News items for tag electronics - Koos van den Hout

2022-11-18 Current thoughts on hardware hacking
Corinex CXWC-HD200-WNeH uart connected
Corinex CXWC-HD200-WNeH uart connected
Picture by Koos van den Hout, license CC-BY-SA
I closed the case of a vulnerability in the Corinex CXWC-HD200-WNeH with a confirmation from the vendor that this is a device completely out of support. Which confirms the public information I found when I started looking into this device. This was all related to the course in hardware hacking I took and applying the new knowledge.

So now I can look back on this experience and think about my future here. Hardware hacking has serious links to my current job as technical security specialist. In my work I regularly have to look at vulnerabilities and assess the chance and impact of misuse of the vulnerability. With hardware hacking I find vulnerabilities by researching hardware. This helps me understand the chance and impact factor of other vulnerabilities.

There is also a link to my education: part of that was MTS electronics. I learned how to solder, before SMD components were a thing and I think I got some explanation about switching mode power supplies at the end. As I got into computers I didn't do much with this education but the last years in amateur radio have made me get out the soldering iron again.

There is a clear link to my hobby of amateur radio. My interest in amateur radio is linked to wanting to know how things actually work. Hardware hacking is also done with RF signals so I may get into more RF related hardware hacking.

My current thought is that I want to continue in this subject. It's given me joy: getting into a device in new and unexpected ways gives joy! I have learned new things. I noticed I need to feed the brain regularly with new information and actually learning something new is much better brainfood than browsing social media. At the same time social media is the way to learn more about this subject and interact with other people interested in this subject. I ended up on /r/hardwarehacking on reddit and already learned from others and shared some of my own insights!

There is the thing about RFID/NFC security. I have looked into this in the past, mostly by getting the tools to peek into the MiFare classic cards. I am considering going further with this area of hardware hacking. Prices of hacking tools for this area like the proxmark3 or the flipper zero are above the 'nice to try a few things' level. On the other hand I think I could have loads of fun there, and the overlap with amateur radio is very clear.

At the end of this bit of writing: thanks to people who share their hardware hacking experiences on-line! Thanks to Jilles Groenendijk, Router Archeology: Sitecom WL-330 - Habbie's journal, @Flashback Team on youtube, Make Me Hack on youtube, and Boschko Security for sharing their stories and knowledge.

Tags: , , , , ,
2022-08-28 Maintenance for the pi4raz igate / learning about esp32 power requirements
Since last Thursday the aprs server at is down. I used that aprs server for the weather station and for the igate.

The change for the weather station was one word in a script, for the igate I had to remember how to change this with the Arduino development environment set up to support the esp32 board. The easiest way seemed to be from the computer, but every time after the igate started the running process after the setup it crashed and rebooted itself. I spent a lot of time looking for the answers, added debug statements all over the code and ended up in the WiFi initialization code as the place of crashing. And that was the hint, according to Crash when trying to connect to wifi - Issue #3935 - espressif/arduino-esp32 this is a sign of a power shortage.

This is purely my fault: the pi4raz igate design calls for an external power supply feeding it.

The solution was to go back to the separate USB power supply and not use a USB hub connected to the computer. Now the igate is started again and visible on the APRS network: track PE4KH-10 on

Tags: , ,
2022-07-07 First signals on the logic analyzer circuit
The logic analyzer circuit I ordered came in today with the test leads. Both the circuit and the test leads have pins so I need something to connect those two. So the crate with PC cables was ransacked and a floppy drive cable is now connecting the logic analyzer and the test leads.

The logic analyzer shows up in linux as usb device:
Bus 002 Device 008: ID 1d50:608c OpenMoko, Inc. Fx2lafw
Finding software was quite easy: pulseview indeed works out of the box, complete with support for this logic analyzer.

I had a look around for something to analyze and finally settled on the ESP32 based NTP clock because that's still on a breadboard and signals are available. I can see the bits flowing between the ESP32 microcontroller and the display module.

I'm still seeing some bits come in on unconnected testleads so I'm not sure I am doing everything right. But it's a start!

Tags: ,
2022-06-08 My interests in electronics and security together: trying some hardware hacking
One of the subject areas I'm interested in at work is hardware security and hardware hacking. After doing things with rfid earlier I'm now looking at low-level electric interfaces. With the earlier hardware challenges in CTF contests in HackTheBox Cyber Apocalypse CTF 2022 - Intergalactic Chase and The HackTheBox & CryptoHack Cyber Apocalypse 2021 I got interested in logic analyzers. Those sounded expensive (but I never actually checked).

And then I read this bit: I recently got this 8ch cheap USB-C logic analyzer from AliExpress and the price shown is 5.42 US dollar. That's really cheap!

