I tried posting this on /g/ in the programming general but nobody

>>1198436
wow well thanks for including all the patents that is very helpful.
what the fuck are you talking about op? you have real hairy legs or something?
if it adapts to the tube then swap it in what do you have to lose?

if you want to actually work out whats in the eeprom you need to make a big list of everything that could be in there and then think of ways of how that information could be stored and then try and find it in the listing. obviously if its storing the manufacture date you could try and find that. ascii numbers are all 0x3z. doesn't look like enough of them together to be a date. maybe try one of the epoch times? (i.e. seconds since a certain date, linux and windows do this) or maybe some universal time standard i don't know i'm not a time expert.
look for patterns, 0x01 0x37 0x34 appears regularly, i noticed that looking for ascii numbers, maybe its some pointer or data separator?

sometimes there will be a sequence to mark a start and end of a bit of data, sometimes there will be a byte that tells you how many bytes the data is at the start or sometimes at the end, perhaps there is some kind of check digit or crc for each section of data, when you change something does something unexpected change too?
how many devices do you have access to to compare?
also what the fuck are you doing having row 1 with 15 bytes? line those fuckers up properly, try 8, 16, etc etc see if anything jumps out.

Hope you're not expecting someone to copy all that hex typing it out by hand...

>>1198440
I can copy-paste it here if you want but would that even help?
>>1198439
Oh sorry, patents for the light cartridge are here:
https://www.google.com/patents/US8480721
Here are some stuff from where they were saying what's on the chip:
>One or more predetermined values stored in the memory can be indicative of an aging characteristic (e.g., gradual reduction in light output) of the flash lamp(s) and/or of an efficiency of the flash lamp(s).
>The memory is preferably a EEPROM element that provides non-volatile random memory access to stored flash lamp characteristics, such as a maximum number of flashes available for the flash lamp(s), a current flash count for such flash lamp(s), a range of wavelengths emitted by the flash lamp(s) (particularly useful when the flash lamp(s) include filter coatings on their exterior), an initial amount of electrical energy desired for driving the flash lamp(s) into a pulse state, a first electrical compensation factor to adjust for reduced light output from the flash lamp(s) as a result of aging, a second electrical compensation factor to adjust for the electrical-to-optical conversion efficiencies of particular flash lamp(s) or flash lamp types, flash lamp and cartridge manufacturing information (e.g., date, part number, etc.), an authorization code for the replaceable light cartridge, and/or the like.

>>1198443
Here's a pastebin with 0,1, and 2 flashes.
The last one was just the cartridge that came with the machine. It didn't last 1500 so it definitely wasn't at zero.
https://pastebin.com/YCm55Ni4

>>1198439
Oh and I have 2 cartridges, one is kind of used up but the other is brand new.
I only have one device cause the thing costs like $300
Sorry for these triple posts, been saging so I don't look like a bump whore.

I've tried changing things one by one and it usually triggers the machine to think the cartridge is dead. The only thing that works is completely overwriting the data with the stuff from zero flashes which makes the cartridge work again after I try flashing it a couple times. For the first few flashes it bugs out and doesn't work but then it sputters out and works again.
The arrangement of the data is just how bus pirate outputs so I just copy pasted to notepad.

>>1198445
well i mean its pretty obvious to me that flash count is stored at 0x10. 0x16,0x17 are the only other values that change? so that looks like some calculated compensation.
I think you are going to struggle with anything else unless you have another lamp that is sufficiently different to compare with, otherwise you are kind of fumbling blind so to speak.
if you post data from the other bulb?

>>1198467
Well my friend has the whole thing right now and she's probably going to wreck all my bulbs ;_;
I'll text her and tell her not to use my other bulb though.

Actually I never even thought to look for leading bytes that signify the start of new data so maybe that will help.
I still have yet to actually just straight up try attaching my own flash bulb and see what happens too lol

>>1198436

Run this shit through a difference filter and post results

File: thinking nigger.jpg (19KB, 358x392px) Image search: [Google]

19KB, 358x392px

>>1198436
Try viewing the the areas with diffrence between no flashes and 1 flash as int8, int16, int32, (signed and unsigned) and as floats and doubles, then try byte shifting both to the right and left up to 7 bytes (for the doubles, only 3 shifts for the 32 bit and 1 shift for the int16) checking each shift fore something that looks interesting. If no luck switch your indeaness and reapeate.

If checking for time stamps convert it to all known formats, byte shift then invert and re try.

This is just basic reverse engendering. Try everything and fail a lot before getting just a little win.

>>1198485
How would I even do that just in general? I am aware of what the difference between different integers in programming are but I'm not really used to working with hex.
Just grabbing the total number of bytes that would represent an int or double of that particular type and seeing what it spits out?

>>1198467
fwiw it looks like flash count might be 0x10 and 0x11 in little endian.
in the 'dead' hex that would be 0x5f5 == 1525.
though it probably doesn't make much difference to op...

