Haier Europe Eases Off On Legal Threat And Seeks Dialogue

January 22, 2024 by Maya Posch 42 Comments

After initially sending a cease and desist order to [Andre Basche] – the developer of a Haier hOn plugin for Home Assistant – Haier Europe’s head of Brand and IoT has now penned a much more amicable response, seeking to enter into dialogue in search of a solution for both parties.

This latest development is detailed both in the ongoing GitHub issue, as well as the Takedown FAQ and Timeline document that [Andre] created to keep track of everything that’s going on since we last checked in on the situation. As things stand, there is hope that Haier Europe may relent, especially as the company’s US division has shown no inclinations to join in on the original C&D.

In the confusion following the initial C&D announcement demanding the take-down of [Andre]’s hOn-related repositories, it was not clear to many which Haier was involved. As it turns out, Haier Europe as a separately legal entity apparently decided to go on this course alone, with Haier US distancing themselves from the issue. In that same Reddit thread it’s noted that GE Appliances (part of Haier US) has had a local API available for years. This makes Haier Europe the odd one out, even as they’re attempting some damage control now.

Amidst this whirlwind of developments, we hope that Haier Europe can indeed reach an amicable solution with the community, whether it’s continued API usage, or the development of a local API.

Reverse-Engineering The Web-@nywhere Watch For 2001-Era Smartwatch Action

January 21, 2024 by Maya Posch 10 Comments

Although smartwatches seem to be just a recent fad, people have been strapping wristwatches to their wrists with all kinds of functionality. Whether a miniscule calculator, a remote control, an organizer or as in the case of the Web-@nywhere Watch a web browser. In the last case only sort of, naturally, as it was released in 2001 and this little early 2000s marvel cost only $85 (or $150 in 2024 USD), so what could it really be capable of? This is the million dollar question that [Cameron Kaiser] sought to find out as he found a new-in-box unit for sale.

The Web-@nywhere watch in action. (Credit: Cameron Kaiser)

Beforehand he knew already that the unit required interaction with a PC-based application to sync the 93 kB of on-watch data, with the required software and remote servers now being very much outdated and/or gone. This required some reverse-engineering to once more bring this watch widget back to life. Along the way it became also quite clear that this watch was designed as a cheap rip-off of the much better 1998 Seiko Ruputer – which later got sold also as the onHand PC – using the same joystick-driven interface.

After some poking around with the Windows-based software that came with the watch [Cameron] quickly realized that while it could establish a serial link with the watch in its cradle, it fully relied on a now defunct FTP server formerly run by the manufacturer, Kinger, along with any games and content on it. Since FTP servers were never archived like HTTP sites, this content is likely gone forever.

Fortunately, the protocol between the PC and the watch is a standard serial link (with parity), so [Cameron] was able to sniff the serial traffic and figure out the protocol, the results of which he has made available on GitHub in the form of a Perl script for transforming text and a C-based application to do the uploading. Now once again Web-@nywhere users can proudly roam the streets with 2024-era website content on their wrists.

Haier Threatens Legal Action Against Home Assistant Plugin Developer

January 19, 2024 by Maya Posch 109 Comments

Appliance manufacturer Haier has been integrating IoT features into their newer products, and as is so common these days, users are expected to install their “hOn” mobile application to access them. Not satisfied with that limitation, [Andre Basche] reverse engineered the protocol used by the app, and released a Python library and associated Home Assistant plugin to interface with a wide array of Haier appliances, which includes brands like Hoover, Candy, GE Appliances and others.

Unfortunately, it looks like his efforts have gotten him into a bit of legal hot water. In an issue recently opened on the project’s GitHub page, [Andre] explains the circumstances and legal options that have led him to consider pulling the repositories completely — mostly due to the cost of mounting a legal defense to the cease & desist from Haier Europe.

What’s ironic here is that Haier has been part of the Connectivity Standard Alliance (CSA) since 2022, whose goal is to ‘promote universal open IoT standards’, including Matter.

It’s possible that a legal defense will be mounted against this C&D from Haier within the coming days. Yet regardless of the outcome here, it remains problematic that these IoT-enabled Haier appliances are connected to the Haier servers. Ideally they would be controlled locally, which is the goal of projects like [Miguel Ángel López Vicente]’s ESP Haier, that uses an ESP8266 to connect Haier AC units to the local WiFi and e.g. HA instances, all without requiring internet access.

This is sadly just one more example of why building your own off-line smart home can be such an incredible struggle.

Thanks to [Ar3itrary] for the tip.

Reverse-Engineering A Russian Tornado-S Guidance Circuit Board

January 16, 2024 by Maya Posch 21 Comments

With Russian military hardware quite literally raining down onto the ground in Ukraine, it’s little wonder that a sizeable part of PCBs and more from these end up being sold on EBay. This was thus where [msylvain] got a guidance board from a 300 mm Tornado-S 9M542 GLONASS-guided projectile from, for some exploration and reverse-engineering. The first interesting surprise was that the board was produced in February of 2023, with the Tornado-S system having begun production in 2016.

Presumed location of the PCB under investigation in the Tornado-S rocket.

