worth tags, checkout this deep dive on the subject or this Common E-paper Sniffer.