Explored
From Cricut Hacking Wiki
These Commands probably exist but their parameters and other information are unknown.
- Power Command: Does not appear feasible based on the following Cricut Behavior. See Cricut Commands Start Transaction.
- Serial Port Disappears when the Timeout is reached.
- After the timeout is reached the power button remains lit, while the LCD display and keyboard back light are turned off.
- The best to hope for is a command that can be sent at an interval to keep the Cricut awake. Power Command? It would be nice to find a command that will power on the Cricut over USB. The button appears to be a "soft off" which means there is always some power applied to the button to see if it's been pressed, the question is if the "soft off" is handled by the Microcontroller or a separate circuit.
- FTDI EEPROM : Dead End
- FTDI option requires another chip
- Probably not installed in the Cricut
- The serial speed is 198,347 bps.
- Based on the FTDI Application Note AN232B-05_BaudRates [1] Section 1.3.
- The speed has a 3% +/- tolerance which allowed communication to work OK at 200,000 bps.
- The 8N2 Transmit and 8N1 Receive theory that required inserting an extra delay between bytes sent to the Cricut, really just allowed the Cricut to stay in sync a little easier.
- Additional testing with other baud rates showed the Cartridge Name command (5 bytes TX, 39 bytes RX) worked within 4% +/- of the 198,347 baud rate.
- The same lock bits affect both Flash and EEPROM memory the same. Dead End.
- The internal Atmel Processor definitely has the Flash program memory locked with the security bits, but I'm not sure if the EEPROM is also protected by the security bits. (4 kilobytes) The EEPROM may contain setting information like :
- What device a motherboard was installed into (The Firmware Device Id)
- The maximum Mat Dimensions
- The serial port speed
- Maybe tuning values, because of manufacturing variation.
- The same lock bits affect both Flash and EEPROM memory the same. Dead End.
- The Cartridge Atmel Processor may also have data in the EEPROM area of memory. (512 bytes)
- Memory access could be faster from EEPROM so maybe the cartridge name is available.
- Don't know what other values to expect. Most any data stored here could be acquired from the Flash Part.