how-to

842 Articles

Hardware hacking how-tos

Starlink terminal being injected with 12V from an external PSU

Bypass PoE And Power Your Starlink Terminal Directly

May 2, 2024 by 8 Comments

Sometimes, you will want to power a device in a way it wasn’t designed for, and you might find that the device in question is way too tailored to the original power source. Today, [Oleg Kutkov] is here to give us a master class on excising unnecessary power conversion out of your devices, with the Starlink terminal as an example. This device can only be officially powered from 48V PoE, but can technically work from about 12V – and, turns out, many people want to mount a Starlink terminal to their cars.

[Oleg] shows us the power circuit of the Starlink terminal, explaining which component is responsible for what, and gives us a block diagram. Then, he shows you the 12V rail that all internal components actually draw power from, and where to feed power into it. Plus, he warns you about possible caveats, like having to disable the builtin 12V regulator to prevent it from backfeeding-induced damage. If you’re looking to modify a similar device, this tutorial gives you heaps of insight on what you might need on your foray.

Thinking to modify your own Starlink terminal, perhaps, and wondering about the power consumption? [Oleg] has current consumption graphs for you, collected with a data logger for Uni-T UT800 of his own design, providing detailed figures on just how much energy you ought to supply to power the terminal from 12V, and where to (not) get it. After all, even a seemingly suitable power supply might not do.

The mod as installed into the handheld, complete with the custom 3D-printed back, with a screwdriver being used to install one of the screws

A ROG Ally Battery Mod You Ought To Try

April 17, 2024 by 4 Comments

Today’s hack is an unexpected but appreciated contribution from members of the iFixit crew, published by [Shahram Mokhtari]. This is an ROG Ally Asus-produced handheld gaming console mod that has you upgrade the battery to an aftermarket battery from an Asus laptop to double your battery life (40 Wh to 88 Wh).

There are two main things you need to do: replace the back cover with a 3D printed version that accommodates the new battery, and move the battery wires into the shell of an old connector. No soldering or crimping needed — just take the wires out of the old connector, one by one, and put them into a new connector. Once that is done and you reassemble your handheld, everything just works; the battery is recognized by the OS, can be charged, runs the handheld wonderfully all the same, and the only downside is that your ROG Ally becomes a bit thicker.

Continue reading “A ROG Ally Battery Mod You Ought To Try”

Logic Analyzers: Decoding And Monitoring

April 15, 2024 by 8 Comments

Last time, we looked into using a logic analyzer to decode SPI signals of LCD displays, which can help us reuse LCD screens from proprietary systems, or port LCD driver code from one platform to another! If you are to do that, however, you might find a bottleneck – typically, you need to capture a whole bunch of data and then go through it, comparing bytes one by one, which is quite slow. If you have tinkered with Pulseview, you probably have already found an option to export decoded data – all you need to do is right-click on the decoder output and you’ll be presented with a bunch of options to export it. Here’s what you will find:

2521888-2521888 I²C: Address/data: Start
2521896-2521947 I²C: Address/data: Address write: 22
2521947-2521954 I²C: Address/data: Write
2521955-2521962 I²C: Address/data: ACK
2521962-2522020 I²C: Address/data: Data write: 01
2522021-2522028 I²C: Address/data: ACK
2522030-2522030 I²C: Address/data: Start repeat
2522038-2522089 I²C: Address/data: Address read: 22
2522089-2522096 I²C: Address/data: Read
2522096-2522103 I²C: Address/data: ACK
2522104-2522162 I²C: Address/data: Data read: 91
2522162-2522169 I²C: Address/data: NACK
2522172-2522172 I²C: Address/data: Stop

Whether on the screen or in an exported file, the decoder output is not terribly readable – depending on the kind of interface you’re sniffing, be it I2C, UART or SPI, you will get five to ten lines of decoder output for every byte transferred. If you’re getting large amounts of data from your logic analyzer and you want to actually understand what’s happening, this quickly will become a problem – not to mention that scrolling through the Pulseview window is not a comfortable experience.

