PCB of the antenna about to be modded, with components desoldered and different parts of the circuit highlighted

Make A GPS Antenna Compatible With Same Manufacturer’s Receiver

April 3, 2024 by Arya Voronova 9 Comments

GPS can be a bit complex of a technology – you have to receive a signal below the noise floor, do quite a bit of math that relies on the theory of relativity, and, adding insult to injury, you also have to go outside to test it. Have you ever wondered how GPS antennas work? In particular, how do active GPS antennas get power down the same wire that they use to send signal to the receiver? Wonder not, because [Tom Verbeure] gifts us a post detailing a mod letting a fancy active GPS antenna use a higher-than-expected input voltage.

[Tom]’s post has the perfect amount of detail – enough pictures to illustrate the entire journey, and explanations to go with all of it. The specific task is modifying a Symmetricom antenna to work with a Symmetricom GPS receiver, which has a puzzling attribute of supplying 12V to the antenna instead of more common 3.3V or 5V. There’s a few possible options detailed, and [Tom] goes for the cleanest possible one – replacing the voltage regulator used inside of the antenna.

With a suitable replacement regulator installed and a protection diode replaced, the antenna no longer registers as a short circuit, and gets [Tom] a fix – you, in turn, get a stellar primer on how exactly active GPS antennas work. If your device isn’t ready to use active GPS antennas, [Tom]’s post will help you understand another GPS antenna hack we covered recently – modifying the Starlink dish to use an active antenna to avoid jamming on the frontlines.

Showing the ESP-Prog-Adapter board plugged into the ESP-Prog adapter, wired to a SOIC clip, that then attaches to a PCB under test

ESP-Prog-Adapter Makes Your ESP32 Tinkering Seamless

April 3, 2024 by Arya Voronova 8 Comments

Did you ever struggle with an ESP32 board of yours, wishing you had exposed that UART, or seriously lacking the JTAG port access? If so, you should seriously check out [0xjmux]’s ESP-PROG-Adapter project, because [0xjmux] has put a lot of love and care into making your ESP32 hardware interfacing a breeze. This project shows you how to add JTAG and UART headers with extra low board footprint impact, gives you a KiCad library to do so super quickly, and shares a simple and helpful adapter PCB you can directly use with the exceptionally cheap Espressif’s ESP-Prog dongle you should have bought months ago.

The hardware is perfect for ZIF no-soldering interfacing – first of all, both UART and JTAG can be connected through a SOICBite connection, a solderless connector idea that lets you use SPI flashing clips on specially designed pads at the edge of your board. For the fancy toolkit hackers among us, there’s also a Tag Connect symbol suggested and a connector available, but it carries JTAG that you will already get with the SOICBite, so it’s maybe not worth spending extra money on.

Everything is fully open-source, as one could hope! If you’re doing ESP32 hacking, you simply have to order this board and a SOIC clip to go with it, given just how much trouble [0xjmux]’s board will save you when programming or debugging your ESP32 devices. Now, you don’t strictly need the ESP-Prog dongle – you could remix this into an adapter for the Pi Pico board instead. Oh, and if designing boards with ARM CPUs are your thing, you might benefit from being reminded about the Debug Edge standard!

The BR55 battle rifle held in its creator's hands during test firing

Making The Halo 2 Battle Rifle Real

April 3, 2024 by Arya Voronova 48 Comments

We’ve just been shown a creation that definitely belongs on the list of impressive videogame replicas. This BR55 rifle built by [B Squared Mfg] not only looks exactly like its in-game Halo 2 counterpart, it’s also a fully functional firearm chambered in 5.56. The attention to detail even brings us a game-accurate electronic ammo counter.

The rifle and magazine communicate over three pins.

Unfortunately, the only information we have on the weapon currently is the video below. But he does at least go into detail about the practical aspects: caliber choice, the arduous journey of bolt carrier sourcing, and how the ammo counter works.

Each magazine has a potentiometer built into it to detect the number of rounds loaded, but there’s a bit of trickery involved. In the real world, there’s no way a magazine this size could hold the 36 rounds of ammunition depicted in the game, so for each shot fired, the counter subtracts three. It takes a little imagination, but this way it looks as close to the game version as possible.

There will be no published files due to legal concerns, but there’s nothing you couldn’t build yourself, as long as said legal concerns are sorted out for yourself. Depending on where you live, you might have to settle for building a Gauss gun in the same frame, we’ve even seen slimmer ones done commercially. Whatever you build, make sure you store it in a way others can’t access it easily — not all gun safes pass this test.

Continue reading “Making The Halo 2 Battle Rifle Real” →

PCB Design Review: Tinysparrow, A Module For CAN Hacking Needs

April 3, 2024 by Arya Voronova 22 Comments

I enjoy seeing modules that can make designing other devices easier, and when I did a call for design reviews, [enp6s0] has submitted one such board to us. It’s a module called TinySparrow (GitHub), that helps you build your own vehicle ECUs and any other CAN-enabled things. With a microcontroller, plenty of GPIOs, a linear regulator and a CAN transceiver already onboard, this board has more than enough kick for anyone in hobbyist-range automotive space – and it’s surprisingly tiny!

