Fitness Tracker Teardown is a Lesson In Design for Manufacture

If the trends are anything to go on, after the success of Fitbit we are nearing a sort of fitness tracker singularity. Soon there will be more fitness trackers on wrists and ankles then there will be stars in the sky. We will have entire generations who will grow up not knowing what life is like without the ever-present hug of a heart monitor strapped across their chest. Until then though, we can learn a bit of design for manufacture from this excellent teardown of a watch shaped fitness tracker.

This tracker has a nice round e-paper screen, which could be a welcome part in a project if they start washing up on the shores of eBay. The rest of the watch is a basic Bluetooth low energy module and the accessory electronics wrapped in a squishy plastic casing.

There’s a lot of nice engineering inside the watch. As far as the electronics go, it’s very low power. On top of that is plenty of clever cost optimization; from a swath of test points to reduce quality issues in the hands of consumers to the clever stamped and formed battery tabs which touch the CR2032 that powers it.

The teardown covers more details: the switch, what may be hiding behind the epoxy globs, the plastics, and more. One thing that may be of interest to those that have been following Jenny’s excellent series is the BOM cost of the device. All in all a very educational read.

Russian Decapping Madness

It all started off innocently enough. [mretro] was curious about what was inside a sealed metal box, took a hacksaw to it and posted photographs up on the Interwebs. Over one hundred forum pages and several years later, the thread called (at least in Google Translate) “dissecting room” continues to amaze.

h_1466184174_4168461_2f4afb42b7If you like die shots, decaps, or teardowns of oddball Russian parts, this is like drinking from a firehose. You can of course translate the website, but it’s more fun to open it up in Russian and have a guess at what everything is before peeking. (Hint: don’t look at the part numbers. NE555 is apparently “NE555” in Russian.)

From a brief survey, a lot of these seem to be radio parts, and a lot of it is retro or obsolete. Forum user [lalka] seems to have opened up one of every possible Russian oscillator circuit. The website loads unfortunately slowly, at least where we are, but bear in mind that it’s got a lot of images. And if your fingers tire of clicking, note that the URL ends with the forum page number. It’d be a snap to web-scrape the whole darn thing overnight.

We love teardowns and chip shots, of old gear and of new. So when you think you’ve got a fake part, or if you need to gain access to stuff under that epoxy blob for whatever reason, no matter how embarrassing, bring along a camera and let us know!

Thanks [cfavreau] for the great tip!

Refurbishing Armored Tablets

Who can resist the insane deals on bizarre hardware that pop up on auction websites? Not [Dane Kouttron], for sure. He stumbled on Armor X7 ruggedized tablets, and had to buy a few. They’d be just perfect for datalogging in remote and/or hostile locations, if only they had better batteries and were outfitted with a GSM data modem… So [Dane] hauled out his screwdrivers and took stuff apart. What follows is a very detailed writeup of the battery management system (BMS), and a complete teardown of this interesting tablet almost as an afterthought.

First, [Dane] tried to just put a bunch more batteries into the thing, but the battery-management chip wouldn’t recognize them. For some inexplicable reason, [Dane] had the programmer for the BMS on-hand, as well as a Windows XP machine to run the antiquated software on. With the BMS firmware updated (and the manufacturer’s name changed to Dan-ger 300!) everything was good again.

Now you may not happen to have a bunch of surplus X7 ruggedized tablets lying around. Neither do we. But we can totally imagine needing to overhaul a battery system, and so it’s nice to have a peek behind the scenes in the BMS. File that away in your memory banks for when you need it. And if you need even more power, check out this writeup of reverse-engineering a Leaf battery pack. Power to the people!

Die Photos Of A Runner’s RFID Chip

A mass participation sporting event such as a road race presents a significant problem for its record keepers. It would be impossible to have ten thousand timekeepers hovering over stopwatches at the finish line, so how do they record each runner’s time? The answer lies in an RFID chip attached to the inside of the bib each runner wears, which is read as the runner crosses the line to ensure that their time is recorded among the hundreds of other participants.

[Ken Shirriff] got his hands on a bib from San Francisco’s “Bay to Breakers” race, and set about a teardown to lay bare its secrets.

The foil antenna pattern.
The foil antenna pattern.

Stripping away the foam covering of the RFID assembly revealed a foil antenna for the 860-960MHz UHF band with the tiny RFID chip at its centre. The antenna is interesting, it’s a rather simple wideband dipole folded over with what looks like a matching stub arrangement and an arrow device incorporated into the fold that is probably for aesthetic rather than practical purposes. He identified the chip as an Impinj Monza 4, whose data sheet contains reference designs for antennas we’d expect to deliver a better performance.

