Reverse Engineering

288 Articles

Flopped Humane “AI Pin” Gets An Experimental SDK

June 19, 2025 by 11 Comments

The Humane AI Pin was ambitious, expensive, and failed to captivate people between its launch and shutdown shortly after. While the units do contain some interesting elements like the embedded projector, it’s all locked down tight, and the cloud services that tie it all together no longer exist. The devices technically still work, they just can’t do much of anything.

The Humane AI Pin had some bold ideas, like an embedded projector. (Image credit: Humane)

Since then, developers like [Adam Gastineau] have been hard at work turning the device into an experimental development platform: PenumbraOS, which provides a means to allow “untrusted” applications to perform privileged operations.

As announced earlier this month on social media, the experimental SDK lets developers treat the pin as a mostly normal Android device, with the addition of a modular, user-facing assistant app called MABL. [Adam] stresses that this is all highly experimental and has a way to go before it is useful in a user-facing sort of way, but there is absolutely a workable architecture.

When the Humane AI Pin launched, it aimed to compete with smartphones but failed to impress much of anyone. As a result, things folded in record time. Humane’s founders took jobs at HP and buyers were left with expensive paperweights due to the highly restrictive design.

Thankfully, a load of reverse engineering has laid the path to getting some new life out of these ambitious devices. The project could sure use help from anyone willing to pitch in, so if that’s up your alley be sure to join the project; you’ll be in good company.

The Cost Of A Cheap UPS Is 10 Hours And A Replacement PCB

May 29, 2025 by 27 Comments

Recently [Florin] was in the market for a basic uninterruptible power supply (UPS) to provide some peace of mind for the smart home equipment he had stashed around. Unfortunately, the cheap Serioux LD600LI unit he picked up left a bit to be desired, and required a bit of retrofitting.

To be fair, the issues that [Florin] ended up dealing with were less about the UPS’ capability to deal with these power issues, and more with the USB interface on the UPS. Initially the UPS seemed to communicate happily with HomeAssistant (HA) via Network UPS Tools over a generic USB protocol, after figuring out what device profile matched this re-branded generic UPS. That’s when HA began to constantly lose the connection with the UPS, risking its integration in the smart home setup.

The old and new USB-serial boards side by side. (Credit: VoltLog, YouTube)
The old and new USB-serial boards side by side. (Credit: VoltLog, YouTube)

After tearing down the UPS to see what was going on, [Florin] found that it used a fairly generic USB-serial adapter featuring the common Cypress CY7C63310 family of low-speed USB controller. Apparently the firmware on this controller was simply not up to the task or poorly implemented, so a replacement was needed.

The process and implementation is covered in detail in the video. It’s quite straightforward, taking the 9600 baud serial link from the UPS’ main board and using a Silabs CP2102N USB-to-UART controller to create a virtual serial port on the USB side. These conversion boards have to be fully isolated, of course, which is where the HopeRF CMT8120 dual-channel digital isolator comes into play.

After assembly it almost fully worked, except that a Sonoff Zigbee controller in the smart home setup used the same Silabs controller, with thus the same USB PID/VID combo. Fortunately in Silabs AN721 it’s described how you can use an alternate PID (0xEA63) which fixed this issue until the next device with a CP2102N is installed

As it turns out, the cost of a $40 UPS is actually 10 hours of work and $61 in parts, although one cannot put a value on all the lessons learned here.

Continue reading “The Cost Of A Cheap UPS Is 10 Hours And A Replacement PCB”

Fault Analysis Of A 120W Anker GaNPrime Charger

May 21, 2025 by 39 Comments

Taking a break from his usual prodding at suspicious AliExpress USB chargers, [DiodeGoneWild] recently had a gander at what used to be a good USB charger.

The Anker 737 USB charger prior to its autopsy. (Credit: DiodeGoneWild, YouTube)
The Anker 737 USB charger prior to its autopsy.

Before it went completely dead, the Anker 737 GaNPrime USB charger which a viewer sent him was capable of up to 120 Watts combined across its two USB-C and one USB-A outputs. Naturally the charger’s enclosure couldn’t be opened non-destructively, and it turned out to have (soft) potting compound filling up the voids, making it a treat to diagnose. Suffice it to say that these devices are not designed to be repaired.

With it being an autopsy, the unit got broken down into the individual PCBs, with a short detected that eventually got traced down to an IC marked ‘SW3536’, which is one of the ICs that communicates with the connected USB device to negotiate the voltage. With the one IC having shorted, it appears that it rendered the entire charger into an expensive paperweight.

Since the charger was already in pieces, the rest of the circuit and its ICs were also analyzed. Here the gallium nitride (GaN) part was found in the Navitas GaNFast NV6136A FET with integrated gate driver, along with an Infineon CoolGaN IGI60F1414A1L integrated power stage. Unfortunately all of the cool technology was rendered useless by one component developing a short, even if it made for a fascinating look inside one of these very chonky USB chargers.

