Hacking An NFC E-Paper Display From Waveshare With Mystery MCU

These days e-paper (eInk) displays are everywhere, with stores being one of the largest users of smaller, monochrome versions of these persistent displays. This has also made them a solid target of hackers who seek to not only reverse-engineer and reuse discarded ones, but also ones sold to consumers, with [Aaron Christophel] recently reverse-engineering and flashing custom firmware (GitHub source) to a Waveshare 2.13″ NFC-Powered E-Paper display.

What’s perhaps most notable is how locked-down and devoid of documentation these devices are. The board [Aaron] looked at did not have any markings on the main IC, and Waveshare did not provide more information other than the Android and iOS apps. This led to some matching of various NFC-enabled MCUs with the pinout, with the Chivotech TN2115S2 rolling out as the most likely candidate. This is an 8 MHz Cortex-M0 MCU with not only NFC, but also an energy harvesting feature (up to 300 mW), which is why this e-paper tag can update the display without external power or a battery.

With the Chivotech datasheet being rather sparse, more reverse-engineering needed to be done, which included dumping the firmware and exploring it with Ghidra. During this, the secret key was discovered to make the Flash writeable along with how to control the peripherals and display. With this knowledge it’s now possible to make this tag display update without being limited by manufacturer-supplied tools and software, making it infinitely more useful.



Hacking An NFC E-Paper Display From Waveshare With Mystery MCU
Source: Manila Flash Report

Post a Comment

0 Comments