Reverse-Engineering Helps Typesetting Machine Punch Paper Tape Again

July 11, 2023 by Dan Maloney 15 Comments

[Scott M. Baker] wants a paper tape punch for his retrocomputer collection. That’s fine with us, we don’t judge. In fact, these electromechanical peripherals from the past have a lot going for them, especially the noise. But alas, such things are a little hard to come by these days, and rolling one from scratch would be a difficult proposition indeed. What to do?

Luckily, we live in the future, and eBay holds all sorts of wonders, including these typesetter keyboards from the 1970s, which [Scott] promptly reverse-engineered. We’ll get to the details in a minute, but first, can we just take a moment to think about the workflow these things were part of? These aren’t terminals — they lack any kind of IO apart from the punched paper tape they spewed out. The operator’s job was to punch in copy without any kind of feedback that they were hitting the right keys, and just sent the paper tap record of the session off to the typesetting machines. And you think your job sucks.

To give this thing an interface, [Scott] first had to revive the power supply, whose capacitors had seen sunnier days. With that out of the way, he set about understanding the CPU-less machine by analyzing its 7400-series logic, as well as planning how to make the native 6-bit output into a more manageable 8-bit. Thankfully, the tape punch already had solenoids for the top two bits, but finding a way to drive them wasn’t trivial.

The solution was to bypass a buffer so that the bits for the desired character can be set with a Raspberry Pi and an ATF22V10 programmable logic device. That’s enough to force the punch to do its thing; actually getting it to talk to something else, perhaps even [Scott]’s Heathkit H-8 computer.

Continue reading “Reverse-Engineering Helps Typesetting Machine Punch Paper Tape Again” →

Hackaday Prize 2023: Throwaway Temperature Logger To Useful ARM Dev Board

July 1, 2023 by Jenny List 5 Comments

The global supply chain is a masterpiece of containerized logistics that allows a container to leave a factory in China and arrive on a British forecourt after only a few weeks, but along with the efficiency it brings a traceability and monitoring problem. If you are shipping perishable items such as medicines or foodstuffs, how can you be sure that they’ve remained refrigerated the whole journey through?

The answer comes in digital temperature loggers, and since these are throwaway devices [arduinocelentano] decided to look inside and see if they could be reused. The answer is positive, in that many models have the potential to be useful dev boards for very little money.

These devices usually take the form of a bulky USB dongle with an LCD display and a few buttons. Inside they invariably have a low-power ARM microcontroller and a battery as well as the temperature sensor and some flash memory to store the readings. The data is read by the customer through the USB port, and they’re single use with manufacturers paying only lip service to recycling, because the data must by necessity be impossible to erase or alter. Happily for all that, many of them appear to be well-designed internally, with the relevant debug and programming ports exposed and the ability to access the microcontroller. We look forward to seeing what comes of these boards, because while the worst of the chip shortage my now be receding it’s always good to find a new source.

Flipper Zero “Smoking” A Smart Meter Is A Bad Look For Hardware Hackers

June 14, 2023 by Dan Maloney 126 Comments

Alright, we’re calling it — we need a pejorative equivalent to “script kiddie” to describe someone using a Flipper Zero for annoyingly malign purposes. If you need an example, check out the apparent smart meter snuff video below.

The video was posted by [Peter Fairlie], who we assume is the operator of the Flipper Zero pictured. The hapless target smart meter is repeatedly switched on and off with the Flipper — some smart meters have contactors built in so that service can be disconnected remotely for non-payment or in emergencies — which rapidly starts and stops a nearby AC compressor. Eventually, the meter releases a puff of Magic Smoke, filling its transparent enclosure and obscuring the display. The Flipper’s operator mutters a few expletives at the results, but continues turning the meter on and off even more rapidly before eventually running away from the scene of the crime.

We qualify this as “apparent” because the minute we saw this over on RTL-SDR.com, we reached out to reverse engineer par excellence and smart meter aficionado [Hash] for an opinion. Spoiler alert: [Hash] thinks it’s an elaborate hoax; the debunking starts at the 4:32 mark in the second video below. The most damning evidence is that the model of smart meter shown in the video doesn’t even have a disconnect, so whatever [Peter] is controlling with the Flipper, it ain’t the meter. Also, [Hash] figured out where [Peter] lives — he doxxed himself in a previous video — and not only does the meter shown in the video not belong to the Canadian power company serving the house, StreetView shows that there’s a second meter, suggesting that this meter may have been set up specifically for the lulz.

It should go without saying that Hackaday is about as supportive of hardware experimentation as an organization can be. But there have to be some boundaries, and even if this particular video turns out to be a hoax, it clearly steps over the line. Stuff like this paints a poor picture of what hardware hacking is all about, and leads to unintended consequences that make it harder for all of us to get the tools we need.

Continue reading “Flipper Zero “Smoking” A Smart Meter Is A Bad Look For Hardware Hackers” →

A Peek Inside A 747 Fuel Gauge

June 11, 2023 by Matthew Carlson 28 Comments

It isn’t that often that we civilians get the chance to closely examine the fantastic internals that make up the modern marvels of avionic engineering. Luckily for us, [Glen] got his hands on a 747 fuel gauge and tore it down for our benefit. Not only does he tear it down, but he also builds a controller to display values.

