Hands On: Bus Pirate 5

If you’ve been involved with electronics and hardware hacking for awhile, there’s an excellent chance you’ve heard of the Bus Pirate. First introduced on the pages of Hackaday back in 2008 by creator Ian Lesnet, the open hardware multi-tool was designed not only as away to easily tap into a wide array of communication protocols, but to provide various functions that would be useful during hardware development or reverse engineering. The Bus Pirate could talk to your I2C and SPI devices, while also being able to measure frequencies, check voltages, program chips, and even function as a logic analyzer or oscilloscope.

Bus Pirate 3, circa 2012

The Bus Pirate provided an incredible number of tools at a hobbyist-friendly price, and it wasn’t long before the device became so popular that it achieved a milestone which only a few hardware hacking gadgets can boast: its sales started to get undercut by cheap overseas clones. Of course, as an open hardware device, this wasn’t really a problem. If other companies wanted to crank out cheap Bus Pirates, that’s fine. It freed Ian up to research a next-generation version of the device.

But it turns out that was easier said than done. It’s around this point that the Bus Pirate enters what might be considered its Duke Nukem Forever phase. It took 15 years to release the sequel to 1996’s Duke Nukem 3D because the state-of-the-art in video games kept changing, and the developers didn’t want to be behind the curve. Similarly, Ian and his team spent years developing and redeveloping versions of the Bus Pirate that utilized different hardware platforms, such as the STM32 and ICE40 FPGA. But each time, there would be problems sourcing components, or something newer and more interesting would be released.

But then in 2021 the Raspberry Pi Pico hit the scene, and soon after, the bare RP2040 chip. Not only were the vast I/O capabilities of the new microcontroller a perfect fit for the Bus Pirate, but the chip was cheap and widely available. Finally, after years of false starts, the Bus Pirate 5 was born.

I was able to grab one of the first all-new Bus Pirates off the production line in January, and have been spending the last week or so playing around with it. While there’s definitely room for improvement on the software side of things, the hardware is extremely promising, and I’m very excited to be see how this new chapter in the Bus Pirate story plays out.

Continue reading “Hands On: Bus Pirate 5”

Canada Bans Flipper Zero Over What It Imagines It Does

Canada’s intent to ban the Flipper Zero wireless tool over car thefts is, on the one hand, an everyday example of poorly researched government action. But it may also be a not-so-subtle peek into the harm misinformation online can cause by leading to said government action.

The Government of Canada recently hosted a national summit on combatting vehicle theft, and Minister of Innovation, Science and Industry François-Philippe Champagne proudly declared immediate actions being taken to ban devices used to steal vehicles by wirelessly bypassing keyless entry, the Flipper Zero being specifically named as one such device.

And yet, defeating a rolling code keyless entry system is a trick a device like the Flipper Zero simply cannot pull off. (What cars have such a system? Any car made in roughly the last thirty years, for a start.)

Continue reading “Canada Bans Flipper Zero Over What It Imagines It Does”

Benchmarking Latency Across Common Wireless Links For MCUs

Although factors like bandwidth, power usage, and the number of (kilo)meters reach are important considerations with wireless communication for microcontrollers, latency should be another important factor to pay attention to. This is especially true for projects like controllers where round-trip latency and instant response to an input are essential, but where do you find the latency number in datasheets? This is where [Michael Orenstein] and [Scott] over at Electric UI found a lack of data, especially when taking software stacks into account. In other words, it was time to do some serious benchmarking.

The question to be answered here was specifically how fast a one-way wireless user interaction can be across three levels of payload sizes (12, 128, and 1024 bytes). The effective latency is measured from when the input is provided on the transmitter, and the receiver has processed it and triggered the relevant output pin. The internal latency was also measured by having a range of framework implementations respond to an external interrupt and drive a GPIO pin high. Even this test on an STM32F429 MCU already showed that, for example, the STM32 low-level (LL) framework is much faster than the stm32duino one.

Continue reading “Benchmarking Latency Across Common Wireless Links For MCUs”

Resistor Color Code Clock Is A Bit Of Fun

Younger electronic engineers may see resistors with old-style color codes to display their values a little less than those from previous years, but if there’s a shibboleth among those who wield a soldering iron it’s probably something similar to instinctively saying “1K” when asked “Brown-black-red?”. Colors as numbers can be used outside resistors, for example in a clock, as [Det Builds Stuff] shows us with an ESP32 TFT dev board.

It’s fair to say that this is more of a software project than a hardware one, but that’s not necessarily a bad thing as he takes us though the process of creating a Network Time Protocol (NTP) capable clock with the dev board. He claims it may be the world’s first resistor clock, something we’d have to disagree with, but beside that we can see this could make a neat little desk ornament with a 3D printed case.

