Towards A Reverse Engineering Of Samsung’s S-Pen

A few years ago, Wacom, the company behind all those cool graphics tablets, teamed up with Samsung to create the S Pen, a rebirth of that weird pen computing thing that happened in the 90s and a very interesting peripheral if only someone would write some software for it. [Kerry D. Wong] was wondering how the S Pen worked and wired up some hardware to take a look at how the pen communicates with the phone.

It was already known that the S Pen was powered by an RF field, and works somewhat like RFID. Listening in on the communication would require a coil of some type, so [Kerry] disassembled a small speaker and connected it to a scope.

A look at the captured waveforms from the S Pen reveled the carrier frequency appears to be in the range of 550 to 560kHz, outside the range of standard RFID. He doesn’t have the equipment to decode the complete protocol, but a few things can be deduced – the screen senses the location of the pen by detecting a dip in the RF field strength. The only information that is transferred between the pen and phone is the 11-bit pressure sensitivity and a 1-bit value that signals the button is on or off.

[Kerry] put the waveform data up on his site should anyone want to make an attempt at decoding the protocol.

Hack your phone: turn your volume buttons into GPIO ports

Internet connected cameras are mighty useful, specially in situations requiring some form of remote monitoring. An always-on camera that is available over an internet connection, is cheap, and uses re-purposed  hardware – that’s what the Gonzo project hopes to achieve. To accommodate these requirements, the Exploratory Engineering program team in Telenor Digital are using off-the-shelf phone hardware running on top of a fork of Firefox OS. You hang the Gonzo where you want to monitor a situation, after which it will function for up to one month before needing a recharge, sending data to a designated public URL over the 2G network.

A big downside with using such hardware is that it is not designed for the task at hand, and offers no expansion ports that may be needed for certain functions. In this particular case, the designers needed a couple of output ports to drive some LED’s. The hardware guys got a bit creative,  and re-mapped the volume buttons of the phone into generic GPIO ports. On the software side, they looked at where the button GPIO’s were referenced, and located how they are mapped to a keymap. They then added a device driver that maps the GPIO ports to be generic ports instead. Modding the hardware needed a little bit more hard work, figuring out which traces connected to the two volume buttons, adding series resistors, and then wiring the LED’s in place. The project itself is still a work in progress, and you can read more about it at the Gonzo website.

If you’re like one of us and have a box full of old phones lying around, take a look at some creative suggestions here for some Arduino controlled robots.

Thanks for the tip [pb] !

Teardown: The Android-powered iPhone Case

Cellphones! Cellphone cases! Now that Radio Shack is kaput we need to pick up the slack!

A company named Oaxis has been making cell phone cases for a while now, and they’ve recently rolled out something rather interesting – a cell phone case with an e-ink screen. It’s an interesting idea and [Anton] did a teardown on two new releases. The first one just sends an image to an e-ink screen, and on paper, that’s all the second one does as well. There’s something special hidden under the hood, though: a low-end Android system. What an age to live in.

Something interesting happened when [Anton] was futzing with the battery for the e-ink iPhone case. Somehow, the device booted into recovery mode. Android recovery mode. Yes, iPhone cases now run Android.

Inside the e-ink iPhone case, [Anton] found a board with a Rockchip RK2818 SoC. This is the same chip that can be found in cheap Android cell phones. There’s only one button on the cell phone case, and connectivity is only provided by Bluetooth LE, but the possibilities for modding a cell phone case are extremely interesting.

Build Your Own Gear VR

With Samsung’s new Gear VR announced, developers and VR enthusiasts are awaiting the release of the smartphone connected VR headset. A few people couldn’t wait to get their hands on the platform, so they created, OpenGear, a Gear VR compatible headset.

The OpenGear starts off with a Samsung Galaxy Note 4, which is the target platform for the Gear VR headset. A cardboard enclosure, similar to the Google Cardboard headset, holds the lenses and straps the phone to your face.

The only missing part is the motion tracking electronics. Fortunately, ST’s STM32F3 Discovery development board has everything needed: a microcontroller with USB device support, a L3GD20 3 axis gyro, and a LSM303DLHC accelerometer/magnetometer. These components together provide a USB inertial measurement unit for tracking your head.

With the Discovery board strapped to the cardboard headset, an open-source firmware is flashed. This emulates the messages sent by a legitimate Oculus Rift motion tracker. The Galaxy Note 4 sees the device as a VR headset, and lets you run VR apps.

If you’re interested, the OpenGear team is offering a development kit. This is a great way for developers to get a head start on their apps before the Gear VR is actually released. The main downside is how you’ll look with this thing affixed to your face. There’s a head-to-head against the real Gear VR after the break.

[via Road To VR]

Continue reading “Build Your Own Gear VR”

DIY Phone Charger Born From Cyclone Disaster

As convenient as cell phones are, sometimes these power-hungry devices let us down right at the worst time. We’re talking about battery life and how short it is in modern cell phones. Sure that’s totally inconvenient sometimes but it could be way worse. For example: during a natural disaster. A cyclone hit [Ganesh’s] home city and the entire area had lost power for 10 days. He couldn’t plug in his phone to charge it even if he wanted to. After realizing how dependent we are on the electrical grid, he did something about and built a phone charger out of parts he had kicking around.

The charger is quite simple. The user cranks on a DC motor and the output power goes into a LM2596-based step-down voltage regulator. The output of the regulator is then connected to a female USB connector so that any USB cord can be plugged in. As long as the motor is cranked fast enough to put out at least 8vdc, a steady stream of 5v will be available at the USB connector. Max current output of the system has been measured at 550mA.

[Ganesh] admits this isn’t a practical every-day charger but in a pinch it will certainly do the trick. It is even possible to build a makeshift charger out of a cordless drill.

Continue reading “DIY Phone Charger Born From Cyclone Disaster”

Reverse Engineering the Kayak Mobile API

The travel meta-search website Kayak apparently used to have a public API which is no longer available. We can’t say we mourn the loss of the interface we’d never known about. If you are someone who was automating their searches for that perfect vacation getaway deal, there’s still hope. But either way you’ll like this one. [Shubhro Saha] figured out how to access the API used by the Kayak mobile app. We like that he details how to sniff the traffic between an app and the internet and make sense of what is found.

His tool of choice is the Python package Mitmproxy. We haven’t heard of it but we have heard of Wireshark and [Shabhro] makes the case that Mitmproxy is superior for this application. As the name suggests, you set it up on your computer and use that box’s IP as the proxy connection for your phone. After using the app for a bit, there is enough data to start deconstructing what’s going on between the app and remote server which which it communicates. We could have a lot of fun with this, like seeing what info those free apps are sending home, or looking for security flaws in your own creations.

[Thanks Juan via Twitter]

Controlling Nokia Phones with Arduino

While [Ilias Giechaskiel] was waiting for his SIM900 shield to arrive, he decided to see what he could do with an old Nokia 6310i and an Arduino. He was researching how to send automated SMS text messages for a home security project, and found it was possible to send AT commands via the headphone jack of Motorola phones. But unfortunately Nokia did not support this, as they use a protocol known as FBus. With little information to go on, [Ilias] was able to break down the complicated protocol and take control with his Arduino.

With the connections in place, [Ilias] was able to communicate with the Nokia phone using a program called Gnokii — a utility written specifically for controlling the phone with a computer. Using the Arduino as an intermediary, he was eventually able tap into the FBus and send SMS messages.

Be sure to check out his blog as [Ilias] goes into great detail on how Nokia’s FBus protocol works, and provides all source code needed to replicate his hack. There is also a video demonstration at the end showing the hack in action.