PogoPlug Hacking: A Step by Step Guide to Owning The Device

[Films By Kris Hardware] has started quite an interesting YouTube series on hacking and owning a PogoPlug Mobile v4. While this has been done many times in the past, he gives a great step by step tutorial. The series so far is quite impressive, going into great detail on how to gain root access to the device through serial a serial connection.

PogoPlugs are remote-access devices sporting ARM processor running at 800 MHz, which is supported by the Linux Kernel.  The version in question (PogoPlug Mobile v4) have been re-purposed in the past for things like an inexpensive PBX, an OpenWrt router and even a squeezebox replacement. Even if you don’t have a PogoPlug, this could be a great introduction to hacking any Linux-based consumer device.

So far, we’re at part three of what will be an eight-part series, so there’s going to be more to learn if you follow along. His videos have already covered how to connect via a serial port to the device, how to send commands, set the device up, and stop it calling home. This will enable the budding hacker to make the PogoPlug do their bidding. In this age of the cheap single-board Linux computer, hacking this type of device may be going out of style, but the skills you learn here probably won’t any time soon.

Continue reading “PogoPlug Hacking: A Step by Step Guide to Owning The Device”

Reverse Engineering Hoverboard Motor Drive

The must-have toy of the moment last winter was the “Hoverboard”. We all probably secretly wished them to be the boards from the Back to the Future series of films made real, but the more achievable reality is a self-balancing scooter somewhat akin to a miniature Segway. It seemed every child wanted one, schools banned them, and there was a media frenzy over some of the cheaper models that lacked protection circuitry for their li-ion batteries and thus had a tendency for self-incineration.

[Drew Dibble] is interested in the Power Racing Series (PRS), in which toy electric cars are souped up for competition. Casting around for a source of cheap and relatively powerful motors he lit upon the self-balancing scooters, and waited on Craigslist for the inevitable cast-offs. His resulting purchase had two 350W brushless hub motors and all the associated circuit boards for motor control, gyroscope, and oddly a Bluetooth speaker. The motor control board received an unknown two-wire digital feed from the scooter’s control board, so he set to work investigating its protocol. His write-up of how he did it is an interesting primer in logic line detective work.

Hooking up his logic analyzer he was quickly able to rule out the possibility of the control signal being PWM because all signals followed the same timing. Both lines had data so he was able to rule out I2C, for in that case one line would carry a clock. He was therefore left with a serial line, and taking the 38 microsecond timing interval, he was able to calculate that it had a rather unusual bitrate of 26315 BPS. Each packet had a multiple of 9 bits so he either had 9-bit or 8-bit with parity, and trying all possible parity schemes resulted in parity errors. Therefore the boards used a highly unusual 9-bit non-standard bitrate serial port. Some experimentation led him to an Arduino library, and he was able to get some movement from his motors. Some clever timing detective work later and he could make them move at will, success!

All his code for the project is on GitHub, for his 9-bit SoftwareSerial library and a motor control sketch.

If you want a real Back to the Future hoverboard then you may have to wait a while longer. We have featured a replica made as an unrideable floating artwork though, and a working board that is more of a personal hovercraft.

Continue reading “Reverse Engineering Hoverboard Motor Drive”

Serial hacking with an ATtiny2313


[Sprite_tm] automated a portion of serial hacking by sniffing out the baud rate using an ATtiny2313 and FT232 breakout board. The firmware assumes 8 data bits, no parity, and 1 stop bit (8N1). This is pretty much defacto among serial ports so it should work well, though some devices do use different settings. The auto detection routine can sniff rates as low as 110 baud and supports non standard rates. Released under GPLv3, the software is also supplied in hex format.  [Sprite_tm] has provided great project in past such as Working with VFDsControllable bristlebot, and AVR boost converter. Additional information regarding serial hacking after the break.

Continue reading “Serial hacking with an ATtiny2313”