Hacking Your Way to a Custom TV Boot Screen

More and more companies are offering ways for customers to personalize their products, realizing that the increase in production cost will be more than made up for by the additional sales you’ll net by offering a bespoke product. It’s great for us as consumers, but unfortunately we’ve still got a ways to go before this attitude permeates all corners of the industry.

[Keegan Ryan] recently purchased a TV and wanted to replace its stock boot screen logo with something of his own concoction, but sadly the set offered no official way to make this happen. So naturally he decided to crack the thing open and do it the hard way The resulting write-up is a fascinating step by step account of the trials and tribulations that ultimately got him his coveted custom boot screen, and just might be enough to get you to take a screw driver to your own flat panel at home.

The TV [Keegan] brought was from a brand called SCEPTRE, but as a security researcher for NCC Group he thought it would be a fun spin to change the boot splash to say SPECTRE in honor of the infamous x86 microarchitecture attack. Practically speaking it meant just changing around two letters, but [Keegan] would still need to figure out where the image is stored, how it’s stored, and write a modified version to the TV without letting the magic smoke escape. Luckily the TV wasn’t a “smart” model, so he figured there wouldn’t be much in the way of security to keep him from poking around.

He starts by taking the TV apart and studying the main PCB. After identifying the principle components, he deduces where the device’s firmware must be stored: an 8 MB SPI flash chip from Macronix. He connects a logic analyzer up to the chip, and sure enough sees that the first few kilobytes are being read on startup. Confident in his assessment, he uses his hot air rework station to lift the chip off the board so that he can dive into its contents.

With the help of the trusty Bus Pirate, [Keegan] is able to pull the chip’s contents and verify its integrity by reading a few human-readable strings from it. Using the binwalk tool he’s able to identify a JPEG image within the firmware file, and by feeding its offset to dd, pull it out so he can view it. As hoped, it’s the full screen SCEPTRE logo. A few minutes in GIMP, and he’s ready to merge the modified image with the firmware and write it back to the chip.

He boots the TV back up and finds…nothing changed. A check of the datasheet for the SPI flash chip shows there are some protection bits used to prevent modifying particular regions of the chip. So after some modifications to the Bus Pirate script and another write, he boots the TV and hopes for the best. Finally he sees the object of his affection pop up on the big screen, a subtle change that reminds him every time the TV starts about the power of reverse engineering.

Dungeons and Dragons TV Tabletop!

With little more than pen, paper, dice, and imagination, a group of friends can transport themselves to another plane for shenanigans involving dungeons and/or dragons. An avid fan of D&D and a budding woodworker, Imgurian [CapnJackHarkness] decided to build gaming table with an inlaid TV for their inaugural project.

The tabletop is a 4’x4′ sheet of plywood, reinforced from underneath and cut out to accommodate a support box for the TV. Each leg ended up being four pieces of 1’x4′ wood, laminated together with a channel cut into one for the table’s power cable. An outer ledge has dice trays — if they’re even needed in today’s world — ready for all those nat 20s, cupholders because nobody likes crying over spilled drinks, and electrical outlets to keep devices charged. Foam squares cover the tabletop which can be easily removed and washed if needed — but more on that in a second. [CapnJackHarkness] painted the table as the wood rebuffed many attempts at staining, but they’re happy with how it turned out.

Continue reading “Dungeons and Dragons TV Tabletop!”

Giant D20 Is A Critical Hit in More Ways than One

[Mikael Vejdemo-Johansson] is a member of the NYC Resistor hackerspace and an avid fan of a D&D themed improv theatre called The Campaign. To show his appreciation, he decided to gift them a Christmas present: a giant D20. The original plan called for integrated LEDs to burst alight on a critical hit or miss, or let out pulses if it landed on another face. Cool, right? Well, easier said than done.

[Vejdemo-Johansson] figured a circle of 4 tilt sensors mounted on the one and twenty face would be enough to detect critical rolls. If any of the switches were tilted beyond 30 degrees, the switch would close. He mounted eight ball-tilt switches and glued in the LEDs. A hackerspace friend also helped him put together an astable multivibrator to generate the pulses for non-critical rolls.

This… did not work out so well. His tilt sensor array proved to be a veritable electronic cacophony and terribly sensitive to any movement. That and some other electronic troubles forced a shelving of any light shows on a critical hit or miss. [Vejdemo-Johansson] kept the pulsing LEDs which made for a cool effect when shining through the mirrored, red acrylic panes he used for the die faces. Foam caulk backer rods protect as the die’s structure to stop it from being shattered on its first use.

