USB2Serial Adapter As An I/O Device

There was a time when computers had parallel ports. For the hacker types, this meant an eight bit data port, and nine additional pins which could be interfaced with the real world via the 25 pin connector. This is no longer the case, although USB does help with suitable hardware. [Jabi] was working on a project that required controlling one relay to switch a strip of LED’s. His solution was to use a USB to Serial Adapter as an I/O device (Spanish, translated here).

He wrote a short C program, SioFus (Simple Input Output from USB2SERIAL), that converts a simple USB to Serial Port Adapter into an I/O device with 4 inputs and 2 outputs. It’s simple and gets the job done. The code uses ioctl and allows DCD, DSR, CTS and RI to act as inputs while DTR and RTS act as outputs. These pins then likely control transistors that switch the relays. The SioFus code is available on github and there are a couple of to-do’s on [Jabi]’s list if you would like to chip in.

The video after the break supposedly shows the hack in action. Seems like some kind of photo booth which then spits out a QR code, possibly a URL to the picture (post in the comments if you figure out what it does).

If you are looking for a more dedicated hardware, check out the Tiny Bit Dingus – a microcontroller stuffed into a USB plug with a few controllable pins.

Continue reading “USB2Serial Adapter As An I/O Device”

A Tool For Spying On Serial Data

[Piotr] was working on a recent Arduino project when he ran into a problem. He was having trouble getting his Arduino Pro Mini to communicate with an ESP8266 module. He needed a way to snoop on the back and forth serial communications. Since he didn’t have a specialized tool for this task, [Piotr] ended up building his own.

spying-on-serial-thumbThe setup is pretty simple. You start with a standard serial cable containing the TX, RX, DTR, and GND wires. This cable connects the Arduino to the ESP8266 WiFi module. The TX and RX lines are then tapped into. Each wire is routed to the RX pin of two different serial to USB adapters. This way, the data being sent from the Arduino shows up on one COM port and the data being transmitted from the module shows up on the other.

The next piece of the puzzle was coming up with a way to see the data more clearly. [Piotr] could have opened two serial terminals simultaneously, but this wasn’t ideal because it would be difficult to compare the timing of the data. Instead, [Piotr] spent less than an hour writing his own simple serial terminal. This one connects to two COM ports at the same time and prints the data on the same screen. The data from each COM port is displayed in a separate color to make it easy to differentiate. The schematic and source code to this project can be found on [Piotr’s] website.

Pac-Man Clock Eats Time, Not Pellets

[Bob’s] Pac-Man clock is sure to appeal to the retro geek inside of us all. With a tiny display for the time, it’s clear that this project is more about the art piece than it is about keeping the time. Pac-Man periodically opens and closes his mouth at random intervals. The EL wire adds a nice glowing touch as well.

The project runs off of a Teensy 2.0. It’s a small and inexpensive microcontroller that’s compatible with Arduino. The Teensy uses an external real-time clock module to keep accurate time. It also connects to a seven segment display board via Serial. This kept the wiring simple and made the display easy to mount. The last major component is the servo. It’s just a standard servo, mounted to a customized 3D printed mounting bracket. When the servo rotates in one direction the mouth opens, and visa versa. The frame is also outlined with blue EL wire, giving that classic Pac-Man look a little something extra.

The physical clock itself is made almost entirely from wood. [Bob] is clearly a skilled wood worker as evidenced in the build video below. The Pac-Man and ghosts are all cut on a scroll saw, although [Bob] mentions that he would have 3D printed them if his printer was large enough. Many of the components are hot glued together. The electronics are also hot glued in place. This is often a convenient mounting solution because it’s relatively strong but only semi-permanent.

[Bob] mentions that he can’t have the EL wire and the servo running at the same time. If he tries this, the Teensy ends up “running haywire” after a few minutes. He’s looking for suggestions, so if you have one be sure to leave a comment. Continue reading “Pac-Man Clock Eats Time, Not Pellets”

Security Problems with Gas Station Automated Tank Gauges

[HD Moore] recently posted an article on Rapid 7’s blog about an interesting security problem. They’ve been doing some research into the security of automated tank gauges (ATGs). These devices are used at gas stations and perform various functions including monitoring fuel levels, tracking deliveries, or raising alarms. [Moore] says that ATGs are used at nearly every fueling station in the United States, but they are also used internationally. It turns out these things are often not secured properly.

Many ATG’s have a built-in serial port for programming and monitoring. Some systems also have a TCP/IP card, or even a serial to TCP/IP adapter. These cards allow technicians to monitor the system remotely. The most common TCP port used in these systems is port 10001. Some of these systems have the ability to be password protected, but Rapid 7’s findings indicate that many of them are left wide open.

The vulnerability was initial reported to Rapid 7 by [Jack Chadowitz]. He discovered the problem due to his work within the industry and developed his own web portal to help people test their own systems. [Jack] approached Rapid 7 for assistance in investigating the issue on a much larger scale.

Rapid 7 then scanned every IPv4 address looking for systems with an open port 10001. Each live system discovered was then sent a “Get In-Tank Inventory Report” request. Any system vulnerable to attack would respond with the station name, address, number of tanks, and fuel types. The scan found approximately 5,800 systems online with no password set. Over 5,300 of these stations are in the United States.

