Decapsulating A PIC12F683 To Examine Its CMOS Implementation

December 19, 2025 by John Elliot V 8 Comments

In a recent video, [Andrew Zonenberg] takes us through the process of decapsulating a PIC12F683 to take a peek at its CMOS implementation.

This is a multipart series with five parts done and more to come. The PIC12F683 is an 8-pin flash-based, 8-bit microcontroller from Microchip. [Andrew] picked the PIC12F683 for decapsulation because back in 2011 it was the first microcontroller he broke read-protection on and he wanted to go back and revisit this chip, given particularly that his resources and skills had advanced in the intervening period.

The five videos are a tour de force. He begins by taking a package cross section, then decapsulating and delayering. He collects high-resolution photos as he goes along. In the process, he takes some time to explain the dangers of working with acid and the risk mitigations he has in place. Then he does what he calls a “floorplan analysis” which takes stock of the entire chip before taking a close look at the SRAM implementation.

If you’re interested in decapsulating integrated circuits you might want to take a look at Laser Fault Injection, Now With Optional Decapping, A Particularly Festive Chip Decapping, or even read through the transcript of the Decapping Components Hack Chat With John McMaster.

Continue reading “Decapsulating A PIC12F683 To Examine Its CMOS Implementation” →

Liberating AirPods With Bluetooth Spoofing

December 12, 2025 by Aaron Beckendorf 18 Comments

Apple’s AirPods can pair with their competitors’ devices and work as basic Bluetooth earbuds, but to no one’s surprise most of their really interesting features are reserved for Apple devices. What is surprising, though, is that simple Bluetooth device ID spoofing unlocks these features, a fact which [Kavish Devar] took advantage of to write LibrePods, an AirPods controller app for Android and Linux.

In particular, LibrePods lets you control noise reduction modes, use ear detection to pause and unpause audio, detect head gestures, reduce volume when the AirPods detect you’re speaking, work as configurable hearing aids, connect to two devices simultaneously, and configure a few other settings. The app needs an audiogram to let them work as hearing aids, and you’ll need an existing audiogram – creating an audiogram requires too much precision. Of particular interest to hackers, the app has a debug mode to send raw Bluetooth packets to the AirPods. Unfortunately, a bug in the Android Bluetooth stack means that LibrePods requires root on most devices.

This isn’t the first time we’ve seen a hack enable hearing aid functionality without official Apple approval. However, while we have some people alter the hardware, AirPorts can’t really be called hacker- or repair-friendly.

Thanks to [spiralbrain] for the tip!

Shelf Life Extended: Hacking E-Waste Tags Into Conference Badges

December 3, 2025 by Matt Varian 10 Comments

Ever wonder what happens to those digital price tags you see in stores once they run out of juice? In what is a prime example of e-waste, many of those digital price tags are made with non-replaceable batteries, so once their life is over they are discarded. Seeing an opportunity to breathe new life into these displays, [Tylercrumpton] went about converting them to be the official badge of the Phreaknic 26 conference.

Looking for a solution for a cheap display for the upcoming conference badge, [Tylercrumpton] recalled seeing the work [Aaron Christophel] did with reusing electronic shelf labels. Looking on eBay, he picked up a lot of 100 ZBD 55c-RB labels for just $0.70 a piece. When they arrived, he got to work liberating the displays from their plastic cases. The long-dead batteries in the devices ended up being easily removed, leaving behind just the display and the PCB that drives it.

Another hacker assisting with the badge project, [Mog], noticed that the spacing of the programming pads on the PCB was very close to the spacing of a DB9/DE9 cable. This gave way to a very clever hack for programming the badges: putting pogo pins into a female connector. The other end of the cable was connected to a TI CC Debugger which was used to program the firmware on the displays. But along the way, even this part of the project got an upgrade with moving to an ESP32 for flashing firmware, allowing for firmware updates without a host computer.

The next challenge was how to handle customizing 200 unique badges for the conference. For this, each badge had a unique QR code embedded in the back of the 3D printed case that pointed to an online customization tool. The tool allowed the user to change which of the images was used for the background, as well as input the name they wanted to be displayed on the badge. Once finished, the server would provide a patched firmware image suitable for flashing the badge. The original intent was to have stations where attendees could plug in their badge and it would update itself; however, due to some 11th hour hiccups, that didn’t pan out for this conference. Instead, [Tylercrumpton] ran the update script on his machine, and it gave him a great opportunity to interact with conference attendees as they stopped by to update their badges.

For the Phreaknic 27 badge, the plan is to once again use electronic shelf labels, but this time to utilize some of the advanced features of the tags such as the EEPROM and wireless communications. We’re eager to see what the team comes up with.

Continue reading “Shelf Life Extended: Hacking E-Waste Tags Into Conference Badges” →

Reverse Engineering The Miele Diagnostic Interface

November 17, 2025 by Maya Posch 22 Comments

Since modern household appliances now have an MCU inside, they often have a diagnostic interface and — sometimes — more. Case in point: Miele washing machines, like the one that [Severin] recently fixed, leading to the firmware becoming unhappy and refusing to work. This fortunately turned out to be recoverable by clearing the MCU’s fault memory, but if you’re unlucky, you will have to recalibrate the machine, which requires very special and proprietary software.