For that price I can buy one and not be too dissapointed when it blows up or fails to give me the joy I hope. So, ordered: one 8 channel logic analyzer and a set of test leads so I can actually clip this to a circuit. The price for me for the logic analyzer circuit is EUR 6.78 including delivery and taxes.

For software I learned about PulseView.

This hardware has limitations, but for simple decoding of hardware protocols this is a nice start.

Tags: , ,
2022-04-01 Mention of my igate
In 2020 I built an igate: a device for receiving status packets on amateur frequencies and got it succesfully receiving packets and publishing them to the APRS network.

Since then the hardware has been in a corner of the radio shack receiving packets, building a good coverage of received packets and doing fine.

Today I noticed in Razzies April 2022 a Dutch-language electronic magazine of the Radio Amateurs Zoetermeer a nice mention of 'my' igate:
De enige gateway die dapper stand houdt is PE4KH-10: nota bene een iGate naar ontwerp van onze club: een RAZ iGate...
or translated: the only gateway still standing strong is PE4KH-10: notably an igate made to the design from our club: a RAZ igate.

It's nice to get this mention! The hardware is in the corner of the shack just doing its job and nothing else.

Tags: , ,
2021-05-03 Refreshing rechargeable batteries
With lots of devices running on rechargeable batteries including toys with motors and lights we have accumulated quite a number of rechargeable batteries in our house. Some of them have been around for ages and others are more recent.

With the amount of batteries varying per device (we have seen 1,2,3,4 and 6 batteries per device) it's good to charge each battery individually as they may have different residual charges and always charging them in pairs when one is not as good will only make the difference worse.

But the charger for individual AA/AAA cells we have also wants to charge the batteries quite fast and will abort as soon as one cell doesn't accept the charge. More and more batteries got rejected this way, even relatively new ones.

The solution: a smart charger that has adjustable load current, can refresh a battery that has problems accepting charge and measures the charge in the battery. And does this for 4 batteries at the same time. I gathered batteries from all kinds of places (quite a collection) and started charging and measuring all of them. A number of batteries got rejected because even a "refresh charge" ended at less than 50% of the original capacity. Those batteries will be handled as chemical waste. The others with enough capacity left are now all in the big box of charged batteries. Most of them will not keep their charge until the moment we actually need them, but it's good to know they are usable.

I bought the from Conrad which has only one downside: the fan is somewhat noisy.

Tags: ,
2021-04-07 The NTP ham clock is ticking
esp32 based NTP ham clock on breadboard Recently the parts for the NTP ham clock I saw in the Electron magazine arrived: an ESP32 module and a TFT display. It took a bit before I had time to actually do something with them but recently I put the modules on breadboard and started making the needed connections. There are not a lot of those, only 8 wires need to be connected between the ESP32 microcontroller and the TFT display.

After some fiddling it worked and I managed to program it all with the settings I like, such as the right timezone rules for the Netherlands, 24 hour display on both clocks and it fetches the NTP time from the NTP server in the shed so it doesn't rely on outside connectivity.

Now to find a case for it and wire it neatly.

Tags: , , ,
2021-02-27 Ordered parts for an NTP ham clock
Today the Electron magazine of the Veron amateur radio club came in, the March 2021 Veron Electron (Dutch).

As I was browsing the magazine and reading articles I came across an article about building an NTP ham clock, consisting of an ESP32 module and a TFT LCD display, and the rest is all in software.

I directly wanted to build this, as this combines two of my interests: amateur radio and NTP time synchronization. It displays both the local time and the UTC time on the TFT display, just like PyHamClock does on my screen.

The article is based on the same project at W8BH projects which gives me a good descriptive pdf.

So I ordered an ESP32 module and ILI9341 TFT LCD display from an aliexpress seller and now I wait, because this will take about a month.

Tags: , , ,
2021-01-05 Sharing my christmas light code
I forked the github repository GitHub - jgarff/rpi_ws281x: Userspace Raspberry Pi PWM library for WS281X LEDs into my own GitHub - KHoos/rpi_ws281x: Userspace Raspberry Pi PWM library for WS281X LEDs and committed my code for using the 120 led ledstrip as christmas tree lights including morse code.

It's my first actual python code.

Tags: ,
2020-12-31 The igate is still receiving packets and slowly building coverage
Coverage map of PE4KH-10 igate around Utrecht Since the igate build was finished and the first packets were received I left it running. I did switch to a 5 volt power supply: it works fine on a USB charger powering the whole circuit board via the USB connector for the ESP32.

Packets are received from a large area around the city as shown. I'm glad it is all working and I hope to improve the APRS network coverage here locally a bit.

Tags: , ,

IPv6 check

Running test...
, reachable as PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newstag.cgi,v 1.39 2022/11/18 15:23:48 koos Exp $ in 0.041678 seconds.