Drone Gives Up Its Wireless Secrets To Zigbee Sniffer

There’s something thrilling about decoding an unknown communications protocol. You start with a few clues, poke at the problem with some simple tools, and eventually work your way up to that first breakthrough that lets you crack the code. It can be frustrating, but when you eventually win, it can be very rewarding.

It seems that [Jason] learned this while decoding the wireless conversation between his mass-market quad and its controller. The quad in question, a Yuneec Q500, is one of those mid-range, ready-to-fly drones that’s targeted at those looking to get in the air easily and take some cool pictures. Unsure how the drone and controller were talking, [Jason] popped the covers and found a Zigbee chipset within. With the help of a $14 Zigbee USB dongle and some packet sniffing software from TI, [Jason] was able to see packets flowing, but decoding them was laborious. Luckily, the sniffer app can be set up to stream packets to another device, so [Jason] wrote a program to receive and display packets. He used that to completely characterize each controller input and the data coming back from the drone. It’s a long and strange toolchain, but the upshot is that he’s now able to create KML in real time and track the drone on Google Earth as it flies. The video below shows the build and a few backyard test flights.

Congratulations to [Jason] for breaking the protocol and opening up drones like this for other hackers. If you’re interested in learning more about Zigbee sniffing, you can actually hack a few smarthome gadgets into useful sniffers.

Continue reading “Drone Gives Up Its Wireless Secrets To Zigbee Sniffer”

Spanning The Tree : Dr Radia Perlman & Untangling Networks

As computer networks get bigger, it becomes increasingly hard to keep track of the flow of data over this network. How do you route data, making sure that the data is spread to all parts of the network? You use an algorithm called the spanning tree protocol — just one of the contributions to computer science of a remarkable engineer, Dr. Radia Perlman. But before she created this fundamental Internet protocol, she also worked on LOGO, the first programming language for children, creating a dialect for toddlers.

Continue reading “Spanning The Tree : Dr Radia Perlman & Untangling Networks”

This Thermal Printer has Serious Game

[Dhole], like the fox, isn’t the first to connect his computer to a Game Boy printer but he has done a remarkable job of documenting the process so well that anyone can follow. The operation is described well enough that it isn’t necessary to scrutinize his code, so don’t be put off if C and Rust are not your first choices. The whole thing is written like a story in three chapters.

The first chapter is about hacking a link cable between two Game Boys. First, he explains the necessity and process of setting the speed of his microcontroller, a NUCLEO-F411RE development board by STMicroelectronics. Once the rate is set, he builds a sniffer by observing the traffic on the cable and listens in on two Game Boys playing Tetris in competition mode. We can’t help but think that some 8-bit cheating would be possible if Tetris thought your opponent instantly had a screen overflowing with tetrominoes. Spying on a couple of Game Boys meant that no undue stress was put on the printer.

Chapter two built on the first chapter by using the protocol to understand how the printer expects to be spoken to. There is plenty of documentation about this already, and it is thoughtfully referenced. It becomes possible to convince a Game Boy that the connected microcontroller is a printer so it will oblige by sending an image. Since there isn’t a reason to wait for printing hardware, the transfer is nearly instantaneous. In the image above, you can see a picture of [Dhole] taken by a Game Boy camera.

The final chapter, now that all the protocols are understood, is also the climax where the computer and microcontroller convince the printer they are a Game Boy that wants to print an image. In the finale, we get another lesson about measuring controller frequency without an oscilloscope. If you are looking for the hack, there it is. There is a handful of success in the form of old receipts with superimposed grayscale images since virgin thermal printer paper by Nintendo costs as much as a used printer.

This story had a happy ending but grab your reading glasses for the smallest Game Boy and here’s someone who wrote their own Game Boy color game.

Voltmeter Speaks MQTT Without Libraries

[Emilio Ficara] [built himself an Internet-connected MQTT multimeter](http://ficara.altervista.org/) (translated from Italian by robots). Or maybe we should say that [Emilio Ficara] undertook a long string of cool hacks that ended up in a WiFi-enabled multimeter, because the destination isn’t nearly as interesting as the voyage.

debugtool-sch

The multimeter, a DT-4000ZC, has a serial output but instead of transferring the data directly, it sends which cells on the LCD screen need to be activated. For testing along the way, [Emilio] used his own USB-serial-to-ESP01 dongle, which sounds like a useful tool to have around if you’re debugging an AT command session. He made a cute AVR SPI-port debugging aid with a reset button and diagnostic LEDs that we’re going to copy right now. Other home-made tools, like a 3.7V Li-ion battery manager and a serial data snooper make this project worth a look.

Continue reading “Voltmeter Speaks MQTT Without Libraries”

Hacking Google Daydream to work with iOS

The Google Daydream is a VR headset with a controller, and according to the folks at Google, “It’s not currently compatible with iOS and won’t be for several years probably.” OK.

This inspired [Matteo Pisani] to get to work on the protocol that it uses to speak with Android phones. Cutting to the chase, he got it working in several days.

There really wasn’t all that much to it. The controller sends data over Bluetooth, and [Matteo] noticed an “unknown” device on the network. Looking inside the data that it sent, it changed when he moved the controller. Not so unknown now! The rest of the work consisted of writing applications to test hypotheses, waving the controller around, and finding out if he was right. Read up if you’re interested in implementing this yourself.

We love protocol hacks here. From running quadcopters on your own remotes, to simply trying to turn on a lightbulb, it’s getting more and more important that we understand the various languages that our devices speak.

PJON, Fancy One Wire Arduino Communications Protocol For Home Automation

PJON, pronounced like the iridescent sky rats found in every city, is a cool one wire protocol designed by [gioblu].

[gioblu] wasn’t impressed with the complications of I2C. He thought one-wire was too proprietary, too complicated, and its Arduino implementations did not impress. What he really wanted was a protocol that could deal with a ton of noise and a weak signal in his home automation project with the smallest amount of wiring possible.

That’s where is his, “Padded Jittering Operative Network,” comes in. It can support up to 255 Arduinos on one bus and its error handling is apparently good enough that you can hold an Arudino in one hand and see the signals transmitted through your body on the other. The fact that a ground and a signal wire is all you need to run a bus supporting 255 devices and they’ll play nice is pretty cool, even if the bandwidth isn’t the most extreme.

Aside from the cool of DIY protocols. We really enjoyed reading the wiki describing it. Some of the proposed uses was running your home automation through your ducting or water pipes (which should be possible if you’re really good at isolating your grounds). Either way, the protocol is neat and looks fun to use. Or check out PJON_ASK if you want to do away with that pesky single wire.

Decoding and Replicating Xantrex Solar Charge Data

This is a story mostly of decoding data, but there is a happy ending that includes turning that decoding work into an open source receiver. Xantrex solar charge controllers monitor a lot of data about what is happening with your solar panels, and they stream it over RJ25 but you need their add-on hardware to receive it. [Eric Herbers] figured if the data is being transmitted, a resourceful hackers should be able to decode it. And he did just that with a little help from his friends in the Hackaday community.

We asked on Twitter what people were working on and [Eric] posted his scope screenshot. The conversation that followed helped point him in the right direction and others knowing about the project surely drove him to finish it. The decoding isn’t perfect, but achieve enough to decode and display voltage, amperage, and temperature. [Eric] built the display unit using an Arduino Pro Mini and a character LCD housed in you most common of black project boxes.