A line art schematic of a bicycle CVT drive. Two large green circles at the bottom have the text "1. Increases speed" where the crank arm would enter the system. A series of cam arms highlighted in red say "2. Converts from rotary to reciprocating motion." Finally, a blue highlighted bearing says "3. Converts from reciprocating back to rotary motion."

A Look Inside Bicycle Gearboxes

March 2, 2023 by 23 Comments

While bicycle gearboxes date back to at least the 1920s, they’re relatively unseen in bike racing. One exception is Honda’s race-winning mid-drive gearboxes, and [Alee Denham] gives us a look at what makes these unique drives tick.

Honda has developed three generations of bicycle gearbox as part of their company’s R&D efforts, but none have ever been released as a commercial product. Designed as a way for their engineers to stretch their mental muscles, the gearboxes were only used in bike races and seen at a few trade shows. In 2004, the third gen “derailleur in a box” led to the first gearbox victory in the Downhill World Cup Circuit.

The third gen gearbox differs significantly from the CVT drivetrains in the first and second generation gearboxes, but it is unclear why Honda abandoned the CVT. [Denham] has a nice animation detailing the inner workings of these CVTs based on information from the original patents for these rarely seen gearboxes.

Derailleurs remain the primary drivetrain in racing due to their lighter weight and higher overall efficiency. While still expensive, the decreased maintenance of gearbox drivetrains make a lot of sense for more mundane cycling tasks like commuting or hauling cargo, but only time will tell if the derailleur can be supplanted on the track and trail.

For more on bicycle drivetrains, check out this chainless digital drivetrain or the pros and cons of e-bike conversions.

Continue reading “A Look Inside Bicycle Gearboxes”

How Hard Could It Be To Get Millions Of Phone Bills Right?

March 2, 2023 by 46 Comments

It may be a foreign concept to anyone who has never paid a dime for a phone call over and above the monthly service charge, but phone calls were once very, VERY expensive — especially long-distance calls, which the phone company ungenerously defined as anything more than a few towns away. Woe betide the 70s teen trying to talk to out-of-town friends or carry on a romance with anyone but the guy or girl next door when that monthly phone bill came around; did anyone else try to intercept it from the mailbox before the parents could see it?

While it seems somewhat quaint now, being charged for phone calls was not only a big deal to the customers, but to the phone company itself. The Bell System, which would quickly become a multi-billion dollar enterprise, was built on the ability to accurately meter the use of their service and charge customers accordingly. Like any engineered system, it grew and changed over time, and it had to adapt to the technologies and economic forces at the time.

One of the most interesting phases of its development was the development of Automatic Message Accounting (AMA), which in a very real way paved the way for the wide-open, worldwide, too-cheap-to-meter phone service we enjoy today.

Continue reading “How Hard Could It Be To Get Millions Of Phone Bills Right?”

Security Vulnerabilities In Modern Cars Somehow Not Surprising

March 2, 2023 by 16 Comments

As the saying goes, there’s no lock that can’t be picked, much like there’s no networked computer that can’t be accessed. It’s usually a continual arms race between attackers and defenders — but for some modern passenger vehicles, which are essentially highly mobile computers now, the defenders seem to be asleep at the wheel. The computing systems that control these cars can be relatively easy to break into thanks to manufacturers’ insistence on using wireless technology to unlock or activate them.

This particular vulnerability involves the use of a piece of software called gattacker which exploits vulnerabilities in Bluetooth Low Energy (BLE), a common protocol not only for IoT devices but also to interface a driver’s smartphone or other wireless key with the vehicle’s security system. By using a man-in-the-middle attack the protocol between the phone and the car can be duplicated and the doors unlocked. Not only that, but this can be done without being physically close to the car as long as a network of some sort is available.

[Kevin2600] successfully performed these attacks on a Tesla Model 3 and a few other vehicles using the seven-year-old gattacker software and methods first discovered by security researcher [Martin Herfurt]. Some other vehicles seem to have patched these vulnerabilities as well, and [Kevin2600] didn’t have universal success with every vehicle, but it does remind us of some other vehicle-based attacks we’ve seen before.

A CH32V003 Toolchain — If You Can Get One To Try It On

March 2, 2023 by 40 Comments

We’re in an exciting time for cheap microcontrollers, as with both the rise of RISC-V and the split between ARM and its Chinese subsidiary, a heap of super-cheap and very capable parts are coming to market. Sometimes these cheap chips come with the catch of being difficult to program though, but for one of them the ever-dependable [CNLohr] has brought together his own open-source toolchain. The part in question is the WCH CH32V003, which is a ten-cent RISC-V part that has an impressive array of capabilities. As always though, there’s a snag, in that we’re also told that while supplies are improving this part can be hard to find. The repository is ready for when you can get them again though, and currently also contains some demo work including addressable LED driver code.

