01-16-2020, 12:16 PM
(01-16-2020, 12:01 PM)C_Elegans Wrote: I did press the kill switches, but I didn't disable the wifi, only the microphone and camera. On the wiki it says that the wifi requires a reboot for the kill switch to take effect, perhaps that's the one that triggers the eeprom traffic at bootup. Did you kill the wifi at some point?
Also, from looking at the traffic and the schematic, it looks like there's an extra interrupt line in addition to the i2c bus that I didn't capture. The master only reads from the touchpad when there's some activity, so there must be some sort of out of band signaling taking place.
Yes I did disable the wifi. I tried all of the kill switches while I was sniffing with a bus pirate.
Regarding the out of band signaling - you guessed correctly. The extra interrupt line is the touchpad IC (HLK H2168) to signal the keyboard IC (SH68F83) that there is something to be read from the touchpad IC. It was not needed in the captures.
I wrote some python to work with the CSVs saved out of DSView - and now understand the flashing protocol.
This helps a lot because, if there is ever an open sourced firmware for the SH68F83, it will need to have code to flash the touchpad IC. Going through the SH68F83 is the only way for the OS to flash the touchpad without physically attaching to that i2c bus.
