Improving the T-962 Reflow Oven

The T-962A is a very popular reflow oven available through the usual kinda-shady retail channels. It’s pretty cheap, and therefore popular, and the construction actually isn’t abysmal. The controller for this oven is downright terrible, and [wj] has been working on a replacement firmware for the horribly broken one provided with this oven. It’s open source, and the only thing you need to update your oven is a TTL/UART interface.

[WJ] bought his T-962A even after seeing some of the negative reviews that suggested replacing the existing controller and display. This is not in true hacker fashion – there’s already a microcontroller and display on the board.

The new firmware uses the existing hardware and adds a very necessary modification: stock, the oven makes the assumption that the cold-junction of the thermocouples is at 20°C. The controller sits on top of an oven with two TRIACs nearby, so this isn’t the case, making the temperature calibration of the oven slightly terrible.

After poking around the board, [WJ] found an LPC2000-series microcontroller and a spare GPIO pin for a 1-wire temperature sensor. The temperature sensor is placed right next to the terminal block for the thermocouples for proper temperature sensing.

All the details of updating the firmware appear on a wiki, and the only thing required to update the firmware is a serial/USB/UART converter. A much better solution than ripping out the controller and replacing it with a custom one.

[Sprite_TM]’s Keyboard Plays Snake

Hackaday Prize judge, hacker extraordinaire, and generally awesome dude [Sprite_TM] spends a lot of time at his computer, and that means a lot of time typing on his keyboard. He recently picked up a board with the latest fad in the world of keyboards, a board with individually addressable LEDs. He took this board to work and a colleague jokingly said, ‘You’ve had this keyboard for 24 hours now, and it has a bunch of LEDs and some arrow keys. I’m disappointed you haven’t got Snake running on it yet.” Thus began the quest to put the one game found on all Nokia phones on a keyboard.

The keyboard in question is a Coolermaster Quickfire Rapid-I, a board that’s marketed as having an ARM Cortex CPU. Pulling apart the board, [Sprite] found a bunch of MX Browns, some LEDs, and a 72MHz ARM Cortex-M3 with 127k of Flash and 32k of RAM. That’s an incredible amount of processing power for a keyboard, and after finding the SWD port, [Sprite] attempted to dump the Flash. The security bit was set. There was another way, however.

Coolermaster is actively working on the firmware, killing bugs, adding lighting modes, and putting all these updates on their website. The firmware updater is distributed as an executable with US and EU versions; the EU version has another key. Figuring the only difference between these versions would be the firmware itself, [Sprite] got his hands on both versions, did a binary diff, and found only one 16k block of data at the end of the file was different. There’s the firmware. It was XOR encrypted, but that’s obvious if you know what to look for.

flashdata The firmware wasn’t complete, though; there were jumps to places outside the code [Sprite] had and a large block looked corrupted. There’s another thing you can do with an executable file: run it. With USBPcap running in the background while executing the firmware updater, [Sprite] could read exactly what was happening when the keyboard was updating. With a small executable that gets around the weirdness of the updater, [Sprite] had a backup copy of the keyboard’s firmware. Even if he bricked the keyboard, he could always bring it back to a stock state. It was time to program Snake.

The first part of writing new firmware was finding a place that had some Flash and RAM to store the new code. This wasn’t hard; there was 64k of Flash free and 28K of unused RAM. The calls to the Snake routine were modified from the variables the original firmware had. If, for example, the original keyboard had a call to change the PWM, [Sprite] could change that to the Snake routine.

Snake is fun, but with a huge, powerful ARM in a device that people will just plug into their keyboard, there’s a lot more you can do with a hacked keyboard. Keyloggers and a BadUSB are extremely possible, especially with firmware that can be updated from a computer. To counter that, [Sprite] added the requirement for a physical condition in order to enter Flash mode. Now, the firmware will only update for about 10 seconds after pressing the fn+f key combination.

There’s more to playing Snake on a keyboard; Sprite has also written a new lighting mode, a fluid simulation thingy that will surely annoy anyone who can’t touch type. You can see the videos of that below.

Continue reading “[Sprite_TM]’s Keyboard Plays Snake”

Using the ESP8266 as a Web-enabled sensor

A few months ago, the ESP8266 came onto the scene as a cheap way to add WiFi to just about any project that had a spare UART. Since then, a few people have figured out how to get this neat chip running custom firmware, opening the doors to an Internet of Things based around an ESP8266. [Marc] and [Xavi] just wrote up a quick tutorial on how to turn the ESP8266 into a WiFi sensor platform that will relay the state of a GPIO pin to the Internet.

If you’re going to replicate this project, you won’t be using the stock firmware on the ESP. Instead of the stock firmware, [Marc] and [Xavi] are using the Lua-based firmware that allows for access to a few GPIOs on the device and scripting support to make application development easy. To upload this firmware to the ESP, [Marc] and [Xavi] needed a standard FTDI USB to serial converter, a few AT commands through a terminal program, and a few bits of wire.

The circuit [Marc] and [Xavi] ended up demoing for this tutorial is a simple webpage that’s updated every time a button is pressed. This will be installed in the door of their hackerspace in Barcelona, but already they have a great example of the ESP8266 in use.

