Category Archives: hacking

High(ish) Voltage EPROM blast from the past

Using New tools on old parts…

Very early in my career, I lucked out and got a job at General Computer Company in Cambridge. GCC had a contract with Atari to write games for the 2600, and eventually were tagged to create their next generation system, the Atari 7800. I worked on 2600 Joust and Kangaroo, and also on Centipede for the 7800 as well as test code for the hardware and a sound driver that was used in several games.

7800 Eprom carts from my days at GCC

We were given 7800’s from an early production run, and I recently found mine in my attic, and dragged it out, and hacked it to have a composite output. I also had been carrying around these EPROM carts for many years, and I wanted to see if I had anything “interesting” or special.

Once I got my 7800 running, many of the cartridges just worked, but there was one set that was labeled ROB 4(9?)/20 (probably Robotron 2084 written by my friend Carlos Smith) and another labled Xevious UNENCRYPTED (written by my friend Tom Flaherty). Neither worked in the 7800, and the Xevious one told me why it didn’t work: It said unencrypted (which was technically un-signed, but that’s what we called it back in 1984).

I did some research, it turns out nobody uses EPROMS anymore, and most non-volatile memory in modern electronics use flash. Back in the old days we had a very expensive Data I/O gang programmer, and even on ebay these days, they are still quite expensive. Fortunately there’s lots of interest in vintage electronics (everything from old home computers to old engine computers) There is (of course) a chinese company that makes a relatively inexpensive line of programmers called Xgecu. Unfortunately, using them requires you to use a somewhat suspicious Chinese download program that only works on Windows. I’m a Mac and Linux guy these days so that wasn’t going to fly. I did find out that two of the older models that they make were reverse engineered by David Griffith and he wrote an open source command line utility called minipro https://gitlab.com/DavidGriffith/minipro.

TL866II+

Unfortunately the current shipping version of the Xgecu programmers aren’t supported by minipro (Conversations I found online indicate that David tried but ran into difficulties because the manufacturer was actively trying to keep people from finding out how it works. I searched and found that Jameco was still selling the TL866II+. It was a little more expensive than the very few chinese sellers I found that carried it, but I was impatient and ordered it from Jameco (besides, Jameco is grate for a lot of cool stuff!) I got it in a few days and I was able to read out the EPROMS from my development carts.

It took a little research (a topic for another post) but I figured. out how to assemble the bits from the EPROMs into a form that was playable by the modern Atari 7800 emulator A7800. Most of the games played, including my two “unplayable” games (The emulator doesn’t check the signature). I didn’t check all of them, but a few I did a binary comparison with downloads of the release ROMS and they were identical.

My first problem, I didn’t have any blank EPROMS and I didn’t have an EPROM eraser. EPROMS use strong, short wavelength. (250nm) UV light. I tried a UV lamp I have used for “retrobrighting” old plastics, as well as a UV flashlight, but no luck. I wondered if one of the many phone “sanitizers” that became popular during the pandemic would work. It turns out there are junk ones, (using LEDS) and good ones (with real tubes) and the good ones are pretty expensive new, but it turns out there are lots of these on Facebook Marketplace, and I was able to get the “Phone Soap” UV sanitizer for a really good price.

With two tubes, you can also put eproms back to back and double up the capacity.

It totally wipes the EPROMS in it’s normal 10 minute cycle!

Using the a7800basic/7800sign command, I was able to verify that the Robotron and Xevious ROMS were unsigned, I signed them and was able to burn the Xevious ROMS and play them on the actual Atari 7800!’

It turns. out, I got lucky. I started trying to burn the robotron ROMs and I got lucky again with the first one, but all the rest Failed to verify after only writing one or two bytes. I thought, maybe they are just old and tired, I tried putting them through the eraser multiple cycles, and still fail. I ordered some new blank ones from Jameco, and they all had the same error!

Time to hit the datasheet

I noticed that the programmer reported the pulse time , VCC, VPP and VDD voltages for programming.
It was reporting VCC, VDD = 5V, VPP=18V and pulse time 200 ms. The first thing I noticed was that the datasheet says 50 ms for the programming pulse, and I tried changing that parameter, no luck. It also said VPP = 21 V and NO DICE! that voltage wasn’t available on the TL866II+ ! (note, that if you look at the same part number from different manufacturers, there are a wide range of acceptable voltages.)

