Telnet Gets Stubborn Sony Camera Under Control

November 25, 2022 by Tom Nardi 13 Comments

According to [Venn Stone], technical producer over at LinuxGameCast, the Sony a5000 is still a solid option for those looking to shoot 1080p video despite being released back in 2014. But while the camera is lightweight and affordable, it does have some annoying quirks — namely an overlay on the HDMI output (as seen in the image above) that can’t be turned off using the camera’s normal configuration menu. But as it so happens, using some open source tools and the venerable telnet, you can actually log into the camera’s operating system and fiddle with its settings directly.

As explained in the write-up, the first step is to install Sony-PMCA-RE, a cross-platform suite of tools developed for reverse engineering and modifying Sony cameras. With the camera connected via USB, this will allow you to install a program on the camera called Open Memories Tweak. This unlocks some developer options on the camera, such as spawning a telnet server on its WiFi interface.

With the a5000 connected to your wireless network, you point your telnet client to its IP address and will be greeted by a BusyBox interface that should be familiar to anyone who’s played with embedded Linux gadgets. The final step is to invoke the proper command, bk.elf w 0x01070a47 00, which sets the specific address of the camera’s configuration file to zero. This permanently disables the HDMI overlay, though it can be reversed by running the command again and setting the byte back to 01.

As you might expect, the Sony-PMCA-RE package is capable of quite a bit more than just unlocking a telnet server. While it might not be as powerful as a firmware modification such as Magic Lantern for Canon’s hardware, those looking for a hackable camera that won’t break the bank might want to check out the project’s documentation to see what else is possible.

Continue reading “Telnet Gets Stubborn Sony Camera Under Control” →

Custom Sony Camera Remote Built With ESP32

October 21, 2022 by Lewin Day 10 Comments

Whether you’re shooting video or photos, having a camera remote can really improve your productivity. No longer do you have to run back to the camera to press its tiny buttons! [Frank Zhao] is a Sony user, so decided to whip up a custom remote using the ESP32 for his Alpha camera, adding special features along the way.

The build communicates with the camera over WiFi, but can fall back to Infrared if there’s an issue with the radio link. It’s built around the M5StickC, which is a pre-built device featuring an ESP32 and a small display in a handheld form factor. It let him build the remote in half the size of the official Sony device. With limited buttons on board, though, he relies on the IMU to control many advanced features with motion gestures.

The remote enables a bunch of functionality that Sony didn’t bake into its cameras from the factory. There’s a sound-activated shutter release, dual shutter mode, and several timer-based tools including astrophotography modes. There’s also a big knob you can add for focus pulls, and a mode to reset the auto-focus when you’re frustrated that it isn’t working properly. Some of the features work better than others, as sometimes, the camera doesn’t respond to commands quickly enough. Regardless, it’s pretty neat that [Frank] has unlocked so much extra functionality with his custom $20 remote.

We’ve seen other homebrewed tools open up new creative possibilities for cameras before, too. If you’ve got your own nifty camera hacks, let us know on the tipsline!

A ’70s TV With ’20s Parts

July 24, 2022 by Bryan Cockfield 45 Comments

Keeping older technology working becomes exponentially difficult with age. Most of us have experienced capacitor plague, disintegrating wire insulation, planned obsolescence, or even the original company failing and not offering parts or service anymore. To keep an antique running often requires plenty of spare parts, or in the case of [Aaron]’s vintage ’70s Sony television set, plenty of modern technology made to look like it belongs in a machine from half a century ago.

The original flyback transformer on this TV was the original cause for the failure of this machine, and getting a new one would require essentially destroying a working set, so this was a perfect candidate for a resto-mod without upsetting any purists. To start, [Aaron] ordered a LCD with controls (and a remote) that would nearly fit the existing bezel, and then set about integrating the modern controls with the old analog dials on the TV. This meant using plenty of rotary encoders and programming a microcontroller to do the translating.

There are plenty of other fine details in this build, including audio integration, adding modern video and audio inputs like HDMI, and adding LEDs to backlight the original (and now working) UHF and VHF channel indicators. In his ’70s-themed display wall, this TV set looks perfectly natural. If your own display wall spotlights an even older era, take a look at some restorations of old radios instead.

Continue reading “A ’70s TV With ’20s Parts” →

MiniDisc Player Supports Full Data Transfer

May 14, 2022 by Bryan Cockfield 27 Comments

Between the era of the CD and the eventual rise and domination of streaming music platforms, there was a limbo period of random MP3 players mixed in with the ubiquitous (and now officially discontinued) iPod. In certain areas, though, the digital music player of choice was the MiniDisc, a miniature re-writable CD player with some extra digital features. Among them was the ability to transfer music to the discs over USB, but they did not feature the ability to transfer the songs back to a computer. At least until now, thanks to this impressive hack from [asivery].

Although it sounds straightforward, this trick has a lot of moving parts that needed to come together just right. The MiniDisc player uses a proprietary encoding format called ATRAC, so a codec is needed for that. The MiniDisc player stores data from the disc in a 40-second buffer when playing, so the code reads the data directly from DRAM in 40-second chunks, moves the read head, repeats the process as needed, then stitches the 40-second parts back together. It can work on any Sony NetMD portable, if you are lucky enough to still have one around.

