Search results

  1. B

    Disassembling Joyetech eVic firmware image

    looks like a new version of MVR 1.2 has been released yesterday didn't see a changelog but the timestamp of the installer is 04th March 2013 09:41am :/ Index of /download/Software
  2. B

    Disassembling Joyetech eVic firmware image

    According to the datasheet, there's 2 KiB flash memory built into the MCU
  3. B

    Disassembling Joyetech eVic firmware image

    Good thinking. I'd like a clear plastic tube on my eVic controller head ^^
  4. B

    Disassembling Joyetech eVic firmware image

    Good find! I was able to load the firmware to the hardware simulator in MCU 8051 IDE and partially run it, however, the built-in MCU profiles aren't compatible and the firmware crashes after a few cycles. I'll create a new MCU profile for SH86313 in the simulator if I can acquire the development...
  5. B

    Disassembling Joyetech eVic firmware image

    They email the datasheet if you ask nicely ;) I'm still tracking down a development board tho. Think I'll have to call China over Skype
  6. B

    Disassembling Joyetech eVic firmware image

    The MCU inside eVic was originally designed for MP3 players, and it can playback MP3 and WMA files using the build in codec and DAC. It's possible that we may not succeed at our attemts to increase the power output, but wouldn't it be awesome if it provided audio feedback, in GlaDOS voice? when...
  7. B

    Disassembling Joyetech eVic firmware image

    Good work. Gotta leave to work so I'll make this quick. MVR.exe opens the .bin file and reads bytes 0..8, and compares against a hadrcoded array. If they don't match, it fails. then it ignores bytes 9..15, reads the checksum from 16..19, ignores 20..31 again, and reads the encrypted key from...
  8. B

    Disassembling Joyetech eVic firmware image

    Added encryption support to NVaporWare library, if anyone's interested. https://github.com/bitterskittles/NVaporWare/blob/master/test/NVaporWare.Test/FirmwareTests.cs
  9. B

    Disassembling Joyetech eVic firmware image

    It does what it says in the readme file: https://github.com/bitterskittles/NVaporWare Usage: namespace Demo{ using System.IO; using NVaporWare; internal class Program { private static void Main(string[] args) { var decrypter = new...
  10. B

    Disassembling Joyetech eVic firmware image

    I said it would be my last update for the night in my previous post, but had too much vape and coffee so couldn't get to sleep xD Here is a summary of my findings in v1.1: Images (including fonts) are stored between offsets 0x2B0F - 0x3D0C (see image format) Strings (at least some of...
  11. B

    Disassembling Joyetech eVic firmware image

    Good stuff! If we knew what inputs/outputs are connected to where, we could even write our own firmware from scratch! I am even more tempted to get an eVic, but I guess I'll wait for v1.2 (or whatever the next version is) Now, I wish for the next gen devices to come with an ARM processor, color...
  12. B

    Disassembling Joyetech eVic firmware image

    There is always SharpDevelop for this kind of stuff, and the installer of the latest version is only 14.7 MB :)
  13. B

    Disassembling Joyetech eVic firmware image

    Here's the second and the last update for tonight: I was wrong to believe that the images started from 0x2B13 in my earlier post. After peeking around a little, I came to think that the images start from 0x2B10, with a dummy character (can also be a single pixel dot), and continue with number 0...
  14. B

    Hacking the eVic

    This reviewer thinks that the pediodic pulse could be something used to detect the presence of an atomizer attached to the unit. JoyeTech eVic Full Review v1.1 - YouTube (starts at 26:15)
  15. B

    Hacking the eVic

    This guy claims to have flashed the firmware v2.0 using MVR v1.0 Joyetech eVic Firmware 2.0 Quick Look Also, MVR can be tricked to decrypt the firmware file, which can be dumped from MVR process memory ofc, even without an eVic connected to the system ;)
  16. B

    Disassembling Joyetech eVic firmware image

    Being a total MCU and electronics noob, I'd appreciate any help with reversing the firmware and the hardware as well. I created the repository on Github to document and share my findings, and haven't considered making the built binaries available since the decryption is only 1 subtraction and 1...
  17. B

    Disassembling Joyetech eVic firmware image

    I did use IDA to take a look at the code, but I found out about the images when I noticed a pattern while scrolling through the firmware image file in the hex viewer. How the firmware accesses those images and how the strings are encoded, accessed and used are the next things I want to...
  18. B

    Disassembling Joyetech eVic firmware image

    Hi, I had time to learn 8051 assembly and peek into the decrypted firmware image this week, and wanted to post a quick update on my findings. Actually 8051 turned out to be much simpler than x86, however, the small amount of instructions and being a 8 bit processor causes an inflation in the...
  19. B

    Disassembling Joyetech eVic firmware image

    Hi Janusxvii, Thanks for your comment. Getting the decryption out of disassembled MVR was easy, and it should be fairly trivial to write a program to read the statistics from the device and write a new firmware through USB. However, my assembly skills are limited to x86/x64 CPU's, and I also...
  20. B

    Disassembling Joyetech eVic firmware image

    I think the MCU could be one of 8051 based Sinowealth Lithium battery management chips. ida can disassemble the file, but haven't played around with it yet SH366000 I couldn't find an English product description page, but here is the Google translated summary:
Top Bottom
Forums
Products
Vaping.com
Star Suppliers
Blogs
Menu