Dealing With Missing Pin Allocations

October 12, 2019 by Sharon Lin 3 Comments

Blindsided by missing pin allocations? Perhaps you’re working on a piece of hardware and you notice that the documentation is entirely wrong. How can you get your device to work?

[Dani Eichhorn]’s troubles began when running an IoT workshop using a camera module. Prior to the work, no one had through to check if all of the camera modules ordered for the participants were the same. As it turns out, the TTGO T-CAM module had a number of revisions, with some even receiving a temperature/pressure sensor fixed on top of the normal board.

While the boards may have looked the same, their pin allocations were completely different.Changing the pin numbers wouldn’t have been difficult if they were simply numbered differently, but because the configurations were different, errors started to abound: Could not initialize the camera

As it turns out, even the LillyGo engineers – the manufacturers of the board – may have gotten a bit lost while working on the pin allocations, as [Eichhorn] was able to find some of the pins printed right onto the PCB, hidden behind the camera component.

To find information not printed on the board, a little more digging was required. To find the addresses of the devices connected to the I2C bus, running a program to find peripherals listening on the bus did the trick. This was able to print out the addresses of the SSD1306 OLED display driver and the microphone for the board at hand.

To find the pins of peripherals not printed on the PCB or hidden on the silkscreen, a GPIO scanner did the trick. This in particular worked for finding the PIR (passive infrared) motion sensor.

We picked up a few tips and tricks from this endeavor, but also learned that reverse-engineering anything is hard, and that there isn’t any one method for finding pin allocations when the documentation’s missing.

Hackaday Links: September 8, 2019

September 8, 2019 by Dan Maloney 7 Comments

We start this week with very sad news indeed. You may have heard about the horrific fire on the dive boat Conception off Santa Cruz Island last week, which claimed 33 lives. Sadly, we lost one of our own in the tragedy: Dan Garcia, author of the wildly popular FastLED library. Dan, 46, was an Apple engineer who lived in Berkley; his partner Yulia Krashennaya died with him. Our community owes Dan a lot for the work he put into FastLED over the last seven years, as many an addressable LED is being driven by his code today. Maybe this would be a good chance to build a project that uses FastLED and add a little light to the world, courtesy of Dan.

In happier news, the biggest party of the hardware hacking year is rapidly approaching. That’s right, the 2019 Hackaday Superconference will be upon us before you know it. Rumor has it that there aren’t that many tickets left, and we haven’t even announced the slate of talks yet. That’s likely to clean out the remaining stock pretty darn quickly. Are you seriously prepared to miss this? It seems like a big mistake to us, so why don’t you hop over and secure your spot before you’re crying into your Club-Mate and wondering what all the cool kids will be doing in November.

Of course one of the highlights of Superconference is the announcement of the Hackaday Prize winner. And while we naturally think our Prize is the best contest, that doesn’t mean there aren’t others worth entering. MyMiniFactory, the online 3D-printing community, is currently running a “Design with Arduino” competition that should be right up the alley of Hackaday readers. The goal is simple: submit a 3D-printed design that incorporates Arduino or other electronics. That’s it! Entries are accepted through September 16, so you’ve still got plenty of time.

Sometimes you see something that just floors you. Check out this tiny ESP32 board. It doesn’t just plug into a USB port – it fits completely inside a standard USB Type A jack. The four-layer board sports an ESP32, FTDI chip, voltage regulator, an LED and a ceramic antenna for WiFi and Bluetooth. Why would you want such a thing? Why wouldn’t you! The board is coming soon on CrowdSupply, so we hope to see projects using this start showing up in the tipline soon.

Here’s a “why didn’t I think of that?” bench tip that just struck us as brilliant. Ever had to probe a board to trace signal paths? It’s a common enough task for reverse engineering and repairs, but with increasingly dense boards, probing a massive number of traces is just too much of a chore. Hackaday superfriend Mike Harrison from “mikeselectricstuff” makes the chore easier with a brush made from fine stainless wires crimped into a ring terminal. Attached to one probe of a multimeter, the brush covers much more of the board at a time, finding the general area where your trace of interest ends up. Once you’re in the neighborhood you can drop back to probing one pad at a time. Genius! We’d imagine a decent brush could also be made from a bit of coax braid too.

Another shop tip to wrap up this week, this one for woodworkers and metalworkers alike. Raw materials are expensive, and getting the most bang for your buck is often a matter of carefully laying out parts on sheet goods to minimize waste. Doing this manually can be a real test of your spatial relations skills, so why not automate it with this cut list optimizer? The app will overlay parts onto user-defined rectangles and snuggle them together to minimize waste. The program takes any units, can account for material lost to kerfs, and will even respect grain direction if needed. It’s built for wood, but it should prove useful for sheet metal on a plasma cutter, acrylic on a laser, or even PCBs on a panel.