As an alternative there’s a comparable and slightly cheaper ARM-based part, the Puya PY32. It’s reckoned to be the cheapest of the flash-based microcontrollers, and like the WCH part is bearing down on the crop of one-time-programmable chips such as the famous and considerably less powerful 3-cent Padauk. This end of the market is certainly heating up a little, and from our point of view this can only mean some exciting projects ahead.

Screenshot of the code decompiled after these patches are applied, showing that all the register writes are nicely decompiled and appropriate register names are shown in the code

Making Ghidra Play Nice With RP2040

March 1, 2023 by 1 Comment

Developing firmware for RP2040 is undeniably fun, what’s with all these PIOs. However, sometimes you will want to switch it around and reverse-engineer some RP2040 firmware instead. If you’ve ever tried using Ghidra for that, your experience might have been seriously lackluster due to the decompiled output not making sense when it comes to addresses – thankfully, [Wejn] has now released patches for Ghidra’s companion, SVD-Loader, that turn it all around, and there’s a blog post to go with these.

SVD-Loader, while an indispensable tool for ARM work, didn’t work at all with the RP2040 due to a bug – fixed foremost. Then, [Wejn] turned to a pecularity of the RP2040 – Atomic Register Access, that changes addressing in a way where the usual decompile flow will result in nonsense addresses. Having brought a ton of memory map data into the equation, [Wejn] rewrote the decoding and got it to a point where peripheral accesses now map to nicely readable register writes in decompiled code – an entirely different picture!

You can already apply the patches yourself if you desire. As usual, there’s still things left in TODO for proper quality of life during your Ghidra dive, but the decompiled code makes way more sense now than it did before. Now, if you ever encounter a RP2040-powered water cooler or an air quality meter, you are ready to take a stab at its flash contents. Not yet familiar with the Ghidra life? Well, our own HackadayU has just the learning course for you!

A grey car sits in the background out of focus, its front facing the camera. It sits over an asphalt roadway with a metal rail extending from the foreground to behind the car in the distance. The rail has a two parallel slots and screws surrounding the slots running down the rail.

What Happened To Sweden’s Slot Car EV Road?

March 1, 2023 by 60 Comments

Many EVs can charge 80% of their battery in a matter of minutes, but for some applications range anxiety and charge time are still a concern. One possible solution is an embedded electrical rail in the road like the [eRoadArlanda] that Sweden unveiled in 2016.

Overhead electrical wires like those used in trolleys have been around since the 1800s, and there have been some tests with inductive coils in the roadway, but the 2 km [eRoadArlanda] takes the concept of the slot car to the next level. The top of the rail is grounded while the live conductor is kept well underground beneath the two parallel slots. Power is only delivered when a vehicle passes over the rail with a retractable contactor, reducing danger for pedestrians, animals, and other vehicles.

One of the big advantages of this technology being in the road bed is that both passenger and commercial vehicles could use it unlike an overhead wire system that would require some seriously tall pantographs for your family car. Testing over several Swedish winters shows that the system can shed snow and ice as well as rain and other road debris.

Unfortunately, the project’s website has gone dark, and the project manager didn’t respond when we reached out for comment. If there are any readers in Sweden with an update, let us know in the comments!

We’ve covered both overhead wire and embedded inductive coil power systems here before if you’re interested in EV driving with (virtually) unlimited range.

Continue reading “What Happened To Sweden’s Slot Car EV Road?”

A closeup of the faulty section of the dial - you can spot the plastic rivets that broke off

The Tale Of Two Broken Flukes

March 1, 2023 by 11 Comments

Some repairs happen as if by pure luck, and [Sebastian] shows us one such repair on Hackaday.io. He found two Fluke 175 meters being sold on eBay, with one having a mere beeper issue, and another having a “strange error”. Now, theoretically, swapping beepers around would give you one working meter and a kit of spare parts – but this is Fluke we’re talking about, and [Sebastian] wasn’t satisfied leaving it there.

First, he deduced that the beeper issue could be fixed by repositioning the piezo disk – and indeed, that brought the meter number one to working order. This left the mysterious error – the meter would only power up in certain rotations of the dial, and would misbehave, at that. Disassembly cleared things up – the dial mechanics failed, in that a half of the metal contacts came detached after all the plastic rivets holding the metal piece in place mysteriously vanished. The mechanics were indeed a bit intricate, and our hacker hoped to buy a replacement, but seeing the replacement switch prices in three-digit range, out came the epoxy tube.

An epoxy fix left overnight netted him two perfectly working Fluke meters, and while we don’t know what the listing price was for these, such a story might make you feel like taking your chances with a broken Fluke, too. The tale does end with a word of caution from [Sebastian], though – apparently, cleaning the meters took longer than the repairs themselves. Nevertheless, this kind of repair is a hobbyist’s dream – sometimes, you have to design a whole new case for your meter if as much as a wire breaks, or painstakingly replace a COB with a TQFP chip.