The display of a medical ultrasound scanner showing "HackedScan II"

Medical Ultrasound Scanner Gives Up Its Secrets, Runs DOOM

Medical equipment often makes for interesting teardown videos: the strict requirements imposed by certification bodies mean you’ll find good quality components and a high standard of design and manufacturing. But when [Buy It Fix It] bought an ultrasound scanner on eBay, he wasn’t interested in tearing it down: his plan was to use it to find out if his sheep are in lamb, so he went on to repair it and modify it for its new purpose.

The device in question is a Mediwatch Bardscan II, which is meant to be used for scanning people’s bladders. The mainboard has a completely different model number however, which suggests that the basic design is used for several types of ultrasound scanners. The system is powered by an AMD Geode processor that runs Windows XP Embedded stored on a CompactFlash card, so examining the internal software is easy: the scanner interface even runs on a regular Windows PC.

Several files on the internal drive point at hidden features, with filenames like kidney.dib and liver.dib indicating that the instrument can scan more than just bladders. The drive also holds several versions of the scanning app, as well as a .ini file in which lots of features can be enabled or disabled. By running the executable through x32dbg, [Buy It Fix It] was even able to recover the password to enable the “Advanced Settings” menu — it’s “u10” in case you were wondering.

With a bit of file editing, [Buy It Fix It] managed to turn the rather basic system into a way more flexible ultrasound scanner. For example, he can now adjust the scan depth, replay previous scans and make notes on top of any captured images. It can even run DOOM, as he demonstrates at the end of the video — though we can imagine his sheep might not enjoy the sight of their owner approaching them with a box full of flame-throwing demons.

Medical ultrasound scanners, which have been around for quite a while, may appear to be complex machines, but it is possible to make a simple version with easily available components.

Continue reading “Medical Ultrasound Scanner Gives Up Its Secrets, Runs DOOM

Fluke 12E+ Multimeter Hacking Hertz So Good

It kind of hurts watching somebody torturing a brand new Fluke multimeter with a soldering iron, even if it’s for the sake of science. In order to find out if his Fluke 12E+ multimeter, a feature rich device with a price point of $75 that has been bought from one of the usual sources, is actually a genuine Fluke, [AvE] did exactly that – and discovered some extra features.

fluke_12E_CDuring a teardown of the multimeter, which involved comparing the melting point of the meter’s rubber case with other Fluke meters, [Ave] did finally make the case for the authenticity of the meter. However, after [AvE] put his genuine purchase back together, the dial was misaligned, and it took another disassembly to fix the issue. Luckily, [AvE] cultivates an attentive audience, and some commenters noticed that there were some hidden button pads on the PCB. They also spotted a little “C”, which lit up on the LCD for a short moment during the misalignment issue.

The comments led to [AvE] disassembling the meter a third time to see if any hidden features could be unlocked. And yes, they can. In addition to the dial position for temperature measurement, [AvE] found that one of the hidden button contacts would enable frequency and duty cycle measurement. Well, that was just too easy, so [AvE] went on checking if the hidden features had received their EOL calibration by hooking the meter up to a waveform generator. Apparently, it reads the set frequency to the last digit.

The 12E+ is kind of a new species of Fluke multimeter: On the one side, it has most of the functionality you would normally expect from a “multi”-multimeter – such as measuring both AC and DC voltage, current, capacitance and resistance – and on the other side it costs less than a hundred dollars. This is made possible by the magic of international marketing, and Fluke seems to distribute this crippleware product exclusively in the Chinese market. Therefore, you can’t buy it in the US or Europe, at least not easily. A close relative of the 12E+ which should be a bit easier to obtain is the Fluke 15B+; the meter we saw earlier today when [Sprite_TM] hacked it to share measurements via WiFi. The 15B+ seems to be identical to the 12E+ in appearance and features, although it’s unknown if the two are hackable in the same ways.

https://www.youtube.com/watch?v=FUmbsBYVTQ0

Thanks to [jacubillo] for the tip!