eMMC to SD Hack Rescues Data from a Waterlogged Phone

How do I get the data off this destroyed phone? It’s a question many of us have had to ponder – either ourselves or for friends or family. The easy answer is either spend a mint for a recovery service or consider it lost forever.  [Trochilidae] didn’t accept either of those options, so he broke out the soldering iron and rescued his own data.

A moment’s inattention with a child near a paddling pool left [Trochilidae’s] coworker’s wife with a waterlogged, dead phone. She immediately took apart the phone and attempted to dry it out, but it was too late. The phone was a goner. It also had four months of photos and other priceless data on it. [Trochilidae] was brought in to try to recover the data.

The phone was dead, but chances are the data stored within it was fine. Most devices built in the last few years use eMMC flash devices as their secondary storage. eMMC stands for Embedded Multimedia Card. What it means is that the device not only holds the flash memory array, it also contains a flash controller which handles wear leveling, flash writing, and host interface. The controller can be configured to respond exactly like a standard SD card.

The hard part is getting a tiny 153 ball BGA package to fit into an SD card slot.  [Trochilidae] accomplished that by cutting open a microSD to SD adapter. He then carefully soldered the balls from the eMMC to the pins of the adapter. Thin gauge wire, a fine tip iron, and a microscope are essentials here. Once the physical connections were made,  [Trochilidae] plugged the card into his Linux machine. The card was recognized, and he managed to pull all the data off with a single dd command.

[Trochilidae] doesn’t say what happened after the data was copied, but we’re guessing he analyzed the dump to determine the filesystem, then mounted it as a drive. The end result was a ton of recovered photos and a very happy coworker.

If you like crazy soldering exploits, check out this PSP reverse engineering hack, where every pin of a BGA was soldered to magnet wire.

Hackaday Prize Entry: Portable LED Flash For Photography

Photography is all about light. It’s literally right there in the name – stemming from the Greek word, photos. This is why photographers obsess over the time of day of a shoot, why Instagrammers coalesce around landmarks at sunset, and why a flash helps you take photos in darkness. Historically, flashes have worked in all manner of ways – using burning magnesium or xenon lamps for example. For this Hackaday Prize entry, [Yann Guidon] is developing a portable flash using LEDs instead.

By this point in time, you might be familiar with LEDs as flash units from your cellphone. However, [Yann] is taking this up a notch. The build is based around 100W LED modules, which obviously can pump out a lot of light. The interesting part of the build is its dual nature. The LEDs are intended to operate in one of two ways. The first is in a continuous lighting mode, running the modules well below their rated power to reduce the stress on the LEDs and power supply, and to enable the flash to run on the order of an hour. In this mode, temperature feedback will be used to control the LEDs to manage power use. The other is a pulsed mode, where the LED will be overvolted for a period of milliseconds to create a much more powerful flash.

It’s this dual nature which gives the LED-based flash a potential advantage over less versatile xenon-based units, which are limited to pulsed operation only. We can see the continuous lighting mode being particularly useful for videographers needing a compact, cheap lighting solution that can also work as a pulsed unit as well.We’re excited to see how [Yann] tackles the packaging, thermal and control issues as this project develops!

Reprogramming Bluetooth Headphones for Great Justice

Like a lot of mass-produced consumer goods, it turns out that the internal workings of Bluetooth headphones are the same across a lot of different brands. One common Bluetooth module is the CSR8645, which [lorf] realized was fairly common and (more importantly) fairly easy to modify. [lorf] was able to put together a toolkit to reprogram this Bluetooth module in almost all of these headphones.

This tip comes to us from [Tigox] who has already made good use of [lorf]’s software. Using the toolkit, he was able to reprogram his own Bluetooth headphones over a USB link to his computer. After downloading and running [lorf]’s program, he was able to modify the name of the device and, more importantly, was able to adjust the behavior of the microphone’s gain which allowed him to have a much more pleasant user experience.

Additionally, the new toolkit makes it possible to flash custom ROMs to CSR Bluetooth modules. This opens up all kinds of possibilities, including the potential to use a set of inexpensive headphones for purposes other than listening to music. The button presses and microphones can be re-purposed for virtually any task imaginable. Of course, you may be able to find cheaper Bluetooth devices to repurpose, but if you just need to adjust your headphones’ settings then this hack will be more useful.

[Featured and Thumbnail Image Source by JLab Audio LLC – jlabaudio.com, CC BY-SA 4.0]

Raspberry Pi Camera Flash

The Raspberry Pi Camera is a great tool; it allows projects that require a camera to be put together quickly and on a budget. Plus, having a Linux back end for a little processing never hurt anybody. What can be difficult however, is imaging in low light conditions. Most smartphones have an LED flash built in for this purpose. [Wim Van Gool] decided to follow suit and build an LED flash for the Raspberry Pi.