I wondered if you could separately apply that programming voltage or if it needed to be in step with the pulses. The second would definitely be possible, but in terms of time, it might be cheaper to try to find another programmer (the older model could go to 21 V).

I bent out the VPP pin and stuck a wire in with the gnd pin and applied 21V with my bench power supply.

It worked!

It worked, but bending the pin would not be a strategy I could use very many times. I ordered some ZIF sockets, but as you know, I’m impatient, so I found a 28 pin (narrow) socket, and cut it in half and soldered it up on an adafruit perma proto board.

It works very reliably! I was finally able to burn the Robotron roms and play them!

Flexible Wifi Doorbell

A long, long time ago, we moved a door from our kitchen to the hall, and in the process, our doorbell was moved into the basement stairs. We can barely hear it on the first floor, and I spend most of my days on the third.

I know I could buy an Internet doorbell, or a simple wireless doorbell, but I really liked the idea of being able to tap into any events, and keeping all the data in my own network.

I bought a 433 MHz doorbell that I knew someone else had controlled from an Arduino (I’d normally give credit, but I lost the reference). I didn’t want potential network failures to keep the regular doorbell from working, so I decided to always trigger a relay and send the wireless doorbell code, while informing a messaging server of the events. This MVP is great because it improves my doorbell situation while providing lots of room for growth, such as triggering future security cameras, sending messages etc.

433 MHz Doorbells

433Mhz RF Decoder Transmitter With Receiver Module Kit For ARM MCU Wireless  Geek - US$2.99

There are some very cheap 433 MHz transmitter/receiver pairs (<$5) that are compatible with a lot of the wireless doorbells. I ended up using the RC-Switch library (available from the library manager). It’s also supported by the RadioHead library.

You only need the receiver to decode the transmission from the doorbell’s pushbutton. I just hooked it up to an Arduino Uno and ran one of the receive example sketches. You might get several different “packets’ with different codes, but one of them is the right one. Hook up the transmitter, and transmit the codes one at a time until one of them works.

Here you see a rough prototype with a switch standing in for the doorbell button.

Next post we’ll pretty it up, and show some code!

Wyostat: Open Source Thermostat Pt. 1

Does the world need another connected thermostat?

When my thermostat went on the blink last winter, I looked at Nest, and Ecobee, and the other me-too thermostats, and I decided I would rather build my own.

  1. If Nest goes out of business (or even more likely, Google decides to go a different direction),  all that cool connected functionality pffft!
  2. If I want to control it just inside my house, I don’t really have that option.
  3. Some of the connected thermostats also offer remote sensors, behavior learning, etc. but they are expensive, and you have no control.
  4. I have a two wire system. While some of the connected thermostats do power stealing (Nest), I wanted more powering options.
  5. I’ve been playing with ESP32’s and I’ve found them powerful and cheap!

Prototyping

Most home hvac systems run on 24VAC. When I moved in to my house, it had one of those classic round bun thermostats that tilt a mercury switch with a bimetallic spiral. More modern systems have an additional C wire for power (and separate fan  and cool wire). This meant that I would be powering the thermostat externally. A little googling and I found this info on thermostat wiring:

I found a triac board offered by another maker and open source enthusiast:
http://makeatronics.blogspot.com/2013/06/24v-ac-solid-state-relay-board.html


It features three triac channels with Opto-isolated inputs. The control signals seem to work at 5V or 3.3V.

For the controller I found a dev board with an ESP32 module, SiLabs usb controller, and a small monochrome OLED display. It’s sold as Wemos Lolin, and it has a Wemos-like logo on the back. it’s actually a clone of a D-Duino-32 by Travis Lin.

I mounted it on top of the triac board, with a laser cut plate to mount the same as my existing thermostat.

I used a Sparkfun TMP102 as the temperature sensor. I floated it to keep it off the cold wall. Figured I’d mount it in a case later. It worked great! The next installment will cover the PCB design and debugging. The code and the EDA files are at: https://github.com/wyolum/wyostat

Building Access Security Research

I’ve been researching a lot of contactless payment, and authentication stuff for work, and thought I’d share some of the most interesting links. This post will focus on building access.

