The only thing more surprising than finding out TiVo actually put out a new 4K set-top box recently is learning that somehow they didn’t bother to build WiFi into the thing. You’re forced to buy a special wireless adapter to the tune of $60 USD to add the feature. We’d make a joke about the company living in the past, but frankly, it would be too easy.
Having to buy just one of these expensive dongles in 2020 would be insulting enough, but TiVo superfan [xxbiohazrdxx] needed four of them. Rather than hand nearly $250 to the antennae-headed overlords, they decided to reverse engineer the adapter and produce their own low-cost version. While the final result might not be as slim and svelte as the original, it does come in at less than 1/4 the price.
Operating under the assumption that the TiVo would only talk to a WiFi adapter based on the same Broadcom BCM43569 chipset used in the official one, [xxbiohazrdxx] started by trying to find a standard USB dongle that might be a drop-in replacement. Unfortunately, it looks like this particular chip was almost exclusively used in proprietary applications, most commonly as a WiFi board inside of smart TVs. But as it turns out, that wasn’t necessarily a deal breaker.
After some searching, [xxbiohazrdxx] eventually found the promising CyberTAN NU361-HS board. Not only was it based on the right chipset and ran from 5 volts, but its FCC ID entry had a complete pinout for the connector. This particular WiFi module is used in a number of budget TVs and is widely available as a spare part for less than $10. By combing the board and a USB breakout PCB inside of a 3D printed case, you’ve got a plug-and-play WiFi adapter that the TiVo thinks is the real deal.
There was a time when Hackaday was flooded with TiVo hacks, but it’s now been more than a decade since cheap carrier-provided DVRs ate the company’s lunch. Realistically, there’s an excellent chance that this post will be the only time a mention of the once-mighty DVR graces the front page in 2020. While the reign of the TiVo might be at its end, the impact it had as one of the first Linux-powered consumer devices will be etched in hacker history forever.
This deep dive into the Linux-powered Reolink B800 IP camera started because of a broken promise from its manufacturer. When [George Hilliard] purchased a kit that included six of the cameras and a video recorder, the website said they were capable of outputting standard RTSP video. But once he took delivery of the goods, and naturally after his return window had closed, the site was updated to say that the cameras can only function with the included recorder.
Taking that as something of challenge, [George] got to work. His first big break came when he desoldered the camera’s SPI flash chip and replaced it with a socket. That allowed him to easily take the chip out of the device for reading and flashing as he tinkered with modifying the firmware. After adding cross-compiled versions of
strace to the extracted firmware, he bundled it back up and flashed it back to the hardware.
If you think that’s the end of the story, it isn’t. In fact, it’s just the beginning. While getting root-level access to the camera’s OS would have potentially allowed for [George] to dump all the proprietary software it was running and replace it with open alternatives, he decided to take a different approach.
Instead of replacing the camera’s original software, he used his newly granted root powers to analyze it and figure out how it worked. This allowed for to sniff out some very suspect “encryption” routines built into the software, and eventually write his own server side in Rust that finally allowed him to use the cameras with his own server…albeit with a bit more work than he bargained for.
Projects like these are a fantastic look at real world reverse engineering, and a reminder that sometimes achieving your ultimate goal means taking the long way around. Even if you’re not in the market for a hacked security camera, there’s no doubt that reading the thorough write-up [George] has prepared will teach you a few things. But of course, we’d expect no less from a guy who runs Linux on his business card.
Proprietary components are the bane of anyone who dares to try and repair their own hardware. Nonstandard sizes, lack of labeling or documentation, and unavailable spare parts are all par for the course. [Jason] was unlucky enough to have an older Dell computer with a broken, and proprietary, cooling fan on it and had to make some interesting modifications to replace it.
The original fan had three wires and was controlled thermostatically, meaning that a small thermistor would speed up the the fan as the temperature increased. Of course, the standard way of controlling CPU fans these days is with PWM, so he built a circuit which essentially converts the PWM signal from the motherboard into a phantom thermistor. It’s even more impressive that it was able to be done with little more than a MOSFET and a Zener diode.
Unfortunately, there was a catch. The circuit only works one way, meaning the fan speed doesn’t get reported to the motherboard and the operating system thinks the fan has failed. But [Jason] simply disabled the warning and washed his hands of that problem. If you don’t want to use a CPU fan at all, you can always just dunk your entire computer in mineral oil.
Some companies insist on using proprietary pieces. It can be really frustrating when there is no apparent reason other than consumer lock in. It irritates us to feel like we’re being forced to buy their pieces. This is one of the more popular reasons listed when you ask a hacker or modder what got them started. This project takes us through making a normal power supply work with the compaq proprietary 14 pin plug found in some smaller desktop PCs.
Aside from the plug itself being different, the motherboards require a 3.3v standby voltage. A normal power supply usually only has a 5v. Though there are even simpler ways of bypassing the issue, he chose to put an inline voltage regulator. Schematics are available on the site.
[via Hacked Gadgets]