Ask Hackaday: Are Unlockable Features Good For The User?

February 2, 2017 by Mike Szczys 136 Comments

There are numerous examples of hardware which has latent features waiting to be unlocked by software. Most recently, we saw a Casio calculator which has the same features as its bigger sibling hidden within the firmware, only to be exposed by a buffer overflow bug (or the lead from a pencil if you prefer a hardware hack).

More famously, oscilloscopes have been notorious for having crippled features. The Rigol DS1052E was hugely popular on hacker benches because of it’s very approachable price tag. The model shipped with 50 MHz bandwidth but it was discovered that a simple hack turned it into the DS1102E 100 MHz scope. Tektronix has gotten in on this action as well, shipping modules like I2C, CAN, and LIN analyzation on the scope but requiring a hardware key to unlock (these were discovered to have a horribly insecure unlock method). Similar feature barriers are found on Rigol’s new reigning entry-level scope, the DS1054Z, which ships with protocol analyzation modules (among others) that are enabled only for the first 70 hours of scope operation, requiring an additional payment to unlock them. Most scope manufacturers are in on the game, and of course this is not limited to our tools. WiFi routers are another great example of hardware hosting firmware-unlockable features.

So, the question on my mind which I’d like to ask all of the Hackaday community is this: are unlockable features good for us, the people who use these tools? Let’s take a look at some of the background of these practices and then jump into a discussion in the comments.

Continue reading “Ask Hackaday: Are Unlockable Features Good For The User?” →

Fluke 12E+ Multimeter Hacking Hertz So Good

June 7, 2016 by Moritz Walter 30 Comments

It kind of hurts watching somebody torturing a brand new Fluke multimeter with a soldering iron, even if it’s for the sake of science. In order to find out if his Fluke 12E+ multimeter, a feature rich device with a price point of $75 that has been bought from one of the usual sources, is actually a genuine Fluke, [AvE] did exactly that – and discovered some extra features.

During a teardown of the multimeter, which involved comparing the melting point of the meter’s rubber case with other Fluke meters, [Ave] did finally make the case for the authenticity of the meter. However, after [AvE] put his genuine purchase back together, the dial was misaligned, and it took another disassembly to fix the issue. Luckily, [AvE] cultivates an attentive audience, and some commenters noticed that there were some hidden button pads on the PCB. They also spotted a little “C”, which lit up on the LCD for a short moment during the misalignment issue.

The comments led to [AvE] disassembling the meter a third time to see if any hidden features could be unlocked. And yes, they can. In addition to the dial position for temperature measurement, [AvE] found that one of the hidden button contacts would enable frequency and duty cycle measurement. Well, that was just too easy, so [AvE] went on checking if the hidden features had received their EOL calibration by hooking the meter up to a waveform generator. Apparently, it reads the set frequency to the last digit.

The 12E+ is kind of a new species of Fluke multimeter: On the one side, it has most of the functionality you would normally expect from a “multi”-multimeter – such as measuring both AC and DC voltage, current, capacitance and resistance – and on the other side it costs less than a hundred dollars. This is made possible by the magic of international marketing, and Fluke seems to distribute this crippleware product exclusively in the Chinese market. Therefore, you can’t buy it in the US or Europe, at least not easily. A close relative of the 12E+ which should be a bit easier to obtain is the Fluke 15B+; the meter we saw earlier today when [Sprite_TM] hacked it to share measurements via WiFi. The 15B+ seems to be identical to the 12E+ in appearance and features, although it’s unknown if the two are hackable in the same ways.

https://www.youtube.com/watch?v=FUmbsBYVTQ0

Thanks to [jacubillo] for the tip!