Reverse Engineering A DNA Sequencer

August 9, 2018 by Tom Nardi 19 Comments

Improvements in methodology have dramatically dropped the cost of DNA sequencing in the last decade. In 2007, it cost around $10 million dollars to sequence a single genome. Today, there are services which will do it for as little as $1,000. That’s not to bad if you just want to examine your own DNA, but prohibitively expensive if you’re looking to experiment with DNA in the home lab. You can buy your own desktop sequencer and cut out the middleman, but they cost in the neighborhood of $50,000. A bit outside of the experimenter’s budget unless you’re Tony Stark.

But thanks to the incredible work of [Alexander Sokolov], the intrepid hacker may one day be able to put a DNA sequencer in their lab for the cost of a decent oscilloscope. The breakthrough came as the result of those two classic hacker pastimes: reverse engineering and dumpster diving. He realized that the heavy lifting in a desktop genome sequencer was being done in a sensor matrix that the manufacturer considers disposable. After finding a source of trashed sensors to experiment with, he was able to figure out not only how to read them, but revitalize them so he could introduce a new sample.

To start with, [Alexander] had to figure out how these “disposable” sensors worked. He knew they were similar in principle to a digital camera’s CCD sensor; but rather than having cells which respond to light, they read changes in pH level. The chip contains 10 million of these pH cells, and each one needs to be read individually hundreds of times to capture the entire DNA sequence.

Enlisting the help of some friends who had experience reverse engineering silicon, and armed with an X-Ray machine and suitable optical microscope, he eventually figured out how the sensor matrix worked electrically. He then designed a board that reads the sensor and dumps the “picture” of the DNA sample to his computer over serial.

Once he could reliably read the sensor, the next phase of the project was finding a way to wash the old sample out so it could be reloaded. [Alexander] tried different methods, and after several wash and read cycles, he nailed down the process of rejuvenating the sensor so its performance essentially matches that of a new one. He’s currently working on the next generation of his reader hardware, and we’re very interested to see where the project goes.

This isn’t the first piece of DIY DNA hardware we’ve seen here at Hackaday, and it certainly won’t be the last. Like it or not, hackers are officially fiddling with genomes.

Cracking The Case Of Capcom’s CPS2 Security

June 6, 2018 by Tom Nardi 19 Comments

We love a good deep-dive on a specialized piece of technology, the more obscure the better. You’re getting a sneak peek into a world that, by rights, you were never meant to know even existed. A handful of people developed the system, and as far as they knew, nobody would ever come through to analyze and investigate it to find out how it all went together. But they didn’t anticipate the tenacity of a curious hacker with time on their hands.

[Eduardo Cruz] has done a phenomenal job of documenting one such system, the anti-piracy mechanisms present in the Capcom CPS2 arcade board. He recently wrote in to tell us he’s posted his third and final entry on the system, this time focusing on figuring out what a mysterious six pin header on the CPS2 board did. Hearing from others that fiddling with this header occasionally caused the CPS2 board to automatically delete the game, he knew it must be something important. Hackaday Protip: If there’s a self-destruct mechanism attached to it, that’s probably the cool part.

He followed the traces from the header connector, identified on the silkscreen as C9, back to a custom Capcom IC labeled DL-1827. After decapping the DL-1827 and putting it under the microscope, [Eduardo] made a pretty surprising discovery: it wasn’t actually doing anything with the signals from the header at all. Once the chip is powered up, it simply acts as a pass-through for those signals, which are redirected to another chip: the DL-1525.

[Eduardo] notes that this deliberate attempt at obfuscating which chips are actually connected to different headers on the board is a classic trick that companies like Capcom would use to try to make it harder to hack into their boards. Once he figured out DL-1525 was what he was really after, he was able to use the information he gleaned from his earlier work to piece together the puzzle.

This particular CPS2 hacking journey only started last March, but [Eduardo] has been investigating the copy protection systems on arcade boards since 2014.

[Thanks to Arduino Enigma for the tip.]

USB Reverse Engineering: A Universal Guide

May 25, 2018 by Ben James 20 Comments

Every hacker knows what it is to venture down a rabbit hole. Whether it lasts an afternoon, a month, or decades, finding a new niche topic and exploring where it leads is a familiar experience for Hackaday readers.

[Glenn ‘devalias’ Grant] is a self-proclaimed regular rabbit hole diver and is conscious that, between forays into specific topics, short-term knowledge and state of mind can be lost. This time, whilst exploring reverse engineering USB devices, [Glenn] captured the best resources, information and tools – for his future self as well as others.

His guide is impressively comprehensive, and covers all the necessary areas in hardware and software. After formally defining a USB system, [Glenn] refers us to [LinuxVoice], for a nifty tutorial on writing a linux USB driver for an RC car, in Python. Moving on to hardware, a number of open-source and commercial options are discussed, including GoodFET, FaceDancer, and Daisho – an FPGA based monitoring tool for analysing USB 3.0, HDMI and Gigabit Ethernet. If you only need to sniff low speed USB, here’s a beautifully small packet snooper from last year’s Hackaday prize.

This is a guide which is well-informed, clearly structured, and includes TL;DR sections in the perfect places. It gives due credit to LibUSB and PyUSB, and even includes resources for USB over IP.

If you’re worried about USB hacks like BadUSB, perhaps you should checkout GoodUSB – a hardware firewall for USB devices.

Header image: Ed g2s (CC-SA 3.0).

