The ESP32 Bluetooth Backdoor That Wasn’t

March 10, 2025 by Maya Posch 39 Comments

Recently there was a panicked scrambling after the announcement by [Tarlogic] of a ‘backdoor’ found in Espressif’s popular ESP32 MCUs. Specifically a backdoor on the Bluetooth side that would give a lot of control over the system to any attacker. As [Xeno Kovah] explains, much about these claims is exaggerated, and calling it a ‘backdoor’ is far beyond the scope of what was actually discovered.

To summarize the original findings, the researchers found a number of vendor-specific commands (VSCs) in the (publicly available) ESP32 ROM that can be sent via the host-controller interface (HCI) between the software and the Bluetooth PHY. They found that these VSCs could do things like writing and reading the firmware in the PHY, as well as send low-level packets.

The thing about VSCs is of course that these are a standard feature with Bluetooth controllers, with each manufacturer implementing a range of these for use with their own software SDK. These VSCs allow for updating firmware, report temperatures and features like debugging, and are generally documented (except for Broadcom).

Effectively, [Xeno] makes the point that VSCs are a standard feature in Bluetooth controllers, which – like most features – can also be abused. [Tarlogic] has since updated their article as well to distance themselves from the ‘backdoor’ term and instead want to call these VSCs a ‘hidden feature’. That said, if these VSCs in ESP32 chips are a security risk, then as [Xeno] duly notes, millions of BT controllers from Texas Instruments, Broadcom and others with similar VSCs would similarly be a security risk.

An image showing an original grey and blue Sony Walkman with the text "1970" below it, and an arrow pointing to the right of it at a much smaller blue Walkman with the text "2000" underneath it, and a final arrow pointing to the right to a bright orange cassette player by We Are Rewind in a man's hand with the text "now" beneath it.

Why Are Cassette And CD Players So Big Now?

March 1, 2025 by Navarre Bartz 66 Comments

The early 2000s were the halcyon days of physical media. While not as svelte as MP3 players became, why are those early 2000s machines smaller than all the new models popping up amidst the retro audio craze?

We’ve bemoaned the end of the electromechanical era before, and the Verge recently interviewed the people at We Are Rewind and Filo to get the skinny on just why these newer cassette and CD players aren’t as small as their predecessors. It turns out that all currently produced cassette players use the same mechanism with some small tweaks in materials (like metal flywheels in these higher quality models) because the engineering required to design a smaller and better sounding alternative isn’t warranted by the niche nature of the cassette resurgence.

A similar fate has befallen the laser head of CD mechanisms, which is why we don’t have those smooth, rounded players anymore. Economies of scale in the early 2000s mean that even a cheap player from that era can outperform a lot of the newer ones, although you won’t have newer features like Bluetooth to scandalize your audiophile friends. A new Minidisc player is certainly out of the question, although production of discs only ended this February.

If you’re looking to get back into cassettes, this masterclass is a good place to start. If you don’t fancy any of the players the Verge looked at, how about rolling your own incarnation with the guts from a vintage machine or just going for the aesthetic if cassettes aren’t your jam?

Continue reading “Why Are Cassette And CD Players So Big Now?” →

Game Bub Plays ROMs And Cartridges

February 15, 2025 by Bryan Cockfield 10 Comments

With today’s technology, emulating video game consoles from the 90s or before is trivial. A Raspberry Pi and a controller of some sort is perhaps the easiest and simplest way to go to get this job done, but to really impress the masses some extra effort is required. This handheld from [Eli] called the Game Bub not only nails the appearance and feel of the first three generations of Nintendo handhelds but, thanks to its FPGA, can play not only ROMs but the original game cartridges as well.

As [Eli] notes, the FPGA is not strictly necessary for emulation, but does seem to be better at interfacing with physical hardware like controllers and game cartridges. For this task an Xilinx XC7A100T with integrated memory was chosen, with a custom PCB supporting the built-in controller, speaker, a rechargeable lithium battery, and a 480×320 display (that had to be rotated out of portrait mode). An SD Card reader is included for any ROM files, and there’s also a ESP32-S3 included to give the handheld WiFi and Bluetooth capabilities, with future plans to support the communications protocol used by the Game Boy Advance Wireless Adapter.

There are a few other features with the Game Bub as well, including the ability to use an authentic link cable to communicate with the original Game Boy and Game Boy Color, and a Switch-like dock that allows the Game Bub to be connected to an external monitor. It’s also open source, which makes it an even more impressive build. Presumably it doesn’t include the native ability to dump cartridges to ROM files but you don’t need much more than a link cable to do that if you need to build your ROM library.

Continue reading “Game Bub Plays ROMs And Cartridges” →

A Low Effort, Low Energy Doorbell

January 10, 2025 by Al Williams 19 Comments

Bluetooth is a good way to connect devices that are near each other. However, it can drain batteries which is one reason Bluetooth Low Energy — BLE — exists. [Drmph] shows how easy it is to deploy BLE to make, in this case, a doorbell. He even shows how you can refit an existing doorbell to use the newer technology.

Like many projects, this one started out of necessity. The existing wireless doorbell failed, but it was difficult to find a new unit with good review. Cheap doorbells tend to ring spuriously due to interference. BLE, of course, doesn’t have that problem. Common BLE modules make up the bulk of the project. It is easy enough to add your own style to the doorbell like a voice announcement or musical playback. The transmitter is little more than a switch, the module, a coin cell, and an LED.

