Electronics and programming interspersed at various levels of difficulty. Cooking analogies might be involved.
Friday, September 13, 2013
Moving to new domain - hackcorellation.blogspot.com
I've persisted long enough in this grammatical error so it's best I rip the band-aid quick and just switch to the correct domain.
http://hackcorrelation.blogspot.com/
As soon as I can figure out how to do it I will add redirects so that all old pages point to the [same] new pages.
All new material will be published on the correct blogger.com domain.
Thursday, August 8, 2013
Wednesday, August 7, 2013
SMD breakouts and etching tutorial
Friday, August 2, 2013
Follow-up on 2x DVR repair
I was scoping around to see what caused the 2.5V supply modules to go bust.
Just as a reminder, they are pretty generic modules, with a 5V preregulator that steps down the 12V input. The 5V is then dropped through linear regulators to three supply rails of 1.8V, 2.5V and 3.3V. In this application only the 2.5V output is being used.
Just as a reminder, they are pretty generic modules, with a 5V preregulator that steps down the 12V input. The 5V is then dropped through linear regulators to three supply rails of 1.8V, 2.5V and 3.3V. In this application only the 2.5V output is being used.
Thursday, August 1, 2013
Ancient DVR teardown - Dallmeier DLS 6
I just bought a cheap broken DVR from eBay and thought to share pictures from inside the unit since there aren't any on the Internet.
It was a state of the art unit at the beginning of 2000, probably costing several thousands of dollars. Some documents and review from that time praise the wavelet-type encoding quality and savings, custom-made ATX power supply and build quality. I beg to differ on a few fronts.
Wednesday, July 31, 2013
Saeco Talea - automatic coffee machine - teardown and analysis
I got this coffee machine from work because it was a maintenance nightmare. I'll tear it down, do the analysis on how it works and detail on some design problems as well.
It's going to be a rather long post with quite a lot of pictures. I've marked all the detected problems with an asterisk "*", I'm sure some have been forgotten as this teardown was performed 6 months ago.
(For troubleshooting see http://hackcorrelation.blogspot.de/2017/02/automated-coffee-machine.html)
Wednesday, July 24, 2013
Building a new firmware for the Senseo coffee machine
This is one of those projects that just takes forever to finish, I must've started this 6 months ago.
This part will describe all the hardware and various techniques used to figure out which signal goes where.
Why do this? It's an improvement on the original firmware and an exercise in consumer product design. My goals will be listed in the second part of this post.
Tuesday, July 23, 2013
Android game automation - part 2
In the previous post I touched upon the fact that simulating hardware input events was very slow and not really suited for fast, repeated actions.
The second approach is based on MonkeyRunner, a free library included with the Android SDK. It is able to talk to the Android device using a Python-like language.
The second approach is based on MonkeyRunner, a free library included with the Android SDK. It is able to talk to the Android device using a Python-like language.
Part 1: http://hackcorellation.blogspot.de/2013/07/android-game-automation-part-1.html
Monday, July 22, 2013
txtr Beagle - native code analysis
I've been avoiding to do a write-up on this section for several reasons.
First, I'm using the IDA disassembler which is pretty expensive and thus quite extensively pirated. Unfortunately there are no freely available tools that I know of that can perform this task.
Second, I really suck at assembler and C so might not be the best person to do these analysis. I've used the freely available Thumb decompiler plugin which is able to translate assembly into readable code but only in about 30% of the cases. There's no substitute for knowledge, it seems.
Part 1: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-teardown-part-1.html
Part 2: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-two-software.html
Part 3: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-3-storage-and-transfer.html
Part 4: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-card-parser.html
Nevertheless, quite a few people have expressed their problems in being able to work out what compression has been used and the window size so this will aid in future reverse engineering.
Once the file has been loaded, depending on the IDA version used, you might not see the offending function listed in the functions window. A simple search takes care of that:
First, I'm using the IDA disassembler which is pretty expensive and thus quite extensively pirated. Unfortunately there are no freely available tools that I know of that can perform this task.
Second, I really suck at assembler and C so might not be the best person to do these analysis. I've used the freely available Thumb decompiler plugin which is able to translate assembly into readable code but only in about 30% of the cases. There's no substitute for knowledge, it seems.