The Amazon Dash Button: A Retrospective

August 27, 2019 by Kerry Scharfglass 38 Comments

The Internet of Things will revolutionize everything! Manufacturing? Dog walking? Coffee bean refilling? Car driving? Food eating? Put a sensor in it! The marketing makes it pretty clear that there’s no part of our lives which isn’t enhanced with The Internet of Things. Why? Because with a simple sensor and a symphony of corporate hand waving about machine learning an iPhone-style revolution is just around the corner! Enter: Amazon Dash, circa 2014.

The first product in the Dash family was actually a barcode scanning wand which was freely given to Amazon Fresh customers and designed to hang in the kitchen or magnet to the fridge. When the Fresh customer ran out of milk they could scan the carton as it was being thrown away to add it to their cart for reorder. I suspect these devices were fairly expensive, and somewhat too complex to be as frequently used as Amazon wanted (thus the extremely limited launch). Amazon’s goal here was to allow potential customers to order with an absolute minimum of friction so they can buy as much as possible. Remember the “Buy now with 1-Click” button?

That original Dash Wand was eventually upgraded to include a push button activated Alexa (barcode scanner and fridge magnet intact) and is generally available. But Amazon had pinned its hopes on a new beau. Mid 2015 Amazon introduced the Dash Replenishment Service along with a product to be it’s exemplar – the Dash Button. The Dash Button was to be the 1-Click button of the physical world. The barcode-scanning Wands require the user to remember the Wand was nearby, find a barcode, scan it, then remember to go to their cart and order the product. Too many steps, too many places to get off Mr. Bezos’ Wild Ride of Commerce. The Dash Buttons were simple! Press the button, get the labeled product shipped to a preconfigured address. Each button was purchased (for $5, with a $5 coupon) with a particular brand affinity, then configured online to purchase a specific product when pressed. In the marketing materials, happy families put them on washing machines to buy Tide, or in a kitchen cabinet to buy paper towels. Pretty clever, it really is a Buy now with 1-Click button for the physical world.

There were two versions of the Dash button. Both have the same user interface and work in fundamentally the same way. They have a single button (the software can recognize a few click patterns), a single RGB LED (‘natch), and a microphone (no, it didn’t listen to you, but we’ll come back to this). They also had a WiFi radio. Version two (silently released in 2016) added Bluetooth and completely changed the electrical innards, though to no user facing effect.

In February 2019, Amazon stopped selling the Dash Buttons. Continue reading “The Amazon Dash Button: A Retrospective” →

RTL-SDR: Seven Years Later

July 31, 2019 by Tom Nardi 40 Comments

Before swearing my fealty to the Jolly Wrencher, I wrote for several other sites, creating more or less the same sort of content I do now. In fact, the topical overlap was enough that occasionally those articles would get picked up here on Hackaday. One of those articles, which graced the pages of this site a little more than seven years ago, was Getting Started with RTL-SDR. The original linked article has long since disappeared, and the site it was hosted on is now apparently dedicated to Nintendo games, but you can probably get the gist of what it was about from the title alone.

When I wrote that article in 2012, the RTL-SDR project and its community were still in their infancy. It took some real digging to find out which TV tuners based on the Realtek RTL2832U were supported, what adapters you needed to connect more capable antennas, and how to compile all the software necessary to get them listening outside of their advertised frequency range. It wasn’t exactly the most user-friendly experience, and when it was all said and done, you were left largely to your own devices. If you didn’t know how to create your own receivers in GNU Radio, there wasn’t a whole lot you could do other than eavesdrop on hams or tune into local FM broadcasts.

Nearly a decade later, things have changed dramatically. The RTL-SDR hardware and software has itself improved enormously, but perhaps more importantly, the success of the project has kicked off something of a revolution in the software defined radio (SDR) world. Prior to 2012, SDRs were certainly not unobtainable, but they were considerably more expensive. Back then, the most comparable device on the market would have been the FUNcube dongle, a nearly $200 USD receiver that was actually designed for receiving data from CubeSats. Anything cheaper than that was likely to be a kit, and often operated within a narrower range of frequencies.

Today, we would argue that an RTL-SDR receiver is a must-have tool. For the cost of a cheap set of screwdrivers, you can gain access to a world that not so long ago would have been all but hidden to the amateur hacker. Let’s take a closer look at a few obvious ways that everyone’s favorite low-cost SDR has helped free the RF hacking genie from its bottle in the last few years.

