Take A Deep Dive Into A Commodity Automotive Radar Chip

January 17, 2023 by Dan Maloney 24 Comments

When the automobile industry really began to take off in the 1930s, radar was barely in its infancy, and there was no reason to think something that complicated would ever make its way into the typical car. Yet here we stand less than 100 years later, and radar has been perfected and streamlined so much that an entire radar set can be built on a single chip, and commodity radar modules can be sprinkled all around the average vehicle.

Looking inside these modules is always fascinating, especially when your tour guide is [Shahriar Shahramian] of The Signal Path, as it is for this deep dive into an Infineon 24-GHz automotive radar module. The interesting bit here is the BGT24LTR11 Doppler radar ASIC that Infineon uses in the module, because, well, there’s really not much else on the board. The degree of integration is astonishing here, and [Shahriar]’s walk-through of the datasheet is excellent, as always.

Things get interesting once he gets the module under the microscope and into the X-ray machine, but really interesting once the RF ASIC is uncapped, at the 15:18 mark. The die shots of the silicon germanium chip are impressively clear, and the analysis of all the main circuit blocks — voltage-controlled oscillator, power amps, mixer, LNAs — is clear and understandable. For our money, though, the best part is the look at the VCO circuit, which appears to use a bank of fuses to tune the tank inductor and keep the radar within a tight 250-Mz bandwidth, for regulatory reasons. We’d love to know more about the process used in the factory to do that bit.

This isn’t [Shahriar]’s first foray into automotive radar, of course — he looked at a 77-GHz FMCW car radar a while back. That one was bizarrely complicated, though, so there’s something more approachable about a commodity product like this.

Continue reading “Take A Deep Dive Into A Commodity Automotive Radar Chip” →

ImHex: An Open Hex Editor For The Modern Hacker

January 10, 2023 by Tom Nardi 36 Comments

It’s little surprise that most hackers have a favorite text editor, since we tend to spend quite a bit of time staring at the thing. From writing code to reading config files, the hacker’s world is filled with seemingly infinite lines of ASCII. Comparatively, while a hex editor is a critical tool to have in your arsenal, many of us don’t use one often enough to have a clear favorite.

But we think that might change once you’ve taken ImHex for a spin. Developer [WerWolv] bills it specifically as the hex editor of choice for reverse engineering, it’s released under the GPL v2, and runs on Windows, Linux, and macOS. Oh, and did we mention it defaults to a slick dark theme designed to be easy on the eyes during those late night hacking sessions — just like your favorite website? Continue reading “ImHex: An Open Hex Editor For The Modern Hacker” →

Reverse Engineering Saves Weller With A Wonky LCD From The Trash Pile

December 25, 2022 by Dan Maloney 15 Comments

There’s nothing more satisfying than finding a broken piece of gear in the trash and bringing it back to life. Satisfying, but also potentially more time-consuming — someone tossed it for a reason, after all. Figuring out what that reason is and finding a way to back it better is where the fun — and the peril — are.

Luckily, some pieces of equipment have a relatively short list of well-known failure modes, a fact that [Lauri Pirttiaho] relied on for this fix of an old Weller WD1 soldering station. The unit, sporting the familiar light blue Weller livery and more than a few scratches and dings, had an LCD that was DOA. Typically it’s the driver that’s the problem here, but [Lauri]’s diagnosis revealed it was the LCD module itself that was bad.

With OEM replacements being basically unobtainium at this point, the fix was to intercept the data heading from the driver to the old LCD and send it to a new, easily sourced 16×2 character LCD display. This began with an inspection of the display controller’s datasheet, and a bit of probing of the old display to find out which segments and backplanes map to which pins. A little bit of case modding allowed the new display to fit, the old controller chip was removed, and a PIC16 went into its place, in a tidy nest of Kapton tape and bodge wires. The PIC does the job of translating the original display, which had a fair number of custom icons and symbols, into sensible text-based equivalents and sending them to the 16×2 via I2C. The video below shows the hack in action; it honestly looks like it could have come from the factory like that.

The nice thing here is that [Lauri]’s fix applies to a whole range of Weller stations, so if you find one in the trash, you might be able to resuscitate it. Failing that, you could always roll your own Weller from (more-or-less) scratch.

Continue reading “Reverse Engineering Saves Weller With A Wonky LCD From The Trash Pile” →

Old Robotic Vacuum Gets A New RC Lease On Life

December 22, 2022 by Dan Maloney 8 Comments

To our way of thinking, the whole purpose behind robotic vacuum cleaners is their autonomy. They’re not particularly good at vacuuming, but they are persistent about it, and eventually get the job done with as little human intervention as possible. So why in the world would you want to convert a robotic vacuum to radio control?

For [Lucas], the answer was simple: it was a $20 yard sale find, so why not? Plus, he’s got some secret evil plan to repurpose the suckbot for autonomous room mapping, which sounds like a cool project that would benefit from a thorough knowledge of this little fellow’s anatomy and physiology. The bot in question is a Hoover Quest. Like [Lucas] we didn’t know that Hoover made robotic vacuums (Narrator: they probably don’t) but despite generally negative online reviews by users, he found it to be a sturdily built and very modular and repairable unit.

