Hacking The Lidl Home Gateway

June 12, 2021 by Jenny List 21 Comments

For years, Europeans have been browsing the central aisles of the German Aldi and Lidl supermarket chains, attracted by the surprising variety of transitory non-grocery bargains to be found there. There are plenty of temptations for hackers, and alongside the barbecues and Parkside tools at Lidl last year was a range of Zigbee home automation products. Every ZigBee network requires some form of hub, and for Lidl this comes in the form of a £20 (about $28) Silvercrest Home Gateway appliance. It’s a small embedded Linux computer at heart, and [Paul Banks] has published details of how it can be hacked and bent to the user’s will.

Under the hood is a Realtek RTL8196E MIPS SoC with 16Mb of Flash and 32 Mb of memory. Gaining control of it follows the well trodden path of finding the bootloader, dumping the firmware, and re-uploading it with a known password file. If you’ve done much hacking of routers and the like you’ll recognise that this quantity of memory and Flash isn’t the most powerful combination so perhaps you won’t be turning it into a supercomputer, but it’s still capable enough to be integrated with Home Assistant rather than the cloud-based services with which it shipped.

There was a time when repurposing routers as embedded Linux machines was extremely popular, but it’s something that has fallen from favour as boards such as the Raspberry Pi have provided an easier path. So it’s good to see a bit of old-fashioned fun can still be had with an inexpensive device.

If you fancy a bit more German budget supermarket goodness, feast your eyes on an Aldi stick welder!

A Deep Dive Into E-Ink Tag Hacking

March 28, 2021 by Stephen Ogier 7 Comments

Over the last decade or so, e-ink price tags have become more and more ubiquitous, and they’ve now reached the point where surplus devices can be found inexpensively on various websites. [Dmitry Grinberg] found a few of these at bargain-basement prices and decided to reverse engineer and hack them into monochrome digital picture frames.

Often, the most difficult thing about repurposing surplus hardware is the potential lack of documentation. In the two tags [Dmitry] hacked, not only are the labels not documented at all, one even has an almost-undocumented SoC controlling it. After some poking around and some guesswork, he was able to find connections for both a UART and an SWD debugging interface. Fortunately, the manufacturers left the firmware unprotected, so dumping it was trivial.

Even with the firmware dumped, code for controlling peripherals (especially wireless devices) is often inscrutable. [Dmitry] overcomes this with a technique he calls “Librarification” in which he turns the manufacturer’s firmware into libraries for his custom code. Once he was able to implement his custom firmware, [Dmitry] developed his own code to wirelessly download and display both gray-scale and two-color images.

Even if you’re not interested in hacking e-ink tags, this is an incredible walk-through of how to approach reverse-engineering an embedded or IoT device. By hacking two different tags with completely different designs, [Dmitry] shows how to get into these systems with intuition, guesswork, and some sheer persistence.

If you’d like to see some more of [Dmitry]’s excellent reverse-engineering work, take a look at his reverse-engineering and ROM dump of the PokeWalker. If you’re interested in seeing what else e-ink tags can be made to do, take a look at this weather station made from the same 7.4″ e-ink tag.

Making Smart Bulbs Smarter With The Power Of MQTT

December 25, 2020 by Erin Pinheiro 14 Comments

What’s the point of smart home automation? To make every day tasks easier, of course! According to [Tomasz Cybulski], that wasn’t the case when he installed IKEA smart lights in his closet. It’s handy to have them in a common switch, in this case a remote control, but having to look for it every time he needed the lights could use some improvement. Enter his project to make smart bulbs smarter, through the use of a simple ESP8266.

While hooking a door switch to the lights’ power supply could provide a quick solution, [Tomasz]’s wife wanted to keep the functionality of the remote control, so he had to look elsewhere. These light bulbs use the simple Zigbee protocol, so arranging for other devices was rather trivial. A USB dongle to interface with the protocol was configured for his existing Raspberry Pi automation controller, while an ESP8266 served as the real-world sensor by connecting it to reed switches installed in the closet doors.

With all the hardware sorted out, it’s a simple matter of making it all talk to each other. The ESP8266, using the Tasmota firmware, sends a signal to an MQTT server running on the Raspberry Pi, which in turn translates it to a remote trigger on the Zigbee frequency with the dongle. The lights turn on when the door opens, and off again once it closes. And since there were no further modifications to the lights themselves, the original IKEA controller still works as expected, which we’re sure [Tomasz]’s wife appreciates!

MQTT can be an interesting piece of software that goes beyond just home automation though, and if you already have a server in your home you can use it to transfer your clipboard’s contents to another device. If you are using it for home automation though, here’s an inspiration for a rather unusual dashboard to keep things interesting. Check out this hack in action after the break.

