Author: Jenny List

3428 Articles

Reverse Engineering An Insulin Pump With An SDR And Decapping

April 29, 2019 by 31 Comments

Insulin pumps are a medical device used by people with diabetes to automatically deliver a measured dose of insulin into their bloodstream. Traditionally they have involved a canula and separate connected pump, but more recent models have taken the form of a patch with a pump mounted directly upon it. When [Pete Schwamb]’s daughter received  one of these pumps, an Omnipod, he responded to a bounty offer for reverse engineering its RF protocol. As one of the people who helped create Loop, an app framework for controlling insulin delivery systems, he was in a particularly good position to do the work.

The reverse engineering itself started with the familiar tale of using an SDR to eavesdrop on the device’s 433MHz communication between pump and control device. Interrogating the raw data was straightforward enough, but making sense of it was not. There was a problem with the CRC algorithm used by the device which had a bug involving a bitwise shift in the wrong direction, then they hit a brick wall in the encryption of the data. Hardware investigation revealed a custom chip in the device, and there they might have stalled.

But the international reverse engineering community is not without resources and expertise, and through the incredible work of a university researcher in the UK (whose paper incidentally includes a pump teardown) they were able with an arduous process supported by many people to have the firmware recovered through decapping the chip. Even once they had thus extracted the encryption code and produced their own software their problems were not over, because communication issues necessitated a much better antenna on the RileyLink Bluetooth bridge boards that translated Bluetooth from a mobile phone to 433 MHz for the device.

This precis doesn’t fully encapsulate the immense amount of work over several years by a large group of people with some very specialist skills that reverse engineering the Omnipod represents. To succeed in this task is an incredible feat, and makes for a fascinating write-up.

Thanks [Alex] for the tip.

Emulate A Paper Tape, To Be Life And Soul Of The Cyphercon Party

April 28, 2019 by No comments

The recent Cyphercon badge featured a very clever integrated paper tape reader, and had the hidden feature of a party mode in which all its lights would flash. When [Gigawatts] discovered this after the conference had ended, it was too late to find the tape to activate it. The solution? Build a tape emulator with a microcontroller hooked into the badge’s tape sensors to send the data directly into it.

It was a Tweet from [AND!XOR] that revealed the flashing hidden mode, and in case you missed it you can find all about the amazing badge in our review. The emulator takes a TI Stellaris LaunchPad LM4F120 and a set of jumper wires soldered directly to the jumper wires on the badge’s reverse. Hex values are created from a tape through an in-browser HTML page with a checkbox interface, a sketch converts the hex to tape, and the badge runs the code. The GitHub readme includes a description of the paper tape format as well as some sample tapes including a badge reset one for when you tire of party mode.

Most of us weren’t lucky enough to make it to Cyphercon and receive a badge. But we’re still impressed by the ingenuity of the badge’s designer, and by the complexity of the CTF game of which it formed a part.

A Retro Handheld Console As They Used To Be Made

April 28, 2019 by 4 Comments

Before there were Nintendo Switches, there were Game Boys. And before that there were all the successive generations of Game Boys and other consoles right back to the Game and Watch, and then those handheld Simon and Space Invaders games of the late 1970s. These devices typically packed a 4-bit microcontroller and an array of discrete LEDs, and movements in-game were simply created by alternate LEDs on the game field being flashed.

The TeleBall from [sv2002] is a handheld game in the vein of those early handheld games, in that it features a matrix of LEDs as a screen on which it can display simple games. So far it plays Breakout, and Tennis for Two, which might seem odd were it not for its built-in radio for two-person play with two consoles.

Inside the TeleBall is an Arduino Nano, a Maxim display driver for the LED matrix, and the familiar Nordic Semiconductor RF module. Control is via a potentiometer, and everything sits in a smart 3D-printed case. Everything is open-source, so should you wish to have your own you can head over to the project’s web site and grab all the files. You can watch it in action playing tennis with two consoles in the video below the break.

The original Tennis for Two created in 1958 was an oscilloscope game using an analogue computer, and is credited as the first video game created purely for entertainment purposes. If you’d like to see a recreation of it, we covered one over a decade ago.

