Uncategorized

This is a continuation of “Hacking Dollar-Store Bluetooth Devices (The Kindness of Strangers) part 2”

Inspired by fellow SkullSpace member Edwin, who utilised a bus pirate to re-write the bluetooth device name via EEPROM (Note – this is indeed the right tool for the job) I took the initiative to get it done similarly, with my trusty Arduino Uno and some light coding.

Now, the neat thing about I2C is that it’s multi-master capable; at least, the bus is designed to be such.  This means that we can interface the EEPROM without disconnecting the usual master (ie the bluetooth IC).  So in short, you don’t need to lift the pins on your EEPROM, and toast the thing in the process:

20160911_171226

Unfortunately I forgot about this design feature, and spent quite a bit of time trying to read this IC from the arduino. It wasn’t until I took the same method to my second Bluetooth device that I realised that the first was toasted:

20160911_232334

After hacking a few devices (into oblivion), you eventually learn you should buy more than one…. this time around I added a terminal block and hot glue for stability

With that all wired up, I connected my arduino and started testing that I could read EEPROM addresses:

20160912_002612

 

It turns out that the “AB Shutter” device name was not where I expected it to be, based on my binary image – the most likely explanation is that my binary processing program is buggy 🙂  So, undeterred, I wrote a little arduino sketch that searched through the EEPROM’s memory byte-by-byte for a simple “AB” pattern (the first two characters of the device name).  Interestingly, “AB Shutter” shows up at 0x3B44 and 0x5B44.  This is the sketch I used:

 

Then, knowing the address, I wrote another little sketch to over-write that address space, and confirm it by reading it back.  I wrote to 0x3B44, and it reads back correctly from both 0x3B44 and 0x5B44, suggesting some paging or mirroring going on:

And, lo and behold, my PC picked it up with the new name!….almost:

bluetooth_642

The trailing ” 3″ is part of the old name – I tried over-writing it, with no success.  Perhaps there is some paging mechanism I am not taking into account 🙂

 

Next steps include searching through the memory via arduino sketches, and attempting to locate where it stores its keyboard “key codes”, if at all.  This would let me change which keys are sent to the PC/smartphone, at least in theory. Stay tuned!

Halfway through a haircut, my hair clippers died.  After some serious self-reflection, I came to realize I am nowhere near cool enough to wear half a haircut:

 

Skrillex-contact-information2

…maybe if I got some sick frames, tho…

In my half awake state, I managed to open up the clippers without electrocuting myself too severely.  I suspected the switch to be bad – a fried motor usually throws off some smoke when it fails, and this wasn’t the case.  I confirmed this by shorting the switch leads with a screwdriver, which made it jump back to life.

20160312_090257

the culprit

I was able to bypass the switch entirely. This means it will always be on while plugged in, but it also means I won’t look like a doofus today:

20160312_090436

operation++; safety–;

 

“Good” as “new”!

20160312_090742

I recently acquired the Wolfson Pi Audio Card  from Newark. Awesome! In this post I’m simply exploring the functionality of the new device, with some more ambitious projects to come.

The Wolfson Pi – If you lose one of the mounting screws, a rubber band works just as good

The Wolfson Pi brings audio support to the raspberry pi – see this page for detailed specs. What got me excited about the Wolfson Pi, is the ability to add enhanced audio capabilities and potentially incorporate this with JACK or other linux-based real-time audio processing.

The first step is to download and install the wolfson SD card image ( available here ). I found that the unzip utility in Ubuntu could not unzip the file properly… I wound up using 7zip instead, and it worked fine.  For those of us using a *nix-based OS, the following can be used to flash your SD card (note that a class 6 is recommended at minimum):

  1. Insert SD card – use the output of dmesg to determine its device file (/dev/sdb for example).  It should be the last one mentioned.
  2. use dd to write the card – be very careful to select the right device!!  dd bs=4M if=wolfson.img of=/dev/sdb.  This will take a while.  Physically install the Wolfson Pi onto the raspberry pi while you wait.
  3. Once dd is done, plug it into the pi and you should be ready to go.

If you are like me and want to access it via ssh, the credentials are still the same as the raspbian distro – username pi, password raspberry.  The OS uses DHCP by default.

Once you log in, you will see a number of shell scripts in your home directory.  Playback_to_*.sh are used to configure the default output device.  For my tests, I wanted to test recording with the built-in DMIC (onboard microphone) and output to the Line out connection.  To record and play a test file:

  1. ./Playback_to_Lineout.sh
  2. ./Record_From_DMIC.sh
  3. arecord -Dhw:0 -r 44100 -c 2 -f S32_LE test.wav , use Ctrl+C to stop recording
  4. aplay -Dhw:0 -r 44100 -c 2 -f S32_LE test.wav

Note – don’t try to play FLAC files with aplay, the sound of mismatched formats will hurt your ears…

That’s all for now, stay tuned for more experiments with the Wolfson Pi!

Hey folks, looking to get rid of a bunch of books/electronics/etc… contact me if you’re interested in any of it!

Custom made stuff:

 

20140215_163610

Biznass BoomBox – I hacked an old FM radio into a classy briefcase for a decentralized dance party – needs a slight bit of work, IIRC the volume knob has become detached.

 

One funky-ass axe.  A modified Ibanez GRX40.  Faux fur, no animals were harmed during the making of this guitar....

One funky-ass axe. A modified Ibanez GRX40. Faux fur, no animals were harmed during the making of this guitar….

Network gear:

24 port switch, Nortel BayStack 450-24T

24 port switch, Nortel BayStack 450-24T

Oldschool Linksy WRT45G wireless router

Oldschool Linksy WRT54GS wireless router

A pile o' Nortel VoIP phones

A pile o’ Nortel VoIP phone parts (headsets, main units, need PoE or DC power supply). Untested

 

Books:

Buncha books! pt 1

Buncha books! pt 1

Buncha books! pt2

Buncha books! pt2

Misc Neat stuff

Super Nintendo, has a power supply issue.  Complete with 1 controller and some aladdin game

Super Nintendo, has a power supply issue. Complete with 1 controller and some aladdin game

Ibanez Chorus/Flanger pedal.  Still works, never use anymore

Ibanez Chorus/Flanger pedal. Still works, never use anymore

Random Thin Client.  Never tested.

Random Thin Client. Never tested.

Rotary tool, works, comes with grinding bit pictured

Rotary tool, works, comes with grinding bit pictured

 

 

Misc Electronic equipment

ATX Power supply, was used to power a gigantic LED circuit, one of the molex connectors is chopped off.  Still works.

ATX Power supply, was used to power a gigantic LED circuit, one of the molex connectors is chopped off. Still works.  You could easily replace it with a connector from newark!

Some PIC dev boards, ancient... comes with PicBASIC software cd, rs232 programmer, etc

Some PIC dev boards, ancient… comes with PicBASIC software cd, rs232 programmer, etc

Some junky +5V,+12VDC power supply i built before university.  Standard linear regs (7805,7812)

Some junky +5V,+12VDC power supply i built years ago.  Still works. Standard linear regs (7805,7812)

High-voltage DC Nixie Tube power supply.  Specs unknown, but is DC

High-voltage DC Nixie Tube power supply. Specs unknown.  Comes with Nixie tubes if you want them!