Hacking an Inspection Microscope

Sometimes I need to be able to take photographs of very small things, and the so-called macro mode on my point-and-shoot camera just won’t cut it. And it never hurts to have an inspection scope on hand for tiny soldering jobs, either, though I prefer a simple jeweler’s loupe in one eye for most tasks. So I sent just over $40 off to my close friend Alibaba, and a few weeks later was the proud owner of a halfway usable inspection scope that records stills or video to an SD card.

Unfortunately, it’s only halfway useable because of chintzy interface design and a wobbly mount. So I spent an afternoon, took the microscope apart, and got it under microcontroller control, complete with WiFi and a scripting language. Much better! Now I can make microscope time-lapses, but much more importantly I can take blur-free photos without touching the wiggly rig. It was a fun hack, so I thought I’d share. Read on!

Continue reading “Hacking an Inspection Microscope”

USB Charger Fooled into Variable Voltage Source

USB chargers are everywhere and it is the responsibility of every hacker to use this commonly available device to its peak potential. [Septillion] and [Hugatry] have come up with a hack to manipulate a USB charger into becoming a variable voltage source. Their project QC2Control works with chargers that employ Quick Charge 2.0 technology which includes wall warts as well as power banks.

Qualcomm’s Quick Charge is designed to deliver up to 24 watts over a micro USB connector so as to reduce the charging time of compatible devices. It requires both the charger as well as the end device to have compatible power management chips so that they may negotiate voltage limiting cycles.

In their project, [Septillion] and [Hugatry] use a 3.3 V Arduino Pro Mini to talk to the charger in question through a small circuit consisting of a few resistors and diodes. The QC2.0 device outputs voltages of 5 V, 9 V and 12 V when it sees predefined voltage levels transmitted over the D+ and D- lines, set by Arduino and voltage dividers. The code provides function calls to simplify the control of the power supply. The video below shows the hack in action.

Quick Charge has been around for a while and you can dig into the details of the inner workings as well as the design of a compatible power supply from reference designs for the TPS61088 (PDF). The patent (PDF) for the Quick Charge technology has a lot more detail for the curious.

Similar techniques have been used in the past and will prove useful for someone looking for a configurable power supply on the move. This is one for the MacGyver fans.

Continue reading “USB Charger Fooled into Variable Voltage Source”

How to Build Your Own Google AIY without the Kit

Google’s voice assistant has been around for a while now and when Amazon released its Alexa API and ported the PaaS Cloud code to the Raspberry Pi 2 it was just a matter of time before everyone else jumped on the fast train to maker kingdom. Google just did it in style.

Few know that the Google Assistant API for the Raspberry Pi 3 has been out there for some time now but when they decided to give away a free kit with the May 2017 issues of MagPi magazine, they made an impression on everyone. Unfortunately the world has more makers and hackers and the number of copies of the magazine are limited.

In this writeup, I layout the DIY version of the AIY kit for everyone else who wants to talk to a cardboard box. I take a closer look at the free kit, take it apart, put it together and replace it with DIY magic. To make things more convenient, I also designed an enclosure that you can 3D print to complete the kit. Lets get started.

Continue reading “How to Build Your Own Google AIY without the Kit”

Doomed Thermostat

It is amazing how the game Doom has been ported to so many things. Enter one more port, where the hardware in question is a Honeywell Prestige thermostat.

In his video, [cz7asm] shows us the game running quite nicely on the 480 x 272 LCD with an NES controller plugged into the USB port originally intended for software updates. The thermostat runs on a STM32F429 which is an ARM9 processor that has the juice to pull it off. The Doom engine being used is based on Chocolate Doom, an open source port of the game, and the binaries can be downloaded for Windows and Mac. The source code is also available as a download for your tinkering pleasure. This project by [cz7asm]  is extended from a code on GitHub by [floppes] that was meant for the STM32F429IDISCOVERY evaluation board.

