The Story Behind The TVGuardian Curse Catcher

December 14, 2022 by Chris Lott 23 Comments

The recent flurry of videos and posts about the TVGuardian foul language filter brought back some fond memories. I was the chief engineer on this project for most of its lifespan. You’ve watched the teardowns, you’ve seen the reverse engineering, now here’s the inside scoop.

Gumby is Born

TVG Model 101 Gumby (Technology Connections)

Back in 1999, my company took on a redesign project for the TVG product, a box that replaced curse words in closed-captioning with sanitized equivalents. Our first task was to take an existing design that had been produced in limited volumes and improve it to be more easily manufactured.

The original PCB used all thru-hole components and didn’t scale well to large quantity production. Replacing the parts with their surface mount equivalents resulted in Model 101, internally named Gumby for reasons long lost. If you have a sharp eye, you will have noticed something odd about two parts on the board as shown in [Ben Eater]’s video. The Microchip PIC and the Zilog OSD chip had two overlapping footprints, one for thru-hole and one for SMD. Even though we preferred SMD parts, sometimes there were supply issues. This was a technique we used on several designs in our company to hedge our bets. It also allowed us to use a socketed ICs for testing and development. Continue reading “The Story Behind The TVGuardian Curse Catcher” →

Getting Root On A Chinese IP Camera

December 12, 2022 by Maya Posch 67 Comments

With so many cheap network-connected devices out there being Linux-powered, it’s very tempting to try and hack into them, usually via a serial interface. This was the goal of [Andrzej Szombierski] when he purchased a cheap Chinese IP camera using an XM530 ARM-based SoC to explore and ultimately get root access on. This camera’s firmware provides the usual web interface on its network side, but it also has a UART on its PCB, courtesy of the unpopulated four-pin header.

Merely firing up a serial terminal application and connecting to this UART is not enough to get access, of course. The first obstacle that [Andrzej] struggled with was that U-Boot was configured to not output Linux kernel boot messages. After tackling that issue with some creative hacking, the next challenge was to figure out the root password, using a dump of the firmware image, which led to even more exploration of the firmware and the encoding used for the root password.

Even if some part of these challenges were possibly more accidental than on purpose by the manufacturer, it shows how these SoC-based Linux devices can put up quite a fight. This then leaves the next question, of what to do with such an IP camera after you have gained root access?

DIY Comparatron Helps Trace Tiny, Complex Objects

December 11, 2022 by Donald Papp 21 Comments

Hackers frequently find themselves reverse-engineering or interfacing to existing hardware and devices, and when that interface needs to be a physical one, it really pays to be able to take accurate measurements.

This is easy to do when an object is big enough to fit inside calipers, or at least straight enough to be laid against a ruler. But what does one do when things are complex shapes, or especially small? That’s where [Cameron]’s DIY digital optical comparator comes in, and unlike commercial units it’s entirely within the reach (and budget) of a clever hacker.

The Comparatron is based off a CNC pen plotter, but instead of a pen, it has a USB microscope attached with the help of a 3D-printed fixture. Serving as a background is an LED-illuminated panel, the kind useful for tracing. The physical build instructions are here, but the image should give most mechanically-minded folks a pretty clear idea of how it fits together.

Continue reading “DIY Comparatron Helps Trace Tiny, Complex Objects” →

A Cheap 3D Printer Control Panel As A General Purpose Interface

December 1, 2022 by Jenny List 15 Comments

Browsing the usual websites for Chinese electronics, there are a plethora of electronic modules for almost every conceivable task. Some are made for the hobbyist or experimenter market, but many of them are modules originally designed for a particular product which can provide useful functionality elsewhere. One such module, a generic control panel for 3D printers, has caught the attention of [Bjonnh]. It contains an OLED display, a rotary encoder, and a few other goodies, and he set out to make use of it as a generic human interface board.

To be reverse engineered were a pair of 5-pin connectors, onto which is connected the rotary encoder and display, a push-button, a set of addressable LEDs for backlighting, a buzzer, and an SD card slot. Each function has been carefully unpicked, with example Arduino code provided. Usefully the board comes with on-board 5 V level shifting.