The 9M542 and similar rocket projectiles are designed to reach their designated area with as much precision as possible, which where the guidance system comes into play. Using both GLONASS and inertial navigation, the rocket’s stack of PCBs (pictured) are supposed to process the sensor information and direct the control system, which for the 9M542 consists out of four canards. The board that [msylvain] is looking at appears to be one of the primary PCBs, containing some DC-DC and logic components, as well as three beefy gate arrays (ULAs). While somewhat similar to FPGAs, these are far less configurable, which is why the logic ICs around it are needed to tie everything together. For this reason, gate array technology was phased out globally by the 1990s due to the competition of FPGAs, which makes this dual-sided PCB both very modern and instantly vintage.

This is where a distinct 1980s Soviet electronics vibe begins, as along the way of noting the function of each identified IC, it’s clear that these are produced by the same Soviet-era factories, just with date stamps ranging from 2018 to more recent and surface-mount DIP-sized packages rather than through-hole.

Continue reading “Reverse-Engineering A Russian Tornado-S Guidance Circuit Board” →

PDP-11 Trouble With A Ruthless Power Supply Issue

January 15, 2024 by Maya Posch 9 Comments

After [David Lovett] of [Usagi Electric] was donated a few cars full of DEC PDP-11 minicomputers of various flavors and vintages, he passed on most of them to loving homes, but kept a few of them himself. One goal of this being to put together a PDP-11 system that could be more easily taken to vintage computer shows than the ‘rollable’ PDP-11s he had access to prior. Of 1980s PDP-11s, the first-generation Large Scale Integration (LSI) PDP11/03 system (so-called Q-Bus models) is among the smallest, taking up about as much space as a 1980s desktop PC, while supporting the second generation LSI PDP-11/23 cards. It all seemed so easy until [David] tried testing the PDP-11/03’s PSU and everything went south.

Despite having access to the circuit diagrams of the PSU, figuring out what was going wrong was an absolute nightmare for [David], after some easy fixes involving replacing a blown fuse and bulging capacitors failed to deliver salvation. Reading through the comments to the video, it would seem that people are generally confused about whether this PSU is a linear, switching or some other configuration. What is clear is that with the absolutely massive transformer, it looks more like a linear power supply, but with a lot of protections against over current and other failure modes built-in, all of which rely on transistors and other components that could have gone bad.

Although in round 1 the PDP-11/03 PSU won the battle, we hope that once round 2 commences [David] will have had the proverbial training montage behind him (set to ‘Eye of the Usagi’, probably) and will manage to get this PSU working once more.

Continue reading “PDP-11 Trouble With A Ruthless Power Supply Issue” →

Reverse-Engineering The ESP32’s WiFi Binary Blob With A Faraday Cage

January 15, 2024 by Maya Posch 37 Comments

The Faraday cage constructed by Jasper Devreker.

As part of a team reverse-engineering the binary blob driver for the ESP32’s WiFi feature at Ghent University, [Jasper Devreker] saw himself faced with the need to better isolate the network packets coming from the ESP32-under-test. This is a tough call in today’s WiFi and 2.4 GHz flooded airwaves. To eliminate all this noise, [Jasper] had to build a Faraday cage, but ideally without racking up a massive invoice and/or relying on second-hand parts scavenged from eBay.

We previously reported on this reverse-engineering project, which has since seen an update. Although progress has been made, filtering out just the packets they were interested in was a big challenge. The solution was a Faraday cage, but on a tight budget.

Rather than relying on exotic power filters, [Jasper] put a battery inside a Faraday cage he constructed out of wood and conductive fabric. To get Ethernet data in and out, a fiber link was used inside a copper tube. Initial testing was done using a Raspberry Pi running usbip and a WiFi dongle. The Faraday cage provided enough attenuation that the dongle couldn’t pick up any external WiFi signals in listening mode.

The total cost of this build came down to a hair over €291, which makes it feasible for a lot of RF experiments by hobbyists and others. We wish [Jasper] and the rest of the team a lot of luck in figuring out the remaining secrets of Espressif’s binary WiFi blob using this new tool.

Reverse Engineering Smart Meters, Now With More Fuming Nitric Acid

January 13, 2024 by Dan Maloney 14 Comments

If you’re lucky, reverse engineering can be a messy business. Sure, there’s something to be said for attacking and characterizing an unknown system and leaving no trace of having been there, but there’s something viscerally satisfying about destroying something to understand it. Especially when homemade fuming nitric acid is involved.

The recipient of such physical and chemical rough love in the video below is a residential electric smart meter, a topic that seems to be endlessly fascinating to [Hash]; this is far from the first time we’ve seen him take a deep dive into these devices. His efforts are usually a little less destructive, though, and his write-ups tend to concentrate more on snooping into the radio signals these meters are using to talk back to the utility company.

This time around, [Hash] has decided to share some of his methods for getting at these secrets, including decapping the ICs inside. His method for making fuming nitric acid from stump remover and battery acid is pretty interesting; although the laboratory glassware needed to condense the FNA approaches the cost of just buying the stuff outright, it’s always nice to have the knowledge and the tools to make your own. Just make sure to be careful about it — the fumes are incredibly toxic. Also detailed is a 3D-printable micropositioner, used for examining and photographing acid-decapped ICs under the microscope, which we’d bet would be handy for plenty of other microscopy jobs.

In addition to the decapping stuff, and a little gratuitous destruction with nitric acid, [Hash] takes a look at the comparative anatomy of smart meters. The tamper-proofing features are particularly interesting; who knew these meters have what amounts to the same thing as a pinball machine’s tilt switch onboard?

Continue reading “Reverse Engineering Smart Meters, Now With More Fuming Nitric Acid” →