Oddly though, we’d expect older engineers to face the same steep learning curve as younger ones when reading it, because it’s easier to recognize visual sequences of numbers as preferred resistor values than it is to visually decode each one every time.

Continue reading “Resistor Color Code Clock Is A Bit Of Fun”

Bus Pirate 5 Now Shipping

It’s happened to all of us at one time or another. There’s some component sitting on the bench, say an I2C sensor, a new display, or maybe a flash chip, and you want to poke around with it. So you get out the breadboard, wire it to a microcontroller, write some code, flash it…you get the idea. Frankly, it’s all kind of a hassle. Which is why [Ian Lesnet] created the Bus Pirate: a USB multi-tool designed to get you up and running with a new piece of hardware as quickly as possible.

Now, after years of development, the Bus Pirate 5 is available for purchase. Completely redesigned to take advantage of the impressive I/O capabilities of the RP2040, the new Bus Pirate also features a 240 x 320 IPS LCD that can show real-time voltage data and pin assignments. But despite the new display, and the bevy of RGB LEDs lurking under the injection molded enclosure, the primary interface for the device remains the VT100 terminal interface — now with the addition of a color status bar running along the bottom.

Continue reading “Bus Pirate 5 Now Shipping”

Reverse-Engineering The Web-@nywhere Watch For 2001-Era Smartwatch Action

Although smartwatches seem to be just a recent fad, people have been strapping wristwatches to their wrists with all kinds of functionality. Whether a miniscule calculator, a remote control, an organizer or as in the case of the Web-@nywhere Watch a web browser. In the last case only sort of, naturally, as it was released in 2001 and this little early 2000s marvel cost only $85 (or $150 in 2024 USD), so what could it really be capable of? This is the million dollar question that [Cameron Kaiser] sought to find out as he found a new-in-box unit for sale.

The Web-@nywhere watch in action. (Credit: Cameron Kaiser)
The Web-@nywhere watch in action. (Credit: Cameron Kaiser)

Beforehand he knew already that the unit required interaction with a PC-based application to sync the 93 kB of on-watch data, with the required software and remote servers now being very much outdated and/or gone. This required some reverse-engineering to once more bring this watch widget back to life. Along the way it became also quite clear that this watch was designed as a cheap rip-off of the much better 1998 Seiko Ruputer – which later got sold also as the onHand PC – using the same joystick-driven interface.

After some poking around with the Windows-based software that came with the watch [Cameron] quickly realized that while it could establish a serial link with the watch in its cradle, it fully relied on a now defunct FTP server formerly run by the manufacturer, Kinger, along with any games and content on it. Since FTP servers were never archived like HTTP sites, this content is likely gone forever.

Fortunately, the protocol between the PC and the watch is a standard serial link (with parity), so [Cameron] was able to sniff the serial traffic and figure out the protocol, the results of which he has made available on GitHub in the form of a Perl script for transforming text and a C-based application to do the uploading. Now once again Web-@nywhere users can proudly roam the streets with 2024-era website content on their wrists.

Alarm Panel Hack Defeats Encryption By Ignoring It

As frustrating as it may be for a company to lock you into its ecosystem by encrypting their protocols, you have to admit that it presents an enticing challenge. Cracking encryption can be more trouble than it’s worth, though, especially when a device gives you all the tools you need to do an end-run around their encryption.

We’ll explain. For [Valdez], the encrypted communication protocols between a DSC alarm panel and the control pads on the system were serious impediments to integration into Home Assistant. While there are integrations available for these alarm panels, they rely on third-party clouds, which means that not only is your security system potentially telling another computer all your juicy details, but there’s also the very real possibility that the cloud system can either break or be shut down; remember the Chamberlain MyQ fiasco?

With these facts in mind, [Valdez] came up with a clever workaround to DSC encryption by focusing on physically interfacing with the keypad. The device has a common 16×2 LCD and a 25-key keypad, and a little poking around with a multimeter and a $20 logic analyzer eventually showed that the LCD had an HD44780 controller, and revealed all the lines needed to decode the display with an ESP32. Next up was interfacing with the keypad, which also involved a little multimeter work to determine that the keys were hooked up in a 5×5 matrix. Ten GPIOs on the ESP32 made it possible to virtually push any key; however, the ten relays [Valdez] originally used to do the switching proved unwieldy. That led to an optocoupler design, sadly not as clicky but certainly more compact and streamlined, and enabling complete control over the alarm system from Home Assistant.

We love this solution because, as [Valdez] aptly points out, the weakest point in any system is the place where it can’t be encrypted. Information has to flow between the user and the control panel, and by providing the electronic equivalents to eyes and fingers, the underlying encryption is moot. Hats off to [Valdez] for an excellent hack, and for sharing the wealth with the HA community.