File: 1498191572591.jpg (115KB, 500x667px) Image search: [Google]

115KB, 500x667px

>>1198494
Load it up as a byte array and iterate through it. To get other types out of the array use methods in this link.

https://msdn.microsoft.com/en-us/library/system.bitconverter_methods(v=vs.110).aspx

To swap endianess use Array.Reverse(your_array)

https://msdn.microsoft.com/en-us/library/d3877932(v=vs.110).aspx

There are better and much faster ways of doing this in C or C++ but seeing as how your not scanning through hundreds of MB of data the lame ass Microsoft methods will suffice.

File: iplchip.jpg (551KB, 2656x1494px) Image search: [Google]

551KB, 2656x1494px

>>1198578
oh OP here, I guess this thread is still here.
I've got the machine now though and am going to try reading the other lamp in just a sec here.
That dead bulb and the one with counts I posted are actually two separate bulbs though as well.

The data from my brand new bulb is pretty close to the one I was using but way different than the dead one it seems. But the dead one came with the machine.
What's so shitty is my current bulb is now at 1382 flashes I'm pretty sure and it doesn't even look all that used.
https://pastebin.com/wEaJr9Bs
I lined up the data in rows of 8 this time lol
That should be all of the data, the spec sheet says it only holds 1024 bits across 4 pages of 256 bits each so I think I got it all.

>>1198592
I think I should be able to figure it out I hope. I was just completely stuck on how to even get started. The fact that it was little endian completely threw me off which was why I thought it was like all encrypted or scrambled or something lol

Yeah this is the pic of what's inside the cartridge. It's nothing special, just the flash tube and the chip that counts flashes.

>>1198614 >>1198578
>1382 flashes
>https://pastebin.com/wEaJr9Bs
>0x66 0x05
nice
also brand new is used 2 times, I guess they test it before factory out

It would be pita if they placed checksum of the data somewhere

>>1198592
ive got big ol cums for her tums

9

>>1198706
>her

>>1198614
>1382 flashes
>https://pastebin.com/wEaJr9Bs
so offset 16 and 17 is the flash count, but the thing is there is what appear to be a checksum/crc at offset 22 and 23. i tried some combinations of crc16 with some of the data and got no luck
offset 32 and 33 might be the hard limit (1525) for the cartridge, but there might also be a crc for it somewhere to avoid changing it. do you happen to have one of the cartridges with more available cycles for inspection?

also whats up with all the thread across multiple boards? why not linking one of them on a general of another board?

>>1198787
I didn't make a thread on /g/, i just posted in the programming general but they said to go to /wsr/ but they said to come here lol
The other posts are gone now anyway.

But could that other change possibly be the usage compensation factor? As flash tubes get used the cathode shrinks so you need a higher current and voltage i believe. According to the patent they took that into account.
Also it does say in the instructions if the flash fails to keep trying 3-4 times and it will adjust the settings to make it work automatically.
I have to go to a party tonight so i don't know if I'll have time to run a bulb through until death.

>>1198787
hmm it can be xor of uses and some-id, how advanced is this thing?

File: 20170624_163221-2656x1494.jpg (669KB, 2656x1494px) Image search: [Google]

669KB, 2656x1494px

>>1198857
It's like $300 but it's not very advanced. It's just a glorified strobe light with cutoff filters lol
This is what it looks like. Rather than using capacitors it can spark the bulb straight from the AC source. But that's not a hugely complex circuit.
There's barely anything at all actually inside it. Its like 75% hollow other than plastic molding.

>>1198874
freaking jews what is the point of limiting its uses to 1500 (unless the lamp goes with a bang)
this is as retarded as those low end page counting mono laser printers

>>1198874
>what is the point of limiting its uses to 1500
two: profit (buying a new lamp sooner than you should) and making sure the lamp absolutely lasts its rated usage (undercutting the guaranteed lifespan of the lamp avoids customers complaining about the product not lasting the rated amount on the box, much like expiration dates [one day after doesnt mean its already gone bad])

>>1198874
what about making you own read only eprom with zero usage cartridge (at least the page with the usage rate, the eprom datasheet mention that you can mark pages as readonly), have it inside the handheld assembly and bypassing the connection made with the lamp cartridge replacing it with your own?

>>1198925
Flash tubes are usually rated to 1mil+ flashes
There are some issues with ipl cause technically with ipl you're supposed to do multiple small flashes. Like according to the patents this system does 3x 3.5J flashes at 1-3ms intervals or something close to that. Plus it "holds" the flash for a certain number of milliseconds. So maybe that wears out bulbs quicker. You need to pulse it cause of the heat transfer to the follicle isnt fast enough for a single pulse
Can't make it read-only though. It needs to write the updated current/voltage that the bulb requires. Already tried to block it from writing and it throws an error and won't flash

even if you fail making sense of that data you could still make a snapshot from a "near-expiration" cartridge and flash it back once it expire (or on other expired cartridges).

>>1198472
This is just basic prototyping, but can't you replace the apparently expensive flash bulb with a cheaper device that conveys the same information, like an LED?

>>1199046
>Can't make it read-only
sure you can, its just a matter of what must not be read only. if the page that holds the flash count is the same that holds the flasher adjustment parameters then you must create an intermediate "device" (sitting between handlheld data cable and the eprom) that only disables writing (no write command pass through) on those specific addresses (offset 16 & 17). if the page that holds the config data is not the same as the flash count them you can just mark that eprom page as readonly (or emulated write mode, as per the datasheet)

any updates?