usbc

6 Articles

USB-C For Hackers: Program Your Own PSU

December 4, 2023 by 19 Comments

Last time, I showed off a few ways you can convert an existing PSU to USB-C duty, and zoomed in on a particular way you can use to convert one of the ever-abundant 18 V – 20 V laptop PSUs to USB-C. All we have left is to write software for it, and I’ll explain how it works. There’s also that one cool USB-C secret I’ve found out, but you’ll have to read on to find out more.

From the last article, we have a board that has an RP2040 and FUSB302 combo on it, which takes a 20 V DC PSU input from a laptop brick, and can switch either 5 V, 20 V or 0 V to its USB-C socket using FETs. The USB-C communication firmware is simple enough, but there’s caveats, especially regarding safety. Let’s go through those!

The Code Logic

VBUS has to be non-powered by default – we only supply 5 V when the FUSB302 detects a 5.1 kΩ pulldown on one of the CC lines. After supplying 5 V, we send out PSU capability advertisements, of the kind that we’ve learned to parse in the Replying PD article – and whenever we get a Request, we have to switch to the requested profile, connecting the voltage rail requested to the FET. I opt to not do any current consumption control in this design, assuming a well-behaved device, but you theoretically should do that. It wouldn’t be hard to add a high-side current sensor, say, something from Analog Devices – I just don’t want to do that now, especially given that I’m already using two of the exposed ADC pins to do Lenovo/HP PSU capability detection instead, one is used up for VBUS measurement, and the fourth is used for VIN (20 V rail) measurement – that’s four ADCs, which is as much as the RP2040 has got. However, if I ever need more ADCs, I can add an analog mux like 4051 in the next version! Continue reading “USB-C For Hackers: Program Your Own PSU”

USB-C For Hackers: Build Your Own PSU

October 12, 2023 by 43 Comments

What if you wanted to build your own USB-C PSU? Good news – it’s easy enough! If you ever wanted to retrofit a decent DC PSU of yours to the USB-C standard, say, you got a Lenovo/HP/Dell 19V-20V charger brick and you’ve ever wished it were USB-C, today is the day when we do exactly that. To be fair, we will cheat a bit – but only a tiny bit, we won’t be deviating too much from the specification! And, to begin with, I’ll show you some exceptionally easy ways that you can turn your DC PSU into a USB-C compatible one, with a simple module or a few.

Turning a 20 V PSU into a USB-C PSU feels natural if you want to charge a laptop – those tend to request 20 V from a USB-C PSU anyway, so what’s the big deal? However, you can’t just put 20 V onto a USB-C connector – you have to add a fair bit of extra logic to make your newly christened USB-C PSU safe to use with 5 V devices, and this logic also requires you go through a few extra steps before 20 V appears on VBUS. Any USB-C PSU has to output 5 V first and foremost whenever a device is connected, up until a higher voltage is negotiated digitally, and the PSU may only switch to a higher voltage output when it’s requested to do so.

Now, for that, a PSU offers a list of profiles, and we looked into those profiles in the Replying PD article – each profile is four bytes that contain information about the profile voltage, maximum current that the device may draw at that voltage, and a few other details. For a PSU to be USB-C compliant, the USB-C specification says that, in addition to 5 V, you may also offer 9 V, 15 V, and 20 V.

Also, the specification says that if a PSU supports certain in-spec voltage like 15 V, it’s also required by the spec to offer all of the spec-defined voltages below the maximum one – for 15 V, that also requires supporting 9 V. Both of these are UX requirements, as opposed to technical requirements – it’s easier for device and PSU manufacturers to work with a small set of pre-defined voltages that majority of the chargers will support, but in reality, you can actually offer any voltage you want in the PSU advertisement; at worst, a device is going to refuse and contend with slowly charging from the 5 V output that you’re required to produce.

I’d like to walk you through how off-the-shelf USB-C PSUs work, all of the options you can use to to create one, and then, let’s build our own USB-C PSU from scratch! Continue reading “USB-C For Hackers: Build Your Own PSU”

Showing the dock PCB with a Pi Zero attached and wired up onto it

Is Your USB-C Dock Out To Hack You?

March 26, 2023 by 20 Comments

In today’s installment of Betteridge’s law enforcement, here’s an evil USB-C dock proof-of-concept by [Lachlan Davidson] from [Aura Division]. We’ve seen malicious USB devices aplenty, from cables and chargers to flash drives and even suspicious USB fans. But a dock, however, is new. The gist is simple — you take a stock dock, find a Pi Zero W and wire it up to a USB 2.0 port tapped somewhere inside the dock. Finding a Pi Zero is unquestionably the hardest part in this endeavor — on the software side, everything is ready for you, just flash an SD card with a pre-cooked malicious image and go!

On the surface level, this might seem like a cookie-cutter malicious USB attack. However, there’s a non-technical element to it; USB-C docks are becoming more and more popular, and with the unique level of convenience they provide, the “plug it in” temptation is much higher than with other devices. For instance, in shared workspaces, having a USB-C cable with charging and sometimes even a second monitor is becoming a norm. If you use USB-C day-to-day, the convenience of just plugging a USB-C cable into your laptop becomes too good to pass up on.

This hack doesn’t exactly use any USB-C specific technical features, like Power Delivery (PD) – it’s more about exploiting the convenience factor of USB-C that incentivizes you to plug a USB-C cable in, amplifying an old attack. Now, BadUSB with its keystroke injection is no longer the limit — with a Thunderbolt-capable USB-C dock, you can connect a PCIe device to it internally and even get access to a laptop’s RAM contents. Of course, fearing USB-C cables is not a viable approach, so perhaps it’s time for us to start protecting from BadUSB attacks on the software side.