The above output could look like this: 0x22: read 0x01 ( DEV_ID) = 0x91 (0b10010001). Yet, it doesn’t, and I want to show you how to correct this injustice. Today, we supercharge Pulseview with a few external scripts, and I’ll show you how to transfer large amounts of Sigrok decoder output data into beautiful human-readable transaction printouts. While we’re at it, let’s also check out commandline sigrok, avoiding the Pulseview UI altogether – with sigrok-cli, you can easily create a lightweight program that runs in the background and saves all captured data into a text file, or shows it on a screen in realtime! Continue reading “Logic Analyzers: Decoding And Monitoring”

anfractuosity's test setup showing the Pi under test and a few pieces of equipment used to perform the attack

Cold Boot Attack You Can Do With A Pi

April 1, 2024 by 2 Comments

A cold boot attack is a way to extract RAM contents from a running system by power cycling it and reading out RAM immediately after loading your own OS. How easy is it for you to perform such an attack? As [anfractuosity] shows, you can perform a cold boot attack with a Raspberry Pi, with a reasonably simple hardware setup and a hefty chunk of bare-metal code.

[anfractuosity]’s setup is simple enough. The Pi 4 under attack is set up to boot from USB drive, and a relay board has it switch between two possible USB drives to boot from: one with a program that fills RAM with , and another with a program that extracts RAM out through UART. The process is controlled by another Pi controlling the relays through GPIOs, that also monitors the target Pi’s UART and uses it as a channel to extract memory.

The outcomes are pretty impressive. After 0.75s of power-down, most of the image could be extracted. That’s without any cooling, so abusing a can of electronics duster is likely to improve these results dramatically. Want to play with cold boot attacks? [anfractuosity]’s code is great for getting your feet wet. Furthermore, the code examples provided serve as a wonderful playground for general memory attack research.

Raspberry Pi not fun enough for you anymore? Well then, you can always start playing with Android phones!

Vastly Improved Servo Control, Now Without Motor Surgery

March 21, 2024 by 13 Comments

Hobby servos are great, but they’re in many ways not ideal for robotic applications. The good news is that [Adam] brings the latest version of his ServoProject, providing off-the-shelf servos with industrial-type motion control to allow for much, much tighter motion tracking than one would otherwise be limited to.

Modifying a servo no longer requires opening the DC motor within.

The PID control system in a typical hobby servo is very good at two things: moving to a new position quickly, and holding that position. This system is not very good at smooth motion, which is desirable in robotics along with more precise motion tracking.

[Adam] has been working on replacing the PID control with a more capable cascade-based control scheme, which can even compensate for gearbox backlash by virtue of monitoring the output shaft and motor position separately. What’s really new in this latest version is that there is no longer any need to perform surgery on the DC motor when retrofitting a servo; the necessary sensing is now done externally. Check out the build instructions for details.

The video (embedded just below) briefly shows how a modified servo can perform compared to a stock one, and gives a good look at the modifications involved. There’s still careful assembly needed, but unlike the previous version there is no longer any need to actually open up and modify the DC motor, which is a great step forward.

Continue reading “Vastly Improved Servo Control, Now Without Motor Surgery”

Lithium-Ion Batteries Power Your Devboards Easily

March 14, 2024 by 25 Comments

Last summer, I was hanging out with a friend from Netherlands for a week, and in the middle of that week, we decided to go on a 20 km bike trip to a nearby beach. Problem? We wanted to chat throughout the trip, but the wind noise was loud, and screaming at each other while cycling wouldn’t have been fun. I had some walkie-talkie software in mind, but only a single battery-powered Pi in my possession. So, I went into my workshop room, and half an hour later, walked out with a Pi Zero wrapped in a few cables.

I wish I could tell you that it worked out wonders. The Zero didn’t have enough CPU power, I only had single-core ones spare, and the software I had in mind would start to badly stutter every time we tried to run it in bidirectional mode. But the battery power solution was fantastic. If you need your hack to go mobile, read on.

Continue reading “Lithium-Ion Batteries Power Your Devboards Easily”

Lift Those Pins With Ease

February 15, 2024 by 16 Comments

Reworking is one of the regular tasks of anyone who is involved in an electronic design process, because try as we might, it’s rare to get a design perfectly right the first time. Some reworking tasks are more difficult than others though, and we have to admit that lifting an IC pin doesn’t always result in success. But with this video from [Mr. SolderFix] there’s hope for conquering the technique, as he takes us through the best pin-raising technique on a variety of packages.

The trick it seems is to lift the pin first without attempting to disengage it from the molten solder, then returning to it with some copper braid to remove the solder and leave it raised. Once the secret is revealed it’s so easy, something a Hackaday scribe should be able to do. He does sound a note of caution though, as some packages are prone to disintegrating when stressed. A broken SOT-23 is not something anyone likes to see through their magnifier.

His channel is full of such no-nonsense soldering advice, and should be a fascinating browse for many readers. Meanwhile we’ve covered quite a bit of rework technique ourselves, such as last year when we looked at BGA work.

Continue reading “Lift Those Pins With Ease”