Continue reading “A Retro Handheld Console As They Used To Be Made”

FemtoBeacon Is A Tiny ESP32 Coin-Shaped Dev Board

April 28, 2019 by 21 Comments

Our single board microcontroller platforms have become smaller over the years, from the relatively large classic Arduino and Beagleboard form factors of a decade ago to the postage stamp sized Feather and ESP boards of today. But just how small can they go? With current components, [Femtoduino] think they’ve cracked it, delivering an ESP32-based board with WiFi and Bluetooth, and an LDO regulator for 5 V operation in a circular footprint that’s only 9 mm in diameter.

There are some compromises from such a paucity of real-estate, of which perhaps the most obvious is a lack of space to make I/O lines available. It has SPI, a UART, and a couple of I/O lines, and aside from an onboard RGB LED that’s it. But SPI is versatile well beyond its number of lines, and even with so little there is much that can be done. Another potential compromise comes from the antenna, a Molex surface-mount component, which is an inevitable consequence of a 9 mm circular board.

There has to come a point at which a microcontroller platform becomes so small as to be unusable, but it’s clear that there is a little further for this envelope to be pushed. We’d love to see what other designers do in response to this board.

This Owner Took Control Of Their Proprietary Alarm System

April 27, 2019 by 22 Comments

When a tip comes in and the tipster feels they have to reassure us that despite appearances their subject is not facilitating crime, it certainly gets our attention. [Flam2006] has a Brinks home security system which can only be configured using a special device only available to installers, and though they managed to secure one through an eBay sale they went to the trouble of reverse engineering its protocol and writing a software emulator in Python. When an owner hacks their own security system to gain full control of something they own, that’s right up our street.

The communication is via an RS485 serial line, and follows a packetised structure with binary rather than ASCII data. There is an almost plug-and-play system for identifying devices connected to a controller, though it is restricted to those devices which the controller already knows about. There is a video of the official method of programming the controller, as well as one of the software in action. We’ve posted them below the break for your delectation.

The ability to perform these tasks on your own property is an important right that has at times been placed under threat by legislation such as the DMCA. We’ve touched upon it countless times, but probably the most high-profile example that we and the wider media have covered are those stories concerning the parts lockdown on John Deere tractors.

Continue reading “This Owner Took Control Of Their Proprietary Alarm System”

Use A 3D Printer To Electrospin Textiles

April 27, 2019 by 12 Comments

We are all used to desktop 3D printers that extrude molten plastic in layers to build up finished items. A pair of researchers at the Human-Computer Interaction Institute at Carnegie Mellon University, [Michael Rivera] and [Scott Hudson], have added another capability to their printer: electrospinning of textiles.

Electrospinning is a technique in which an extruded material is accelerated from the extruder by an electrostatic charge to form an extremely thin fibre. By applying a many-kilovolt charge between the extruder and the bed, they can create a fibre and lay it down into a mesh from a height to create a felt-like fabric. The same extruder can also produce conventional solid prints, allowing the creation of composite fabric and solid items. They demonstrate a variety of prints including a folding mobile phone stand, a woven lamp, and an interactive wooly sheep, which along with others can be seen in the video below the break.

The full paper can be downloaded as a PDF, and makes for very interesting reading. The voltages involved mean that your Prusa clone may not have this capability any time soon, but we look forward to the moment when desktop electrospinning is a feature on affordable 3D printers.

Continue reading “Use A 3D Printer To Electrospin Textiles”

A Chandelier Guaranteed To Make Some Retro Game Hardware Collectors Wince

April 26, 2019 by 14 Comments

If there’s one thing our community is good at, it’s re-imagining redundant old hardware, particularly in the field of classic gaming consoles and their peripherals. Dead consoles have become new ones, Powergloves have ventured into virtual reality, and light guns, well, they’ve become novelty light fittings.

The [JJGames] Nintendo light gun chandelier will probably make collectors wince who prefer their retro hardware pristine, but it’s certainly an eye-catching conversation piece. The twelve guns are carefully disassembled and the Nintendo electronics removed, before a bulb holder and teardrop lamp is installed. Wiring is completed with twist caps,  the guns are joined at the grip with some metal strips and glue, and a chain for ceiling attachment completes the ensemble. A dozen pieces of ireplacable retro hardware sacrificed for a novelty, or a masterpiece of interior decoration? You decide, though we’d opt for the latter in the context of the retro games based business in which it sits.

Our favourite NES lightgun hack ever has to be [Seb Lee-Delisle]’s one that fires a real laser. Meanwhile [JJGames] have made it here before in a similarly wanton use of classic Nintendo plastic, with their urinal made from SNES cartridges.