Understanding silicon circuits: inside the ubiquitous 741 op amp

Ken Shirriff’s writes, “The 741 op amp is one of the most famous and popular ICs with hundreds of millions sold since its invention in 1968 by famous IC designer Dave Fullagar. In this article, I look at the silicon die for the 741, discuss how it works, and explain how circuits are built from […]

Schlumberger 4002 signal generator

Mario wrote an article on reverse engineering a Schlumberger 4002 signal generator: What I got was a Schlumberger 4002 signal generator. It ranges from 0.1 to 2160 MHz with 10-20 Hz tuning accuracy, selectable output amplitude from -138.9 dBm up to +13 dBm in 0.1 dB steps, auto-sweeping and several extras like an OCXO for stability, 20 dB […]

Examining the core memory module inside a vintage IBM 1401 mainframe

Ken Shirriff writes: The IBM 1401 mainframe computer was announced in 1959 and by the mid-1960s had become the best-selling computer, extremely popular with medium and large businesses because of its low cost. A key component of the 1401’s success was its 4,000 character core memory, which stored data on tiny magnetized rings called cores. […]

Sniffing Crazyflie’s radio with HackRF blue

arnaud acquired a HackRF Blue and has been busy coding up a GNURadio project for analyzing Crazyflie radio transmissions. Crazyflie is a nano quadcopter/drone controlled over a wireless link. The Crazyradio is the official radio dongle for the Crazyflie Nano Quadcopter. It is a 2.4GHz USB radio dongle based on the nRF24LU1+ chip from Nordic […]

Reverse engineering a Beseler PM2L Color Analyzer

Kerry Wong wrote an article on reverse engineering a Beseler PM2L Color Analyzer: I recently acquired an old Beseler PM2L color analyzer. This kind of color analyzer was designed to analyze the color or exposure of film negatives at a certain location by comparing the intensity of the filtered light of each color channel (CMY and white). […]

Reverse engineering the Panasonic AC infrared protocol

The AnalysIR Team hailing from Dublin, Ireland has just published a new article called. “Reverse engineering the Panasonic AC Infrared protocol”. If you’re into IR hacking with the USB IR Toy, check this out. “AnalysIR is an advanced IR analyzer & decoder that works with Arduinos, Raspberry Pi, USB IR Toy, Teensy3, ChipKit Fubarino and […]

Reverse engineering a Verisure wireless alarm

Here’s an informative two-part series of posts over at FunOverIP detailing how to reverse engineer a Verisure wireless alarm. Part 1 details the beginning steps such as finding the modules radio frequency and modulation type, analyzing the chipset datasheet and using GNU Radio.

Reversing D-Link’s WPS Pin Algorithm

Craig of /dev/ttyS0 wrote an article on reversing D-Link’s WPS Pin Algorithm: While perusing the latest firmware for D-Link’s DIR-810L 80211ac router, I found an interesting bit of code in sbin/ncc, a binary which provides back-end services used by many other processes on the device, including the HTTP and UPnP servers I first began examining this particular piece […]

Video: Hack All The Things – 20 Devices in 45 Minutes

The GTVHacker group gave this presentation at DEFCON 22. The group is famous for Hacking the Google TV a few years back, and in this talk they add plenty of devices to their credit. “We’ve taken all of our previous experience exploiting embedded devices and used it to bring you a presentation filled with more […]

Derbycon video: Making BadUSB Work For You

Adam Caudill and Brandon Wilson gave this presentation at the recent Derbycon 2014 conference in Louisville, KY, covering their hack of the Phison 2251-03 USB controller firmware to add new “features” and functionality. They focus on the Patriot Supersonic Xpress 8GB USB drive allowing it to be repurposed for non-standard uses. Adam has posted his […]

Reverse engineering wireless pro studio lighting

Richard Webb just finished an article on reverse engineering the wireless protocol used to communicate with some pro studio lighting. His approach involves sniffing the SPI bus into the lighting controller’s RF module using the Open Bench Logic Sniffer to obtain preliminary addressing information, then used an nRF24L01+ module in receive mode to capture packets. […]

Video: JTAGulator introduction and demonstration

Hardware hacking guru Joe Grand of GrandIdeastudio has posted this new, detailed introduction/demonstration of the JTAGulator, an open source hardware tool te hat assists in identifying on-chip debug (OCD) and/or programming connections from test points, vias, or component pads on a target device. (We note the Bus Pirate usage at 5:40.)

Reverse engineering a NAND flash device management algorithm

Joshua Wise writes: The following is a description of how I went about reverse-engineering the on-flash format, and of the conclusions that I came to. My efforts over the course of about a month and a half of solid work – and a “long tail” of another five months or so – resulted in a […]

Video: Using superpowers for hardware reverse engineering

Prior to delivering a presentation at today’s DEFCON, hardware hacking guru Joe Grand gave this talk at BSidesLV held August 5-6, 2014 in Las Vegas. Joe describes, “[s]uperpowers, normally used by superheroes in the battle of good versus evil, are also accessible to engineers and hackers in equipment used for failure analysis and verification of […]

Reverse engineering a wireless soil moisture sensor

Ray Wang at Rayshobby has been working on reverse engineering a wireless soil moisture sensor. He writes, “At the Maker Faire this year I got lots of questions about soil moisture, which I knew little about. Recently I started learning about how to build my own soil sensor, and came across this cheap 433MHz wirelss […]

Hacking the Java Debug Wire Protocol (JDWP)

Christophe Alladoum has posted a tutorial on the IO Active Labs Research blog on the Java debug wire protocol and its insecurities. He explains, “In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a pentester’s point of view. I will cover some JDWP internals and how […]

DEFCON 21 video: Decapping Chips the Easy Hard Way

In this presentation from DEFCON 21, Adam “Major Malfunction” Laurie and Zac Franken of Aperture Labs go hardcore with chip analysis. For some time it has been possible to discover the inner workings of microprocessors with the help of a microscope and some nasty chemicals such as fuming nitric acid. However, unless you have access […]

Silver bullet oscilloscope IR receiver

The crew from AnalysIR have shared a simple technique for viewing the mark and space data from IR transmission on an oscilloscope. They call it the “silver bullet” method. The idea is to use a standard IR Led mounted into a BNC/RCA plug using a spare channel making an Oscilloscope infrared receiver. So we set […]