The author shares his code for the STM32F4 on Dropbox as a zip and in order to compile it, the Atmel BSP for GNU GCC is used. The video below demonstrates the hack in action and, though there is no sound yet, the satisfaction that comes from such modifications is its own reward.

What else can you run Doom on? How about a calculator or maybe the Intel Edison or even an ATM machine! If there is a processor with enough muscle power, hackers will find a way to run Doom on it. So have you seen any alien computers lately that you think can be hacked? Continue reading “Doomed Thermostat”

Javascript Art is in the URL

[Alexander Reben] makes tech art, and now he’s encouraging you to do the same — within a URL. The gimmick? Making the code small enough to fit the data portion of a link. And to help with that, he has set up a webpage that uncompresses and wraps code from the URL and inserts it into the HTML on the fly. His site essentially applies or un-applies all the tricks of JS minification in the URL, and turns that into content.

So, for instance,https://4QR.xyz/c/?eJzzSM3JyVcIzy_KSVEEABxJBD4 uncompresses to a webpage that says “Hello World!”. But the fun really starts when you start coding up “art” in Javascript or HTML5. There are a few examples up in the gallery right now, but [Alexander] wants you to contribute your own. The banner is from this link.

Something strikes us as fishy about passing JS code opaquely in links, but since the URL decodes on [Alexander]’s server, we don’t see the XSS attack just yet. If you can find the security problem with this setup, or better yet if you write up a nice animation, let us know in the comments.

Cheap Smarthome Gadget(s) Hacked into Zigbee Sniffer

French hacker [akila] is building up a home automation system. In particular, he’s been working with the “SmartHome” series of gadgets made by Chinese smartphone giant, Xiaomi. First, he started off by reverse-engineering their very nicely made temperature and humidity sensor. (Original in French, hit the translate button in the lower right.) With that under his belt, he opened up the PIR motion sensor unit to discover that it has the same debugging pinouts and the same processor. Almost too easy.

For a challenge, [akila] decided it was time to implement something useful in one of these gadgets: a ZigBee sniffer so that he can tell what’s going on in the rest of his home network. He built a USB/serial programming cable to work with the NXP JN5169’s bootloader, downloaded the SDK, and rolled up his sleeves to get to work.

While trolling through the SDK, he found some interesting firmware called “JennicSniffer”. Well, that was easy. There’s a demo version of a protocol analyzer that he used. It would be cool to get this working with Wireshark, but that’s a project for another day. [Akila] got far enough with the demo analyzer to discover that the packets sent by the various devices in the home network are encrypted. That’s good news for the security-conscious out there and stands as the next open item on [akila]’s to-do list.

We don’t see as many ZigBee hacks as we’d expect, but they’ve definitely got a solid niche in home automation because of commercial offerings like Philips Hue and Wink. And of course, there’s the XBee line of wireless communications modules. We just wrote up a ZigBee hack that aims to work with the Hue system, though, so maybe times are changing?

Another Day, Another “IoT” Backdoor

As if you needed any reason other than “just for the heck of it” to hack into a gadget that you own, it looks like nearly all of the GSM-to-IP bridge devices make by DBLTek have a remotely accessible “secret” backdoor account built in. We got sent the link via Slashdot which in turn linked to this story on Techradar. Both include the scare-words “Chinese” and “IoT”, although the devices seem to be aimed at small businesses, but everything’s “IoT” these days, right?

What is scary, however, is that the backdoor isn’t just a sloppy debug account left in, but rather only accessible through an elaborate and custom login protocol. Worse still, when the company was contacted about the backdoor account, they “fixed” the problem not by removing the account, but by making the “secret” login procedure a few steps more complicated. Which is to say, they haven’t fixed the problem at all.

This issue was picked up by security firm Trustwave, but they can’t check out every device on the market all the time. We may be preaching to the choir here, but if you’re ever wondering why it’s important to be able to break into stuff that you own, here’s another reminder.