It is, of course, possible to have a single receiver read multiple doorbells. For example, a front door and back door with different tones. The post shows how to make a remote monitor, too, if you need the bell to ring beyond the range of BLE.

A fun, simple, and useful project. Of course, the cool doorbells now have video. Just be careful not to get carried away.

Cassette Tape Plays MP3s

January 6, 2025 by Bryan Cockfield 65 Comments

Cassette tapes were a major way of listening to (and recording) music througout the 1980s and 1990s and were in every hi-fi stereo, boom box, and passenger vehicle of the era. Their decline was largely as a result of improvements in CD technology and the rise of the MP3 player, and as a result we live in a world largely absent of this once-ubiquitous technology. There are still a few places where these devices crop up, and thanks to some modern technology their capabilities as a music playback device can be greatly enhanced.

The build starts, as one might expect, by disassembling the cassette and removing the magnetic tape from the plastic casing. With the interior of the cassette empty it’s capable of holding a small battery, USB-C battery charger, and a Bluetooth module. The head of an old tape deck can be wired to the audio output of the Bluetooth module and then put back in place in the housing in place of the old tape. With the cassette casing reassembled, there’s nothing left to do but pair it to a smartphone or other music-playing device and push play on the nearest tape deck.

As smartphones continue to lose their 3.5 mm headphone jacks, builds like this can keep lots of older stereos relevant and usable again, including for those of us still driving older vehicles that have functioning tape decks. Of course, if you’re driving a classic antique auto with a tape technology even older than the compact cassette, there are still a few Bluetooth-enabled options for you as well.

Continue reading “Cassette Tape Plays MP3s” →

An animated GIF of Engineer Bo's Precision Bluetooth Scroll Wheel wirelessly, and effortlessly scrolling down the Hack A Day blog with a single finger

Doomscroll Precisely, And Wirelessly

December 31, 2024 by Michael Shaub 18 Comments

Around here, we love it when someone identifies a need and creates their own solution. In this case, [Engineer Bo] was tired of endless and imprecise scrolling with a mouse wheel. No off-the-shelf solutions were found, and other DIY projects either just used hacked mice scroll wheels, customer electronics with low-res hardware encoders, or featured high-res encoders that were down-sampled to low-resolution. A custom build was clearly required.

We loved seeing hacks along the whole process by [Engineer Bo], working with components on hand, pairing sensors to microcontrollers to HID settings, 3D printing forms to test ergonomics, and finishing the prototype device. When 3D printing, [Engineer Bo] inserted a pause after support material to allow drawing a layer of permanent marker ink that acts as a release agent that can later be cleaned with rubbing alcohol.

We also liked the detail of a single hole inside used to install each of the three screws that secure the knob to the base. While a chisel and UV-curing resin cleaned up some larger issues with the print, more finishing was required. For a project within a project, [Engineer Bo] then threw together a mini lathe with 3D printed and RC parts to make sanding easy.

Scroll down with your clunky device to see the video that illustrates the precision with a graphic of a 0.09° rotation and is filled with hacky nuggets. See how the electronics were selected and the circuit designed and programmed, the use of PCBWay’s CNC machining in addition to board assembly services, and how to deal with bearings that spin too freely. [Engineer Bo] teases that a future version might use a larger bearing for less wobble and an anti-slip coating on the base. Will the board files and 3D models be released, too? Will these be sold as finished products or kits? Will those unused LED drivers be utilized in an upcoming version? We can’t wait to see what’s next for this project.

Continue reading “Doomscroll Precisely, And Wirelessly” →

Custom Firmware For Even Cheaper Bluetooth Thermometers

December 21, 2024 by Tom Nardi 33 Comments

Readers may recall when we first covered the $5 Xiaomi LYWSD03MMC temperature and humidity sensor back in 2020. Prolific hacker [Aaron Christophel] wrote a custom firmware for the affordable gadget that was so capable and well implemented that it kicked off a whole new community.

It’s recently been brought to our attention that the Xiaomi thermometer has become so popular that clones have started popping up. Often sold under the Tuya brand, these versions look very similar to Xiaomi’s offering but can be had for as little as $1 each from the usual Chinese importers. Even better, they’ve got their very own open-source custom firmware.

The firmware comes from [pvvx], who also helms the most active fork of [Aaron]’s original firmware for the Xiaomi thermometer. Doing a bit of spot-checking between the repositories, it’s not immediately clear that any meaningful code is shared between the two projects. However, once installed, they offer similar capabilities to the user, such as integration with Home Assistant. Perhaps the most significant difference between the two projects is that, at least for the initial flash, you need to hook the Tuya units up to your computer with a USB serial adapter. Considering that one of the highlights of the Xiaomi custom firmware was its exceptionally easy wireless installation, this is a considerable step backward.

Below is a video from a few months back that [Maker’s Fun Duck] put together, where he takes apart one of these clones and shows the installation process for the custom firmware. Our overall impression is that it’s probably worth the few extra dollars to get the original Xiaomi hardware, although the display on the clone seems much brighter. In any event, we’re always happy to see the community coming up with free and open-source firmware for an otherwise locked-down gadget.

Continue reading “Custom Firmware For Even Cheaper Bluetooth Thermometers” →