Naturally, this led [Severin] down the path of investigating how exactly the Miele Diagnostic Utility (MDU) and the Program Correction (PC) interface communicate. Interestingly, the PC interface uses an infrared LED/receiver combination that’s often combined with a status LED, as indicated by a ‘PC’ symbol. This interface uses the well-known IrDA standard, but [Severin] still had to track down the serial protocol.

Continue reading “Reverse Engineering The Miele Diagnostic Interface” →

Robot Phone Home…Or Else

October 24, 2025 by Al Williams 64 Comments

We would have enjoyed [Harishankar’s] tear down of a robot vacuum cleaner, even if it didn’t have a savage twist at the end. Turns out, the company deliberately bricked his smart vacuum.

Like many of us, [Harishankar] is suspicious of devices beaming data back to their makers. He noted a new vacuum cleaner was pinging a few IP address, including one that was spitting out logging or telemetry data frequently. Of course, he had the ability to block the IP address which he did. End of story, right?

No. After a few days of working perfectly, the robot wouldn’t turn on. He returned it under warranty, but the company declared it worked fine. They returned it and, indeed, it was working. A few days later, it quit again. This started a cycle of returning the device where it would work, it would come home and work for a few days, then quit again.

You can probably guess where this is going, but to be fair, we gave you a big hint. The fact that it would work for days after blocking the IP address wouldn’t seem like a smoking gun in real time.

Continue reading “Robot Phone Home…Or Else” →

Simple Counter Mechanism In An Asthma Inhaler

October 5, 2025 by Maya Posch 10 Comments

The counter wheel and white worm gear inside the counter. (Credit: Anthony Francis-Jones, YouTube)

Recently [Anthony Francis-Jones] decided to take a closer look at the inhaler that his son got prescribed for some mild breathing issues, specifically to teardown the mechanical counter on it. Commonly used with COPD conditions as well as asthma, these inhalers are designed to provide the person using it with an exact dose of medication that helps to relax the muscles of the airways. Considering the somewhat crucial nature of this in the case of extreme forms of COPD, the mechanical counter that existed on older versions of these inhalers is very helpful to know how many doses you have left.

Disassembling the inhaler is very easy, with the counter section easily extracted and further disassembled. The mechanism is both ingenious and simple, featuring the counter wheel that’s driven by a worm gear, itself engaged by a ratcheting mechanism that’s progressed every time the cylinder with the medication is pushed down against a metal spring.

After the counter wheel hits the 0 mark, a plastic tab prevents it from spinning any further, so that you know for certain that the medication has run out. In the video [Anthony] speculates that the newer, counter-less inhalers that they got with the latest prescription can perhaps be harvested for their medication cylinder to refill the old inhaler, followed by resetting the mechanical counter. Of course, this should absolutely not be taken as medical advice.

Continue reading “Simple Counter Mechanism In An Asthma Inhaler” →

Open Source Controller For Old And Expensive Industrial Robots

October 4, 2025 by Maya Posch 18 Comments

The Zynq-7000 usage at the core of the robot controller. (Credit: Excessive Overkill, YouTube)

Industrial robots like robotic arms are basically everywhere, albeit usually out of the public’s eye in factories. This also means that they get replaced and scrapped all the time, making for many opportunities to snap up an industrial robot that once cost as much as a pretty fancy car for essentially peanuts. Over the years the bloke behind the [Excessive Overkill] YouTube channel did this a lot, which also revealed the main issue with these ‘cheap’ robots: the electronics and associated software, with the manufacturer rarely going out of their way to appease to hobbyists trying to fix up one of these units, never mind for free.

That said, if you’re persistent enough, you can reverse-engineer these beasts to the point where you can develop your own controller hardware and software solution. This is exactly what was done, resulting in an open source controller, found on the ExcessiveMotion GitHub page, that should allow you to control many of these industrial robots. At the core is a Zynq-7000 hybrid FPGA-ARM SoC chip, running real-time Linux (with preemptive scheduling patch) on the SoC side and custom HDL on the FPGA side to handle the hard real-time tasks.

The controller during testing. (Credit: Excessive Overkill, YouTube)

The controller is made to be modular, with a backplane that can accept various interface cards in addition to the current RS-485 and RS-422 interfaces that are commonly used in industrial settings, such as here for controlling the individual servo drives of the robots. To make assembly and testing interesting, the first controller and integration with a robot was made ready for display at the Open Sauce 2025 event, requiring things to be rushed along, including reverse-engineering the servo protocol for a small-ish industrial robot suitable for public display and use, as well as developing the kinematics for the robotic arm.

With the controller now demonstrated, clearly this is the perfect time to rush out and get one of these fun industrial robots for a few hundred bucks. Currently the controller is still being finalized, with the author asking for feedback on what it should be able to support. If you have a particularly unusual industrial robot lounging around without the requisite controller, this might be your chance to revive it.

Thanks to [Hans] for the tip.

Continue reading “Open Source Controller For Old And Expensive Industrial Robots” →