Air Filter DRM? Hacker Opts Out With NFC Sticker

August 13, 2022 by 55 Comments

[Flamingo-tech]’s Xiaomi air purifier has a neat safety feature: it will refuse to run if a filter needs replacement. Of course, by “neat” we mean “annoying”. Especially when the purifier sure seems to judge a filter to be useless much earlier than it should. Is your environment relatively clean, and the filter still has legs? Are you using a secondary pre-filter to extend the actual filter’s life? Tough! Time’s up. Not only is this inefficient, but it’s wasteful.

Every Xiaomi filter contains an NTAG213 NFC tag with a unique ID and uses a unique password for communications, but how this password was generated (and therefore how to generate new ones) was not known. This meant that compatible tags recognized by the purifier could not be created. Until now, that is. [Flamingo-tech] has shared the discovery of how Xiaomi generates the password for communication between filter and purifier.

A small NFC sticker is now all it takes to have the purifier recognize a filter as new.

[Flamingo-tech] has long been a proponent of fooling Xiaomi purifiers into acting differently. In the past, this meant installing a modchip to hijack the DRM process. That’s a classic method of getting around nonsense DRM on things like label printers and dishwashers, but in this case, reverse-engineering efforts paid off.

It’s now possible to create simple NFC stickers that play by all the right rules. Is a filter’s time up according to the NFC sticker, but it’s clearly still good? Just peel that NFC sticker off and slap on a new one, and as far as the purifier is concerned, it’s a new filter!

If you’re interested in the reverse-engineering journey, there’s a GitHub repository with all the data. And for those interested in purchasing compatible NFC stickers, [Flamingo-tech] has some available for sale.

Hackaday Podcast 172: Frickin’ Laser Beams, Squishy Stomp Switches, And A Tiny But Powerful DIY Loom

June 10, 2022 by 4 Comments

Join Hackaday Editor-in-Chief Elliot Williams and Assignments Editor Kristina Panos for a free-as-in-beer showcase of the week’s most gnarly but palatable hacks. But first, a reminder! Round 2 of the 2022 Hackaday Prize comes to an end in the early hours of Sunday, June 12th, so there’s still enough time to put a project together and get it entered.

This week, we discuss the utility of those squishy foam balls in projects and issue the PSA that it is in fact pool noodle season, so go get ’em. We drool over if-you-have-to-ask-you-can’t-afford-it 3D printers with staircases and such, and wonder why breadboard game controls didn’t already exist. Later on we laugh about lasers, shake the bottle of LTSpice tips from [fesz], and ponder under-door attacks. Finally, we’re back to frickin’ laser beams again, and we discover that there’s a fruity demoscene in Kristina’s backyard.

Direct Download link

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 172: Frickin’ Laser Beams, Squishy Stomp Switches, And A Tiny But Powerful DIY Loom”

DIY Float Valve For Passive Hydroponics Leverages 3D Printing

February 19, 2022 by 10 Comments

[Billy] has a special interest in passive hydroponics (also known as the Kratky method), which is a way of growing plants in nutrient-rich water that does not circulate. As the plant grows and liquid level drops, only the tips of the roots remain submerged while more and more of the root surface is exposed to oxygen in a harmonious balance. However, “thirsty” plant types (tomatoes, for example) throw off this balance, and the system needs to be modified. To address this, [Billy] designed and printed a passive float valve system that takes care of topping up the reservoir only when needed, without using pumps or any other electrical equipment.

Commercial or industrial float valves are too big to use in his small tanks, which led [Billy] to test dozens of DIY designs. He used everything from plastic water bottles to pipe ends, but nothing quite measured up. With 3D printing, [Billy] was able to create a sealed, lightweight float that exactly matched the housing and tube locations.

A strip of silicone works as a sealing agent.

The way [Billy]’s float valve works is by using a hollow object as a kind of buoyant plug inside a housing. When the water level is high, the buoyant object rises up and presses a strip of silicone against an outlet, preventing water from flowing. If the water level is low, the buoyant plug drops and water is free to flow. With a reservoir of fresh nutrient-rich water placed above the grow tank, gravity takes care of pushing a fresh supply down a tube, so no active pump is needed. Combined with a passive float valve, the system pretty much runs itself.

Watch [Billy] give a tour of his system and valve design in the video embedded below. He’s got a lot of experience when it comes to working with projects involving liquids. Only someone as comfortable as he is would make his own DIY dishwasher.

Continue reading “DIY Float Valve For Passive Hydroponics Leverages 3D Printing”

A smartphone with a robot vacuum in the background

Hacking A Robot Vacuum To Write A Replacement App

September 16, 2021 by 18 Comments

While internet-connected devices can be very useful around the house, and it is pretty cool to be able to monitor your dishwasher from half a world away, it’s important to be mindful of privacy and security issues. For instance, the Cecotec Conga 1490 robot vacuum [Rastersoft] bought came with an Android app, which upon installation asked for near-total access to the user’s phone. Not content with such an invasion of privacy, let alone the potential security implications, [Rastersoft] set to work trying to reverse engineer the robot’s communications (translated) to find out what exactly it was doing when online. He did this by configuring a Raspberry Pi as an access point, letting the vacuum connect to it, and logging all the data flowing through.