Unlike your typical automotive fuel gauge that reports the distance from the top of the tank to the fuel level, this gauge reports the number of pounds of fuel. The fact that the indicator pictured above can go all the way to 95,000 pounds of fuel hits home the sheer scale of the fuel tanks on a 747 compared to your Volvo. Of course, where this gets interesting is the teardown with the metal sleeve removed. A 400 HZ AC servo motor moves the pointer and counter through the gearing with the help of a feedback potentiometer. The resistance tolerance is only 3%, as there are adjustment knobs on the back. But the linearity spec is only 0.06%, putting this part in a different grade from most pots.

One of the indicators was in worse shape than the others, so [Glen] got to work tapping into the internals of the gauge to drive the motor directly. A custom AC power supply repurposed from another project provided power, and a Raspberry Pi Pico was the PID controller. For [Glen], it isn’t all roses. Unfortunately, a noisy spot around 22,500 prevents accurate placement around there.

The code is up on GitHub, and we love having a gauge on the desk to show whatever value we like. If you are curious about more 747 instruments, this retro control unit might interest you.

Continue reading “A Peek Inside A 747 Fuel Gauge” →

Reverse Engineering A Better Night’s Sleep

June 6, 2023 by Dan Maloney 8 Comments

All you want is a decent night’s sleep, so you decide to invest in one of those fancy adjustable beds. At first, it’s fine — being able to adjust the mattress to your needs on the fly is a joy, and yet…something isn’t quite right. Something nags at you every night, thwarting your slumber and turning your dreams of peaceful sleep into a nightmare once you realize your bed has locked you into a vertically integrated software ecosystem from which there’s no escape.

Or is there? That’s what [Chris Laplante] wanted to know, and why he reverse-engineered his Tempur-Pedic remote control. As many products these days do, his bed was touted as having an Android application for smartphone adjustability, but alas, the app hasn’t been updated since 2014 (!) and doesn’t appear to work on modern phones. [Chris] decided to take matters into his own hands and build a gateway to talk to the bed using its native RF protocol.

Most good reverse engineering stories start with research, and this one is no exception. Digging into the FCC database revealed a wealth of clues, such as the frequency — 433-MHz ISM band, no surprise — and even spectrum analyzer screenshots of the remote’s signals. A HackRF One revealed more about the signals, but it turned out that sniffing in on the SPI bus between the microcontroller and the Si4431 RF transceiver with a Salae logic analyzer was more fruitful, allowing him to dig into the packet structure.

The engineers at Tempur-Pedic threw quite a few challenges at [Chris], like an application-level CRC in addition to the CRC used by the Si4431, and interesting complications to control the massage features of the bed. In the end, [Chris] managed to get a pretty complete snapshot of the conversation between the bed and the remote, and is now in the process of building a gateway that’ll actually connect to his phone, plus integrate into his home automation system. We’re looking forward to updates on that.

Can Hobbyists Bring SGI’s IRIX OS Back To Life?

May 31, 2023 by Lewin Day 33 Comments

Irix was the operating system developed by Silicon Graphics from 1988 to 1998. The OS supported the company’s high-end workstations and served in many serious roles. The company cut off support for the UNIX-based OS in 2006, but now a diehard community is looking to bring the ancient codebase back to life.

SGI workstations used to cost big money before the company collapsed. It failed to make the leap to a new era when x86 architecture began to dominate the wider computing industry. Credit: Bruno Cordioli, CC-BY-2.0

While SGI’s workstations once sold for five or six figures, surviving examples can now often be had for just a few hundred dollars on eBay. The MIPS-based hardware was potent for its time, often used for 3D rendering work for video games, films, or for scientific purposes. IRIX was SGI’s own OS built specifically to support these use cases.

The IRIX Network is a hobbyist community that loves these old machines and their software. The group hopes to raise $6,500 through crowdfunding to reverse-engineer IRIX. The hope is to use those learnings to create an open-source derivative version named IRIX-32, based on IRIX 5.3, the last 32-bit version of the OS.

It’s a monumental task, but admirable nonetheless. Whether we one day see IRIX reborn, akin to what happened to AmigaOS, remains to be seen.

Google Nest Hub Teardown

May 29, 2023 by Matthew Carlson 16 Comments

Seeing the guts of devices is a fascination that many hackers share. [Txyz] tore down a 2nd gen Google Nest Hub for all of us to enjoy. The video after the break is well produced and relaxing to watch as various heat shields are removed and debug cables are soldered on.

The main SOC is an Amlogic S905D3G, a 4-core A55-based SoC. The important chips are meticulously documented, and it’s a fascinating look inside a device common in many people’s homes. One chip that’s of note is the BGT60TR13C, otherwise known as Project Soli. It is an 8x10mm chip that uses radar to detect movement with sub-millimeter accuracy. This allows the device to measure your sleep quality or recognize gestures. Luckily for us, [Txyz] has included a datasheet and a block diagram. First, the chip fills a FIFO with data samples. Once full, it will issue an interrupt to the main SoC, which empties the buffer via SPI.

The debug cables allowed him to capture traces of the SPI commands to the BGT60TR13C. [Txyz] focused on decoding the various data blocks and the configuration registers. Unfortunately, only a few registers are documented in the datasheet, and it isn’t apparent what they do.

If a hardware teardown isn’t enough for you, perhaps a software teardown to bypass Secure Boot might sate your interest.

Continue reading “Google Nest Hub Teardown” →