Scan for I2C read and write addresses
See the latest version in the documentation wiki.
You can find the I2C address for most I2C-compatible chips in the datasheet. But what if you’re working with an unknown chip, a dated chip with no datasheet, or you’re just too lazy to look it up?
The Bus Pirate has a built-in address scanner that checks every possible I2C address for a response. This brute force method is a fast and easy way to see if any chips are responding, and to uncover undocumented access addresses.
I2C chips respond to a 7bit address, so up to 128 devices can share the same two communication wires. An additional bit of the address determines if the operation is a write to the chip (0), or a read from the chip (1).
We connected the Bus Pirate to the 3EEPROM explorer board. The 7bit base address for the 24LC/AA I2C EEPROM is 101 0000 (0×50 in HEX). It answers at the write address 1010 0000 (0xA0) and the read address 1010 0001 (0xA1).
I2C>(1)<<<I2C search macro
Searching 7bit I2C address space.
Found devices at:
0xA0(0×50 W) 0xA1(0×50 R)
Macro 1 in the I2C library runs the address scanner. The scanner displays the raw addresses the chip acknowledged (0xA0, 0xA1), and the 7bit address equivalent (ox50) with write or read bit indicators (W/R). Datasheets usually list the 7bit address, but the 8bit value is more recognizable on a logic analyzer, snooper, debugger, etc.This entry was posted in Bus Pirate and tagged address scan, brute force scan, I2C.