While some of us would have been tempted to gut the VINDRIKTNING and attach its particle sensor directly to the ESP8266, the approach [Sören] has used is actually quite elegant. Rather than replacing IKEA’s electronics, the microcontroller is simply listening in on the UART communications between the sensor and the original controller. This not only preserves the stock functionality of the VINDRIKTNING, but simplifies the code as the ESP doesn’t need to do nearly as much.
All you need to do if you want to perform this modification is solder a couple wires to convenient test pads on the VINDRIKTNING board, then flash the firmware (or write your own version), and you’re good to go. There’s plenty of room inside the case for the ESP8266, though you may want to tape it down so it doesn’t impact air flow.
While not required, [Sören] also recommends making a small modification to the VINDRIKTNING which makes it a bit quieter. Apparently the 5 V fan inside the sensor is occasionally revved up by the original controller, rather than kept at a continuous level that you can mentally tune out. But by attaching the sensor’s fan to the ESP8266’s 3.3 V pin, it will run continuously at a lower speed.
We’ve seen custom firmware for IKEA products before, but this approach, which keeps the device’s functionality intact regardless of what’s been flashed to the secondary microcontroller, is particularly appealing for those of us who can’t seem to keep the gremlins out of our code.
Got an nRF52 or nRF51 device you need to flash? Got an ESP32 laying around collecting dust? If so, then firmware hacking extraordinaire [Aaron Christophel] has the open source code you need. His new project allows the affordable WiFi-enabled microcontroller to read and write to the internal flash of Nordic nRF52 series chips via their SWD interface. As long as you’ve got some jumper wires and a web browser, you’re good to go.
In the first video below [Aaron] demonstrates the technique with the PineTime smartwatch, but the process will be more or less the same regardless of what your target device is. Just connect the CLK and DIO lines to pins GPIO 21 and GPIO 19 of the ESP32, point your web browser to its address on the local network, and you’ll be presented with a straightforward user interface for reading and writing the chip’s flash.
As demonstrated in the second video, with a few more wires and a MOSFET, the ESP32 firmware is also able to perform a power glitch exploit on the chip that will allow you to read the contents of its flash even if the APPROTECT feature has been enabled. [Aaron] isn’t taking any credit for this technique though, pointing instead to the research performed by [LimitedResults] to explain the nuts and bolts of the attack.
In his case, [Michał] wanted to build a power strip that would cut the power to any devices plugged into it once his computer went to sleep. Unfortunately, he couldn’t just check to see if there was 5 V on the line as his motherboard kept the USB ports powered up all the time. But with some modifications to the relay board’s firmware, he reasoned he should be able to detect if there was any USB activity by watching for the start-of-frame packet that goes out every millisecond when the bus is active.
Now [Michał] isn’t claiming to be the first person to come up with a custom firmware for one of these boards, in fact, he credits an existing open source firmware project as an inspiration for his work. But he did create an entirely new GPLv3 firmware for these ATtiny45 powered devices, which includes among other improvements the latest version of V-USB. As it so happens, V-USB includes start-of-frame packet detection out of the box, which made it much easier to implement his activity detection code.
With the new firmware flashed to the relay board’s chip, [Michał] put it in an enclosure and wired up the outlets. But there was still one missing piece of the puzzle. It seems that Linux won’t actually send out the start-of-frame packets unless its actively communicating with a USB device, as part of the so-called “selective suspend” power saving feature. Luckily there is support for disabling this feature for specific devices based on their Vendor/Product ID pair, so after a little udev fiddling, everything was working as expected.
When Nintendo officially ended production of the 3DS in September 2020, it wasn’t exactly a surprise. For one thing, some variation of the handheld system had been on the market since 2011. Which is not to say the product line had become stagnant: the system received a considerable mid-generation refresh, and there was even a more affordable variant introduced that dropped the eponymous stereoscopic 3D effect, but nearly a decade is still a fairly long life in the gaming industry. Of course Nintendo’s focus on the Switch, a hybrid device that blurs the line between console and handheld games, undoubtedly played a part in the decision to retire what could effectively be seen as a competing product.
While putting the 3DS out to pasture might have been the logical business move, a quick check on eBay seems to tell a different story. Whether it’s COVID keeping people indoors and increasing the demand for at-home entertainment, or the incredible library of classic and modern games the system has access to, the fact is that a used 3DS in good condition is worth more today than it was when it was brand new on the shelf this time last year.