Rapid 7 believes that attackers may be able to perform such functions as to reconfigure alarm thresholds, reset the system, or otherwise disrupt operation of the fuel tank. An attacker might be able to simulate false conditions that would shut down the fuel tank, making it unavailable for use. Rapid 7 does not believe this vulnerability is actively being exploited in the wild, but they caution that it would be difficult to tell the difference between an attack and a system failure. They recommend companies hide their systems behind a VPN for an additional layer of security.

[Thanks Ellery]

Tiptoe Through the Tulips in No Time With Ukule-LED

Take it from someone who has played at the guitar for over 20 years: reading sheet music can be a big stumbling block to musical enjoyment. Playing by ear is somewhat unreliable, tablature only works well if you’re already familiar with the tune and tempo, and pulling melody from chord charts is like weaving fiction from the dictionary. A lot can be said for knowing basic chord formations, but it can be difficult get your fingers to mimic what you see on the page, the screen, or someone else’s fretboard. Enter Ukule-LED, a learning tool and all-around cool project by [Raghav and Jeff] at Cornell.

Ukule-LED uses 16 NeoPixels across the first four positions of the fretboard to teach chord positions. All 16 NeoPixels are connected in series to a single pin on an ATMega1284P, which sits on a board mounted to the bottom of the uke along with power and serial. [Raghav and Jeff] set the NeoPixels below the surface so as not to interrupt playability. The uke can operate in either of two modes, ‘play’, and ‘practice’. In ‘play’ mode, the user feeds it a text file representing a song’s chords, tempo, and time signature. The LEDs show the chord changes in real-time, like a karaoke teleprompter for fingers. In ‘practice’ mode, the user enters a chord through the CLI, and the lights hold steady until they get a new assignment. Knowing which fingers to use where is up to the user.

To add another layer of learning, major chords alight in green, minor chords in red, and 7th chords in blue. These are the currently supported chord types, but the project was built with open, highly extendable Python sorcery available for download and subsequent tinkering. Go on tour after the break.

Continue reading “Tiptoe Through the Tulips in No Time With Ukule-LED”

Finding a Cheaper USB to Serial Chips

FTDI-gate wasn’t great for anybody, and now with hardware hobbyists and technological tinkerers moving away from the most popular USB to serial adapter, some other chip has to fill the void. The cheapest USB to serial chip on the market appears to be the CH340G, available for 20-40 cents apiece from the usual retailers. There is, however, almost no English documentation, and the datasheet for the CH340 family doesn’t include this chip. [Ian]’s here to help you out. He got his mitts on a few of these chips and managed to figure out the pinout and a few reference schematics. He even made an Eagle part for you. Isn’t that nice?

The CH340 series of chips do exactly what you would expect them to do: a full-speed USB device that emulates a standard serial interface, with speeds from 50bps to 2Mpbs. The chip supports 5V and 3.3V, and all the weird modem lines are supported. This chip even has an IrDA mode, because wireless communication in the 90s was exactly as rad as you remember.

With [Ian]’s help, we now have a cheap source of USB to serial chips. If you need the datasheet, here you go. The driver is a bit more difficult to find, but what you’re looking for is the CH341 family of chips. That can be found with a little bit of Google fu.

FTDI Screws Up, Backs Down

A few days ago we learned chip maker FTDI was doing some rather shady things with a new driver released on Windows Update. The new driver worked perfectly for real FTDI chips, but for counterfeit chips – and there are a lot of them – the USB PID was set to 0, rendering them inoperable with any computer. Now, a few days later, we know exactly what happened, and FTDI is backing down; the driver has been removed from Windows Update, and an updated driver will be released next week. A PC won’t be able to communicate with a counterfeit chip with the new driver, but at least it won’t soft-brick the chip.

Microsoft has since released a statement and rolled back two versions of the FTDI driver to prevent counterfeit chips from being bricked. The affected versions of the FTDI driver are 2.11.0 and 2.12.0, released on August 26, 2014. The latest version of the driver that does not have this chip bricking functionality is 2.10.0.0, released on January 27th. If you’re affected by the latest driver, rolling back the driver through the Device Manager to 2.10.0.0 will prevent counterfeit chips from being bricked. You might want to find a copy of the 2.10.0 driver; this will likely be the last version of the FTDI driver to work with counterfeit chips.

Thanks to the efforts of [marcan] over on the EEVblog forums, we know exactly how the earlier FTDI driver worked to brick counterfeit devices:

ftdi_evil

[marcan] disassembled the FTDI driver and found the source of the brick and some clever coding. The coding exploits  differences found in the silicon of counterfeit chips compared to the legit ones. In the small snippet of code decompiled by [marcan], the FTDI driver does nothing for legit chips, but writes 0 and value to make the EEPROM checksum match to counterfeit chips. It’s an extremely clever bit of code, but also clear evidence FTDI is intentionally bricking counterfeit devices.

A new FTDI driver, presumably one that will tell you a chip is fake without bricking it, will be released next week. While not an ideal outcome for everyone, at least the problem of drivers intentionally bricking devices is behind us.