Part 1: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-teardown-part-1.html
Part 2: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-two-software.html
Part 3: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-3-storage-and-transfer.html
Part 4: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-card-parser.html
Nevertheless, quite a few people have expressed their problems in being able to work out what compression has been used and the window size so this will aid in future reverse engineering.
Once the file has been loaded, depending on the IDA version used, you might not see the offending function listed in the functions window. A simple search takes care of that:
2x DVR repair
I've gotten two DVR MPEG4 recorders for free because they were labeled as "unfixable". Both of them were diagnosed with "no video" or "video problems".
Ever since I've had them I had suspected the 2.5V supply to be at fault but had no oscilloscope nor variable PSU at hand, so they have been sitting in my drawer for a few months.
It was a 10 minute job:
- probe the 2.5V output and see it oscillating between 2.4 and 4.2V
- probe the PAL/AV output and see the scope could not get a lock even though it looked almost ok
- bypass the supply and feed 2.5V from a variable PSU
- probe and do a quick run to see everything is stable.
I wish I could do a burn test but my trusty variable PSU is a linear one, getting quite hot at this voltage drop.
Ever since I've had them I had suspected the 2.5V supply to be at fault but had no oscilloscope nor variable PSU at hand, so they have been sitting in my drawer for a few months.
It was a 10 minute job:
- probe the 2.5V output and see it oscillating between 2.4 and 4.2V
- probe the PAL/AV output and see the scope could not get a lock even though it looked almost ok
- bypass the supply and feed 2.5V from a variable PSU
- probe and do a quick run to see everything is stable.
I wish I could do a burn test but my trusty variable PSU is a linear one, getting quite hot at this voltage drop.
Sunday, July 21, 2013
txtr Beagle - card parser
I started playing around with the SD card contents to see how I can parse it and verify the functionality.
The result is a small Java program that is able to read the contents page by page and display it on a little panel. You can type the page number and press <Enter>, you can use arrow keys or mouse wheel to scroll.
The result is a small Java program that is able to read the contents page by page and display it on a little panel. You can type the page number and press <Enter>, you can use arrow keys or mouse wheel to scroll.
Friday, July 19, 2013
Power supply project - part 1
I've had a car charger break down on me and haven't been able to fix it. It has a sturdy metallic case and the transformer is still fine.
The idea is to use some existing PSU modules I have laying around and fit those into the case, providing a readout on the display. Since it has to have a microcontroller (overpowered if I might add) it can also do some basic logging, over-voltage and over-current protection.
I really hate designing my own supplies since there are so many ready-made around which are much better than I could ever accomplish.
Experiment - USB from 1V instead of 12V
This experiment was done about a year ago so I don't have all the details at hand. I wanted to see if a car USB charger can be modified to run on 1-3V.
The car charger is based MC34063 chip which can function in both buck and boost configurations.
The car charger is based MC34063 chip which can function in both buck and boost configurations.
Thursday, July 18, 2013
txtr Beagle teardown
As you might now the txtr Beagle is the new kid on the block: the cheapest and lightest ebook reader around. Or at least that's what the marketing says.
I bought mine for around 20E, which is quite a bit more than the 10-13 EUR they were aiming for. I guess that's the price one must pay to stay on top of technology.
The main reason I bought one was to have some kind of remote display for use for example as a wall clock, To-Do board or bike GPS readout.
Part 2: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-two-software.html
Part 3: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-3-storage-and-transfer.html
Part 4: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-card-parser.html
Part 5: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-native-code-analysis.html
It's a bit hard to take apart since everything is glued together. There are two TR5 screws but they serve no other reason than to annoy.
First, some information on how it's supposed to work:
It's obvious that the books are pre-rendered on the phone prior to being uploaded because it takes about 2-5 minutes to upload a text-only book and the reader has instant start-up, so no parsing is involved.
Before tearing it down I assumed a low-cost ARM processor, some soldered down flash memory, a common bluetooth chip and the eInk controller along with the usual host of auxiliary components: DC-DC converters, breakout and testing pads, perhaps some level translators.