Showing a USB-C tester running the DingoCharge script, charging a battery pack at 7V. To the right is a battery pack being charged, and a USB-C charger doing the charging.

Use USB-C Chargers To Top Up Li-Ion Packs With This Hack

January 1, 2023 by 5 Comments

In USB-C Power Delivery (PD) standard, the PPS (Programmable Power Supply) mode is an optional mode that lets you request a non-standard voltage from a charger, with the ability to set a current limit of your choice, too. Having learned this, [Jason] from [Rip It Apart] decided to investigate — could this feature be used for charging Li-Ion battery packs, which need the voltage and current to vary in a specific way throughout the charging process? Turns out, the answer is a resounding “yes”, and thanks to a USB-C tester that’s programmable using Lua scripts, [Jason] shows us how we can use a PPS-capable USB-C charger for topping up our Li-Ion battery packs, in a project named DingoCharge.

The wonderful write-up answers every question you have, starting with a safety disclaimer, and going through everything you might want to know. The GitHub repo hosts not only code but also full installation and usage instructions.

DingoCharge handles more than just Li-Ion batteries — this ought to work with LiFePO4 and lithium titanate batteries, too.  [Jason] has been working on Ni-MH and lead-acid support. You can even connect an analog output thermal sensor and have the tester limit the charge process depending on the temperature, showing just how fully-featured a solution the DingoCharge project is.

The amount of effort put into polishing this project is impressive, and now it’s out there for us to take advantage of; all you need is a PPS-capable PSU and a supported USB-C tester. If your charger’s PPS is limited by 11V, as many are, you’ll only be able to fully charge 2S packs with it – that said, this is a marked improvement over many Li-Ion solutions we’ve seen. Don’t have a Li-Ion pack? Build one out of smartphone cells! Make sure your pack has a balancing circuit, of course, since this charger can’t provide any, and all will be good. Still looking to get into Li-Ion batteries? We have a three-part guide, from basics to mechanics and electronics!

Showing the same thumbdrive plugged into the same USB-C port in two different orientations, enumerating as two different USB ports

Dirty USB-C Tricks: One Port For The Price Of Two

December 31, 2022 by 48 Comments

[RichardG] has noticed a weird discrepancy – his Ryzen mainboard ought to have had fourteen USB3 ports, but somehow, only exposed thirteen of them. Unlike other mainboards in this lineup, it also happens to have a USB-C port among these thirteen ports. These two things wouldn’t be related in any way, would they? Turns out, they are, and [RichardG] shows us a dirty USB-C trick that manufacturers pull on us for an unknown reason.

On a USB-C port using USB3, the USB3 TX and RX signals have to be routed to two different pin groups, depending on the plugged-in cable orientation. In a proper design, you would have a multiplexer chip detecting cable orientation, and routing the pins to one or the other. Turns out, quite a few manufacturers are choosing to wire up two separate ports to the USB-C connector instead.

In the extensive writeup on this problem, [Richard] explains how the USB-C port ought to be wired, how it’s wired instead, shows telltale signs of such a trick, and how to check if a USB-C port on your PC is miswired in the same way. He also ponders on whether this is compliant with the USB-C specification, but can’t quite find an answer. There’s a surprising amount of products and adapters doing this exact thing, too, all of them desktop PC accessories – perhaps, you bought a device with such a USB-C port and don’t know it.

As a conclusion, he debates making an adapter to break the stolen USB3 port out. This wouldn’t be the first time we’re cheated when it comes to USB ports – the USB2 devices with blue connectors come to mind.

An “unbusy” USB-C Port Doubles-up For JTAG Programming

February 24, 2022 by 11 Comments

Board space is a premium on small circuit board designs, and [Alvaro] knows it. So instead of adding a separate programming port, he’s found a niche USB-C feature that lets him use the port that he’s already added both for its primary application and for programming the target microcontroller over JTAG. The result is that he no longer needs to worry about spending precious board space for a tiny programming port; the USB-C port timeshares for both!

In a Twitter thread (Unrolled Link), [Alvaro] walks us through his discovery and progress towards an encapsulated solution. It turns out that the USB-C spec supports a “Debug-Accessory Mode” specification, where some pins are allowed to be repurposed if pins CC1 and CC2 are pulled up to Logic-1. Under these circumstances, the pin functions are released, and a JTAG programmer can step in to borrow them. To expose the port to a programmer, [Alvaro] cooked up a small breakout board with a USB-C plug and separate microcontroller populated on it.

This board also handles a small quirk. Since [Alvaro’s] choice of programming pins aren’t reversible, the USB-C plug will only work one of the two ways it can be plugged in. To keep the user informed, this breakout board sports a red LED for incorrect orientation and a green LED for correct orientation–nifty. While this design quirk sacrifices reversibility, it preserves the USB 2.0 D+ and D- pins while also handling some edge cases with regard to the negotiating for access to the port.

Stick through [Alvaro]’s Twitter thread for progress pics and more details on his rationale behind his pin choices. Who knows? With more eyes on the USB-C feature, maybe we’ll see this sort of programming interface become the norm?

[Alvaro] is no stranger to Hackaday. In fact, take a tour back to our very first Supercon to see him chat about shooting lasers at moving targets to score points on a DEFCON challenge in the past