Author: Arya Voronova

495 Articles

Attack Of The Beepy Clones

June 13, 2025 by 22 Comments

In the Blackberry-keyboard-based project lineage story last week, I covered how a series of open-source projects turned into Beepy, a cool Linux PDA with a lively community. To me, it’s yet another demonstration of power that open-source holds, and more importantly, it shows how even a small pet project of yours could cause big moves in the hardware world, provided you publish it – just ask [JoeN], [WoodWorkeR] and [arturo182].

The journey didn’t end there. For all its benefits, Beepy had some flaws to take care of, some board-killing flaws, even. The 5 V boost regulator was never intended for 4.7 V input it gets when charger is connected, and would occasionally cook itself. A charging current resistor was undersized, leading people to either bodge resistors onto their Beepy boards, or have their battery charge for 30 hours until full. A power path diode was undersized, too, and has burned out on more than a few devices. Also, Beepy’s feature package left things to be desired.

Beepy never made it beyond v1. If I had to guess, partially because of BB Q20 keyboard sourcing troubles, but also definitely some sort of loss of interest. Which is a shame, as the plans v1.5 of the hardware were pretty exciting. In the meantime, other players decided to take up the mantle – here’s a tale of three projects.

Continue reading “Attack Of The Beepy Clones”

The Blackberry Keyboard: How An Open-Source Ecosystem Sprouts

June 4, 2025 by 43 Comments

What could happen when you open-source a hardware project?

No, seriously. I hold a fair few radical opinions – one is that projects should be open-source to the highest extent possible. I’ve seen this make miracles happen, make hackerdom stronger, and nourish our communities. I think we should be publishing all the projects, even if incomplete, as much as your opsec allows. I would make ritual sacrifices if they resulted in more KiCad projects getting published, and some days I even believe that gently bullying people into open-sourcing their projects can be justified. My ideal universe is one where companies are unable to restrict schematics from people getting their hardware, no human should ever hold an electronics black box, by force if necessary.

Why such a strong bias? I’ve seen this world change for the better with each open-source project, and worse with closed-source ones, it’s pretty simple for me. Trust me here – let me tell you a story of how a couple reverse-engineering efforts and a series of open-source PCBs have grown a tree of an ecosystem.

A Chain Of Blackberry Hackers

Continue reading “The Blackberry Keyboard: How An Open-Source Ecosystem Sprouts”

Interposer Helps GPS Receiver Overcome Its Age

March 4, 2025 by 5 Comments

We return to [Tom Verbeure] hacking on Symmetricom GPS receivers. This time, the problem’s more complicated, but the solution remains the same – hardware hacking. If you recall, the previous frontier was active antenna voltage compatibility – now, it’s rollover. See, the GPS receiver chip has its internal rollover date set to 18th of September 2022. We’ve passed this date a while back, but the receiver’s firmware isn’t new enough to know how to handle this. What to do? Build an interposer, of course.

You can bring the module up to date by sending some extra init commands to the GPS chipset during bootup, and, firmware hacking just wasn’t the route. An RP2040 board, a custom PCB, a few semi-bespoke connectors, and a few zero-ohm resistors was all it took to make this work. From there, a MITM firmware wakes up, sends the extra commands during power-on, and passes all the other traffic right through – the system suspects nothing.

Everything is open-source, as we could expect. The problem’s been solved, and, as a bonus, this implant gives a workaround path for any future bugs we might encounter as far as GPS chipset-to-receiver comms are concerned. Now, the revived S200 serves [Tom] in his hacking journeys, and we’re reminded that interposers remain a viable way to work around firmware bugs. Also, if the firmware (or the CPU) is way too old to work with, an interposer is a great first step to removing it out of the equation completely.

Cheap Hackable Smart Ring Gets A Command Line Client

March 4, 2025 by 18 Comments

Last year, we’ve featured a super cheap smart ring – BLE, accelerometer, heart sensor, and a battery, all in a tiny package that fits on your finger. Back when we covered it, we expected either reverse-engineering of stock firmware, or development of a custom firmware outright. Now, you might be overjoyed to learn that [Wesley Ellis] has written a Python client for the ring’s stock firmware.