Building access

It seems like many building access keycard systems are pretty weak in terms of security. Essentially, many of them present an ID code that is checked against a database. If you can copy that code you can clone the card (replay attack). Also most of them use something called Wiegand signalling as their output which is just a protocol to decode, so if you can tap in, you can sniff or inject stuff pretty easily. There are more secure systems out there that use a cryptographic exchange, but the insecure systems are in abundance!

getksi.com blog — This is a company that sells a more secure building access system, so they’ve done a lot of competitive research about vulnerabilities of common building access systems.

bishopfox.com — Security consulting firm. hacked a long range reader to steal ID’s. Essentially used an arduino to listen in on the Wiegand output.

Jonathan Westhues — EE and software guy did a lot of reverse engineering of some badge signals, later created a whole platform for reading and spoofing badges.

3DR Solo of my very own!

If you’ve followed this blog, you know I’ve played with toy quadcopters and built one from parts. I’ve also built an FPV racing drone that I’ve only successfully flown twice.

For a long time I’ve lusted after a GPS drone capable of autopilot, especially after a demo by a neighborhood friend of his DJI Phantom 3. I think the DJI drones are pretty cool, but I hate that they are not open, and being both an Open Hardware guy, and never satisfied with factory settings, I really wanted open source.

3D Robotics, founded by former Wired editor Chris Anderson has been making open source autopilot drones for quite a while now, but they’ve been quite pricey, and don’t include a camera. I just couldn’t justify it.

My friend Michael Castor at  http://www.mcmelectronics.com/ clued me in to a sale at Bestbuy and I scooped up a Solo, extra battery, gimbal, extra propellers, and a backpack for $399 (plus tax). SCORE!

Note, last time I checked, the price just went up to $599, but you can still get the Solo for $399

Free 2 day shipping said it would be here Thursday, but the Solo came on Wednesday, and the rest on Thursday.

solo box

It was well packed, comes with battery, two extra propellers, transmitter,  and chargers for the transmitter and the battery. It comes with an eggcrate material carrying case that would probably do for a while, but I hate to think what would happen when it rains.

The backpack, which came later (and I may cover in a future post) is terrific."carrying case"

DJI, by the way also gives you “carrying case” packing, but in their case close cell foam, which would probably hold up longer.

Solo unboxing

Setting it up was pretty easy, download the app to my phone, power everything up. There’s a required firmware update before flying, and while it crashed my phone a couple times (I am suspicious because I have CyanogenMod) it took only about 2 minutes.

I don’t have a camera yet (I’m waiting for a new model of “fauxpro” from mcm electronics.) but It was amazing that I actually managed to work all week without flying. A quick stop at the FAA site to register, print a label for my Solo, then I did get out on Saturday, and I’m hooked!

Kevin flying his new Solo
Photo by Will Caldico0tt

Auto take off and landing are the bomb! The orbit mode was pretty easy to use, once I figured out how to set the center on my tiny phone screen. I ordered an acer tablet from ebay (about $70) and hope that will be better.

3DR recommends initial flights in a wide open area, and I concur. While it’s really easy to fly, it’s also hard to judge depth at distance when it’s flying near trees etc. The next day, I did manage to crash it, breaking 2 propellers, and chipping a third. The Solo was fine though, and shut itself down with the remote talking to me “Crash detected”.

Hacking potential

I wouldn’t have even spent $400 (and will likely spend even more) if it wasn’t easy to add my own hardware and software mods. 3DR makes this really easy, with a well thought out Dev kit python API, and well documented hardware expansion. Check it all out at: https://dev.3dr.com/index.html

What makes this really exciting, is the Solo (in spite of the name) actually has Two processors, a pixhawk flight controller, and a linux based computer. You can actually ssh to the drone, and store scripts for execution during flight.

I’m excited that you can even use OpenCV on the video stream from the camera.

Arduino Robot Class preview

I’m teaching an Arduino Robot class June 29 from 6-8pm at YouDoitElectronics in Needham, Ma. The cost is $99 and you get to take home the robot you build. I’ll show you how to use an Arduino to control DC motors, and read sensors to react to the environment. The robot we’re building will have a sonar sensor for distance, and two line detectors for following a line.
To register email your name phone number and number of participants to events@youdoitelectronics.com. Please include Arduino Robot Workshop in the subject line. You will receive a call back within 1-2 business days. Fee is required at time of registration prior to the start of the workshop. Once registration and payment are complete a reservation confirmation number will secure your spot.