Continue reading “Fault Analysis Of A 120W Anker GaNPrime Charger”

The Nightmare Of Jailbreaking A ‘Pay-To-Ride’ Gotcha Ebike

May 19, 2025 by 37 Comments

Theoretically bicycle rental services are a great thing, as they give anyone the means to travel around comfortably without immediately having to rent a car, hail a taxi or brave whatever the local public transport options may be. That is until said services go out of business and suddenly thousands of increasingly more proprietary and locked-down e-bikes suddenly are at risk of becoming e-waste. So too with a recent acquisition by [Berm Peak] over at YouTube, featuring a ‘Gotcha’ e-bike by Bolt Mobility, which went AWOL back in 2022, leaving behind thousands of these e-bikes.

So how hard could it be to take one of these proprietary e-bikes and turn it into a run-off-the-mill e-bike for daily use? As it turns out, very hard. While getting the (36V) battery released and recharged was easy enough, the challenge came with the rest of the electronics, with a veritable explosion of wiring, the Tongsheng controller module and the ‘Gotcha’ computer module that locks it all down. While one could rip this all out and replace it, that would make the cost-effectiveness of getting one of these go down the drain.

Sadly, reverse-engineering the existing system proved to be too much of a hassle, so a new controller was installed along with a bunch of hacks to make the lights and new controller work. Still, for $75 for the bike, installing new electronics may be worth it, assuming you can find replacement parts and got some spare hours (or weeks) to spend on rebuilding it. The bike in the video costed less than $200 in total with new parts, albeit with the cheapest controller, but maybe jailbreaking the original controller could knock that down.

Continue reading “The Nightmare Of Jailbreaking A ‘Pay-To-Ride’ Gotcha Ebike”

Exposed inner copper on multilayer PCB. (Credit: mikeselectricstuff, YouTube)

LACED: Peeling Back PCB Layers With Chemical Etching And A Laser

May 15, 2025 by 9 Comments

Once a printed circuit board (PCB) has been assembled it’s rather hard to look inside of it, which can be problematic when you have e.g. a multilayer PCB of an (old) system that you really would like to dissect to take a look at the copper layers and other details that may be hidden inside, such as Easter eggs on inner layers. [Lorentio Brodeso]’s ‘LACED’ project offers one such method, using both chemical etching and a 5 Watt diode engraving laser to remove the soldermask, copper and FR4 fiberglass layers.

This project uses sodium hydroxide (NaOH) to dissolve the solder mask, followed by hydrogen chloride (HCl) and hydrogen peroxide (H2O2) to dissolve the copper in each layer. The engraving laser is used for the removing of the FR4 material. Despite the ‘LACED’ acronym standing for Laser-Controlled Etching and Delayering, the chemical method(s) and laser steps are performed independently from each other.

This makes it in a way a variation on the more traditional CNC-based method, as demonstrated by [mikeselectricstuff] (as shown in the top image) back in 2016, alongside the detailed setup video of how a multi-layer PCB was peeled back with enough resolution to make out each successive copper and fiberglass layer.

Continue reading “LACED: Peeling Back PCB Layers With Chemical Etching And A Laser”

Dollar bill validator

Reading The Color Of Money

May 11, 2025 by 9 Comments

Ever wondered what happens when you insert a bill into a vending machine? [Janne] is back with his latest project: reverse engineering a banknote validator. Curious about how these common devices work, he searched for information but found few resources explaining their operation.

To learn more, [Janne] explored the security features that protect banknotes from counterfeiting. These can include microprinting, UV and IR inks, holograms, color-shifting coatings, watermarks, magnetic stripes, and specialty paper. These features not only deter fraud but also enable validators to quickly verify a bill’s authenticity.

Continue reading “Reading The Color Of Money”

The Apple II MouseCard (Credit: AppleLogic.org)

The Apple II MouseCard IRQ Is Synced To Vertical Blanking After All

May 9, 2025 by 5 Comments

Recently [Colin Leroy-Mira] found himself slipping into a bit of a rabbit hole while investigating why only under Apple II MAME emulation there was a lot of flickering when using the (emulated) Apple II MouseCard. This issue could not be reproduced on real (PAL or NTSC) hardware. The answer all comes down to how the card synchronizes with the system’s vertical blanking (VBL) while drawing to the screen.

The Apple II MouseCard is one of the many peripheral cards produced for the system, originally bundled with a version of MacPaint for the Apple II. While not a super popular card at the time, it nevertheless got used by other software despite this Apple system still being based around a command line interface.

According to the card’s documentation the interrupt call (IRQ) can be set to 50 or 60 Hz to match the local standard. Confusingly, certain knowledgeable people told him that the card could not be synced to the VBL as it had no knowledge of this. As covered in the article and associated MAME issue ticket, it turns out that the card is very much synced with the VBL exactly as described in The Friendly Manual, with the card’s firmware being run by the system’s CPU, which informs the card of synchronization events.