[ijsf] recently came across a very old synthesizer from a defunct West German company. This was one of the first wavetable synths available, and it’s exceptionally rare. Being so rare, there isn’t much documentation on the machine. In an attempt at reverse engineering, [ijsf] decided to dump the EPROMs and take a peek at what made this synth work. There wasn’t an EPROM programmer around to dump the data, but [ijsf] did have a few ARM boards around. It turns out building a 27-series PROM dumper is pretty easy, giving [ijsf] an easy way to dig into the code on this machine.
The old EPROMs in this machine have 5v logic, so [ijsf] needed to find a board that had a ton of IOs and 5v tolerant inputs. He found the LPC2148, which has a nice USB system that can be programmed to dump the contents of a PROM over serial. Interfacing the PROM is as simple as connecting the power and ground, the address lines, data, and the signal lines. After that, it’s just a matter of stepping through every address according to the timing requirements of the PROM. All the data was dumped over a serial interface, and in just a few seconds, [ijsf] had 32768 bytes of ancient data that made this old synth tick.
[Rui] enjoys his remote-controlled helicopter hobby and he was looking for a way to better track the temperature of the helicopter’s engine. According to [Rui], engine temperature can affect the performance of the craft, as well as the longevity and durability of the engine. He ended up building his own temperature logger from scratch.
The data logger runs from a PIC 16F88 microcontroller mounted to a circuit board. The PIC reads temperature data from a LM35 temperature sensor. This device can detect temperatures up to 140 degrees Celsius. The temperature sensor is mounted to the engine using Arctic Alumina Silver paste. The paste acts as a glue, holding the sensor in place. The circuit also contains a Microchip 24LC512 EEPROM separated into four blocks. This allows [Rui] to easily make four separate data recordings. His data logger can record up to 15 minutes of data per memory block at two samples per second.
Three buttons on the circuit allow for control over the memory. One button selects which of the four memory banks are being accessed. A second button changes modes between reading, writing, and erasing. The third button actually starts or stops the reading or writing action. The board contains an RS232 port to read the data onto a computer. The circuit is powered via two AA batteries. Combined, these batteries don’t put out the full 5V required for the circuit. [Rui] included a DC-DC converter in order to boost the voltage up high enough.
Heat up that iron, you’re going to want to try this one: [Hugatry] is adding hardware to his laptop by tapping into the i2c lines on the memory module. We love this because the penalty for borking memory during the soldering process is much lower than when soldering directly to a motherboard!
Until we watched the video after the break we hadn’t realized that memory modules usually have an i2c EEPROM on them. This is actually a standard called Serial Presence Detect which allows the BIOS to poll the memory and configure automatically. It seems ironic that we knew the Raspberry Pi HAT standard uses this same trick but didn’t know it was on computer memory as well.
Hardware-wise this provides an easy method of soldering your own equipment to the bus. From there it becomes a software hack. Linux, of course, makes this quite easy and that is demonstrated by [Hugatry] with an LM75 temperature sensors. We would like to hear from our Windows and OSX using readers on how the i2c bus can be accessed within those OS’s.
Continue reading “Solder any Expansion Directly to Your Computer’s Memory”
Once upon a time, arcades were all the rage. You could head down to your local arcade with a pocket full of quarters and try many different games. These days, video arcades are less popular. As a result, many old arcade games are becoming increasingly difficult to find. They are almost like the artifacts of an ancient age. They are slowly left to rot and are often lost or forgotten with time. Enter, MAME.
MAME (Multiple Arcade Machine Emulator) is a software project, the goal of which is to protect gaming history by preventing these arcade machines from being lost or forgotten. The MAME emulator currently supports over 7000 titles, but there are still more out there that require preservation. The hackers who work on preserving these games are like the digital Indiana Jones of the world. They learn about lost games and seek them out for preservation. In some cases, they must circumvent security measures in order to accurately preserve content. Nothing as scary as giant rolling boulders or poison darts, but security nonetheless.
Many of the arcade cabinets produced by a publisher called NMK used a particular sound processor labeled, “NMK004”. This chip contains both a protected internal code ROM and an unprotected external ROM that controls the sound hardware. The actual music data is stored on a separate unprotected EEPROM and is different for each game. The system reads the music data from the EEPROM and then processes it using the secret data inside the NMK004.