The project is a tremendous asset to the MiniDisc community, especially since the only way to recover data from a MiniDisc player prior to this was to use a specific version known as the RH-1. As [asivery] reports, used RH-1 players are going for incredibly high prices partially because of this feature. Since this new method demonstrates that it’s possible to do with other devices, perhaps its reign in the MiniDisc world will come to a close. For those still outside the loop on this esoteric piece of technology, take a look at this MiniDisc teardown.

Thanks to [Maarten] for the tip!

An assortment of MemoryStick cards and devices, some of them, arguably cursed, like a MemoryStick-slot-connected camera.

Hacker Challenges MemoryStick To A Fight And Wins

March 20, 2022 by Arya Voronova 24 Comments

It’s amazing when a skilled hacker reverse-engineers a proprietary format and shares the nitty-gritty with everyone. Today is a day when we get one such write-up – about MemoryStick. It is one of those proprietary formats, a staple of Sony equipment, these SD-card-like storage devices were evidently designed to help pad Sony’s pockets, as we can see from the tight lock-in and inflated prices. As such, this format has always remained unapproachable to hackers. No more – [Dmitry Grinberg] is here with an extensive breakdown of MemoryStick protocol and internals.

If you ever want to read about a protocol that is not exactly sanely designed, from physical layer quirks to things like inexplicable large differences between MemoryStick and MemoryStick Pro, this will be an entertaining read for hackers of all calibers. Dmitry doesn’t just describe the bad parts of the design, however, as much as that rant is entertaining to read – most of the page is taken by register summaries, struct descriptions and insights, the substance about MemoryStick that we never got.

One sentence is taken to link to a related side project of [Dmitry] that’s a rabbithole on its own – he has binary patched MemoryStick drivers for PalmOS to add MemoryStick Pro support to some of the Sony Clie handhelds. Given the aforementioned differences between non-Pro and Pro standards, it’s a monumental undertaking for a device older than some of this site’s readers, and we can’t help but be impressed.

To finish the write-up off, [Dmitry] shares with us some MemoryStick bit-banging examples for the STM32. Anyone who ever wanted to approach MemoryStick, be it for making converter adapters to revive old tech, data recovery or preservation purposes, or simply hacker curiosity, now can feel a bit less alone in their efforts.

We are glad to see such great hacking on the MemoryStick front – it’s much needed, to the point where our only article mentioning MemoryStick is about avoiding use of the MemoryStick slot altogether. [Dmitry] is just the right person for reverse-engineering jobs like this, with extensive reverse-engineering history we’ve been keeping track of – his recent reverse-engineering journey of an unknown microcontroller in cheap E-Ink devices is to behold.

Modern Features In Classic Radio

December 7, 2021 by Bryan Cockfield 53 Comments

As consumer electronics companies chase profits on tighter and tighter margins, it seems like quality is continually harder to find for most average consumer-grade products. Luckily, we don’t have to hunt through product reviews to find well-built merchandise since we have the benefit of survivorship bias to help us identify quality products from the past that have already withstood the test of time. [Tom] has forever been fond of this particular Sony TV/radio combo from the ’70s so he finally found one and set about modernizing it in a few key ways.

Among the modifications to this 1978 Sony FX-300 include the addition of a modern color display, Bluetooth, an upgraded FM radio, and a microphone. At the center of all of this new hardware is a Teensy 4 which [Tom] has found to be quite powerful and has enough capabilities to process the audio that’s being played in order to make visual representations of the sound on the screen. He also implemented a bitcrusher filter and integrated it into the controls on the original hardware. He’s using an optimized version of this library to cram all of that processing ability into such a small chip, and the integration of all this new hardware is so polished that it looks like it could be an original Sony stereo from the modern era.

While some may complain about restomod-type builds like this, we don’t really see any need to be arbitrarily or absolutely faithful to bygone eras even if the original hardware was working properly in the first place. What works is taking the proven technology of the past and augmenting it with modern features to enjoy the best of both worlds. Much like this hi-fi stereo which blends the styles and technology of the 90s with that of the 60s in an equally impressive way.

Newest PlayStation Exploit Skips The Disc

April 10, 2021 by Tom Nardi 17 Comments

Last month we brought you word of tonyhax, a clever exploit for the original Sony PlayStation that leveraged a buffer overflow in several of the games from the Tony Hawk Pro Skater series to load arbitrary code from a specially prepared memory card. But now [Bradlin] has taken that idea a step further and developed a software exploit for Sony’s iconic console that doesn’t need to be triggered from a game.

The exploit is considerably more complex this time around, but [Bradlin] does an excellent job of breaking it down for those who want the gritty details. The short version is that missing boundary checks in the PlayStation’s built-in memory card handling routines mean a carefully formatted “block” on the memory card can get the console to execute a small 128 byte payload. That’s not a lot of room to work with, but it ends up being just enough to load up additional code stored elsewhere on the memory card and really kick things off.

Unlike tonyhax, which was designed specifically to allow the user to swap their retail Tony Hawk disc with a game burned to a CD-R, [Bradlin]’s FreePSXBoot is presented as more of a generic loader. As of right now, it doesn’t allow you to actually play burned games, although its inevitable that somebody will connect those last few dots soon.

If you want to check out the progress so far, all you need is wire a PlayStation memory card up to an Arduino, write the provided image to it, and stick it in the slot. [Bradlin] says the exploit doesn’t work 100% of the time (something else that will surely be addressed in future releases), but it shouldn’t take too many attempts before you’re greeted with the flashing screen that proves Sony’s 27 year old console has now truly been bested.

Continue reading “Newest PlayStation Exploit Skips The Disc” →