smps

22 Articles

Tricking A Smart Meter Into Working On The Bench

March 31, 2022 by 26 Comments

When the widget you’re working on is powered by a battery or a USB charger, running it on the bench is probably pretty safe. But when the object of your reverse-engineering desire is a residential electrical meter, things can get a little dicey.

Not that this elevated danger level has kept [Hash] from exploring the mysteries presented by smart meters. Still, with a desire to make things a little safer, he came up with a neat trick for safely powering electrical meters on the bench. [Hash] found that the internal switch-mode power supply on the meter backplane was easy enough to back-feed with a 12-volt bench supply, rather than supplying the meter with the full 240-volt AC supply it normally gets when plugged into a meter base (these are meters for the North American market, where split-phase 240-volt is the norm for residential connections.) But that wasn’t enough for the meter — it powered up, but stayed in a reset state without fully booting. Something more was needed to bring the meter fully to life.

That something proved to be a small AC signal. Normally, a resistor network divides the 240-volt supply down to about 3 volts, which is used by the sensing circuit in the meter. [Hash] found that injecting a 60-Hz, 600-mV sine wave signal with about a 3-volt DC bias into the sensing circuit was enough to spoof the meter into thinking it’s plugged into the meter base. The video below has a walkthrough of the hack, and some nice shots of the insides of the meters he’s been working with.

[Hash] has been working with these meters for a while now, and some of the stuff he’s learned is pure gold. Be sure to check out his 2021 Remoticon talk on meter hacking for all the fascinating details.

Continue reading “Tricking A Smart Meter Into Working On The Bench”

EMC Tutorial Puts You In The Loop

October 29, 2021 by 2 Comments

A student once asked his lab instructor why his amplifier was oscillating. After looking at it and noting the wild construction, the instructor remarked, “A better question would be why shouldn’t it oscillate?” The truth of it is, our circuits generate noise and especially if they are oscillating anyway. Distortion and nonlinearities generate harmonics and other component imperfections also contribute.

[FesZ Electronics] has a great video series about noise in switching power supplies and the latest talks about the hot loop. If you want to improve the noise performance of your next design, these videos are well worth watching. You can see the hot loop video below.

We really liked the homebrew noise probes. In addition to real-world probing. The video also observes circuit operation under simulation. Even if you don’t care about noise performance, there’s a lot of good information about basic switching power supply design here.

You can see the difference in a PCB that has a small hot loop versus a very small hot loop. Something to think about next time you are laying out a power supply board.

If you want to dive deeper into noise simulation, we have a good read on that for you. Or ditch simulation, and make your own cheap probe with an SDR dongle.

Continue reading “EMC Tutorial Puts You In The Loop”

Side-Channel Attack Turns Power Supply Into Speakers

May 11, 2020 by 12 Comments

If you work in a secure facility, the chances are pretty good that any computer there is going to be stripped to the minimum complement of peripherals. After all, the fewer parts that a computer has, the fewer things that can be turned into air-gap breaching transducers, right? So no printers, no cameras, no microphones, and certainly no speakers.

Unfortunately, deleting such peripherals does you little good when [Mordechai Guri] is able to turn a computer power supply into a speaker that can exfiltrate data from air-gapped machines. In an arXiv paper (PDF link), [Guri] describes a side-channel attack of considerable deviousness and some complexity that he calls POWER-SUPPLaY. It’s a two-pronged attack with both a transmitter and receiver exploit needed to pull it off. The transmitter malware, delivered via standard methods, runs on the air-gapped machine, and controls the workload of the CPU. These changes in power usage result in vibrations in the switch-mode power supply common to most PCs, particularly in the transformers and capacitors. The resulting audio frequency signals are picked up by a malware-infected receiver on a smartphone, presumably carried by someone into the vicinity of the air-gapped machine. The data is picked up by the phone’s microphone, buffered, and exfiltrated to the attacker at a later time.

Yes, it’s complicated, requiring two exploits to install all the pieces, but under the right conditions it could be feasible. And who’s to say that the receiver malware couldn’t be replaced with the old potato chip bag exploit? Either way, we’re glad [Mordechai] and his fellow security researchers are out there finding the weak spots and challenging assumptions of what’s safe and what’s vulnerable.

Continue reading “Side-Channel Attack Turns Power Supply Into Speakers”

Switching Over To SMPS For Efficiency

August 11, 2019 by 30 Comments

[Hesam Moshiri] has built a variable switch-mode power supply over on hackaday.io. When prototyping a new circuit, often the goal is to get a proof-of-concept working as soon as possible to iron out all of the bugs it might have. The power supply can easily be an afterthought, and for smaller projects we might just reach for an adjustable LM317 voltage regulator to dial in the correct voltage and then move on with the meat of the project. These linear regulators are incredibly inefficient though, so if you find yourself prototyping with one of these often enough, it might be worthwhile to switch to something better.

