Author: Arya Voronova

514 Articles

Ethernet For Hackers: Transformers, MACs And PHYs

March 7, 2024 by 21 Comments

We’ve talked about Ethernet basics, and we’ve talked about equipment you will find with Ethernet. However, that’s obviously not all – you also need to know how to add Ethernet to your board and to your microcontroller. Such low-level details are harder to learn casually than the things we talked about previously, but today, we’re going to pick up the slack.

You might also have some very fair questions. What are the black blocks near Ethernet sockets that you generally will see on boards, and why do they look like nothing else you see on circuit boards ever? Why do some boards, like the Raspberry Pi, lack them altogether? What kind of chip do you need if you want to add Ethernet support to a microcontroller, and what might you need if your microcontroller claims to support Ethernet? Let’s talk.

Transformers Make The Data World Turn

One of the Ethernet’s many features is that it’s resilient, and easy to throw around. It’s also galvanically isolated, which meansĀ  you don’t need a ground connection for a link either – not until you want a shield due to imposed interference, at which point, it might be that you’re pulling cable inside industrial machinery. There are a few tricks to Ethernet, and one such fundamental Ethernet trick is transformers, known as “magnetics” in Ethernet context.

Each pair has to be put through a transformer for the Ethernet port to work properly, as a rule. That’s the black epoxy-covered block you will inevitably see near an Ethernet port in your device. There are two places on the board as far as Ethernet goes – before the transformer, and after the transformer, and they’re treated differently. After the transformer, Ethernet is significantly more resilient to things like ground potential differences, which is how you can wire up two random computers with Ethernet and not even think about things like common mode bias or ground loops, things we must account for in audio, or digital interfaces that haven’t yet gone optical somehow.

Continue reading “Ethernet For Hackers: Transformers, MACs And PHYs”

A bias tee module added inside the Starlink terminal, connected to the pads where a GPS antenna used to be wired

GPS Antenna Mods Make Starlink Terminal Immune To Jammers

March 6, 2024 by 70 Comments

The Starlink receivers need positioning and precise timing information to function, and currently the best way to get that information is to use a global navigation satellite system (GNSS) such as GPS. Unfortunately, the antenna used for this secondary satellite connection leaves something to be desired. Of course, when it comes to solving Starlink problems, there’s no one best than [Oleg Kutkov], whose duty is to fix and improve upon Starlink terminals used in Ukraine — and when the specific problem is GPS bands getting jammed by the invading military, you better believe that a fix is due.

[Oleg] sets the scene, walking us through the evolution of GPS circuitry on the Starlink terminals. Then he shows us the simplest mods you can do, like soldering an improved passive antenna in place of the chip antenna currently being used. Then, he takes it up a notch, and shows us how you could attach an active antenna by using a bias tee module, a mod that would surely work wonders on more than just this device! Then, he brings out the test result tables — and the differences are impressive, in that the Starlink terminals with active antenna mods were able to get GPS signal in areas with active jamming going on, while the unmodified ones could not.

The post is exceptionally accessible, and a must read for anyone wondering about GPS antenna reception problems in customer-accessible devices. This is not the only Starlink hardware mod we’ve seen [Oleg] make, we’ve just covered his Starlink Ethernet port restoration journey that meticulously fixes Ethernet connectivity oversights in the newer models, and the blog also has an article about powering Starlink terminals without the need for PoE, so, do check it out if you’re looking for more!

A screenshot of the drone monitoring application, showing spoofed drones and their coordinates

Can’t Disable DJI Drone ID? Spoof It With An ESP!

March 4, 2024 by 20 Comments

We have been alerted to a fun tool, a DJI DroneID spoofer software for ESP8266/ESP32 and some other popular MCUs. Last year, we’ve told you about DJI DroneID — a technology DJI added to their drones, which broadcasts data including the drone operator’s GPS position, which, in turn, appears to have resulted in Ukrainian casualties in the Ukraine war. The announcement tweet states that DJI has added mechanisms from downgrading firmware. Hence, the spoofer.

There’s no other hardware needed, well other than an ESP8266 or ESP32 devboard, anyway. After the break you can find a video tutorial from [Joshua Bardwell] that shows you how to upload the code using Arduino IDE, and even going through coordinate tweaks. If you ever reminisced about the concept of throwies and were wondering what kind of useful, well, there’s your answer: clone the Git repo, compile it, program some interesting coordinates in, and witness the imaginary drones fly.

All in all, we get a lovely addition to our shenanigan toolkits. Surely, someone could use a neural network to distinguish real drones from fake ones, but it’s nothing that can’t be solved with a bit of code. Looking for a less daring hack? Well, you can always add some automation to your DJI drone by poking at the RGB LED signals.

Continue reading “Can’t Disable DJI Drone ID? Spoof It With An ESP!”

The FPC adapter shown soldered between the BGA chip and the phone's mainboard, with the phone shown to have successfully booted, displaying an unlock prompt on the screen

IPhone 6S NVMe Chip Tapped Using A Flexible PCB

March 3, 2024 by 3 Comments

Psst! Hey kid! Want to reverse-engineer some iPhones? Well, did you know that modern iPhones use PCIe, and specifically, NVMe for their storage chips? And if so, have you ever wondered about sniffing those communications? Wonder no more, as this research team shows us how they tapped them with a flexible printed circuit (FPC) BGA interposer on an iPhone 6S, the first iPhone to use NVMe-based storage.

