reverse engineering

399 Articles

Inside Starlink’s User Terminal

May 14, 2025 by 31 Comments

If you talk about Starlink, you are usually talking about the satellites that orbit the Earth carrying data to and from ground stations. Why not? Space is cool. But there’s another important part of the system: the terminals themselves. Thanks to [DarkNavy], you don’t have to tear one open yourself to see what’s inside.

The terminal consists of two parts: the router and the antenna. In this context, antenna is somewhat of a misnomer, since it is really the RF transceiver and antenna all together. The post looks only at the “antenna” part of the terminal.

Continue reading “Inside Starlink’s User Terminal”

Dollar bill validator

Reading The Color Of Money

May 11, 2025 by 9 Comments

Ever wondered what happens when you insert a bill into a vending machine? [Janne] is back with his latest project: reverse engineering a banknote validator. Curious about how these common devices work, he searched for information but found few resources explaining their operation.

To learn more, [Janne] explored the security features that protect banknotes from counterfeiting. These can include microprinting, UV and IR inks, holograms, color-shifting coatings, watermarks, magnetic stripes, and specialty paper. These features not only deter fraud but also enable validators to quickly verify a bill’s authenticity.

Continue reading “Reading The Color Of Money”

Libogc Allegations Rock Wii Homebrew Community

May 1, 2025 by 59 Comments

Historically, efforts to create original games and tools, port over open source emulators, and explore a game console’s hardware and software have been generally lumped together under the banner of “homebrew.” While not the intended outcome, it’s often the case that exploring a console in this manner unlocks methods to run pirated games. For example, if a bug is found in the system’s firmware that enables a clever developer to run “Hello World”, you can bet that the next thing somebody tries to write is a loader that exploits that same bug to play a ripped commercial game.

But for those who are passionate about being able to develop software for their favorite game consoles, and the developers who create the libraries and toolchains that make that possible, the line between homebrew and piracy is a critical boundary. The general belief has always been that keeping piracy at arm’s length made it less likely that the homebrew community would draw the ire of the console manufacturers.

As such, homebrew libraries and tools are held to a particularly high standard. Homebrew can only thrive if developed transparently, and every effort must be taken to avoid tainting the code with proprietary information or code. Any deviation could be the justification a company like Nintendo or Sony needs to swoop in.

Unfortunately, there are fears that covenant has been broken in light of multiple allegations of impropriety against the developers of libogc, the C library used by nearly all homebrew software for the Wii and GameCube. From potential license violations to uncomfortable questions about the origins of the project, there’s mounting evidence that calls the viability of the library into question. Some of these allegations, if true, would effectively mean the distribution and use of the vast majority of community-developed software for both consoles is now illegal.

Continue reading “Libogc Allegations Rock Wii Homebrew Community”

Reverse Engineering The IBM PC110, One PCB At A Time

April 6, 2025 by 10 Comments

There’s a dedicated group of users out there that aren’t ready to let their beloved IBM PC110 go to that Great Big Data Center in the Sky. Unfortunately, between the limited available technical information and rarity of replacement parts, repairing the diminutive palmtops can be tricky.

Which is why [Ahmad Byagowi] has started a project that aims to not only collect all the available schematics and datasheets that pertain to the machine, but to reverse engineer all of the computer’s original circuit boards. Working from optical and x-ray scans, the project has already recreated the motherboard, power supply, modem, keyboard, and RAM module PCBs in KiCad.

Just last week the project released production-ready Gerbers for all the boards, but considering there have been 45+ commits to the repository since then, we’re going to assume they weren’t quite finalized. Of course, with a project of this magnitude, you’d expect it to take a few revisions to get everything right. (Hell, we’ve managed to screw up board layouts that had fewer than a dozen components on them.)

If you’d like to lend a hand, [Ahmad] says he could use the help. Beyond checking the boards for problems and reporting issues, he’s also on the hunt for any datasheets or other documentation that can be found for the PC110 or its components. It looks like there’s still schematic work that needs to be done as well, so if your idea of zen is figuring out how ~30 year old computers were wired up internally, this might be the perfect summer project for you.

Interestingly, our very own [Arya Voronova] has been working on creating a drop-in replacement motherboard for the Sony Vaio P using KiCad and imported board images. That hobbyists are now able to do this kind of work using free and open source tools is a reminder of just how far things have come in the last few years.

Thanks to [adistuder] for the tip.