Thanks to lack of any encryption whatsoever, you can simply collect the data from your ring, no pairing necessary, and [Wesley]’s work takes care of the tricky bits. So, if you want to start collecting data from this ring right now, integrate it into anything you want, such as your smart home or exoskeleton project, this client is enough. A few firmware secrets remain – for instance, the specific way that the ring keep track of day phases, or SPO2 intricacies. But there’s certainly enough here for you to get started with.

This program will work as long as your ring uses the QRing app – should be easy to check right in the store listing. Want to pick up the mantle and crack open the few remaining secrets? Everything is open-source, and there’s a notepad that follows the OG reverse-engineering journey, too. If you need a reminder on what this ring is cool for, here’s our original article on it.

An excerpt from the website, showing the nRootTag block diagram and describing its structure

Hijacking AirTag Infrastructure To Track Arbitrary Devices

March 3, 2025 by 7 Comments

In case you weren’t aware, Apple devices around you are constantly scanning for AirTags. Now, imagine you’re carrying your laptop around – no WiFi connectivity, but BLE’s on as usual, and there’s a little bit of hostile code running at user privileges, say, a third-party app. Turns out, it’d be possible to make your laptop or phone pretend to be a lost AirTag – making it and you trackable whenever an iPhone is around.

The nroottag website isn’t big on details, but the paper ought to detail more; the hack does require a bit of GPU firepower, but nothing too out of the ordinary. The specific vulnerabilities making this possible have been patched in newer iOS and MacOS versions, but it’s still possible to pull off as long as an outdated-firmware Apple device is nearby!

Of course, local code execution is often considered a game over, but it’s pretty funny that you can do this while making use of the Apple AirTag infrastructure, relatively unprivileged, and, exfiltrate location data without any data connectivity whatsoever, all as long as an iPhone is nearby. You might also be able to exflitrate other data, for what it’s worth – here’s how you can use AirTag infrastructure to track new letter arrivals in your mailbox!

Here’s A Spy Movie-Grade Access Card Sniffing Implant

March 3, 2025 by 17 Comments

Some of our devices look like they’re straight out of hacker movies. For instance, how about a small board you plant behind an RFID reader, collecting access card data and then replaying it when you next walk up the door? [Jakub Kramarz] brings us perhaps the best design on the DIY market, called The Tick – simple, flexible, cheap, tiny, and fully open-source.

Take off the reader, tap into the relevant wires and power pins (up to 25V input), and just leave the board there. It can do BLE or WiFi – over WiFi, you get a nice web UI showing you the data collected so far, and letting you send arbitrary data. It can do Wiegand like quite a few open-source projects, but it can also do arbitrary clock+data protocols, plus you can just wire it up quickly, and it will figure out the encoding.

We could imagine such a board inside a Cyberpunk DnD rulebook or used in Mr Robot as a plot point, except that this one is real and you can use it today for red teaming and security purposes. Not to say all applications would be NSA-catalog-adjacent pentesting – you could use such a bug to reverse-engineer your own garage door opener, for one.

Sensory Substitution Device Tingles Back Of Your Hand

March 3, 2025 by 3 Comments

A team from the University of Chicago brings us a new spin on sensory substitution, the “Seeing with the Hands” project, turning external environment input into sensations. Here specifically, the focus is on substituting vision into hand sensations, aimed at blind and vision disabled. The prototype is quite inspiration-worthy!

On the input side, we have a wrist-mounted camera, sprinkled with a healthy amount of image processing, of course. As for the output, no vibromotors or actuators are in use – instead, tactile receptors are stimulated by passing small amounts of current through your skin, triggering your touch receptors electrically. An 5×6 array of such “tactile” pixels is placed on the back of the hand and fingers. The examples provided show it to be a decent substitution.

This technique depends on the type of image processing being used, as well as the “resolution” of the pixels, but it’s a fun concept nevertheless, and the study preprint has some great stories to tell. This one’s far from the first sensory substitution devices we’ve covered, though, as quite a few of them were mechanical in nature – the less moving parts, the better, we reckon!