DaVinci Junior cartridge reset (Page 13 of 58)

I don't know that this helps a lot.  Maybe a little....

I just received my Logic 4 and started looking at the I2C communications between the PN512 and the motherboard.  I'm still waiting on my Arduino shield to read the specific contents of my card.  I've been looking through the data searching for the password information.  Once I found that, I started walking backward to see what information is sent to the motherboard from the card.  While I don't know that the motherboard uses all of the data, it appears to be requesting (and getting) the first 36 bytes of data from the card.  From what others have shown, this information includes the card ID along with the rest of the "public" information before a password is needed. 

I was hoping to find the motherboard was only grabbing a few bytes of card information to generate the password.  And, I guess it's still possible if it discards portions of the data.  Looks like it has access to everything to generate the password.

jakecrowley,

Just what I am looking for. I have ordered a Arduino and the Shield in hopes someone would provide the steps need to backup and restore the chip. I have two new spools on order and am willing to provide the images if someone can explain how to back them up.

Bozotclown - currently the only way to access all the data on your existing card is to open the printer and physically attach a logic sniffer to the board that reads the tag.  You literally need to steal the stream of data running in the machine and them locate where the board gets the password and take that password.  Once you have the password you can then access the data on the card using an Arduino shield using that password.  At this point someone has been able to get the password - read the data on the existing card - and write back the data that changed after a print back to the date that was there before the print. 

On the other hand what Jakecrowley is asking is very interesting I would like to look into.  Is it possible for someone who has cracked the password to provide the data to be copied to an existing Tag or a fresh tag?  Is the copying more involved then just knowing what is on each page and writing the data from the cracked tag to each page of the fresh or existing tag?  Is there some kind of way it has to compile to work?

greatone76 has the procedure exactly correct.  There have been a few card "downloads" posted in this thread.  But, unfortunately, those don't include all the data on the card.  I think there a few more bytes of information that weren't included in those listings.  Toward the end of the memory on the card, I think there are specific values that are returned to the microcontroller after successfully sending the correct password.  I could be wrong, though....  Also, I'm not sure if the UID bytes at the start of the data can be overwritten.

As soon as my NFC shield arrives, I'm going to give this a try.  It was supposed to be here on Monday.  Still waiting...  I have the original spool with a few meters left on the card.  And, I have two new spools (one black, one natural) I was going to try reading and cloning.  I've already sniffed the password for the original spool just like was done earlier in this thread. 

If this works, I would imagine for those who didn't want to deal with purchasing a logic analyzer, a "pre-programmed" 100m card could be swapped along with the appropriate password.  Then, all you'd need is the password/data from the card in an Arduino to reset the length periodically. 

Also, I know there was talk about the potential of temperature differences in XYZ PLA vs. others being a problem.  I've been using Hatchbox PLA (advertised 180-210degC) without modifying the output/G-code of the XYZ application.  The prints look just as good as the original PLA included with the printer.  No jams or other problems.  I'm sure there are other PLAs that will work (and some that won't), too.  Just thought I'd pass this info along in case someone else is getting started and looking for a substitute PLA to use.  There is one drawback, though.  The XYZ spools are smaller in diameter (probably because there's less PLA).  I had to open up the side of the printer, disassemble the existing spool holder (and NFC-related stuff) and make a spool holder out of spare plastic plumbing pieces to get it to feed halfway decent.

Can you post a description of the connections you made, and did you have to use any external pull up resistors with the logic 4?

Thanks!

This was listed earlier in the thread (post #87) by crgpgh.  I was simply following what was done there.  Just hooked the Logic 4 directly up to the connector.  I didn't have to add any pullup resistors.

Not to sound rude, but why would you buy equipment you have no knowledge of use or function for? I realize you want to help but if you don't know haw to use the needed equipment I think you might want to consider certain projects over your head.. The only thing I can suggest is maybe do a Google search for guides..