Continue reading “RTL-SDR: Seven Years Later” →

Reverse Engineering Cyclic Redundancy Codes

June 27, 2019 by Ted Yapo 17 Comments

Cyclic redundancy codes (CRC) are a type of checksum commonly used to detect errors in data transmission. For instance, every Ethernet packet that brought you the web page you’re reading now carried with it a frame check sequence that was calculated using a CRC algorithm. Any corrupted packets that failed the check were discarded, and the missing data was detected and re-sent by higher-level protocols. While Ethernet uses a particularly common CRC, there are many, many different possibilities. When you’re reverse-engineering a protocol that contains a CRC, although it’s not intended as a security mechanism, it can throw a wrench in your plans. Luckily, if you know the right tool, you can figure it out from just a few sample messages.

A case in point was discussed recently on the hackaday.io Hack Chat, where [Thomas Flayols] came for help reverse engineering the protocol for some RFID tags used for race timing. Let’s have a look at the CRC, how it is commonly used, and how you can reverse-engineer a protocol that includes one, using [Thomas’] application as an example.

Continue reading “Reverse Engineering Cyclic Redundancy Codes” →

Homemade Magic Makes The Metcal Go

June 16, 2019 by Kerry Scharfglass 29 Comments

First soldering irons are often of the ~~Radioshack or Maplin~~ firestarter variety. They’re basically wall power shorted across a nichrome heater or similar with some inline resistance to make it harder to burn down the house. You plug them in, the current flows, and they get hot. Done.

If you stick with the hobby for a while, these eventually get replaced with something like the venerable HAKKO FX-888D or that one Weller everyone likes with the analog knob. These are much improved; having temperature control leads to a more consistently heated tip and much improved soldering experience.

Entering the electronics workplace one comes across the next level of quality soldering iron: high end HAKKOs, Metcals, JBCs, and the like. Using one of these irons is practically a religious experience; they heat in a flash and solder melts while you blink. They even turn off when you put the handpiece down! But they’re expensive to buy (hint: think used). What’s a hobbyist to do?

[SergeyMax] seems to have had this problem. He bit the bullet, figured out how the Metcal works, and made his own base. This is no mean feat as a Metcal might look like a regular iron but it’s significantly more complex than ye olde firestarter. The Metcal magic is based on a oscillating magnetic fields (notice the handpiece is connected via BNC?) interacting with a tip bearing a special coating. In the presence of the changing field the tip heats up until it hits its Curie temperature, at which point it stops interacting with the magnetic field and thus stops heating.

When the user solders, the tip cools by sinking its heat into the part and drops below the Curie temperature again, which starts the heating again. It’s like temperature control with the sensor placed absolutely as close to the part as possible and a nearly instant response time, without even a control loop! [SergeyMax] has a much more thorough description of how these irons work, which we definitely recommend reading.

So what’s the hack? Based on old schematics and some clever reverse engineering from photos [SergeyMax] built a new base station! The published schematic is as rich with capacitors and inductors as one could hope. He didn’t post source or fab files but we suspect the schematic and photos of the bare board combined with some tinkering are enough for the enterprising hacker to replicate.

The post contains a very thorough description of the reverse engineering process and related concerns in designing a cost efficient version of the RF circuitry. Hopefully this isn’t the last Metcal replacement build we see! Video “walkthrough” after the break.

Edit: I may have missed it, but eagle eyed commentor [Florian Maunier] noticed that [SergeyMax] posted the sources to this hack on GitHub!

Continue reading “Homemade Magic Makes The Metcal Go” →

Reverse Engineering WyzeSense Hardware

June 11, 2019 by Lewin Day 6 Comments

Wyze are a company that produces a variety of home automation products. Their Wyze Sense package is a system of contact and PIR home security sensors, that piggy backs off their Wyze Cam product. In the interests of being able to use this hardware outside the prescribed corporate ecosystem, [Xuan Xing] got down to hacking.

The project starts by tearing down the Wyze Cam, and getting serial console access. This was made easier by an existing Github project, which develops custom firmwares for smart cameras. With that in place he was able to see what was going on under the hood, and read the camera’s system logs.

By poring over these logs, and examining the disassembled Wyze Sense dongle, he’s well on the way to discovering how the sensors communicate with the Wyze Cam. The end goal is to enable the Wyze security sensors to be used with the Raspberry Pi platform, and to share the code on Github for other makers to experiment with.

Home automation platforms come and go quicker than the seasons change. This makes the hardware a popular target for hackers trying to get things running independently of any one company’s servers.