Hacking The RF Protocol Of An Obscure Handheld Game

July 6, 2022 by Tom Nardi 9 Comments

When you think old school handheld games, you probably imagine something like Nintendo’s Game Boy line or the Sega Game Gear. But outside of those now iconic systems, there was a vast subculture of oddball handheld games vying for a chunk of an adolescent’s weekly allowance. Many of these were legitimately terrible and frankly aren’t worth remembering, but a few offered unique features that were arguably ahead of their time.

One such game was Hasbro’s short-lived P-O-X. As explained by [Zachary Ennenga], the game didn’t spend much time on store shelves as its core concept of defeating undetectable alien invaders hell-bent on destroying our way of life proved to be more than a little problematic when it launched in September of 2001. But that doesn’t mean it didn’t have some cool ideas, such as a wireless ad-hoc multiplayer capability that let your game autonomously battle it out with other units that got close by.

Fascinated by this feature since his youth, [Zach] set out to study how this relatively cheap kid’s toy was able to pull this off back when even the flagship handheld consoles were still using physical link cables for multiplayer. He was aided in his quest by a particularly helpful patent, which not only gave him clues as to the frequency, data rate, modulation, and encoding of the RF signal, but even explained the game’s logic and overall structure. A lot of what was in the document seemed wishful thinking on the part of Hasbro, but reading through the marketing speak still uncovered some salient technical details.

Armed with an RTL-SDR, GNU Radio, Inspectrum, and a bit of Python, [Zach] was able to identify the signal and begin the process of decoding it. This is where things get really interesting, as the details of his reverse engineering process are widely applicable for all sorts of unknown RF signals. Even if you’re like most people and have nearly zero interest in failed handheld games of the early 2000s, it’s well worth a read. The same techniques he uses to figure out the name and physical characteristics of the invisible foe his game is transmitting could one day help you figure out how to manipulate the data from that wireless weather station you’ve got in the backyard.

Once he figured out the major parts of the protocol, [Zach] moves on to creating his own packets and broadcasting them out in such a way that the real hardware will recognize it. He even comes up with some code that will automatically battle games which wander within range of his Yardstick One, which may come in handy during the inevitable P-O-X Renaissance.

While this might seem like a lot of effort to put into a game that most people have never even heard of, we’ll remind you that some of the greatest hacks to ever grace these pages have been born of similar pursuits. Even if you’re the only person in the world to directly benefit from your current line of research and experimentation, there’s still plenty of like-minded folks in this community that are all to happy to cheer you on from the sidelines.

Reverse Engineering An Apollo-Era Module With X-Ray

June 29, 2022 by Dan Maloney 9 Comments

The gear that helped us walk on the Moon nearly 60 years ago is still giving up its mysteries today, with some equipment from the Apollo era taking a little bit more effort to reverse engineer than others. A case in point is this radiographic reverse engineering of some Apollo test gear, pulled off by [Ken Shirriff] with help from his usual merry band of Apollo aficionados.

The item in question is a test set used for ground testing of the Up-Data Link, which received digital commands from mission controllers. Contrary to the highly integrated construction used in Apollo flight hardware, the test set, which was saved from a scrapyard, used more ad hoc construction, including cards populated by mysterious modules. The pluggable modules bear Motorola branding, and while they bear some resemblance to ICs, they’re clearly not.

[Ken] was able to do some preliminary reverse-engineering using methods we’ve seen him employ before, but ran into a dead end with his scope and meter without documentation. So the modules went under [John McMaster]’s X-ray beam for a peek inside. They discovered that the 13-pin modules are miniature analog circuits using cordwood construction, with common discrete passives stacked vertically between parallel PCBs. The module they imaged showed clear shadows of carbon composition resistors, metal-film capacitors, and some glass-body diodes. Different angles let [Ken] figure out the circuit, which appears to be part of a square wave to sine wave converter.

The bigger mystery here is why the original designer chose this method of construction. There must still be engineers out there who worked on stuff like this, so here’s hoping they chime in on this innovative method.

Reverse-Engineering Forgotten Konami Arcade Hardware

June 28, 2022 by Bryan Cockfield 4 Comments

When fully-3D video games started arriving in the early 90s, some companies were more prepared for the change than others. Indeed, it would take nearly a decade of experimentation before 3D virtual spaces felt natural. Even then, Konami seems to have shot themselves in the foot at the beginning of this era with their first foray into 3D arcade games. [Mog] shows us the ins-and-outs of these platforms while trying to bring them back to life via MAME.

These arcade machines were among the first available with fully-3D environments, but compared to offerings from other companies are curiously underpowered, even for the time. They include only a single digital signal processor which is tasked with calculating all of the scene geometry while competing machines would use multiple DSP chips to do the same job. As a result the resolution and frame rate are very low. Nonetheless, [Mog] set out to get it working in MAME.

To accomplish this task, [Mog] turned to a set of development tools provided to developers for Konami in the early 90s which would emulate the system on the PCs of the time. It surprisingly still worked on Windows 10 with minor tweaking, and with some other tools provided over the decades of others working on MAME these old Konami machines have some new life with this emulator support.

Not everything works perfectly, but [Mog] reports that most of the bugs and other issues were recently worked out or are being actively worked on by other experts in the field. If you remember these games from the arcade era of the 80s and early 90s, it might be time to grab an old CRT and fire this one up again.

