Current-Based Side-Channel Attacks, Two Ways

Funny things can happen when a security researcher and an electronics engineer specializing in high-speed circuits get together. At least they did when [Limpkin] met [Roman], which resulted in two interesting hardware solutions for side-channel attacks.

As [Limpkin] relates it, the tale began when he shared an office with [Roman Korkikian], a security researcher looking into current-based attacks on the crypto engine inside ESP32s. The idea goes that by monitoring the current consumption of the processor during cryptographic operations, you can derive enough data to figure out how it works. It’s difficult to tease a useful signal from the noise, though, and [Roman]’s setup with long wire runs and a noisy current probe wasn’t helping at all. So [Limpkin] decided to pitch in.

The first board he designed was based on a balun, which he used to isolate the device under test from the amplification stage. He found a 1:8 balun, normally used to match impedances in RF circuits, and used its primary as a shunt resistance between the power supply — a CR1220 coin cell — and the DUT. The amplifier stage is a pair of low-noise RF amps; a variable attenuator was added between the amp stages on a second version of the board.

Board number two took a different tack; rather than use a balun, [Limpkin] chose a simple shunt resistor with a few twists. To measure the low-current signal on top of the ESP32’s baseline draw would require such a large shunt resistor that the microcontroller wouldn’t even boot, so he instead used an OPA855 wideband low-noise op-amp as an amplified shunt. The output of that stage goes through the same variable attenuator as the first board, and then to another OPA855 gain stage. The board is entirely battery-powered, relying on nice, quiet 18650s to power both the DUT and the shunt.

How well does it work? We’ll let you watch the talk below and make up your own mind, but since they’ve used these simple circuits to break a range of different chips, we’d say this approach a winner.

Continue reading “Current-Based Side-Channel Attacks, Two Ways”

Motorcycle Regulator By Popular Demand

A few weeks ago we posted a build of an avid motorcycle enthusiast named [fvfilippetti] who created a voltage regulator essentially from the ground up. While this was a popular build, the regulator only works for a small subset of motorcycles. This had a large number of readers clamoring for a more common three-phase regulator as well. Normally we wouldn’t expect someone to drop everything they’re doing and start working on a brand new project based on the comments here, but that’s exactly what he’s done.

It’s important to note that the solutions he has developed are currently only in the simulation phase, but they show promise in SPICE models. There are actually two schematics available for those who would like to continue his open-source project. Compared to shunt-type regulators, these have some advantages. Besides being open-source, they do not load the engine when the battery is fully charged, which improves efficiency. The only downside is that they have have added complexity as they can’t open this circuit except under specific situations, which requires a specific type of switch.

All in all, this is an excellent step on the way to a true prototype and eventual replacement of the often lackluster regulators found on motorcycles from Aprilia to Zero. We hope to see it further developed for all of the motorcycle riders out there who have been sidelined by this seemingly simple part. And if you missed it the first time around, here is the working regulator for his Bajaj NS200.

Motorcycle Voltage Regulator Uses MOSFETs

For how common motorcycles are, the designs and parts used in them tend to vary much more wildly than in cars and trucks. Sometimes this is to the rider’s advantage, like Honda experimenting with airbags or automatic transmissions. Sometimes it’s a little more questionable, like certain American brands holding on to pushrod engine designs from the ’40s. And sometimes it’s just annoying, like the use of cheap voltage regulators that fail often and perform poorly. [fvfilippetti] was tired of dealing with this on his motorcycle, so he built a custom voltage regulator using MOSFETs instead.

Unlike a modern car alternator, which can generate usable voltage even at idle, smaller or older motorcycle alternators often can’t. Instead they rely on a simpler but less reliable regulator that is typically no more than a series of diodes, but which can only deliver energy to the electrical system while the motor is running at higher speeds. Hoping to improve on this design, [fvfilippetti] designed a switched regulator from scratch out of MOSFETs with some interesting design considerations. It is capable of taking an input voltage between 20V and 250V, and improves the ability of the motorcycle to use modern, higher-power lights and to charge devices like phones as well.

In the video below, an LED was added in the circuit to give a visual indication that the regulator is operating properly. It’s certainly a welcome build for anyone who has ever dealt with rectifier- or diode-style regulators on older bikes before. Vehicle alternators are interesting beasts in their own right, too, and they can be used for much more than running your motorcycle’s electrical system.

Continue reading “Motorcycle Voltage Regulator Uses MOSFETs”

Piezo Pickup Makes Wax Records Easy To Digitize

Sound recording and playback have come a long way in the last century or so, but it’s fair to say there’s still a lot of interesting stuff locked away on old recordings. Not having a way to play it back is partly to blame; finding an antique phonograph that plays old-timey cylinder recordings is pretty hard. But even then, how do you digitize the output of these fragile, scratchy old recordings?