Hacking A Cheap Laser Rangefinder

May 22, 2018 by Tom Nardi 33 Comments

When a new piece of technology comes out, the price is generally so high that it keeps away everyone but the die hard early adopters. But with time the prices inch down enough that more people are willing to buy, which then drives the prices down even more, until eventually the economies of scale really kick in and the thing is so cheap that it’s almost an impulse buy. Linux SBCs, Blu-ray lasers, 3D printers; you name it and the hacker community has probably benefited from the fact that it’s not just the hacker community that’s interested anymore.

Which is exactly what’s started to happen with laser rangefinders. Once almost exclusively a military technology, you can now pick a basic “laser tape measure” for less than $40 USD from the normal overseas suppliers. Unfortunately, as [iliasam] found, they aren’t particularly well suited other tasks. For one there’s no official way of getting the data out of the thing, but the other problem is that the sample rate is less than one per second. Believing the hardware itself was promising enough, he set out to reverse engineer and replace the firmware running on one of these cheap laser rangefinders (Google Translate from Russian).

His blog post is an absolute wealth of information on how these devices operate, and a must read for anyone interested in reverse engineering. But the short version is that he figured out a way to reprogram the STM32F100C8T6 microcontroller used in the device, and develop his own firmware that addresses the usability concerns of this otherwise very promising gadget.

With some minor hoop jumping, the laser tape measure PCB can be hooked up to an ST-Link programmer, and the firmware provided by [iliasam] can be used to enable an easy to use serial interface. Perfect for pairing with an Arduino or Raspberry Pi to get fast and accurate range data without breaking the bank.

It probably won’t surprise you to see this isn’t the first time [iliasam] has gotten down and dirty with a laser rangefinder. This extremely impressive build from last year allowed for incredibly accurate 3D scans of his room, and before that he created his own rangefinder from scratch.

Continue reading “Hacking A Cheap Laser Rangefinder” →

Reverse Engineering Bottle Threads For Fun And Profit

April 1, 2018 by Kristina Panos 37 Comments

Recently, one of [Eric]’s clients asked him to design a bottle. Simple enough for a product designer, except that the client needed it to thread into a specific type of cap. And no, they don’t know the specs.

But that’s no problem, thought [Eric] as he turned on the exhaust fan and reached for the secret ingredient that would make casting the negative image of the threads a breeze. He mixed up the foul-smelling body filler with the requisite hardener and some lovely cyan toner powder and packed it into the cap with a tongue depressor. Then he capped off the cast by adding a small PVC collar to lengthen the cast so he has something to grab on to when it’s time to take it out.

Bondo does seem like a good choice for casting threads. You need something workable enough to twist out of there without breaking, but rigid enough that the small detail of the threads isn’t lost. For the release agent, [Eric] used Johnson’s Paste Wax. He notes from experience that it works particularly well with Bondo, and even seems to help it cure.

Once the Bondo hardened, [Eric] made sure it screwed in and out of the cap and then moved on to CAD modeling and 3D printing bottle prototypes until he was satisfied. We’ve got the video screwed in after the break to cap things off.

Did you know that you can also use toner powder to tint your epoxy resin? Just remember that it is particulate matter, and take precautions.

Continue reading “Reverse Engineering Bottle Threads For Fun And Profit” →

Eavesdropping On A VGA Monitor’s Conversations

March 29, 2018 by Dan Maloney 28 Comments

Did you ever wonder what your monitor and your computer are talking about behind your back? As it turns out, there’s quite a conversation going on while the monitor and the computer decide how to get along, and sniffing out VGA communications can reveal some pretty fascinating stuff about the I²C protocol.

To reverse engineer the configuration information exchanged between a VGA monitor and a video card, [Ken Shirriff] began by lopping a VGA cable in two. The inside of such cables is surprisingly complex, with separate shielding wires for each color and sync channel and a host of control wires, all bundled in multiple layers of shielding foil and braid to reduce EMI. [Ken] identified the clock and data lines used for the I²C interface and broke those out into a PocketBeagle for analysis using the tiny Linux machine’s I²C tools.

With a Python script to help decode the monitor’s Extended Display Identification Data (EDID) data, [Ken] was able to see everything the monitor knows about itself — manufacturer, serial number, all the supported resolution modes, and even deprecated timing and signal information left over from the days when CRTs ruled the desktop. Particularly interesting are the surprisingly limited capabilities of a VGA display in terms of color reproduction, as well as [Ken]’s detailed discussion on the I²C bus in general and how it works.

We always enjoy these looks under the hood that [Ken] is so good at, and we look forward to his reverse engineering write-ups. His recent efforts include a look at core memory from a 50-year old mainframe and reverse engineering at the silicon level.

How To Reverse Engineer Mechanical Designs For 3D Modeling

March 27, 2018 by Cameron Coward 38 Comments

If you’re interested in 3D printing or CNC milling — or really any kind of fabrication — then duplicating or interfacing with an existing part is probably on your to-do list. The ability to print replacement parts when something breaks is often one of the top selling points of 3D printing. Want some proof? Just take a look at what people made for our Repairs You Can Print contest.

Of course, to do that you need to be able to make an accurate 3D model of the replacement part. That’s fairly straightforward if the part has simple geometry made up of a primitive solid or two. But, what about the more complicated parts you’re likely to come across?

In this article, I’m going to teach you how to reverse engineer and model those parts. Years ago, I worked for a medical device company where the business model was to duplicate out-of-patent medical products. That meant that my entire job was reverse engineering complex precision-made devices as accurately as possible. The goal was to reproduce products that were indistinguishable from the original, and because they were used for things like trauma reconstruction, it was critical that I got it right.

Continue reading “How To Reverse Engineer Mechanical Designs For 3D Modeling” →