While it’s easy to simply buy a switch-mode power supply (SMPS) that has everything you need, and rated for 90% or higher efficiency at the same time, getting one with an adjustable output isn’t as easy. This one is based on the relatively popular LM2576-Adj chip which handles the switching frequency part of the circuit automatically. You will also need some large capacitors, an inductor (one of the disadvantages of an SMPS circuit) and a small potentiometer to use as the feedback control for the LM2576. This special pin allows the output voltage of the SMPS to be precisely controlled.

Granted, this project might not be breaking any new grounds, but if you’ve never given serious thought to your small breadboard circuit power supplies, it’s definitely worth looking into. An improvement from a linear regulator’s 30% efficiency to 90% efficiency from an SMPS will not only save you a ton of energy but also solve a lot of heat dissipation problems. If you don’t want to build a switch-mode supply 100% from scratch, though, it might also be possible to modify an existing one to suit your needs as well.

Mains Power Supply For ATtiny Project Is Probably A Bad Idea

April 2, 2019 by 45 Comments

When designing a mains power supply for a small load DC circuit, there are plenty of considerations. Small size, efficiency, and cost of materials all spring to mind. Potential lethality seems like it would be a bad thing to design in, but that didn’t stop [Great Scott!] from exploring capacitive drop power supplies. You know, for science.

The backstory here is that [Great Scott!] is working on a super-secret ATtiny project that needs to be powered off mains. Switching power supplies are practically de rigueur for such applications, but compared to the intended microcontroller circuit they are actually quite large, and they’ve just been so done before. So in order to learn a thing or two, [Scott!] designed a capacitive dropper supply, where the reactance of the cap acts like a dropping resistor to limit the current. His first try was just a capacitor in series with an LED; this didn’t end well for the LED.

To understand why, he reverse-engineered a few low-current mains devices and found that practical capacitive droppers need a few more components, chiefly a series resistance to prevent inrush current from getting out of hand, but also a bridge rectifier and a zener to clamp things down. Wiring up all that resulted in a working capacitive dropper supply, but a the cost of as much real estate as a small switcher, and with the extra bonus of being potentially lethal if the power supply is plugged in the wrong way. Side note: we thought German line cords were polarized to prevent this, but apparently not? (Ed Note: Nope!)

As always, even when [Great Scott!]’s projects don’t exactly work out, like a suboptimal 3D-printed BLDC or why not to bother building your own DC-AC inverter, we enjoy the learning that results.

Continue reading “Mains Power Supply For ATtiny Project Is Probably A Bad Idea”

A Switching Power Supply, 1940s-Style

September 8, 2018 by 26 Comments

“They don’t build ’em like they used to.” There’s plenty of truth to that old saw, especially when a switch-mode power supply from the 1940s still works with its original parts. But when said power supply is about the size of a smallish toddler and twice as heavy, building them like the old days isn’t everything it’s cracked up to be.

The power supply that [Ken Shirriff] dives into comes from an ongoing restoration of a vintage teletype we covered recently. In that post we noted the “mysterious blue glow” of the tubes in the power supply, which [Ken] decided to look into further. The tubes are Thyratrons, which can’t really be classified as vacuum tubes since they’re filled with various gasses. Thyratrons are tubes that use ionized gas – mercury vapor in this case – to conduct large currents. In this circuit, the Thyratrons are used as half-wave rectifiers that can be rapidly switched on and off by a feedback circuit. That keeps the output voltage fixed at the nominal 140V DC required by the teletype, with a surprisingly small amount of ripple. The video below is from a series on the entire restoration; this one is cued to where the power supply is powered up for the first time. It’s interesting to see the Thyratrons being switched at about 120 Hz when the supply is under load.

Cheers to [Ken] and his retrocomputing colleagues for keeping the old iron running. Whether the target of his ministrations is a 1974 scientific calculator or core memory from an IBM 1401, we always enjoy watching him work.

Continue reading “A Switching Power Supply, 1940s-Style”

Circuit VR: An (Almost) Practical Buck Converter

July 27, 2018 by 9 Comments

In the last installment of Circuit VR, we walked around a simplified buck converter. The main simplification was using a constant PWM signal. The result is that the output voltage is a fixed fraction of the input voltage. For a regulator, the pulse width will need to depend on the output voltage so that any changes in the output are self-correcting. So this time, we’ll make a regulator, although we’ll still use a few Spice elements you’d have to replace in a practical design. In particular, we’ll assume you can generate a triangle wave, which is easy enough, and produce a stable 2.5 V reference.

The idea is to take a voltage reference and compare it to the output. We’ll think of the difference between the two as an error voltage, and use a comparator combined with a triangle wave generator to produce a PWM signal that is proportional to the error, and thus works to hold the output voltage constant.

Continue reading “Circuit VR: An (Almost) Practical Buck Converter”