The Other Kind of Phone Hacking

While it’s true that your parts bin might have a few parts harvested from outdated devices of recent vintage, there’s not much to glean anymore aside from wall warts. But the 3×48-character LCD from [Kerry Wong]’s old Uniden cordless landline phone was tempting enough for him to attempt a teardown and reverse engineering, and the results were instructive.

No data sheet? No problem. [Kerry] couldn’t find anything out about the nicely backlit display, so onto the logic analyzer it went. With only eight leads from the main board to the display module, it wasn’t likely to be a parallel protocol, and the video below shows that to be the case. A little fiddling with the parameters showed the protocol was Serial Peripheral Interface, but as with other standards that aren’t exactly standardized, [Kerry] was left with enough ambiguity to make the analysis interesting. Despite a mysterious header of 39 characters, he was able in the end to drive the LCD with an Arduino, and given that these phones were usually sold as a bundle with a base and several handsets, he ought to have a nice collection of displays for the parts bin.

With how prevalent this protocol has gotten, [Kerry]’s post makes us want to get up to speed on the basics of SPI. And to buy a logic analyzer too.

Continue reading “The Other Kind of Phone Hacking”

Exposing Dinosaur Phone Insecurity With Software Defined Radio

Long before everyone had a smartphone or two, the implementation of a telephone was much stranger than today. Most telephones had real, physical buttons. Even more bizarrely, these phones were connected to other phones through physical wires. Weird, right? These were called “landlines”, a technology that shuffled off this mortal coil three or four years ago.

It gets even more bizarre. some phones were wireless — just like your smartphone — but they couldn’t get a signal more than a few hundred feet away from your house for some reason. These were ‘cordless telephones’. [Corrosive] has been working on deconstructing the security behind these cordless phones for a few years now and found these cordless phones aren’t secure at all.

The phone in question for this exploit is a standard 5.8 GHz cordless phone from Vtech. Conventional wisdom says these phones are reasonably secure — at least more so than the cordless phones from the 80s and 90s — because very few people have a duplex microwave transceiver sitting around. The HackRF is just that, and it only costs $300. This was bound to happen eventually.

This is really just an exploration of the radio system inside these cordless phones. After taking a HackRF to a cordless phone, [Corrosive] found the phone technically didn’t operate in the 5.8 GHz band. Control signals, such as pairing a handset to a base station, happened at 900 MHz. Here, a simple replay attack is enough to get the handset to ring. It gets worse: simply by looking at the 5.8 GHz band with a HackRF, [Corrosive] found an FM-modulated voice channel when the handset was on. That’s right: this phone transmits your voice without any encryption whatsoever.

This isn’t the first time [Corrosive] found a complete lack of security in cordless phones. A while ago, he was exploring the DECT 6.0 standard, a European cordless phone standard for PBX and VOIP. There was no security here, either. It would be chilling if landlines existed anymore.

Continue reading “Exposing Dinosaur Phone Insecurity With Software Defined Radio”

Cordless Water Pump!

A water pump is one of those items that are uncommonly used, but invaluable when needed. Rarer still are cordless versions that can be deployed at speed. Enter [DIY King 00], who has shared his build of a cordless water pump!

The pump uses an 18 volt brushed motor and is powered by an AEG 18V LiPo battery. That’s the same battery as the rest of [DIY King]’s power tools, making it convenient to use. UPVC pipe was used for the impeller — with a pipe end cap for a housing. A window of plexiglass to view the pump in motion adds a nice touch.

A bit of woodworking resulted in the mount for the pump and battery pack, while a notch on the underside allows the battery to lock into place. Some simple alligator clips on the battery contacts and the motor connected through a switch are all one needs to get this thing running.

Continue reading “Cordless Water Pump!”

Tank tread robot build aims for a smooth ride

There’s all kinds of interesting things going into this tank robot build, but that beautiful suspension system immediately caught our eye. It helps to protect the body of the robot from being shaken apart when traveling over rough surfaces. Make sure to check out the four parts of the build log which are found on the left sidebar at the post linked above.

This a Master’s thesis project and has been built from common parts. The motors for the treads are pulled from a pair of cordless drills, with some capacitors added to help combat the draw when they start up. The treads themselves are each made from a pair of bicycle chains connected with numerous PVC pipe segments. The curved section of each PVC piece goes toward the chain, leaving the edges toward the ground for great traction. The tree wheels which support the middle of the tread each have a hinge and spring to absorb the shock of running full speed into concrete sidewalk corners like we see in the video after the break.

Continue reading “Tank tread robot build aims for a smooth ride”

Revive your tired Dremel battery pack

It turns out there’s nothing more than six Nickel Cadmium AA rechargeable batteries inside of that cordless Dremel battery pack. Yep, standard rechargeable AA’s that you can buy most anywhere, and now you can revive that aging battery pack by following [Stuuf’s] guide. Since you’re already at it, a few more bucks will yield a real upgrade by using the superior Nickel Metal Hydride batteries which should yield around three times as much use between charging. We totally understand having a battery pack, since the shape of the case is part of the handheld tool, and it should be easy to interchange the battery as one unit. We just wish that the battery pack had been designed to have the AA cells swapped out by the user once they had reached the end of the line.

Do you have other cordless tools in need of a pick-me-up? Check out this Makita battery pack repair hack for a point in the right direction.

[Thanks Bluewraith]

Does your phone have a GOOG-411 button?

While visiting family we noticed that their telephone had a dedicated GOOG-411 button. We’ve been using Google’s free 411 service for what seems like years but seeing this show up in the form of an auto-dial button is astonishing.

The question that pops to mind: how is this not an antitrust suit waiting to happen? Directory assistance is BIG MONEY that Google undercut when launching its free service. By shipping phones that have the number pre-programmed doesn’t that limit choice and competition in the same way that shipping Windows with Internet Explorer does? Perhaps the difference is that Microsoft has a near monopoly on the PC OS market while GE can’t say the same about cordless phones.

We’re not antitrust lawyers, and neither are you, but we’d still like to hear your opinions about this in the comments.

Cordless drill overhaul

drill_upgrade

[Alexander.m] shows us how to do a major overhaul on a cordless drill, replacing pretty much everything but the case. He needed some more power, but found the price tag of the bigger drills to be prohibitive. He opted for a more hacked together approach and used a  24 volt 1.4 hp hobby motor as a drive. He had to make a custom enclosure for the batteries too. The final result may not be the prettiest thing in the world, with that giant battery pack on the bottom, but it probably gets the job done pretty well and cost less than half of what a new one would have.