The research was done by [Mohamed Amine Khelif], [Jordane Lorandel], and [Olivier Romain], and it shows us all the nitty-gritty of getting at the NVMe chip — provided you’re comfortable with BGA soldering and perhaps got an X-ray machine handy to check for mistakes. As research progressed, they’ve successfully removed the memory chip dealing with underfill and BGA soldering nuances, and added an 1:1 interposer FR4 board for the first test, that proved to be successful. Then, they made an FPC interposer that also taps into the signal and data pins, soldered the flash chip on top of it, successfully booted the iPhone 6S, and scoped the data lines for us to see.

This is looking like the beginnings of a fun platform for iOS or iPhone hardware reverse-engineering, and we’re waiting for further results with bated breath! This team of researchers in particular is prolific, having already been poking at things like MITM attacks on I2C and PCIe, as well as IoT device and smartphone security research. We haven’t seen any Eagle CAD files for the interposers published, but thankfully, most of the know-how is about the soldering technique, and the paper describes plenty. Want to learn more about these chips? We’ve covered a different hacker taking a stab at reusing them before. Or perhaps, would you like to know NVMe in more depth? If so, we’ve got just the article for you.

We thank [FedX] for sharing this with us on the Hackaday Discord server!

a CH32V003 Linux-bearing PCB, single-sided, hand-etched, lovely

Bring Linux To CH32V003 Through, Yes, RISC-V Emulation

March 3, 2024 by 14 Comments

Like playing around with Linux on low-power devices? You’d be hard pressed to find a better example than the [tvlad1234]’s linux-ch32v003 project. It’s not just a one-off — it’s something you could build right now, since it requires hardly any extra parts.

With help of a 8 MB PSRAM chip for RAM supplementation purposes and an SD card, plus some careful tailoring of the Linux .config parameters, you get Linux on a chip never meant to even come close to handling this much power. The five minutes it takes to boot up to a prompt is part of the experience.

As usual with [tvlad1234]’s projects, there’s a fun twist to it! Running Linux on this chip is only possible thanks to [chlohr]’s mini-rv32ima project, which, as you might remember, is a RISC-V emulator. Yes, this runs Linux by running a RISC-V emulator on a RISC-V chip. The main reason for that is because the MCU can’t map the PSRAM chip into RAM, but if you use an emulator, memory mapping is only a matter of software. Having applied a fair amount of elbow grease, [tvlad1234] brings us buildroot and mainline Linux kernel configs you can compile to play with this — as well as a single-layer-ready KiCad board project on GitHub. Yep, you could literally etch a PCB for this project from single-sided copper-clad FR4 with a bit of FeCl3.

While the CH32V003 is undoubtedly a more impressive target for Linux, the RP2040 Linux project might be more approachable in terms of having most of the parts in your parts box. At least, up until we start valuing the CH32V003 for all the cool stuff it can do!

Phone connected to the DIY LTE network playing a YouTube video, with antennas in the background

Building Your Own 4G LTE Base Station

March 3, 2024 by 14 Comments

We’ve seen quite a few DIY 2G networks over the years, but the 4G field has been relatively barren. Turns out, there’s an open source suite called srsRAN that lets you use an SDR for setting up an LTE network, and recently, we’ve found a blog post from [MaFrance351] (Google Translate) that teaches you everything you could need to know if you ever wanted to launch a LTE network for your personal research purposes.

For a start, you want a reasonably powerful computer, a transmit-capable full-duplex software defined radio (SDR), suitable antennas, some programmable SIM cards, and a few other bits and pieces like SIM card programmers and LTE-capable smartphones for testing purposes. Get your hardware ready and strap in, as [MaFrance351] guides you through setting up your own base station, with extreme amounts of detail outlining anything you could get caught up on.

Continue reading “Building Your Own 4G LTE Base Station”

A USB3SUN adapter, connected to a SPARCstation on one end and to a keyboard on another, with the OLED screen showing status icons

An Open SPARCstation USB Keyboard&Mouse Adapter

March 1, 2024 by 12 Comments

Got a SPARCstation? You might have had to deal with the proprietary DIN port used for keyboard and mouse input. However, you need not look for outdated hardware anymore – we’ve recently found an adapter project called [usb3sun], which lets you use a regular USB keyboard and mouse instead! Designed by [delan] from [the funny computer museum], the usb3sun adapter is featureful, open-source, and even comes with four blog posts describing its inner workings and development process!

Based on a Pi Pico board, this adapter has a ton of quality of life features – an OLED screen for status display, extra USB port and headers for debugging, a buzzer to emulate bell and click functions, power LEDs, and all the ports you would expect. The OLED screen is needed just because of how many features this adapter’s firmware has, and you’re bound to get more – the [usb3sun] firmware is being actively updated to this day. It’s as if this adapter aims to do all it possibly could help you with – for instance, one of the firmware updates has added idprom reprogramming features, which, as [delan] tells us, lets you boot your workstation with a dead NVRAM battery.

You can order the adapter PCBs yourself, you can breadboard it by following detailed instructions from [delan], or you can get a fully assembled and tested [usb3sun] adapter on Tindie! This adapter will seriously help you in your SPARCstation forays, and, if you don’t happen to own a SPARCstation, you can always emulate SunOS.