Reverse Engineering the Maintenance Cartridge - Part 2

 A week or so ago I took apart a maintenance cartridge for my printer. A couple days ago I made a plug for it.Today was the day for some firmware hacking!The datasheet for the chip says it's running an I2C protocol so something like an Arduino is an easy solution. There's no reason to make things harder even though I could very well use any of a dozen different dev boards to make it work.I broke out the logic analyzer for a light workout as well. It's totally overpowered for what I'm doing with it. It can sample at 500MS/s, so a 100kHz signal is positively pedestrian.A bit of hacking got me this code:

#include #define BUFFSIZE 16char buffer[BUFFSIZE];int readCount;void setup() {Wire.begin();Serial.begin(57600);delay(100);dumpEEProm();}void loop() {// Just need a one-time dump here... simply do nothing.delay(500);}void dumpEEProm() {int buffStart = 0;while (buffStart < 2048) {int readSize = readIntoBuffer(buffStart, BUFFSIZE);for (int i = 0; i < readSize; i++) {Serial.print(i + buffStart);Serial.print(":");Serial.print(buffer[i] & 0xFF, HEX);Serial.println();}buffStart += readSize;if (readSize < BUFFSIZE) {Serial.println("Error!");}}}int readIntoBuffer(int startAddress, int toRead) {int page = (startAddress & 0x0700) >> 8;int pageAddress = startAddress & 0x00FF;int deviceAddress = 0x50 | page;Wire.beginTransmission(deviceAddress);Wire.write(pageAddress);Wire.endTransmission();int buffLoc = 0;Wire.requestFrom(deviceAddress, toRead);while (Wire.available() && buffLoc < toRead) {char c = Wire.read();buffer[buffLoc++] = c;}return buffLoc;}

It's not awesome code, but it worked well enough to get this resultant (slightly post-formatted) output on console:

00: 00 00 01 00 00 00 00 0008: 00 00 00 00 00 00 00 0010: 00 00 00 00 00 00 00 0018: 3B 40 0F 00 80 9D 40 0020: 00 00 00 9A C7 00 00 0028: 00 00 00 00 00 00 00 00

The rest of the 2KB EEPROM is all zeros. There's such little there!Next step is to run the same test with the partly used one in my printer now and also a fresh one. Perhaps I should get another empty one and compare what virgin cartridges look like?