Reverse Engineering Reveals EV Charger Has A Sense Of Security

November 16, 2022 by Dan Maloney 11 Comments

As more and more electric vehicles penetrate the market, there’s going to have to be a proportional rise in the number of charging stations that are built into parking garages, apartment complexes, and even private homes. And the more that happens, the more chargers we’re going to start seeing where security is at best an afterthought in their design.

But as this EV charger teardown and reverse engineering shows, it doesn’t necessarily have to be that way. The charger is a Zaptec Pro station that can do up to 22 kW, and the analysis was done by [Harrison Sand] and [Andreas Claesson]. These are just the kinds of chargers that will likely be widely installed over the next decade, and there’s surprisingly little to them. [Harrison] and [Andreas] found a pair of PCBs, one for the power electronics and one for the control circuits. The latter supports a number of connectivity options, like 4G, WiFi, and Bluetooth, plus some RFID and powerline communications. There are two microcontrollers, a PIC and an ARM Cortex-A7.

Despite the ARM chip, the board seemed to lack an obvious JTAG port, and while some unpopulated pads did end up having a UART line, there was no shell access possible. An on-board micro SD card slot seemed an obvious target for attack, and some of the Linux images they tried yielded at least a partial boot-up, but without knowing the specific hardware configuration on the board, that’s just shooting in the dark. That’s when the NAND flash chip was popped off the board to dump the firmware, which allowed them to extract the devicetree and build a custom bootloader to finally own root.

The article has a lot of fascinating details on the exploit and what they discovered after getting in, like the fact that even if you had the factory-set Bluetooth PIN, you wouldn’t be able to get free charging. So overall, a pretty good security setup, even if they were able to get in by dumping the firmware. This all reminds us a little of the smart meter reverse engineering our friend [Hash] has been doing, in terms of both methodology and results.

Thanks to [Thinkerer] for the tip.

Otters Deliver A High Power Stationary Audio Experience

May 12, 2021 by Kerry Scharfglass 20 Comments

Our favorite raft of otters is back at it again with another display of open source audio prowess as they bring us the OtterCastAmp, the newest member of the OtterCast family of open source audio multitools. If you looked at the previous entry in the series – the OtterCastAudio – and thought it was nice but lacking in the pixel count or output power departments then this is the device for you.

The Amp is fundamentally a very similar device to the OtterCastAudio. It shares the same Allwinner S3 Cortex-A application processor and runs the same embedded Linux build assembled with Buildroot. In turn it offers the same substantial set of features and audio protocol support. It can be targeted by Snapcast, Spotify Connect or AirPlay if those are your tools of choice, or act as a generic PulseAudio sink for your Linux audio needs. And there’s still a separate line in so it source audio as well.

One look at the chassis and it’s clear that unlike the OtterCastAudio this is not a simple Chromecast Audio replacement. The face of the OtterCastAmp is graced by a luscious 340×800 LCD for all the cover art your listening ear can enjoy. And the raft of connectors in the back (and mountain of inductors on the PCBA) make it clear that this is a fully fledged class D amplifier, driving up to 120W of power across four channels. Though it may drive a theoretical 30W or 60W peak across its various outputs, with a maximum supply power of 100W (via USB-C power delivery, naturally) the true maximum output will be a little lower. Rounding out the feature set is an Ethernet jack and some wonderfully designed copper PCB otters to enjoy inside and out.

As before, it looks like this design is very close to ready for prime time but not quite there yet, so order at your own risk. Full fab files and some hints are linked in the repo mentioned above. If home fabrication is a little much it looks like there might be a small manufacturing run of these devices coming soon.

Putting An Ultra-Tiny Linux Board In A Phone Charger…Eventually

May 6, 2021 by Tom Nardi 67 Comments

Among security professionals, a “drop box” is a device that can be covertly installed at a target location and phone home over the Internet, providing a back door into what might be an otherwise secure network. We’ve seen both commercial and DIY versions of this concept, and as you might expect, one of the main goals is to make the device look as inconspicuous as possible. Which is why [Walker] is hoping to build one into a standard USB wall charger.

This project is still in the early stages, but we like what we see so far. [Walker] aims to make this a 100% free and open source device, starting from the tools he’s using to produce the CAD files all the way up to the firmware the final hardware will run. With none of the currently available single-board computers (SBCs) meeting his list of requirements, the first step is to build a miniature Linux machine that’s got enough processing power to run useful security tools locally. Obviously such a board would be of great interest to the larger hacker and maker community.

The RTL8188CUS is likely to get integrated later on.

So far, [Walker] has decided on his primary components and is working on a larger development board before really going all-in on the miniaturization process. As of right now he’s planning on using the Allwinner A33 to power the board, a sub-$10 USD chipset most commonly seen in low-cost Android tablets.

