Getting Useful Data From A Dirt Cheap RFID Reader

November 19, 2011 by Mike Nathan 21 Comments

cheap-rfid-reader

[Aaron] was looking for a cheap RFID reader that had some easy to follow documentation and a standardized interface. Most everything he saw was pretty expensive, so he decided to buy a cheap $10 reader from eBay to see how easy it would be to work with.

The reader came with very little documentation, but [Aaron] did know that the device identifies itself as a USB keyboard, outputting scan tag data into a text editor. That functionality wasn’t incredibly useful, so he took it apart to see if he could interface with it in some other manner. Exposing the PCB revealed an unknown IC for which he could find no documentation, but the board did include some breakout pins, so [Aaron] started by probing those for data.

He tried reading the data in both a terminal program and with a logic analyzer, but nothing seemed to make a whole lot of sense. He turned the sampling rate of the sniffer down, and things started looking a little better. After comparing the data from the sniffer with known tag codes, he noticed that each digit had an offset of 39 applied, so he whipped up a bit of code to correct the numbers.

[Aaron] did a good amount of legwork to get usable data from the reader, but at a cost of $10 it can’t be beat. We certainly know what we’re going to be hunting for on eBay this afternoon…

Snooping Around In The Iclicker Hardware And Firmware

October 23, 2011 by Mike Szczys 26 Comments

[Arko] was compelled to purchase an iclicker to use in some of his college courses. It’s similar in size to a television remote control except it only has six buttons and it communicates via radio frequency instead of infrared light. The idea is that classrooms have a base station that the instructor uses, and he or she can ask questions of the class and have instant feedback. Results are often projected on a screen for all to see but only the instructor can get at the breakdown of who answered in what way. In [Arko’s] case, the class awards participation points that you can only get by using this device. He decided to actually learn something from the expenditure by reverse engineering the device.

Preliminary hardware inspection told him that it uses an ATmega8 microcontroller and there’s a standard 6-pin ISP footprint just waiting to be populated with a surface mount pin header. Once he soldered on that header, he tried to read out the firmware but the iClicker reset itself. He guessed that there was something going on with the power and ground lines so he soldered directly to them and was able to dump the data–the security fuses are not set. He goes on to snoop in the EEPROM to find where the device ID is stored, and then to watch some of the SPI communications to see what the microcontroller is sending to the radio chip. But there’s a lot left to discover and he’s planning at least two follow-up post to share what he finds.

Just looking to repair your dead device? Check out this tip on battery problems with the iclicker.

Reverse Engineering VxWorks (which Replaces Linux On Newer Routers)

July 8, 2011 by Mike Szczys 25 Comments

The Linksys router seen about is a WRT54G version 1. It famously runs Linux and was the source of much hacking back in the heyday, leading to popular alternative firmware packages such as DD-WRT and Tomato. But the company went away from a Linux-based firmware starting with version 8 of the hardware. Now they are using a proprietary Real Time Operating System called VxWorks.

[Craig] recently put together a reverse engineering guide for WRT54Gv8 and newer routers. His approach is purely firmware based since he doesn’t actually own a router that runs VxWorks. A bit of poking around in the hex dump lets him identify different parts of the files, leading to an ELF header that really starts to unlock the secrets within. From there he carries out a rather lengthy process of accurately disassembling the code into something that makes sense. The tool of choice used for this is IDA Pro diassembler and debugger. We weren’t previously familiar with it, but having seen what it can do we’re quite impressed.

[Image via Wikimedia Commons]

VFD Hacking

July 7, 2011 by Mike Nathan 10 Comments

vfd_hacking

[Mostafa] was a bit bored and had a broken DVD player sitting around, so he decided to take it apart to see what made the machine’s LCD panel tick. Once he popped it open, he discovered it wasn’t an LCD panel at all, it was a VFD.

The seven segment display looked to be controlled by an ET16312n VFD driver, so he dug around online and found a datasheet for the chip. After looking at the documentation he was pretty confident he could get things working without too much trouble. He started tracing the board for the STB, CLK, Din, and Dout leads he needed to set up serial communications with the panel and was on his way in no time.

He hooked the panel up to the parallel port on his computer, and got busy hammering out some C code to write text to the display. Right now, the code lets you scroll text across the display, which is about as far as [Mostafa] cares to take it. It was done mostly as a proof of concept exercise, but since this VFD is compliant with the same NEC programming standard that most VFDs use, his code can likely be reused to drive any similar display with very little tweaking.

Electronic Cufflinks For The Discerning Hacker

June 20, 2011 by Mike Nathan 38 Comments

icufflinks

[Phillip Torrone] gave us a heads up about a project he and [Limor Fried] along with [Mike Doell] have just wrapped up. Their aptly-named “iCufflinks” softly pulsate with light the same way in which you see many Mac products do.

The cufflinks are made from machined aluminum and have the ubiquitous “power symbol” milled into the face. Inside the cufflinks, you will find a small circuit board and a battery, which powers the device for up to 24 hours. The team reverse-engineered the soft LED pulse found in Mac products in order to deliver the exact same visualization in their cufflinks.

Ignoring for a minute, the name and the inspiration for the product, we think they are pretty darn cool. There’s nothing like a set of softly glowing cufflinks to spark conversation at any social gathering.

Like anything else you’ll find on Adafruit.com, the cufflinks are completely open source, so you can feel free to tweak and remix the design any way you’d like.

Continue reading to see a video of the cufflinks in action.

Continue reading “Electronic Cufflinks For The Discerning Hacker” →

Modding A Car Charger To A Variable Power Supply

June 19, 2011 by Brian Benchoff 11 Comments

For an upcoming road trip, [Patrick] needed a small variable power supply. Instead of lugging around a bench supply, [Patrick] did the sensible thing and reverse engineered a cell phone charger to fit his requirements.

After cracking open an old Kyocera car charger, [Patrick] found a small PCB with completely labeled, all through-hole components – excellent reverse engineering potential. After finding an On Semi MC33063 IC, [Patrick] tore through the datasheets, generated a netlist, and developed a schematic that closely resembled the reference schematic given by the datasheets.

With all the grunt work done, [Patrick] set out to finish what he started – modifying the charger to output 3-10 Volts. After replacing a resistor with a 5k multiturn pot, [Patrick] was left with a power supply with a variable output from 2.8 to 8.8 Volts. Not exactly what was desired, but more than enough for the application at hand. While this hack isn’t a disco floor, it’s a great walkthough of the hacking process – building or modifying something to suit a need.

Reverse Engineering Embedded Device Firmware

May 30, 2011 by Mike Nathan 17 Comments

While not necessarily an easy thing to learn, the ability to reverse engineer embedded device firmware is an incredibly useful skill. Reverse engineering firmware allows you to analyze a device for bugs and vulnerabilities, as well as gives you the opportunity to add features if you happen to be so inclined. When it comes to things such as jailbroken iPhones, Android phones, and Nooks, you can guarantee that a close look at the firmware helped to move the process along.

[Craig] works with embedded systems quite frequently and put together a detailed walkthrough demonstrating how he reverse engineers device firmware. The subject of his hacking was a new firmware package he obtained for a Linksys WWAG120 Wireless-N router.

His tutorial walks through some of the most common reverse engineering methods and tools, which allow him to slowly unravel the firmware’s secrets. When finished, he had a working copy of the router’s boot loader, kernel, and file system – all ready to be further analyzed. His writeup includes tons of additional details, so be sure to swing by his site if reverse engineering is something you are interested in.