Arduino Workshop and Arduino Resources page

youdoit-arduino class

Had a full house at an Intro to Arduino Workshop at YouDoIt Electronics in Needham last night. Getting ready for this prompted me to start up an Arduino Resources page and update my Intro to Arduino Presentation (which, unfortunately I didn’t get to use due to technical difficulties…)

YouDoIt Electronics is a terrific local resource, carrying tons of Sparkfun and Adafruit products (as well as tons of mechanical and electrical parts, educational toys, AV equipment, you name it!) Thanks Melissa and John for sponsoring me!

Interactive Wall at the Duxbury Free Library

I was Maker in Residence at the Duxbury Free Library in August, where I worked with Teens and some adults to create an Interactive wall for display at the Library.

I met Teen Librarian Ellen Snoeyenobs at the first Make a Makerspace conference at the Artisan’s asylum several years ago, and we’ve been collaborating on bringing more maker activities to her library over the last 2 years. She has an excellent blog reflecting on their successes, failures, and tips : http://librarymakerspace.blogspot.com/

She has her own excellent video here:

Lessons learned

  • Something for everyone. There are art activities for those who won’t go near tech stuff, and plenty of wiring and coding for the techies. Girls, boys, adults alike found something to do.
  • Drawing on skills learned in the past helps to get things done. We did one session on Arduino at the beginning, but in the end, those who already had Arduino experience ending up contributing most in that area.
  • Include a variety of activities. Kids who liked 3D printing and design did various bits to glue on, and use, including a spider that goes up and down. The 3Doodler was used a lot to add decorative elements, as well as enhance some of the 3D prints. And of course, Arduino brought it all to life.
  • Think Off the Wall. Ellen was originally inspired by an interactive wall she saw at MIT. The library, however, wasn’t too keen to be hacking into their existing walls. Ellen came up with the idea of a portable partition, and I helped select one (made of poly-carbonate) that we could drill. It had the additional advantage of being semi transparent, so we could mount our fireflies (addressable LEDs,) behind the wall.
  • Surprise learning. There were all sorts of bonus learnings, including how to scale a drawing up using a grid!

Technology

  • The library had previously received a grant that enabled them to buy a bunch of Spark Fun Inventors kits. We used velcro to attach the Redboards and their attached breadboards to the back of the wall.
  • We used a PIR motion sensor to trigger the bird moving, and cheap Chinese HC-SR04 ultrasound distance sensor to light up the peacock’s tail as you waked closer.
  • WS-2812 LED strips provided bling for both the peacock’s tail and the fireflies.
  • Birdsong was provided by a Sparkfun MP3 Shield
  • Movement was done with micro servos, and one continuous rotation servo from parallax.
  • The shifty eyed fox was implemented by a great design from Dampboot on Thingiverse

Come see it!

Our Grand Reveal of the Arduino Interactive Garden Wall will take place on
Thursday, September 10th at 4 p.m. on the Upper Level of the Duxbury Free Library.

We’re hoping some of the Teens as well as adults who had a hand in making it will talk about the experience.

MacGuyver Copter Part 2: Total Ghetto, Total Fail

Spoiler alert: in part 3, we finally succeed!

If you read the first post  you know that I was inspired by all the cheap replacement parts for the Syma X5. Also the motor mounts have all sorts of interesting attachment points, including a tube that fits a 3mm (who knew they were a standard size?) bamboo barbeque skewer. I’ve seen people bodge together quadcopters with “real” controllers but with crappy wooden frames, so I thought why not.

First I cut some skewers so the props were centered where they were in the original Syma X5. They were 9 inches center to center.

20150715_174605

I taped it all together, with the controller in the middle. I didn’t have much hope, as  you can see the fit on the motor mounts isn’t tight, and I was afraid they would twist. I taped them the best I could but as you can see in the video it was a total fail.20150715_223808

One problem I noticed, was that I had mounted the controller board upside down. Doh! The purpose of the controller is to keep it upright!

20150716_115519

Next I designed a 3D printed hub for the middle, secured with hot glue. I found some tiny screws (scavanged from many tear aparts!) and drove those through holes in the arms and through the bamboo skewers. This time it worked better but spun. I concluded that the bamboo was twisting with the motor torque. Probably true, but later I also discovered that I had the motors mounted in the wrong place.

Conclusions: I need a sturdier frame, but still need to keep the weight light (how light, well, I find out in part 3…)