While we all like to build everything from scratch, if there’s such an assembly commonly available it makes sense to use it, especially if it’s cheap. We’re guessing this one will make its way into quite a few projects, and that can only be a good thing.

Silicon Sleuthing: Finding A Ancient Bugfix On The 8086

November 28, 2022 by Al Williams 31 Comments

Few CPUs have had the long-lasting influence that the 8086 did. It is hard to believe that when your modern desktop computer boots, it probably thinks it is an 8086 from 1978 until some software gooses it into a more modern state. When [Ken] was examining an 8086 die, however, he noticed that part of the die didn’t look like the rest. Turns out, Intel had a bug in the original version of the 8086. In those days you couldn’t patch the microcode. It was more like a PC board — you had to change the layout and make a new one to fix it.

The affected area is the Group Decode ROM. The area is responsible for categorizing instructions based on the type of decoding they require. While it is marked as a ROM, it is more of a programmable logic array. The bug was pretty intense. If an interrupt followed either a MOV SS or POP SS instruction, havoc ensues.

Continue reading “Silicon Sleuthing: Finding A Ancient Bugfix On The 8086” →

Unlocking A Locked-Down Inverter

November 25, 2022 by Jenny List 21 Comments

There was a time when a mains inverter was a heavy, expensive, and not particularly powerful item, but thanks to switch-mode technology we are now spoiled for choice. Most inverters still work with 12 V or 24 V supplies though, so when [Chris Jones] was looking for one to run from 36 V batteries, he found a limited supply. Sadly the Greenworks model he ended up with was affordable, but locked to a particular battery by means of a serial line between battery and inverter. Buy the special battery? No, he did what any hacker would do, and modified the inverter to do without it.

Tracing the serial link led to a mystery chip, probably a microcontroller but without available data. It in turn had a line to an 8051 derivative that seemed to be the brains of the operation. Acting on a hunch he pulled down the line with a resistor, and as if by magic, a working inverter appeared.

As you might expect, here at Hackaday we abhor such tricks by manufacturers, and thus any moves to circumvent them are to be applauded. It would be extremely interesting were anyone to have the Greenworks battery to subject to some reverse engineering of the profile.

Meanwhile if this is a little complex for you, there is a much simpler way to make a rough and ready inverter.

Reverse Engineering “The Seven Words (and More) You Can’t Say On TV”

November 21, 2022 by Dan Maloney 24 Comments

For as visionary as he was, [George Carlin] vastly underestimated the situation with his classic “Seven Words You Can’t Say on TV” bit. At least judging by [Ben Eater]’s reverse engineering of the “TVGuardian Foul Language Filter” device, it seems like the actual number is at least 20 times that.

To begin at the beginning, a couple of weeks ago [Alec] over at everyone’s favorite nerd hangout Technology Connections did a video on the TVGuardian, a device that attempted to clean up the language of live TV and recorded programming. Go watch that video for the details, but for a brief summary, TVGuardian worked by scanning the closed caption text for naughty words and phrases, muted the audio when something suggestive was found in a lookup table, and inserted a closed caption substitute for the offensive content. In his video, [Alec] pined for a way to look at the list of verboten words, and [Ben] accepted the challenge.

The naughty word list ended up living on a 93LC86 serial EEPROM, which [Ben] removed from his TVGuardian for further exploration. Rather than just plug it into a programmer and dumping the contents, he decided to roll his own decoder with an Arduino, because that’s more fun. And can we just point out our ongoing amazement that [Ben] is able to make watching someone else code interesting?

The resulting NSFW word list is titillating, of course, and the video would be plenty satisfying if that’s where it ended. But [Ben] went further and figured out how the list is organized, how the dirty-to-clean substitutions are made, and even how certain words are whitelisted. That last bit resulted in the revelation that Hollywood legend [Dick Van Dyke] gets a special whitelisting, lest his name becomes sanitized to a hilarious [Jerk Van Gay].

Hats off to [Alec] for inspiring [Ben]’s fascinating reverse engineering effort here.

Continue reading “Reverse Engineering “The Seven Words (and More) You Can’t Say On TV”” →