You could build a lot of things around this module – a CAN bus analyzer or sniffer, a custom peripheral for car dashes, or even a full-blown ECU. You can even design any hardware for a robot or a piece of industrial technology that uses CAN for its backbone – we’ve all seen a few of those! It’s a great board, but it uses six layers. We’ll see if we can do something about that here.

Modules like TinySparrow will make your PCBs cheaper while ordering, too! Thanks to the carefully routed microcontroller and the CAN transmitter, whatever board you design around this chip definitely wouldn’t need six layers like this one does – and, unlike designing your own board, you can use someone’s well-tested and tailored libraries and reference circuits!

With TinySparrow, you save a lot of time, effort and money whenever you want to design a car or industrial accessory. After looking at the board files, my proposal for helping today’s board is – like last time – to make its production cheaper, so that more people can get this board into their hands if the creator ever does try and manufacture it. I also have some tips to make future improvements on this design easier, and make it more friendly for its userbase.

Continue reading “PCB Design Review: Tinysparrow, A Module For CAN Hacking Needs” →

Screenshot of eBay listings with Gigaset IoT devices being sold, now basically useless

A Giga-Sunset For Gigaset IoT Devices

April 3, 2024 by Arya Voronova 76 Comments

In today’s “predictable things that happened before and definitely will happen again”, we have another company in the “smart device” business that has just shuttered their servers, leaving devices completely inert. This time, it’s Gigaset. The servers were shuttered on the 29th of March, and the official announcement (German, Google Translate) states that there’s no easy way out.

It appears that the devices were locked into Gigaset Cloud to perform their function, with no local-only option. This leaves all open source integrations in the dust, whatever documentation there was, is now taken down. As the announcement states, Gigaset Communications Gmbh has gotten acquired due to insolvency, and the buyer was not remotely interested in the Smart Home portion of the business. As the corporate traditions follow, we can’t expect open sourcing of the code or protocol specification or anything of the sort — the devices are bricks until someone takes care of them.

If you’re looking for smart devices on the cheap, you might want to add “Gigaset” to your monitored search term list — we’ll be waiting for your hack submissions as usual. After all, we’ve seen some success stories when it comes to abandoned smart home devices – like the recent Insteon story, where a group of device owners bought out and restarted the service after the company got abruptly shut down.

We thank [Louis] for sharing this with us!

Three ZigBee radios in ESD bags, marked "Zigbee Sniffer", "Router" and "Coordinator".

Crash IoT Devices Through Protocol Fuzzing

April 2, 2024 by Arya Voronova 1 Comment

IoT protocols are a relatively unexplored field compared to most PC-exposed protocols – it’s bothersome to need a whole radio setup before you can tinker on something, and often, for low-level experiments, just any radio won’t do. This means there’s quite a bit of security ground to cover. Now, the U-Fuzz toolkit from [asset-group] helps us make up for it.

Unlike fuzzers you might imagine, U-Fuzz doesn’t go in blindly. This toolkit has provisions to parse protocols and fuzz fields meaningfully, which helps because many of devices will discard packets they deem too malformed. With U-Fuzz, you feed it a couple packet captures, help it make some conclusions about packet and protocol structure, and get suggestions on how to crash your devices in ways not yet foreseen.

This allows for basically arbitrary protocol fuzzing, and to demonstrate, we get examples on 5G, CoAP and ZigBee probing alike, with a list of found CVEs to wrap the README up. As Wikipedia often states, this list is incomplete, and you can help by expanding it. Fuzzing is an underestimated tool – it will help you hack ubiquitous wireless protocols, proprietary standards, and smart home hubs alike.

On the left, the main board of the dual board computer, with the CPU and a bunch of connectors visible. On the right, the addon board is shown, with all the extra connectors as described in the article

A Nifty F1C100S Dual-Board Computer

April 2, 2024 by Arya Voronova 15 Comments

The F1C100S (and the F1C200S) is a super simple CPU to use – it’s QFN, it has RAM built-in, and it can run Linux. It just makes sense that we bring it up to you once again, this time, on this dual-board computer by [minilogic]. The boards look super accessible to build for a Linux computer, and it’s alright if you assemble only one of them, too – the second board just makes this computer all that much nicer to use!

One the main board, you get the CPU itself, a couple USB ports, headphone and mic jacks, a microphone, a microSD socket, power management, SPI flash chip, plus some buttons, headers and USB-UART for debug. Add the second board, however, and you get a HDMI video output socket, a RGBTTL LCD header, LiIon battery support, RTC, and even FM radio with TV input.

One problem with this computer – it’s not open-source in the way that we expect and respect, as there’s no board files to be seen. However, at least the schematics are public, so it shouldn’t be hard, and the author provides quite a bit of example code for the F1C100S, which softens the blow. Until the design files are properly published, we can at least learn from the idea and the schematics. If you like what the F1C100S CPU offers, there are other projects you can take things from too, like this low-cost handheld we’re patiently waiting for, or this Linux-powered business card.