My best "open stuff up and make them do things it was not intended for" war story is from 1988. I had just purchased a Mephisto 68000 dedicated chess computer for my own recreational enjoyment. The embedded dev lab where I worked won a new contract and the hardware dudes decided a 68000 was the way to go. Not content to wait weeks, maybe months for first hardware, I decided to get some early experience by hacking at my chess computer. Basically I opened it up, reverse engineered the keyboard scanning hardware (which was implemented with standard jellybean CMOS logic), and commandeered a couple of inputs and outputs for my own purposes. I hooked these up to the printer port of my PC.\
Then I worked out a simple serial bit twiddling scheme to exchange bytes a bit at a time and coded it up in C as a kind of software serial port. On the PC side I ended up with something that looked just like a simple terminal that happened to talk out the printer port. On the Mephisto side, I replaced the 64K byte EPROM with a 128K byte EPROM. I changed the cold boot vector to point at "my" 64K, which first checked to see if the printer port was hooked up. If it was hooked up, then the CPU stayed in "my" area and ran a monitor I had coded up for the occasion. If it wasn't hooked up it vectored back to the original boot code and the chess computer worked as well as it ever did. I layered a loader on top of everything and had the incredible satisfaction of running standard C sieve of Erasthonese (sp?) on my new 68K computer, (complete with 16K RAM).
Ah good times. Pretty hard to do stuff like this today when everything gets packaged into mega chips, not to mention the tiny scale of everything these days.
Luckily not everything is unhackable. Sometimes you're lucky and find a company who is pro-hack-their-stuff who release everything (echematics, firmware source code). Heres something myself and my brother recently completed:
We plan on releasing some proper video demonstrations of it in action and to write a few blog posts about how we did it and our experiences when we find some time.
Then I worked out a simple serial bit twiddling scheme to exchange bytes a bit at a time and coded it up in C as a kind of software serial port. On the PC side I ended up with something that looked just like a simple terminal that happened to talk out the printer port. On the Mephisto side, I replaced the 64K byte EPROM with a 128K byte EPROM. I changed the cold boot vector to point at "my" 64K, which first checked to see if the printer port was hooked up. If it was hooked up, then the CPU stayed in "my" area and ran a monitor I had coded up for the occasion. If it wasn't hooked up it vectored back to the original boot code and the chess computer worked as well as it ever did. I layered a loader on top of everything and had the incredible satisfaction of running standard C sieve of Erasthonese (sp?) on my new 68K computer, (complete with 16K RAM).
Ah good times. Pretty hard to do stuff like this today when everything gets packaged into mega chips, not to mention the tiny scale of everything these days.