Continue reading “Making Smart Bulbs Smarter With The Power Of MQTT” →

Another IoT Debacle: Charter Offers Home Insecurity

January 18, 2020 by Al Williams 38 Comments

If you are a glass-half-empty person, you’ll view Charter’s announcement that they will shutter their home security and smart home service on February 5th as another reason not to buy into closed-source IoT devices. If you are a glass-half-full person though, you’ll see the cable company’s announcement as a sign that a lot of Zigbee hardware will soon flood the surplus market. Ars Technica reports that after investigation it appears that some of the devices may connect to a standard Zigbee hub after a factory reset, but many others will definitely not.

As you might expect, users were less than thrilled. Especially those that shelled out thousands of dollars on sensors and cameras. This sort of thing might be expected if a company goes out of business, but Charter just doesn’t want to be in the home security business anymore.

Continue reading “Another IoT Debacle: Charter Offers Home Insecurity” →

New Part Day: Alexa Connect Kit Now Available For Sale

November 11, 2019 by Maya Posch 8 Comments

People who were subscribed to updates on the Alexa Connect Kit (ACK) would recently have received an email informing that this kit is now available for sale. Last time we covered the ACK was back in September of 2018, the ‘release’ moniker meant ‘preview’ and there wasn’t any hardware one could actually purchase.

Over a year a later it seems that we can now finally get our grubby mitts on this kit that should enable us to make any of our projects Alexa-enabled. What this basically seems to mean is that one can spend close to 200 US dollars on an Arduino Zero and an Arduino shield-mounted WM-BN-MT-52 module from USI (though not listed on their site, but similar to the WM-BN-BM-22?) that integrates a 192 MHz Cortex-M MCU and a WiFi/Bluetooth module, as summarized on the Amazon Developer page for the ACK.

Continue reading “New Part Day: Alexa Connect Kit Now Available For Sale” →

DIY ZigBee Therapy Lights Are Hue Compatible

August 23, 2019 by Tom Nardi No comments

Working on a project into the wee hours is hardly uncommon for us hackers, but if you’re consistently sleeping until the afternoon, it’s possible you’re suffering from a condition known as Delayed Phase Sleep Disorder (DPSD). Put simply, your body’s internal clock is out of alignment with the world around you. One of the ways to treat this condition is to expose yourself to bright light in the morning, which can help you wake up and feel more refreshed. Unfortunately, these so-called “Bright Light Therapy” boxes tend to be pretty expensive.

Looking for a way to treat his own DPSD, [Edward Shin] decided to build his own light box based on the research he’d done on the various commercial offerings out there. After all, a box full of bright lights that operates on a timer doesn’t seem particularly complex. Of course, in reality there’s a bit more to it than that, but so far the results are certainly promising.

The first decision [Edward] had to make was what kind of light he wanted. Classic light therapy devices, often used to treat Seasonal Affective Disorder (SAD), tend to be full spectrum lights that try and simulate sunlight. But in his research, he found a paper from Nature that explained the melanopsin in the human eye responds primarily to blue and green light. But as intense blue light can apparently lead to macular degeneration, he decided to go with green.

Since [Edward] already uses the Philips Hue system for his home’s lighting, he wanted to bring his therapy light into that ecosystem. The idea was that he could easily schedule his new green light box to go on when he wanted to wake up in the morning. So he used the Mesh Bee from Seeed Studio which not only supports ZigBee, but for which software is available to emulate a Hue bulb. Then he just needed to pair that with a sufficiently beefy LED driver and some 510 nm emitters. Everything is enclosed in a box made of laser cut wood that’s designed to hang from the headboard and shine down onto his face.

Over the years we’ve seen a number of similar projects trying to address SAD, so the idea of a hacker tweaking the concept to tackle DPSD seems a natural enough evolution of the idea. Just remember to speak with a medical professional before coming up with a homebrew treatment plan.

Drone Gives Up Its Wireless Secrets To Zigbee Sniffer

February 8, 2019 by Dan Maloney 2 Comments

There’s something thrilling about decoding an unknown communications protocol. You start with a few clues, poke at the problem with some simple tools, and eventually work your way up to that first breakthrough that lets you crack the code. It can be frustrating, but when you eventually win, it can be very rewarding.

It seems that [Jason] learned this while decoding the wireless conversation between his mass-market quad and its controller. The quad in question, a Yuneec Q500, is one of those mid-range, ready-to-fly drones that’s targeted at those looking to get in the air easily and take some cool pictures. Unsure how the drone and controller were talking, [Jason] popped the covers and found a Zigbee chipset within. With the help of a $14 Zigbee USB dongle and some packet sniffing software from TI, [Jason] was able to see packets flowing, but decoding them was laborious. Luckily, the sniffer app can be set up to stream packets to another device, so [Jason] wrote a program to receive and display packets. He used that to completely characterize each controller input and the data coming back from the drone. It’s a long and strange toolchain, but the upshot is that he’s now able to create KML in real time and track the drone on Google Earth as it flies. The video below shows the build and a few backyard test flights.

Congratulations to [Jason] for breaking the protocol and opening up drones like this for other hackers. If you’re interested in learning more about Zigbee sniffing, you can actually hack a few smarthome gadgets into useful sniffers.

Continue reading “Drone Gives Up Its Wireless Secrets To Zigbee Sniffer” →