Before The Campaign’s next show, [Vejdemo-Johansson] managed to stealthily swap-out of the troupe’s original die with his gift, only for it to be immediately thrown in a way that would definitely void any electronic warranty. Check out the reveal after the break (warning, some NSFW language)!

Continue reading “Giant D20 Is A Critical Hit in More Ways than One”

Unlock Your Demo Kindle Paperwhite

If you’ve been holding off on upgrading your kindle, this project might inspire you to finally bite the bullet. [WarriorRocker] recently saved quite a few dollars on his Kindle upgrade by using a demo unit. Of course, it’s not as simple as just finding a demo unit and booting it up. There’s some hacking involved.

[WarriorRocker] found his Kindle Paperwhite demo unit on an online auction site for just $20. Kindles are great for reading but also make popular displays for your own projects. This used display model was much less expensive than a new unit, which makes sense considering it had probably received its share of abuse from the consumers of some retail store. The problem with a demo unit is that the firmware that comes with it is very limited, and can’t be used to sync up with your Amazon account. That’s where the hacking comes in.

pwdu-01The first step was to crack open the case and locate the serial port. [WarriorRocker] soldered a small three pin header to the pads to make it easier to work on his device as needed. He then connected the Kindle to his PC using a small serial to USB adapter. Pulling up the command prompt was as simple as running Putty and connecting to the correct COM port. If the wires are hooked up correctly, then it just takes a press of the enter key to pull up the login prompt.

The next step requires root access. The root password for each unit is related to the unit’s serial number. [WarriorRocker] obtained the serial number by rebooting the Kindle while the Serial connection was still open. The boot sequence will spit out the number. This number can then be entered in to an online tool to generate possible root passwords. The tool is available on [WarriorRocker’s] project page linked above.

Next, the Kindle needs to be rebooted into diagnostic mode. This is because root logins are not allowed while the device is booted to the system partition. To enter diagnostic mode, [WarriorRocker] had to press enter over and over during the boot sequence in order to kill the automatic boot process. Then he checked some environment variables to locate the memory address where the diagnostic mode is stored. One more command tells the system to boot to that address and into diagnostic mode.

The last step of the process begins by mounting the Kindle as a USB storage device and copying over the stock Kindle firmware image. Next [WarriorRocker] had to exit the diagnostic menu and return to a root command prompt. Finally, he used the dd command to copy the image to the Kindle’s partition bit by bit. Fifteen minutes and one reboot later and the Kindle was working just as it should. [WarriorRocker] even notes that the 3G connection still works. Not bad for $20 and an hour or two of work.

Dice gauntlet joins cosplay with D&D gaming

If you needed a reason to dress up for your next Dungeons & Dragons adventure this is surely it. Not only will this attractive wrist adornment go right along with your medieval theme, but the gauntlet doubles as a multi-sided digital die.

Sparkfun whipped up this tutorial which details the build. Yep, they’re hawking their own goods but we must say this is one of the few projects using sewable electronics which we thoroughly enjoy. It calls for several Lilypad modules, including an Arduino board, accelerometer, and slide switches. The switches let you select the number of sides for the die you are about to roll. The accelerometer starts the fun when you shake your wrist back and forth (that’s what she said). The project is powered by a rechargeable battery, which we always like to see, and uses a four-digit seven segment display located where the face of a wristwatch is normally found.

Of course, you could get the shaking action and use no batteries at all if you wish.

DOSbox on Zipit

poolrad (Custom)

Who out there has a Zipit? Great, now out of the five of you, who really wants to run Dos on it? Well, for the one or two of you left reading, now you can. The directions can be found here. [Hunter] has worked out a way to get DosBox running on his Zipit. At 315 mhz his old DOS games, like AD&D shown above, are running quite snappily. You can download everything you need to get up and running from the site. If DOS isn’t your thing, you may want to check out the Linux how to as well.

[thanks Harold]

Digital Dice

dnd

There have been several attempts at bringing Dungeons & Dragons up to date with modern technology. Most attempts have been in the form of computer games that somehow fail to capture the essential experience. This attempt, however seems to add some techie flair to while keeping the game the same. [Itay] has built some digital dice. Simply choose how many sides you want your dice to have, then give it a shake.  OK, a random number generator isn’t that groundbreaking, but he did have to do some pretty intense soldering. The LED matrix is pretty cool, but we like looking at the back. You can see it in the video after the break.

Continue reading “Digital Dice”