After some trial-by-fire epoxy removal the tiny chip was revealed and photographed. It’s a device of three parts, the power scavenging and analog radio section, the non-volatile memory that carries the payload, and a finite-state logic machine to do the work. This isn’t a proper processor, instead it contains only the logic required to do the one task of returning the payload.

He finishes off with a comparison photograph of the chip — which is about the size of a grain of salt — atop a 1980s 8051-series microcontroller to show both its tiny size and the density advancements achieved over those intervening decades.

Since RFID devices are becoming a ubiquitous part of everyday life it is interesting to learn more about them through teardowns like this one. The chip here is a bit different to those you’ll find in more mundane applications in that it uses a much higher frequency, we’d be interested to know the RF field strength required at the finish line to activate it. It would also be interesting to know how the system handles collisions, with many runners passing the reader at once there must be a lot of RFID chatter on the airwaves.

We’ve featured [Ken]’s work before, among many others in his reverse engineering of Clive Sinclair’s 1974 scientific calculator, and his explanation of the inner workings of the TL431 voltage reference. Though we’ve had many RFID projects on these pages, this appears to be the first teardown of one we’ve covered.

USB Soldering Iron is Surprisingly Capable

We know what you’re thinking. There’s no way an 8 watt USB-powered soldering iron could be worth the $5 it commands on eBay. That’s what [BigClive] thought too, so he bought one, put the iron through a test and teardown, and changed his mind. Can he convince you too?

Right up front, [BigClive] finds that the iron is probably not suitable for some jobs. Aside its obvious unsuitability for connections that take a lot of heat, there’s the problem of leakage current when used with a wall-wart USB power supply. The business end of the iron ends up getting enough AC leak through the capacitors of the power supply to potentially damage MOSFETs and the like. Then again, if you’re handy to an AC outlet, wouldn’t you just use a Hakko? Seems like the iron is best powered by a USB battery pack, and [BigClive] was able to solder some surprisingly beefy connections that way. The teardown and analysis reveal a circuit that looks like it came right out of a [Forrest M. Mims III] book. We won’t spoil the surprise for you – just watch the video below.

While not truly cordless like this USB-rechargeable iron, we’d say that for the price, this is a pretty capable iron for certain use cases. Has anyone else tried one of these? Chime in on the comments and let us know what you think.

Continue reading “USB Soldering Iron is Surprisingly Capable”

Robotic Vacuums Get Torn-down For Design Showdown.

Fictiv runs a 3D printing shop. They have a nice interface and an easy to understand pricing scheme. As community service, or just for fun, they decided to tear-down two robot vacuums and critique their construction while taking really nice pictures.

The first to go is the iRobot 650 model. For anyone who’s ever taken apart an iRobot product, you’ll be happy to know that it’s the same thousand-screws-and-bits-of-plastic ordeal that it always was. However, rather than continue their plague of the worst wire routing imaginable, they’ve switched to a hybrid of awfulness and a clever card edge system to connect the bits and pieces.

The other bot is the Neato XV-11. It has way fewer screws and plastic parts, and they even tear down the laser rangefinder module that’s captured many a hacker’s attention. The wire routing inside the Neato is very well done and nicely terminated in hard-to-confuse JST connectors. Every key failure point on the Neato, aside from the rangefinder, can be replaced without disassembling the whole robot. Interestingly, the wheels on both appear to be nearly identical.

In the end they rate the Neato a better robot, but the iRobot better engineered. Though this prize was given mostly for the cleverness of the card edge connectors.

Tearing Down an IP Camera

So you bring home a shiny new gadget. You plug it into your network, turn it on, and it does… well, whatever it wants. Hopefully, it does what you expect and no more, but there is no guarantee: it could be sending your network traffic to the NSA, MI5 or just the highest bidder. [Jelmer] decided to find out what a new IP camera did, and how easy it was to find out by taking a good poke around inside.

In his write-up of this teardown, he describes how he used Wireshark to see who the camera was talking to over the Interwebs, and how he was able to get root access to the device itself (spoilers: the root password was 1234546). He did this by using the serial interface of the Ralink RT3050 that is the brains of the camera to get in, which provided a nice console when he asked politely. A bit of poking around found the password file, which was all too easily decrypted with John the ripper.

This is basic stuff, but if you’ve never opened up an embedded Linux device and gotten root on it, you absolutely should. And now you’ve got a nicely written lesson in how to do it. Go poke around inside the things you own!