Now that I had reached the upload/download prompt, I needed to configure my laptop to receive the current firmware from the credit card terminal.
This step involved carefully tracing the start-up firmware of the credit card terminal. At the same time, I was building a program to send the responses required to emulate another Verifone Omni 396 waiting for a new firmware image.
Once the download protocol was documented, the process was reversed. At first, I wrote a program to send the same firmware back to the originating terminal. I could do this by just sending back the data I had just captured.
However, to send my own firmware, I needed to calculate the correct checksums for each packet, and the final checksum for the firmware CRC for it to activate.
Fortunately, the packet checksum was the common Verifone standard checksum used by previous products. Calculating the firmware checksum was a simple sum placed into the correct position in the firmware.
Now, I had the ability to reprogram the unit, but what to program as a simple test case?