How to Backup and Restore Your IP Camera Firmware

[Filipe] has been playing around with custom firmware for inexpensive IP cameras. Specifically, he has been using cameras based on a common HI3815 chip. When you are playing around with firmware like this, a major concern is that you may end up bricking the device and rendering it useless. [Filipe] has documented a relatively simple way to backup and restore the firmware on these cameras so you can hack to your heart’s content.

The first part of this hack is hardware oriented. [Filipe] cracked open the camera to reveal the PCB. The board has labeled serial TX and RX pads. After soldering a couple of wires to these pads, [Filipe] used a USB to serial dongle to hook his computer up to the camera’s serial port.

Any terminal program should now be able to connect to the camera at 115200 baud while the camera is booting up. The trick is to press “enter” during the boot phase. This allows you to log in as root with no password. Next you can reset the root password and reboot the camera. From now on you can simply connect to the phone via telnet and log in as root.

From here, [Filipe] copies all of the camera’s partitions over to an NFS share using the dd command. He mentions that you can also use FTP for this if you prefer. At this point, the firmware backup is completed.

Knowing how to restore the backup is just as important as knowing how to create it. [Filipe] built a simple TFTP server and copied the firmware image to it in two chunks, each less than 5MB. The final step is to tell the camera how to find the image. First you need to use the serial port to get the camera back to the U-Boot prompt. Then you configure the camera’s IP address and the TFTP server’s IP address. Finally, you copy each partition into RAM via TFTP and then copy that into flash memory. Once all five partitions are copied, your backup is safely restored and your camera can live to be hacked another day.

EFF Launches Open Router Firmware

Open Wireless Movement logo

The Electronic Frontier Foundation have released an alpha of their own Open Wireless Router Firmware as part of the Open Wireless Movement. This project aims to make it easier to share your wireless network with others, while maintaining security and prioritization of traffic.

We’ve seen a lot of hacks based on alternative router firmware, such as this standalone web radio. The EFF have based their router firmware off of CeroWRT, one of the many open source firmware options out there. At this time, the firmware package only targets the Netgear WNDR3800.

Many routers out there have guest modes, but they are quite limited and often have serious vulnerabilities. If you’re interested in sharing your wireless network, this firmware will help out by letting you share a specified amount of bandwidth. It also aims to have a secure web interface, and secure auto-update using Tor.

The EFF has announced this “pre-alpha hacker release” as a call for hackers who want to join in the fun. Development is happening over on Github, where you’ll find all of the source and issues.

Hackaday Links: May 18, 2014

hackaday-links-chain

Think the original Pong is cool? How about point to point Pong? [v8ltd] did it in three months, soldering all the leads directly to the chip pins. No sockets required. It’s insane, awesome, a masterpiece of craftsmanship, and surprising it works.

[Jeremy Cook] is building a servo-powered light graffiti thing and needed a laser diode. How do you control a laser pointer with a microcontroller? Here’s how. They’re finicky little buggers, but if you get the three-pack from Amazon like [Jeremy] did, you get three chances to get it right.

NFC tags in everything! [Becky] at Adafruit is putting them in everything. Inside 3D printed rings, glued onto rings, and something really clever: glued to your thumbnail with nail polish. Now you can unlock your phone with your thumb instead of your index finger.

Photographs capture still frames, but wouldn’t it be great if a camera could capture moving images? No, we’re not talking about video because this is the Internet where every possible emotion, reaction, and situation can be expressed with an animated GIF. Meet OTTO, the camera that captures animated GIFs! It’s powered by the Raspberry Pi compute module, so that’s interesting.

[Nate] was getting tired of end mills rolling around his bench. That’s a bad thing. He came up with a solution, though: Mill a piece of plywood into a tray to hold end mills.

The Da Vinci printer, a printer that only costs $500 because they’re banking on the Gillette model, has been cracked wide open by resetting the DRM, getting rid of the proprietary host software, and unbricking the device. Now there’s a concerted effort to develop custom firmware for the Da Vinci printer. It’s extraordinarily bare bones right now, but the pins on the microcontroller are mapped, and RepRap firmwares are extremely modular.

Firmware For Cheap Bluetooth Modules

Ibluetoothf you’ve ever built anything with a microcontroller, some sort of sensor, and a connection to the outside world, you’re probably wondering how those places in China can pump out cheap electronics for a mere percentage of what it costs you to pull a DIY. It’s not just volume – it’s engineering; if something has Bluetooth, you find a Bluetooth module with a built-in microcontroller so you can write firmware to it.

The BC417 is the System on Chip found in the very popular BlueCore4-Ext Bluetooth module featuring 8Mbits of Flash (75% of which is used for Bluetooth related stuff), somewhere around 12 kB of RAM, with everything run in a virtual machine. [pfalcon] wrote an extremely experimental firmware for this device that allows anyone to create a wireless sensor node for peanuts. These devices are almost as cheap as a bare ATMega, so the possibilities are interesting, to say the least.

At this point, the hardest part of putting custom firmware on these devices is programming them. For that, [Elastic Sheep] comes to the rescue with a parallel port to SPI interface. There’s also a firmware dumper and some breakout boards available. These modules are pretty cheap, and the pitch isn’t too bad, so you might be able to etch your own boards should you want to experiment a little.

Thanks [Peter] for sending this in.