After an initial valiant attempt at reverse engineering the bot’s main board — a project we encourage [Lucas] to return to eventually — he settled for just characterizing the bot’s motors and sensors and building his own controller. The Raspberry Pi Zero he chose may seem like overkill, but he already had it set up to talk to a PS4 game controller, so it made sense — right up until he released the Magic Smoke within it. A backup Pi took the sting out of that, and as the brief video below shows, he was finally able to get the bot under his command.

[Lucas] has more plans for his new little buddy, including integrating the original sensors and adding new ones. Given its intended mission, we’d say a lidar sensor would be a good addition, but that’s just a guess. Whatever he’s got in store for this, we’re keen to hear what happens.

Continue reading “Old Robotic Vacuum Gets A New RC Lease On Life” →

Seriously, Don’t Buy This Mopping Robot

December 20, 2022 by Donald Papp 18 Comments

The original Roomba robotic vacuum cleaner led to loads of clones and lookalikes over the years, and one of them is the ALEE mopping “robot”. [Raymond] tears it down and reveals what’s inside. Turns out it contains mostly regret! Although it does host some design cleverness in its own way.

Technically the ALEE, which cost [Raymond] a cool $85 USD, is not a robot since it has no sensors. And unless a dragging a wet cloth pad kept moist by a crude drip reservoir counts as “mopping”, it’s not much of a mop, either.

This one-motor unit (and tiny battery) is responsible for both motion and direction control. There are no sensors.

There is one interesting aspect to this thing, and it’s to do with the drive system and direction control. The whole thing is driven by a single motor, and not a very powerful one. The center of the robot has a pair of wheels that are both driven at the same rate and speed, and the wheel assembly can pivot around its axis. That’s about it. There are not even any bump sensors of any kind.

So how does this thing move, let alone change direction to (poorly) emulate an original Roomba-like crisscross pattern? The control board appears to have one job: if the motor stalls, reverse direction. That, combined with the fact that the drive unit can pivot and the enclosure is dragging a wet rag, appears to be all the chaos that’s needed to turn bonking into a wall into an undefined direction change.

It’s not great performance, but it sure is some impressive cost-cutting. You can see it bonk around unimpressively in a short video, embedded below the page break.

Just to be clear, [Raymond] knows perfectly well what he’s in for when he obtains cheap tech items from overseas retailers for teardowns. The ALEE does have some mildly interesting secrets to share, but overall, it really wasn’t worth it. Sometimes cheap tech has hacker potential, but there’s no such potential here. Seriously, don’t buy this thing.

Continue reading “Seriously, Don’t Buy This Mopping Robot” →

The Story Behind The TVGuardian Curse Catcher

December 14, 2022 by Chris Lott 23 Comments

The recent flurry of videos and posts about the TVGuardian foul language filter brought back some fond memories. I was the chief engineer on this project for most of its lifespan. You’ve watched the teardowns, you’ve seen the reverse engineering, now here’s the inside scoop.

Gumby is Born

TVG Model 101 Gumby (Technology Connections)

Back in 1999, my company took on a redesign project for the TVG product, a box that replaced curse words in closed-captioning with sanitized equivalents. Our first task was to take an existing design that had been produced in limited volumes and improve it to be more easily manufactured.

The original PCB used all thru-hole components and didn’t scale well to large quantity production. Replacing the parts with their surface mount equivalents resulted in Model 101, internally named Gumby for reasons long lost. If you have a sharp eye, you will have noticed something odd about two parts on the board as shown in [Ben Eater]’s video. The Microchip PIC and the Zilog OSD chip had two overlapping footprints, one for thru-hole and one for SMD. Even though we preferred SMD parts, sometimes there were supply issues. This was a technique we used on several designs in our company to hedge our bets. It also allowed us to use a socketed ICs for testing and development. Continue reading “The Story Behind The TVGuardian Curse Catcher” →

Getting Root On A Chinese IP Camera

December 12, 2022 by Maya Posch 65 Comments

With so many cheap network-connected devices out there being Linux-powered, it’s very tempting to try and hack into them, usually via a serial interface. This was the goal of [Andrzej Szombierski] when he purchased a cheap Chinese IP camera using an XM530 ARM-based SoC to explore and ultimately get root access on. This camera’s firmware provides the usual web interface on its network side, but it also has a UART on its PCB, courtesy of the unpopulated four-pin header.

Merely firing up a serial terminal application and connecting to this UART is not enough to get access, of course. The first obstacle that [Andrzej] struggled with was that U-Boot was configured to not output Linux kernel boot messages. After tackling that issue with some creative hacking, the next challenge was to figure out the root password, using a dump of the firmware image, which led to even more exploration of the firmware and the encoding used for the root password.

Even if some part of these challenges were possibly more accidental than on purpose by the manufacturer, it shows how these SoC-based Linux devices can put up quite a fight. This then leaves the next question, of what to do with such an IP camera after you have gained root access?