Author Archives: bunnie

Name that Ware September 2021

via Hacking – bunnie's blog

The Ware for September 2021 is shown below.

This ware was kindly contributed by @marcan42. I’m really impressed at the quality of the camera work for the wares!

These are just a subset of the boards from the ware, but I suspect it’s more than enough to get a positive ID. The digital board is a bit more telling, but I find a well-designed analog board to be too attractive to pass up posting. I also love the slightly browned regions evidencing the hard life that the linear regulators experienced, filtering out all that power supply junk to create a clean, smooth power rail suitable for audio. If nobody can figure this out, there’s another board I’ll add to the set which might be helpful.

Bonus points to anyone who can come up with a good theory for the ~3mm 45-degree angle cutouts sprinkled around the digital board’s power plane pours. I can’t come up with any consistent rhyme or reason for them to be there, so maybe the engineer was just going for style points? Nothing wrong with going for style, but perhaps I missed the memo on some sort of black magic with respect to detuning resonances in power planes, or something like that.

Winner, Name that Ware August 2021

via Hacking – bunnie's blog

The Ware for August 2021 is a DirectTV receiver model D10. As I had surmised, it was quite easy to guess the nature of the ware, based on obvious clues such as the smart card slot, tuner circuit, and the general TV-receiver-esque vibe about the board. One does not integrate a line voltage power supply and an RF front end into a single circuit board unless one is sure to sell millions of them; the regulatory overhead is just too great otherwise.

Anyways, to make the ware a bit more challenging I had asked for comments specifically about the unpopulated cut-out section of the board. Participants correctly recognized from the get-go that it should be an accessory to the receiver, likely related to a remote control. GotNoTime even went so far as to call out a part number, the KESRX01 ASK receiver chip (as listed in the schematics that were previously linked by Eben Olson). While the schematics share the chip designator U33101, unfortunately, the KESRX01 is a 24-pin package, but the board has a 28-pin footprint. Thus, it’s quite likely these are closely related schematics, probably made by the same OEM, but they also cannot be an exact match.

This motivated me to poke a bit more; a bit of googling around revealed a good match for the footprint and functional category: the TDA5200. Below is a juxtaposition of the reference schematic from the datasheet along with the layout:

And just for quick reference, here’s the pinout and internal block diagram of the chip:

I got as far as confirming that the power supply lines match up, and that the crystal and RF lines seem to make sense, which means it’s likely to be this chip or at least a closely related one. If I had to build up a functional circuit using this board blank and no schematics, I’d say it’s likely to succeed, modulo a couple patch wires and a bit of antenna tuning.

My propensity to figure out what goes into the blank spots of a circuit board is a quirk that stems from having to, at times, reverse engineer devices that have had the part numbers sanded off or obscured for “security” reasons. That’s probably part of the reason I’m drawn toward empty spots on circuit boards; they are good practice for looking at context and circuit traces to figure out part numbers. It’s like circuit board karaoke!

I guess this month there isn’t a winner, since nobody quite got the answer I was looking for, so I’ll leave it at that (although I am probably partially to blame for not being clearer as to what I was hoping to see as an answer!). However, thanks again to everyone for playing!

Name that Ware, August 2021

via Hacking – bunnie's blog

The Ware for August 2021 is shown below.

This months ware is probably a pretty easy guess. To make things a bit more interesting, the prize will go to the entry that has the most feasible (or the most entertaining!) theory as to the purpose for the tiny break-away, stand-alone PCB is on the left hand side, as indicated by the red arrow. The cropping just barely obscures the edge of the PCB, but basically there are three mouse bites on the edges that retain the sub-assembly PCB, so it could be sheared off and turned into a separate item. I always pay extra attention to blank spots like this PCBs, because they are riddles into some aspect of a product’s design or supply chain: someone put the effort in to design a thing — but then decided not to use it. This PCB has a lot of blank spots, but this is the only one that could be readily sheared off into a separate assembly.

This ware is also a guest ware, courtesy of “JeffA”. Thanks for the submission!

Winner, Name that Ware July 2021

via Hacking – bunnie's blog

The Ware for July 2021 is a PC-60FW Fingertip Oximeter, which was distributed to each household in Singapore by the Temasek Foundation, free of charge. I thought this was a pretty interesting ware for a few reasons. First, it’s a free oximeter! Kind of a neat thing to play with. You can hold your breath and watch your SPO2 levels go down, or try to meditate and control your pulse.

Second, I found it quite interesting because no where on the box or the manual does it mention that this thing has Bluetooth. Of course, I take apart most things that arrive at my doorstep to see what’s inside — that’s just how I roll. Since it was a free device, I assumed it would probably be a bare-bones implementation, not expecting to see much more than a black glob of epoxy and a few wires when I opened it. Instead, it had these fairly name-brand components, and the antenna came as a bit of a shocker because I didn’t expect any sort of telemetry from the device. The box bears no indication of a radio transmitter — there’s no EMC-compliance notice, MAC address, icons, or any kind of verbiage that would typically compliment a radio transmitter. Must be nice to be able to ship millions of units of a product without having to deal with EMC compliance. After a careful inspection of the manual, however, there is a reference to the fact that you could download the “@Health” app, which includes a QR code to a random website to side-load an APK into your phone from “Shenzhen Creative”.

I’m not quite sure what was the thought behind including the Bluetooth function — it’s not cheap, especially for a nationwide-scale deployment. I would have assumed they were going to integrate this into their “Healthhub” app which is the official government app for managing healthcare, to allow them an opportunity to triage COVID cases before bringing them into the ward. However, I didn’t investigate the @Health app any further; it was served from a Chinese-style domain name I didn’t recognize, without https, etc. etc. I don’t have the time to deal with disassembling the app to make sure it’s clean before installing it, so I just steered clear of it. A Nordic Bluetooth radio on its own isn’t a perilous surveillance threat, due to its limited range and capability. However, once paired with a smartphone app, the scope of the data goes global and the threat is much more severe due to the potential for data fusion with the smartphone’s sensors, and other private data within.

Anyways, I found it a bit surprising that my pulse oximeter has a radio, and thought it’d be a neat ware to share!

This is a picture of the “less-interesting” side of the oximeter PCB. It uses the same OLED display that found its way into the $12 Shanzhai phones from the turn of the millennium. That characteristic cyan-and-amber color scheme seems to be the “go-to” display for budget-conscious IoT devices these days.

Bienvenu is the clear winner on guessing this one, congrats! email me for your prize.

Name that Ware, July 2021

via Hacking – bunnie's blog

The Ware for July 2021 is shown below.

For well over a year now, I haven’t traveled much further than 10km from where I sit and write this. However, sometimes the world brings you interesting things. This ware has a little bit of a story behind it; it arrived, and of course I popped off the cover to see what was inside. It wasn’t quite what I was expecting to see — more on that, after we’ve given some time for people to share their guesses! I imagine this could be a fairly easy one to guess, as most of the components involved in its core functionality are in this view.