The arduino is not needed for that part. I think he was trying to send the data using the arduino. The last two pins on the PN512 (looking from the front of the printer to the back) is SDA and SCL in that order. Set your analyzer to read I2C and connect your 2 pins accordingly to read SDA and SCL. Make sure the printer is not on. The set the analyzer to decode hex and record 10-15 seconds of the printer turning on. Then looking at your recorded data search for the hex byte 1B. You should see a single 1B on start up and then some two more bytes (50 and 0C I think) and the first byte of the password, then two more bytes and the 2nd byte of the password and so on. You should have your 4 bytes of your pass now! Whoop!

Congratulations!!  Nothing like the feeling of figuring out how to use equipment you have no knowledge of use or function for...

Found out my reader is going to be delayed a little while longer.  I'm curious if you're able to read *all* the pages of the NFC via the Arduino.  The previous dumps showed the data ending before hitting the pages that contain some config, password and acknowledge pages. 

Wondering if those areas could be rewritten as well.  This goes to whether it's possible to "clone" a card or if we're stuck only re-writing identical information to the same card.  If we can't read/write the whole 00h->2Ch, we'll be stuck having to read an existing card, sniffing the password and just updating the few pages that change based on filament usage.  If everything can be read/written, it would be possible (I'd imagine?) for someone who doesn't want to buy the extra equipment to sniff the password to simply obtain a "blank" NFC card and program it with an Arduino with a known-good download.

Well, a successful snoop and dump has been completed on my original spool of "neutral" filament.

Here is the code and the dump for you all to skim through.

Password : B2 D6 12 23

Hello!
Found chip PN532
Firmware ver. 1.6
Waiting for an ISO14443A Card ...
Found an ISO14443A card
  UID Length: 7 bytes
  UID Value: 0x04 0x01 0x2D 0x22 0x97 0x3C 0x81

Seems to be an NTAG2xx tag (7 byte UID)
PAGE 00: 04 01 2D A0  ..- 
PAGE 01: 22 97 3C 81  "—<�
PAGE 02: 08 48 00 00  .H..
PAGE 03: E1 10 12 00  á...
PAGE 04: 01 03 A0 0C  .. .
PAGE 05: 34 03 00 FE  4..þ
PAGE 06: 00 00 00 00  ....
PAGE 07: 00 00 00 00  ....
PAGE 08: 5A 50 5A 00  ZPZ.
PAGE 09: 00 35 33 56  .53V
PAGE 10: A0 86 01 00   †..
PAGE 11: A0 86 01 00   †..
PAGE 12: D2 00 2D 00  Ò.-.
PAGE 13: 54 48 47 42  THGB
PAGE 14: 30 31 38 36  0186
PAGE 15: 00 00 00 00  ....
PAGE 16: 00 00 00 00  ....
PAGE 17: 34 00 00 00  4...
PAGE 18: 00 00 00 00  ....
PAGE 19: 00 00 00 00  ....
PAGE 20: 21 32 01 00  !2..
PAGE 21: 69 20 33 54  i 3T
PAGE 22: B3 5D E1 CE  ³]áÎ
PAGE 23: 35 8C 49 76  5ŒIv
PAGE 24: 00 00 00 00  ....
PAGE 25: 00 00 00 00  ....
PAGE 26: 00 00 00 00  ....
PAGE 27: 00 00 00 00  ....
PAGE 28: 00 00 00 00  ....
PAGE 29: 00 00 00 00  ....
PAGE 30: 00 00 00 00  ....
PAGE 31: 00 00 00 00  ....
PAGE 32: 00 00 00 00  ....
PAGE 33: 00 00 00 00  ....
PAGE 34: 00 00 00 00  ....
PAGE 35: 00 00 00 00  ....
PAGE 36: 00 00 00 00  ....
PAGE 37: 00 00 00 00  ....
PAGE 38: 00 00 00 00  ....
PAGE 39: 00 00 00 00  ....
PAGE 40: 00 00 00 BD  ...½
PAGE 41: 07 00 00 08  ....

Note:  In the ADAFruit example code the readout buffer is smaller than the loop counter, make sure you change that up.

-Cecil

Cecil, so is that data coming from the RFID card, or from the printer's internal memory?