In short, this was the worst possible time for me to decide that I finally wanted to buy a 3DS. Then one day I noticed the average price for a Japanese model was far lower than that of its American counterpart. I knew the hardware was identical, but could the firmware be changed?
An evening’s worth of research told me the swap was indeed possible, but inadvisable due to the difficulty and potential for unexpected behavior. Of course, that’s never stopped me before.
So after waiting the better part of a month for my mint condition 3DS to arrive from the land of the rising sun, I set out to explore the wide and wonderful world of Nintendo 3DS hacking.
If we’ve learned anything over the years, it’s that hackers love to know what the temperature is. Seriously. A stroll through the archives here at Hackaday uncovers an overwhelming number of bespoke gadgets for recording, displaying, and transmitting the current conditions. From outdoor weather stations to an ESP8266 with a DHT11 soldered on, there’s no shortage of prior art should you want to start collecting your own environmental data.
Now obviously we’re big fans of DIY it here, that’s sort of the point of the whole website. But there’s no denying that it can be hard to compete with the economies of scale, especially when dealing with imported goods. Even the most experienced hardware hacker would have trouble building something like the Xiaomi LYWSD03MMC. For as little as $4 USD each, you’ve got a slick energy efficient sensor with an integrated LCD that broadcasts the current temperature and humidity over Bluetooth Low Energy.
It’s pretty much the ideal platform for setting up a whole-house environmental monitoring system except for one detail: it’s designed to work as part of Xiaomi’s home automation system, and not necessarily the hacked-together setups that folks like us have going on at home. But that was before Aaron Christophel got on the case.
Believing that such a well crafted projected deserved a second look, and frankly because I wanted to start monitoring the conditions in my own home on the cheap, I decided to order a pack of Xiaomi thermometers and dive in.
The Xiaomi LYWSD03MMC temperature and humidity sensor is ridiculously cheap. If you’re buying a few at a time, you can expect to pay as little as $5 USD a pop for these handy Bluetooth Low Energy environmental sensors. Unfortunately, that low price tag comes with a bit of a catch: you can only read the data with the official Xiaomi smartphone application or by linking it to one of the company’s smart home hubs. Or at least, that used to be the case.
The new firmware publishes the temperature, humidity, and battery level every minute through a BLE advertisement broadcast. In other words, that means client devices can read data from the sensor without having to be paired. Scraping this data is quite simple, and the GitHub page includes a breakdown of what each byte in the broadcast message means. Avoiding direct connections not only makes it easier to quickly read the values from multiple thermometers, but should keep the device’s CR2032 battery going for longer.
But perhaps the most impressive part of this project is how you get the custom firmware installed. You don’t need to crack the case or solder up a programmer. Just load the flasher page on a computer and browser combo that supports Web Bluetooth (a smartphone is probably the best bet), point it to the MAC address of the thermometer you want to flash, and hit the button. [Aaron] is no stranger to developing user-friendly OTA installers for his firmware projects, but even for him, it’s quite impressive.
A few years ago, low-cost pocket digital oscilloscopes aimed at the hacker and maker crowd started hitting the market and gained quite a following. While few would consider them to be a replacement for a proper bench scope, they’re cheap and convenient enough that it’s hard to complain. Manufacturers are apparently looking to expand on the concept, as we’re now seeing similarly priced and sized logic analyzers pop up from the usual sources.
In the video after the break, [Gabriel] shows off some impressive radio tricks by adding a small CC1101 transceiver to the mix. This allows his modified LA104 to scan for and decode popular RF protocols in the 300 – 900 MHz range. His software even allows for the received packets to be modified and re-transmitted, which he demonstrates by pushing a fake temperature signal into a wireless weather station.
But that’s just the beginning. A perusal of the GitHub page for his replacement firmware shows just how many features have already been packed into this project. For example it can be used to control WS2812 LED strips, generate arbitrary PWM signals, log data from temperature sensors, interface with MIDI devices, and scan for I2C devices. Many of these functions can be controlled on the computer by utilizing a modern browser and WebUSB.
The replacement firmware that [Gabriel] has come up with for the LA104 is really an incredible accomplishment, and elevates an already intriguing piece of kit. Being able to pack all of these functions into something small and cheap enough you can toss into a bag is a very compelling prospect for hackers on the go.