Inside there is a bit of surprise: a microSD flash card along with its socket. I can't imagine how this is cheaper than just soldering a flash chip, but there you go.
My assumptions seemed to be correct, there is low-cost LPC ARM Cortex M3 uC, no RAM chips, the 4GB card raw image compresses to 40MB.
I bought mine for around 20E, which is quite a bit more than the 10-13 EUR they were aiming for. I guess that's the price one must pay to stay on top of technology.
The main reason I bought one was to have some kind of remote display for use for example as a wall clock, To-Do board or bike GPS readout.
Part 2: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-two-software.html
Part 3: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-3-storage-and-transfer.html
Part 4: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-card-parser.html
Part 5: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-native-code-analysis.html
It's a bit hard to take apart since everything is glued together. There are two TR5 screws but they serve no other reason than to annoy.
First, some information on how it's supposed to work:
- - you bind the reader via bluetooth to a phone or tablet
- - you download the book on the phone, set the font size and upload it to the reader
- - each subsequent font change requires reuploading the book
- - the reader can only hold 5 books, though it's supposed to have 4GB of memory
- - one-year battery life on two AAA cells
It's obvious that the books are pre-rendered on the phone prior to being uploaded because it takes about 2-5 minutes to upload a text-only book and the reader has instant start-up, so no parsing is involved.
Before tearing it down I assumed a low-cost ARM processor, some soldered down flash memory, a common bluetooth chip and the eInk controller along with the usual host of auxiliary components: DC-DC converters, breakout and testing pads, perhaps some level translators.
Inside there is a bit of surprise: a microSD flash card along with its socket. I can't imagine how this is cheaper than just soldering a flash chip, but there you go.
My assumptions seemed to be correct, there is low-cost LPC ARM Cortex M3 uC, no RAM chips, the 4GB card raw image compresses to 40MB.
Android game automation - part 1
First: this is borderline immoral so don't ask for any source code or help.
My friend got me into a repetitive Android game that I will not name here. Basically it's a different kind of Farmville (I assume) that requires you to mindlessly click 'animals' to 'farm' money from them. On top of that you have to also activate two type of farms in order to feed the animals and evolve them. Feeding is not a requirement, so it will only be done in the second iteration of this automation.
As a rule of thumb any task that takes you at least 5 minutes every day for a year should be automated if it could be done in less than 20 hours.
iPod classic - SSD conversion
In a previous posting I described how I got this iPod Classic 6G working again by just using an older 1.8" drive.
I did not provide any pictures, so here are two of them with the "roadkill".
I did not provide any pictures, so here are two of them with the "roadkill".
txtr Beagle - Part two - software
Bluetooth
Thanks to Moritz I was able to connect to txtr via the Bluetooth SPP profile. To do this you need to disable the txtr app that is installed on your phone and install any app that does Bluetooth serial debugging. I used "Bluetooth SPP", available freely on the Play Store.
UPDATE: Andreas Schier has written an open-source java toolchain for Beagle: https://github.com/schierla/jbeagle
UPDATE: Florian Echtler has built two Python scripts, one emulating the server and another one for the client. The server allows you to send images to your reader: http://floe.butterbrot.org/matrix/hacking/txtr/
Part 1: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-teardown-part-1.html
Part 3: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-3-storage-and-transfer.html
Part 4: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-card-parser.html
Part 5: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-native-code-analysis.html
Turn on Bluetooth on the phone and Beagle, start the app and choose "Real-time mode". Inside the prompt you should type "HELP" (all caps) followed by the enter key (not "Done") so a newline is inserted after the command. You should see a listing of available commands.Part 3: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-3-storage-and-transfer.html
Part 4: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-card-parser.html
Part 5: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-native-code-analysis.html
Here's the [obscured] output from my device:
Connecting…Issuing the INFO command:
Bluetooth connect OK.
Bluetooth Protocol v8
Accepted commands:
(GET)PARTNER, GETBOOKS, (DELETE)BOOK, QUIT, MEMORY, INFO, HELP, etc.