The security in place around the internal ROM has prevented hackers from dumping its contents for all this time. The result is that NMK games using this chip have poorly emulated sound when played using MAME, since no one knows exactly how the original chip processed audio. [trap15] found it ridiculous that after 20 years, no one had attempted to circumvent the security and dump the ROM. He took matters into his own hands.
The full story is a bit long and contains several twists and turns, but its well worth the read. The condensed version is that after a lot of trial and error and after writing many custom tools, [trap15] was able to finally dump the ROM. He was able to accomplish this using a very clever trick, speculated by others but never before attempted on this hardware. [trap15] exploited a vulnerability found in the unprotected external ROM in order to trick the system into playing back the protected internal ROM as though it were the sound data stored on the EEPROM. The system would read through the internal ROM as though it were a song and play it out through the speakers. [trap15] recorded the resulting audio back into his PC as a WAV file. He then had to write a custom tool to decode the WAV file back into usable data.
[trap15] has released all of his tools with documentation so other hackers can use them for their own adventures into hardware hacking. The project was a long time in the making and it’s a great example of reverse engineering and perseverance.
Tektronix’s MSO2000 line of oscilloscopes are great tools, and with the addition of a few ‘application modules’, can do some pretty interesting tasks: decoding serial protocols, embedded protocols like I2C and SPI, and automotive protocols like CAN and LIN. While testing out his MSO2012B, [jm] really liked the (limited time) demo of the I2C decoder, but figured it wasn’t worth the $500 price the application module sells for. No matter, because it’s just some data on a cheap 24c08 EEPROM, and with a little bit of PCB design <<removed because of DMCA takedown>>
The application module Tektronix are selling is simply just a small EEPROM loaded up with an <<removed because of DMCA takedown>>. By writing this value to a $0.25 EEPROM, [jm] can enable two applications. The only problem was getting his scope to read the EEPROM: a problem easily solved with a custom board.
The board [jm] designed <<removed because of DMCA takedown>>, with the only additional components needed being an EEPROM, a set of contacts for reading a SIM card, and a little bit of plastic glued onto the back of the board for proper spacing.
UPDATE: Learn about the DMCA Takedown Notice that prompted this post to be altered: http://hackaday.com/2014/08/05/hardware-security-and-a-dmca-takedown-notice/
[HSP] got tired of locking his door with a key, so he decided to upgrade to a keypad system which he’s designed himself.
It uses an Arduino Mega with the standard 44780 display, a standard keypad, and the “key override” (shown above) for fun. The locking mechanism is a standard 12V actuator based lock which was modified to run off of only 7.5V, by softening up the spring inside and running it upside down (as to let gravity help do the work). The whole system draws less than half a watt on standby, and engaging the lock peaks at only 4-7W.
What’s really clever about this design is how he locks it from inside the room. He’s programmed the Arduino to write 1 to address 128 of the EEPROM — at power on it will increment this by 1, and after 5 seconds, it will reset to 1. This means it can detect a quick power cycle, so you can lock the door by turning it off, turning it on for a few seconds, and turning it off and on again — he did this so he didn’t have to make a button or console, or any kind of wireless control on the inside. Continue reading “Door Lock Provides Peace of Mind With Real-Time Security”
[Mário] sent us a tip detailing the access control system he and his friends built for the eLab Hackerspace in Faro, Portugal. The space is located in the University of Algarve’s Institute of Engineering, which meant the group couldn’t exactly bore some holes through campus property and needed a clever solution to provide 24/7 access to members.
[Mário] quickly ruled out more advanced Bluetooth or NFC options, because he didn’t want to leave out members who did not have a smartphone. Instead, after rummaging around in some junk boxes, the gang settled on hacking an old Siemens C55 phone to serve as a GSM modem and to receive calls from members. The incoming numbers are then compared against a list on the EEPROM of an attached PIC16F88 microcontroller, which directs a motor salvaged from a tobacco vending machine to open the push bar on the front door. They had to set up the motor to move an arm in a motion similar to that of a piston, thus providing the right leverage to both unlock and reset the bar’s position.
Check out [Mário’s] blog for more details and information on how they upload a log of callers to Google spreadsheets, and stick around for a quick video demonstration below. If you’d prefer a more step by step guide to the build, head over to the accompanying Instructables page. Just be careful if you try to reproduce this hack with the Arduino GSM shield.
Continue reading “Open your Hackerspace Door with a Phone Call”