As it turned out, the robot phoned home to its manufacturer, reporting its serial number and some configuration settings. The server then passed control to the mobile app, but not without routing all subsequent commands through the remote server. Not only is this creepy, it also means that if the manufacturer were to shut down the server, the app would stop working entirely. [Rastersoft] therefore got the idea to write custom software to control the robot. He began by reconfiguring the Pi’s network setup to fool the vacuum into thinking it was connecting to its manufacturer’s server, and then wrote some Python code to emulate the server’s response. He was now in control of all data flowing back and forth.

After a lot of experimentation and data analysis, [Rastersoft] managed to decipher the commands sent by the app, enabling him to write a complete replacement app seen in the video after the break that includes control of all the vacuum’s standard actions, but also a new feature to manually control the vacuum’s movement. All code is available on GitHub for those who would like to hack their Congas too.

We think this is a great example of software hacking to future-proof devices that you own, while also mitigating many of the dangers to your security and privacy posed by the default software. The fact that the commands you send from your phone to your vacuum go all the way around the world, potentially being stored and read by others, is rather ridiculous in the first place. After all, we’ve already seen how robot vacuums could spy on you.

Continue reading “Hacking A Robot Vacuum To Write A Replacement App”

Historical Hackers: The Hacker Of Cragside, Circa 1870

September 9, 2021 by 27 Comments

Imagine visiting a home that was off the grid, using hydroelectric power to run lights, a dishwasher, a vacuum cleaner, and a washing machine. There’s a system for watering the plants and an intercom between rooms. Not really a big deal, right? This is the twenty first century, after all.

Armstrong with a 7 inch gun of his design
Image of Armstrong and his 7-inch gun from an 1887 edition of Illustrated London News

But then imagine you’ve exited your time machine to find this house not in the present day, but in the year 1870. Suddenly things become quite a bit more impressive, and it is all thanks to a British electrical hacker named William Armstrong who built a house known as Cragside. Even if you’ve never been to Northumberland, Cragside might look familiar. It’s appeared in several TV shows, but — perhaps most notably — played the part of Lockwood Manor in the movie Jurassic World: Fallen Kingdom.

Armstrong was a lawyer by training but dabbled in science including hydraulics and electricity — a hot topic in the early 1800s. He finally abandoned his law practice to form W. G. Armstrong and Company, known for producing Armstrong guns, which were breech-loading artillery pieces ranging from 2.5 inch bores up to 7 inches. By 1859, he was knighted and became the principal supplier of armaments to both the Army and the Navy.

Continue reading “Historical Hackers: The Hacker Of Cragside, Circa 1870”

Live Energy Monitor Helps Plan Power-Hungry Appliance Use

July 20, 2021 by 8 Comments

There are a lot of good reasons to have a better understanding of one’s household power use, and that is especially true for those that do their own solar power collection. For example, [Frederick] determined that it would be more efficient to use large appliances (like a dishwasher or washing machine) when there was excess solar power available, but the challenge was in accessing the right data in a convenient way. His Raspberry Pi-based live energy monitor was the solution, because it uses an LED matrix to display live energy data that can be consulted at a glance.

Interestingly, this project isn’t about hacking the power meter. What this project is really about is conveniently accessing that data when and where it is best needed. [Frederick] has a digital power and gas meter with the ability to accept a small wireless dongle. That dongle allows a mobile phone app to monitor power usage, including whether power is being taken from or exported to the grid.

Since [Frederick] didn’t want to have to constantly consult his mobile phone, a Raspberry Pi using a Pimoroni Unicorn HAT HD acts as a glanceable display. His Python script polls the power meter directly over WiFi, then creates a live display of power usage: one LED for every 250 W of power, with the top half of the display being power used, and the bottom half representing power exported to the grid. Now the decision of when to turn on which appliances for maximum efficiency is much easier, not by automating the appliances themselves, but simply by displaying data where it needs to be seen. (This kind of thing, incidentally, is exactly the idea behind the Rethink Displays challenge of the 2021 Hackaday Prize.)

As for those of us without a digital power meter that makes it easy for residents to access power data? It turns out there is no reason a power meter’s wireless service interface can’t be sniffed with RTL-SDR.

2021 Hackaday Prize: Rethink, Refresh, And Rebuild

May 18, 2021 by 17 Comments

The 2021 Hackaday Prize begins right now. Tap into your creativity and build your piece of a better future on the topics of supportive technology, everyday robotics, imaginative displays, and work-from-home innovations.

Now in its eighth year, the Hackaday Prize is a global engineering initiative that seeks out new and interesting uses of electronics and other technologies with an eye toward open source/open hardware and a goal of getting your creations out into the world.

The grand prize winner will receive $25,000 and a residency at the Supplyframe Design Lab. In addition to top prizes for the second through fifth place winners, 50 finalists will each receive a $500 prize. But you don’t need to win the Hackaday Prize to take something away. This is your calling: spend time working on those abstract ideas and figuring out how they will fit into life tomorrow, next month, or next decade. Whether it changes peoples’ lives or just brings a smile to a few faces, every interesting step forward is an example where people had ideas so crazy they actually worked. Let’s get in on that!

There are five categories to target with your builds. If you have an idea kicking around, you can probably enter it this year.

Continue reading “2021 Hackaday Prize: Rethink, Refresh, And Rebuild”