The project consists of a custom PCB with surface-mount LEDs in an attractive concentric layout. This is a good way to get a nice even distribution of light, particularly when taking photos close up. The board is designed around the Texas Instruments TPS61169 LED driver, which is controlled by a PWM signal from the Raspberry Pi. The flash mounts as a Raspberry Pi HAT, and there’s a hole routed in the centre to allow the camera to fit in nice and snug when using standard 11mm standoffs. It might seem simple, but it’s an impressively tidy piece of engineering and a testament to [Wim]’s abilities.

The Raspberry Pi Camera turns up in all sorts of projects — like these far-seeing PiNoculars.

[Huan] Liberates a Router

[Huan Truong] was given a WiFi router and thought he’d improve it by installing a free firmware on it. Unfortunately, the router in question is a bit old, and wasn’t ever popular to begin with, which meant that it was unsupported by the usual open firmware suspects. The problem was that it only had a 4 MB flash to boot off of, but [Huan] was determined to make it work. (Spoiler: he did it, and documented it fully.)

The flash workaround consisted basically of repartitioning the space, and then telling u-boot where to find everything. On a router like the WNR2000 that [Huan] had, the flash is memory-mapped, which meant adding an offset to the flash start (0xbf000000 instead of 0x00000000) and remembering to do this consistently so that he doesn’t overwrite things like the MAC address.

[Huan] went for the LEDE fork of OpenWRT, and rebuilt it from source because he needed a small version to fit inside his limited flash. With this task completed, it worked. All done? Nope, [Huan] then submitted a pull request to LEDE, and now you can enjoy the fruits of his labor without replicating it. But if you’ve got another low-flash, obscure router, you’ve got a head start in getting LEDE up and running on it.

Routers are perhaps the most-hacked device that we see here, and they can be made pretty darn useful with the right firmware. Sometimes getting a custom firmware running is relatively easy, as it was here, and sometimes it requires some deep reverse engineering. But it’s good to keep up your router-hacking chops, because they may not always be as open as they are now.

Harrowing Story of Installing Libreboot on ThinkPad

As an Apple user, I’ve become somewhat disillusioned over the past few years. Maybe it’s the spirit of Steve Jobs slowly vanishing from the company, or that Apple seems to care more about keeping up with expensive trends lately rather than setting them, or the nagging notion Apple doesn’t have my best interests as a user in mind.

Whatever it is, I was passively on the hunt for a new laptop with the pipe dream that one day I could junk my Apple for something even better. One that could run a *nix operating system of some sort, be made with quality hardware, and not concern me over privacy issues. I didn’t think that those qualities existed in a laptop at all, and that my 2012 MacBook Pro was the “lesser of evils” that I might as well keep using. But then, we published a ThinkPad think piece that had two words in it that led me on a weeks-long journey to the brand-new, eight-year-old laptop I’m currently working from. Those two words: “install libreboot”.

Continue reading “Harrowing Story of Installing Libreboot on ThinkPad”

iPhone NVMe Chip Reversed with Custom Breakout Boards

Ever so slowly, the main storage in our computers has been moving from spinning disks, to SSDs over SATA, to Flash drives connected to a PCI something or other. The lastest technology is NVMe — Non-Volitile Memory Express — a horribly named technology that puts a memory controller right on the chip. Intel has a PCI-based NVMe drive out, Samsung recently released an M.2 NVMe drive, and the iPhone 6S and 6S Plus are built around this storage technology.

New chips demand a reverse engineering session, and that’s exactly what [Ramtin Amin] did. He took a few of these chips out of an iPhone, created a board that will read them, and managed to analize the firmware.

Any reverse engineering will begin with desoldering the chip. This is easy enough, with the real trick being getting it working again outside whatever system it was removed from. For this, [Ramtin] built his own PCIe card with a ZIF socket. This socket was custom-made, but the good news is you can buy one from ITEAD. Yes, it is expensive — that’s what you get with a custom-made ZIF socket.

With the chip extracted, a custom PCIe card, and a bit of work with the NVMe implementation for Linux, [Ramtin] had just about everything working. Eventually, he was able to dump the entire file system on the chip, allowing anyone to theoretically back up the data on their iPhone or MacBook Air. Of course, and especially for the iPhone, this data is encrypted. It’s not possible to clone an iPhone using this method, but it is a remarkably deep dive into the hardware that makes our storage tick.”