Continue reading “Reverse-Engineering Forgotten Konami Arcade Hardware” →

Motherboard on the desk, with a CM4 plugged into it, and all kinds of wires connected to it for purposes of debugging

Hackaday Prize 2022: A CM4 Upgrade For Your Old IPad

June 27, 2022 by Arya Voronova 9 Comments

There’s no shortage of nicely built tablets out there, but unfortunately many of them are powered by what are by now severely outdated motherboards. Since manufacturers releasing replacement motherboards for their old hardware doesn’t look like its likely to be common practice anytime soon, the community will have to take things into their own hands. This is where [Evan]’s project comes in — designing a Raspberry Pi CM4-powered motherboard for the original iPad. It aims to have support for everything you’d expect: display, touchscreen, audio, WiFi, Bluetooth, and even the dock port. Plus it gives you way more computing power to make use of it all.

Testing part fitment with some cardboard CAD.

The original iPad got a lot of things right, a factor definitely contributing to its success back when it was released. [Evan]’s high-effort retrofit works with the iPad’s plentiful good parts, like its solid shell, tailored lithium-ion battery, eye-friendly LCD, and reliable capacitive touchscreen. You’d have to fit the new motherboard inside the space available after these parts all come together, and [Evan] has shaped his PCBs to do exactly that – with room for CM4, and the numerous ICs he’s added so as to leave no function un-implemented.

This project has been underway for over a year, and currently, there’s fourteen information-dense worklogs telling this retrofit’s story. Reverse-engineering the capacitive touchscreen and the LCD, making breakouts for all the custom connectors, integrating a custom audio codec, debugging device tree problems, unconventional ways to access QFN pins left unconnected on accident, and the extensive power management design journey. [Evan] has a lot to teach for anyone looking to bring their old tablet up to date!

The hardware files are open-source, paving the way for others to reuse parts for their own retrofits, and we absolutely would like to see more rebuilds like this one. This project is part of the Hack it Back round of the 2022 Hackaday Prize, and looks like a perfect fit to us. If you were looking for an excuse to start a similar project, now is the time.

Mysterious Adder From 1960s Bendix G-20

June 24, 2022 by Chris Lott 8 Comments

[David Lovett] aka Usagi Electric is taking a dive into yet another old computer design, this one from the early 1960s. He recently obtained eight mystery circuit boards on-loan for the purpose of reverse engineering them. It turns out these came from an old mainframe called the Bendix G-20, a successor to the 1965 G-15 vacuum tube model. The cards are:

Full Adder
AND Gate
OR Gate
Emitter Follower
Flip Flop
Quad Inverting Amplifier
DLO Amplifier
Gated CPA

Most of these are pretty straightforward to figure out, but he ran into some troubles trying to understand the full adder board. The first issue is there is some uncertainty surrounding the logic level voltages. This system uses negative voltages, with -3.5 V representing a logic 1 … or is it a logic 0? And even taking into account this ambiguity, [David] is having a hard time deciphering how the adder works. It uses a bunch of diodes to implement a logic lookup table of an adder — except he is not able to make it match any known addition scheme. [David] has called out to the community for help on this one, and if you have any ideas how this adder works, visit his wiki linked above for more information and give him shout.

We don’t know how [David] squeezes in the time for these side projects, when he is so busy on the Centurion mini-computer restoration and the monstrous single-bit vacuum tube computer he is building.

Continue reading “Mysterious Adder From 1960s Bendix G-20” →

Ubuntu 22.04 setup screen shown on the Google's Nest Hub display

Breaking Google Nest Hub’s Secure Boot

June 20, 2022 by Arya Voronova 4 Comments

[frederic] tells a story about their team’s hack of a Google Nest Hub (2nd generation) — running Ubuntu on it, through bypassing Google’s boot image signature checks. As with many good hacks, it starts with FCC website pictures. Reverse-engineering a charger and USB daughterboard pin-out, they found a UART connection and broke it out with a custom adapter. With a debug console and insights into the process, they went on hacking, slicing through hardware and software until it was done with.

This story gives plenty of background and insight into both the code that was being investigated, and the way that attack targets were chosen. Through fuzzing, they found a buffer overflow in the bootloader code that could be triggered with help of a non-standard block size. USB flash drives tend to have these hard-coded, so they built a special firmware for a Pi Pico and shortly thereafter, achieved code execution. Then, they hooked into uboot functions and loaded Ubuntu, bypassing the boot image signature checks.

This is a wonderful documentation of a hacking journey, and an exciting read to boot (pun intended). The bug seems to have been patched for half a year now, so you probably can’t flash your Google Nest into Ubuntu anymore. However, you might be able to run an up-to-date Linux on your Amazon Echo.

We thank [Sven] for sharing this with us!

Screenshot of the OpenAsar config window, showing a few of the configuration options

OpenAsar Tweaks Discord’s Frontend, Improves Performance And Privacy

June 19, 2022 by Arya Voronova 16 Comments

Not all hacking happens on hardware — every now and then, we ought to hack our software-based tools, too. [Ducko] tells us about a partially open-source rewrite of Discord’s Electron-based frontend. Web apps can be hard to tinker with, which is why such projects are to be appreciated. Now, this isn’t a reverse-engineering of Discord’s API or an alternative client per se, but it does offer a hopeful perspective on what the Discord client ought to do for us.

First of all, the client loads noticeably faster, not unlike the famous GTA Online speedup (which was also a user-driven improvement), with channel and server switching made less laggy — and the Linux updater was de-cruft-ified as well. [Ducko] tells us how she got rid of the numerous NPM dependencies of the original code – it turned out that most of the dependencies could be easily replaced with Node.JS native APIs or Linux binaries like unzip. Apart from much-appreciated performance improvements, there are also options like telemetry bypass, and customization mechanisms for your own theming. You won’t get Discord on your Apple ][ just yet, but the native client will be a bit friendlier towards you.

While Discord is ultimately a proprietary platform, we do it see used in cool hacks every now and then, like this tea mug temperature-tracking coaster. Would you like to code your own Discord bot? We wrote a walk-through for that. Last but not least, if you like what we wrote and you happen to also use Discord, you should check out the Hackaday Discord server!