PROTOCOL VERSION=8Issuing GETBOOKS:
FIRMWARE ID=Beagle-F-U BUILDDATE=18.April.2013 GIT=cxxxxxx IAP=0 BLUETOOTH=u.3
DEVICE SERIAL=8888888 BDADDR=00:xx:xx:xx:xx:xx DISPLAY=V110
# bookselect button activated
VCOM VALUE=1910
SDCONTENT REVISION=2
OPTION LOWFLASH=0 FFTBT=1INFOOK
BOOK ID=1111111111111111 FIRSTPAGE=1 LASTPAGE=19 CURRENTPAGE=19 AUTHOR=sgsdfgsdfgdgsd TITLE=sdfgsdfgsdfgsdfg
BOOK ID=888888888888888 FIRSTPAGE=1 LASTPAGE=183 CURRENTPAGE=5 AUTHOR=adfrgsdfgsdfgsdfgsdfgsdfg TITLE=sdfgsdfgsdfgsdfgsdfg
BOOK ID=888888888888 FIRSTPAGE=1 LASTPAGE=423 CURRENTPAGE=1 AUTHOR=TG9uZG9uLCBKYWNr TITLE=V2hpdGUgRmFuZw
BOOK ID=888888888888888 FIRSTPAGE=1 LASTPAGE=447 CURRENTPAGE=321 AUTHOR=sdfgsdfgsdfgsdfg TITLE=sdfgsdfgsdfgsdfg
GETBOOKSOK
Issuing MEMORY:
BOOKS USE=4 MAXIMUM=15QUIT:
CLUSTERS USE=21 MAXIMUM=255 SIZE=59
MEM TOTAL=8192 FREE=2168
MEMORYOK
QUITOKPartner:
PARTNER ID=B234E345D123
txtr Beagle - part 3 - storage and transfer protocol
I'm wrapping this up for now as one of the COG (chip-on-glass) devices has apparently fried and the reader has sold out.
UPDATE: Andreas Schier has written an open-source java toolchain for Beagle: https://github.com/schierla/jbeagle
UPDATE: Florian Echtler has built two Python scripts, one emulating the server and another one for the client. The server allows you to send images to your reader: http://floe.butterbrot.org/matrix/hacking/txtr/
Part 2: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-part-two-software.html
Part 4: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-card-parser.html
Part 5: http://hackcorellation.blogspot.de/2013/07/txtr-beagle-native-code-analysis.html
I've scratched some of the white glue-like stuff away but the burn can be seen inside the glass. It was drawing abour 1A upon changing pages and the COG was getting very hot.
Wednesday, July 17, 2013
Moving on to business
After a few hours of hunting templates I've finally settled on one that should be easy on the eyes. Just a matter of preference. This is not the final choice but until I learn the WordPress system it will have to do.
I have about 20 articles waiting to be written, all the pictures are already taken, but I don't know where to start:
- custom dual power supply with Stellaris (Tiva) Launchpad diagnostics
- marathon repair of 30+ out-of-factory items
- custom firmware for coffee machine
- lessons learned from reviving SLA, NiCd and LiPo batteries
- various laptop repairs
- workbench build log
- automating a native game on Android
- sending Android navigation instructions to a Bluetooth device
- reverse engineering Java and Android apps (one at a time)
On top of that there are a lot of smaller articles in the loop, basically tips, mostly useful for beginners (diskless/thin clients, workbench organization, protocol debugging, Android development, teardowns etc.).
I'll try to cover all the ground above in a systematic manner, meaning that longer articles will need to be split and mixed with others.
I have about 20 articles waiting to be written, all the pictures are already taken, but I don't know where to start:
- custom dual power supply with Stellaris (Tiva) Launchpad diagnostics
- marathon repair of 30+ out-of-factory items
- custom firmware for coffee machine
- lessons learned from reviving SLA, NiCd and LiPo batteries
- various laptop repairs
- workbench build log
- automating a native game on Android
- sending Android navigation instructions to a Bluetooth device
- reverse engineering Java and Android apps (one at a time)
On top of that there are a lot of smaller articles in the loop, basically tips, mostly useful for beginners (diskless/thin clients, workbench organization, protocol debugging, Android development, teardowns etc.).
I'll try to cover all the ground above in a systematic manner, meaning that longer articles will need to be split and mixed with others.
Subscribe to:
Posts (Atom)