Software Hacks Unlock Cheap Spectrometer

March 31, 2025 by 24 Comments

A spectrometer is one of those tools that many of us would love to have, but just can’t justify the price of. Sure there are some DIY options out there, but few of them have the convenience or capability of what’s on the commercial market. [Chris] from Zoid Technology recently found a portable spectrometer complete with Android application for just $150 USD on AliExpress which looked very promising…at least at first.

The problem is that the manufacturer, Torch Bearer, offers more expensive models of this spectrometer. In an effort to push users into those higher-priced models, arbitrary features such as data export are blocked in the software. [Chris] first thought he could get around this by reverse engineering the serial data coming from the device (interestingly, the spectrometer ships with a USB-to-serial adapter), but while he got some promising early results, he found that the actual spectrometer data was obfuscated — a graph of the results looked like stacks of LEGOs.

Continue reading “Software Hacks Unlock Cheap Spectrometer”

I2C Sniffing Comes To The Bus Pirate 5

March 12, 2025 by 6 Comments

While the Bus Pirate 5 is an impressive piece of hardware, the software is arguably where the project really shines. Creator [Ian Lesnet] and several members of the community are constantly working to add new features and capabilities to the hardware hacking multi-tool, to the point that if your firmware is more than a few days old there’s an excellent chance there’s a fresher build available for you to try out.

One of the biggest additions from the last week or so of development has been the I2C sniffer — a valuable tool for troubleshooting or reverse engineering devices using the popular communications protocol. [Ian] has posted a brief demo video of it in action.

It’s actually a capability that was available in the “classic” versions of the Bus Pirate, but rather than porting the feature over from the old firmware, [Ian] decided to fold the MIT licensed pico_i2c_sniffer from [Juan Schiavoni] into the new codebase. Thanks to the RP2040’s PIO, the sniffer works at up to 500 kHz, significantly outperforming its predecessor.

Admittedly, I2C sniffing isn’t anything you couldn’t do with a cheap logic analyzer. But that means dealing with captures and making sure the protocol decoder is setup properly, among other bits of software tedium. In comparison, once you start the sniffer program on the Bus Pirate 5, I2C data will be dumped out to the terminal in real-time for as long as you care to see it. For reverse engineering, it’s also very easy to move quickly from sniffing I2C packets to replaying or modifying them within the Bus Pirate’s interface.

If you already have a Bus Pirate 5, all you need to do is flash the latest firmware from the automated build system, and get sniffing. On the fence about picking one up? Perhaps our hands-on review will help change your mind.

Shellcode Over MIDI? Bad Apple On A PSR-E433, Kinda

January 23, 2025 by 6 Comments

If hacking on consumer hardware is about figuring out what it can do, and pushing it in directions that the manufacturer never dared to dream, then this is a very fine hack indeed. [Portasynthica3] takes on the Yamaha PSR-E433, a cheap beginner keyboard, discovers a shell baked into it, and takes it from there.

[Portasynthinca3] reverse engineered the firmware, wrote shellcode for the device, embedded the escape in a MIDI note stream, and even ended up writing some simple LCD driver software totally decent refresh rate on the dot-matrix display, all to support the lofty goal of displaying arbitrary graphics on the keyboard’s dot-matrix character display.

Now, we want you to be prepared for a low-res video extravaganza here. You might have to squint a bit to make out what’s going on in the video, but keep in mind that it’s being sent over a music data protocol from the 1980s, running at 31.25 kbps, displayed in the custom character RAM of an LCD.

As always, the hack starts with research. Identifying the microcontroller CPU lead to JTAG and OpenOCD. (We love the technique of looking at the draw on a bench power meter to determine if the chip is responding to pause commands.) Dumping the code and tossing it into Ghidra lead to the unexpected discovery that Yamaha had put a live shell in the device that communicates over MIDI, presumably for testing and development purposes. This shell had PEEK and POKE, which meant that OpenOCD could go sit back on the shelf. Poking “Hello World” into some free RAM space over MIDI sysex was the first proof-of-concept.

The final hack to get video up and running was to dig deep into the custom character-generation RAM, write some code to disable the normal character display, and then fool the CPU into calling this code instead of the shell, in order to increase the update rate. All of this for a thin slice of Bad Apple over MIDI, but more importantly, for the glory. And this hack is glorious! Go check it out in full.

MIDI is entirely hacker friendly, and it’s likely you can hack together a musical controller that would wow your audience just with stuff in your junk box. If you’re at all into music, and you’ve never built your own MIDI devices, you have your weekend project.

Continue reading “Shellcode Over MIDI? Bad Apple On A PSR-E433, Kinda”