The A33 boasts a quad-core Cortex-A7 clocked at 1.2 GHz, and offers USB, I2C, and SPI interfaces for expansion. It will be paired with 1 GB of DDR3 RAM, and an SD card to hold the operating system. Naturally a device like this will need WiFi, but until [Walker] can decide on which chip to use, the plan is to just use a USB wireless adapter. The Realtek RTL8188CUS is a strong contender, as the fact that it comes in both USB and module versions should make its eventual integration seamless.

Even if you’re not interested in the idea of hiding security appliances inside of everyday objects, this project is a fascinating glimpse into the process of creating your own custom Linux board. Whether you’re looking to put into a wall wart or a drone, it’s pretty incredible to think we’ve reached the point where an individual can spin up their own miniature SBC.

You Otter Be Able To Stream That Audio: Open Hardware Eclipses Chromecast Audio

April 6, 2021 by Kerry Scharfglass 43 Comments

When Google halted production of the Chromecast Audio at the start of 2019, there was a (now silent) outcry. Fans of the device loved the single purpose audio streaming dongle that delivered wide compatibility and drop-dead simplicity at a rock bottom $35 price. For evidence of this, look no further than your favorite auction site where they now sell for significantly more than they did new, if you can even find an active listing. What’s a prolific hacker to do about this clear case of corporate malice? Why, reinvent it of course! And thus the Otter Cast Audio V2 was born, another high quality otter themed hack from one of our favorite teams of hardware magicians [Lucy Fauth, Jana Marie Hemsing, Toble Miner, and Manawyrm].

The Otter Cast Audio is a disc about the shape and size of standard Chromecast (about 50mm in diameter) and delivers a nearly complete superset of the original Chromecast Audio’s features plus the addition of a line in port to redirect audio from existing devices. Protocol support is more flexible than the original, with AirPlay, a web interface, Spotify Connect, Snapcast, and even a PulseAudio sink to get your Linux flavored audio bits flowing. Ironically the one thing the Otter Cast Audio doesn’t do is act as a target to Cast to. [Jan] notes that out of all the protocols supported here, actual Cast support was locked down enough that it was difficult to provide support for. We’re keeping our fingers crossed a solution can be found there to bring the Otter Cast Audio to complete feature parity with the original Chromecast Audio.

But this is Hackaday, so just as important as what the Otter Cast Audio does is how it does it. The OtterCast team have skipped right over shoehorning all this magic into a microcontroller and stepped right up to an Allwinner S3 SOC, a capable little Cortex A7 based machine with 128 MB of onboard DDR3 RAM. Pint sized by the bloated standards of a fully interactive desktop, but an absolutely perfect match to juggling WiFi, Bluetooth, Ethernet, and convenient support for all the protocols above. If you’re familiar with these hackers’ other work it won’t surprise you that what they produced here lives up to the typical extremely high quality bar set by such wonders as this USB-C adapter for JBC soldering iron handles and this TS-100 mainboard replacement.

It sounds like a small production run might be on order in the future, but until then production files optimized for a particularly popular Chinese manufacturer are provided, with complete BOM and placement files. It sounds like turnkey production costs from that manufacturer are a shockingly reasonable $10 (total) per unit with most components, and come to a still-reasonable $22 with the remaining self-sourced components manually installed.

For a demo of the finished goods, check out the tweet embedded after the break.

Continue reading “You Otter Be Able To Stream That Audio: Open Hardware Eclipses Chromecast Audio” →

New Part Day: The MSC313E Is A Computer On A Chip

April 22, 2020 by Jenny List 46 Comments

As the onward march of technology delivers ever more powerful semiconductors, it can be instructive to keep an eye on the periphery of the system-on-chip market for niche-application devices which may have an application in our sphere. Just such a chip is the Mstar MSC313E, a SoC designed for use in IP cameras that packs an ARM Cortex A7 and 64 MB of memory, 16 MB of flash, Ethernet, USB, and all the other usual interfaces you’d expect from a microprocessor. It’s available in a QFN package which makes it tantalisingly within the reach of the hardware hacker community, so naturally there is significant interest in unlocking its secrets. A cheap and accessible part with enough power to run a stripped-out GNU/Linux operating system has to be worth a second look!

QFNs are not the easiest packages to hand solder, but if you also find yourself in that position there is at least the prospect of a ready to go development board. The BreadBee is a small PCB that packs in the chip with all its interfaces including Ethernet and USB brought out for experimentation. If you don’t fancy building one, you don’t even have to: it’s soon to be crowdfunded.

One might ask what the point is of Yet Another Linux Capable Microcontroller Platform, given the plethora of Raspberry-pi and competitor boards. The answer to that is simple enough and contains within it the essence of hardware hacking: because it is there. We might never see it again save for in a few outlying projects, or perhaps it might find a niche in our world and become popular, without this early work we’ll never know. While we’re at it, this isn’t the first such SoC that’s emerged; we’ve previously seen an action cam chip give us a hand-solderable Linux single board computer.

Thanks [anonymouse] for the tip.