As it happens, [Jan Derogee] is in a position to answer these questions, with an antique phonograph and a bunch of Edison-style wax cylinders with voices and music from a bygone era locked away on them. It would be easy enough to just use the “reproducer” he previously built and set up a microphone to record the sound directly from the phonograph’s trumpet, but [Jan] decided to engineer a better solution. By adding the piezo element from an electronic greeting card to his reproducer, potted with liberal quantities of epoxy and padded with cotton, the piezo pickup was attached to the phonograph arm in place of the original stylus and trumpet. The signal from the piezo element was strong enough to require a shunt resistor, allowing it to be plugged directly into the audio input jack on a computer. From there it’s just an Audacity exercise, plus dealing with the occasional skipped groove.

We appreciate [Jan]’s effort to preserve these recordings, as well as the chance to hear some voices from the past. We’re actually surprised the recording sound as good as they do after all this time — they must have been well cared for.

Continue reading “Piezo Pickup Makes Wax Records Easy To Digitize”

Old Wattmeter Uses Magnetics To Do The Math

Measuring power transfer through a circuit seems a simple task. Measure the current and voltage, do a little math courtesy of [Joule] and [Ohm], and you’ve got your answer. But what if you want to design an instrument that does the math automatically? And what if you had to do this strictly electromechanically?

That’s the question¬†[Shahriar] tackles in his teardown of an old lab-grade wattmeter. The video is somewhat of a departure for him, honestly; we’re used to seeing instruments come across his bench that would punch a seven-figure hole in one’s wallet if acquired new. These wattmeters are from Weston Instruments and are beautiful examples of sturdy, mid-century industrial design, and seem to have been in service until at least 2013. The heavy bakelite cases and sturdy binding posts for current and voltage inputs make it seem like the meters could laugh off a tumble to the floor.

But as [Shahriar] discovers upon teardown of a sacrificial meter, the electromechanical movement behind the instrument is quite delicate. The wattmeter uses a moving coil meter much like any other panel meter, but replaces the permanent magnet stator with a pair of coils. The voltage binding posts are connected to the fine wire of the moving coil through a series resistance, while the current is passed through the heavier windings of the stator coils. The two magnetic fields act together, multiplying the voltage by the current, and deflect a needle against a spring preload to indicate the power. It’s quite clever, and the inner workings are a joy to behold.

We just love looking inside old electronics, and moving coil meters especially. They’re great gadgets, and fun to repurpose, too.

Continue reading “Old Wattmeter Uses Magnetics To Do The Math”

A Very Accurate Current Probe

There’s many different ways of measuring current. If it’s DC, the easiest way is to use a shunt resistor and measure the voltage across it, and for AC you could use a current transformer. But the advent of the Hall-effect sensor has provided us a much better way of measuring currents. Hall sensors offers several advantages over shunts and CT’s – accuracy,¬†linearity, low temperature drift, wider frequency bandwidth, and low insertion loss (burden) being some of them. On the flip side, they usually require a (dual) power supply, an amplification circuit, and the ability to be “zero adjusted” to null output voltage offsets.

[Daniel Mendes] needed to measure some fairly high currents, and borrowed a clip-on style AC-DC current probe to do some initial measurements for his project. Such clip on current probes are usually lower in accuracy and require output DC offset adjustments. To overcome these limitations, he then built himself an invasive hall sensor current probe to obtain better measurement accuracy (Google Translated from Portugese). His device can measure current up to 50 A with a bandwidth stretching from DC to 200 kHz. The heart of his probe is the LAH-50P hall effect current transducer from LEM – which specialises in just such devices. The 25 mV/A signal from the transducer is buffered by an OPA188 op-amp which provides a low output impedance to allow interfacing it with an oscilloscope. The op-amp also adds a x2 gain to provide an output of 50 mV/A. The other critical part of the circuit are the high tolerance shunt resistors connected across the output of the LAH-50P transducer.

The rest of his design is what appears to be a pretty convoluted power supply section. [Daniel] wanted to power his current probe with a 5V input derived from the USB socket on his oscilloscope. This required the use of a 5 V to 24 V boost switching regulator – with two modules being used in parallel to provide the desired output power. A pair of linear regulators then drop down this voltage to +15 / -15 V required for the trasducer and op-amp. His blog post does not have the board layout, but the pictures of the PCB should be enough for someone wanting to build their own version of this current sensor.

Ode To The TL431, And A LiFePO4 Battery Charger

Nerd Ralph loves cheap and dirty hacks, and for that we applaud him. His latest endeavor is a LiFePO4 battery charger that he made out of parts he had on hand for under $0.50 US. (Although we think he really made it for the fun of making it.)

The circuit is centered around a TL431 programmable shunt regulator, which is an awesome and underrated chip in its own right. If you don’t know the TL431 (aka LM431), you owe it to yourself to fetch the datasheet and pick up a couple with your next electronics part order. In fact, it’s such a great chip, we can’t resist telling you about it for a minute.

Continue reading “Ode To The TL431, And A LiFePO4 Battery Charger”