I have an industrial control device operated by a PIC18F67J60 and I was curious if it's possible to retrieve certain program parameters via firmware dump and in-circuit debugging. This device has a configurable IP address via an onboard web interface, but unfortunately I do not know the IP address and the manufacturer provides NO WAY to reset the configuration to factory settings. If you lose or forget the IP, then it's essentially bricked
. I purchased the device secondhand and I don't know it's history; the default IP doesn't work. (Already tried packet sniffing, too. It doesn't send ARP announcements.)
The PCB has a programming header and I was able to confirm that the pins are Vdd, Vss, MCLR, PGC, and PGG. The PIC18F67J60 does not have internal non-volatile memory, but I did find two other EEPROM chips on the board, which is where the TCP/IP settings are presumably stored, along with everything else.
I was thinking that I might be able to dump the firmware--assuming code protection isn't enabled--and possibly read the memory locations in-circuit with a PICkit and see if anything obvious jumps out. I suspect that the IP address, gateway, and subnet mask would have to copied into data memory at some point, and I might be able to find a pattern by looking through the hex values (e.g., a subnet mask of 255.255.255.0 might show up as FF FF FF 00 somewhere and maybe the device's IP address would be stored in a nearby register--would take some guess-and-check obviously).
Once I know the IP address, I can put the device on a local network, log into the web interface, and change the IP to something else.
Is this something that might be feasible? I don't have any programming hardware at the moment, and it's been years since I worked with a PIC, so I wanted to get a sanity check before I sunk too much time into this project. Thanks!