Entries from August 2007 ↓

This GSM module from Sparkfun Electronics has to be one of the coolest things I have seen from Telit. Basically, what this allows you to do is drop in a SIM card, and use the python interpreter to handle AT commands to control the internal or external hardware or receive info from internal or external hardware. Using the built in GPS hardware allows you to easily make this a GPS tracking device. Or you can connect a camera and have it send you pictures. All this in one module. I definitely want at least 3 of these. It is surely worth the steep price tag, unless you are a struggling college student.

If you are in college, you are more than likely familiar with the DoorKing. You are probably also familiar with how much these things suck. There are a million of these in Baton Rouge and they never work. I am going to briefly explain the process of changing the greeting message on them (for almost all models). The routine is pretty easy. It relies on the fact that most people keep the default password: 9999 . You can get all this information from the Doorking manual. I suggest you read that first, then read this to get the finer details.

First off, if the password has been changed, this won’t work. But don’t let that stop you! Remember, 10^4 is only 10,000 numbers. That sounds like a lot but people always try to make codes that are easy to remember. Try 1234, 1940-1980 (birth-years), 1776, etc. No worries though, the password is a pain to change for the technological layman. You have to open the machine and set a specific switch, program it, then switch it back so your chances are pretty good. Every one I have tested has had a default password. Now, here is a step-by-step process for a successful hack.

1. You have a space of 48 characters to work with, plan it out before hand. Your character set is every capital letter, 0-9, and a space character. Also, the more your message has that “blue” tinge, the less time it will be up.
2. Go at a time when you will be less likely to have to deal with people coming up behind you. The whole process should take about 1 or 2 minutes depending on your alphanumeric keyboard ability.
3. When you pull up press *80 (the greeting input function) then 9999 (or the password you found). You have to enter these seamlessly or it won’t work.
4. After this, you enter the input mode. The display will say BLOCK 1. There are 3 “blocks”, Block 1 and Block 2 are 20 characters long and Block 3 is 8 characters long.
5. The interface works a lot like a phone. For example, “L” is 555, “P” is 7, “N” is 66, and “2″ is 2222. You can see the character as you push the button, this makes it pretty easy. After each character hit *. You will hear a short beep for each one and the cursor will move over (although not visible). BTW, the space character is 1. // Refer to page 34 of the manual.
6. Now a full example: “TWO 2″ is 8*9*666*1*2222* .
7. Okay, so you keep typing these in until you run out of space on the screen. This is the 20 character limit specified for a “block”. If you keep going, it will start to write over the beginning of the block. You have to enter the block into memory by pressing *. You will see the screen clear and it should say: BLOCK 2.
8. If your message is not done, enter a second block the same way.
9. Do the same for Block 3. Remember, the 3rd block is only 8 characters. // At any point, hitting # will clear the entire block.
10. At the end, press * again to enter all the blocks into system memory. You should hear a long beep. If it doesn’t work out, keep hitting * until it does. You must hear that long beep to finish!
11. Also, if your message is really short, you can skip blocks by hitting *. You may need to enter at least one character, preferably a space (1*), in each block to enter it. I’m not sure about this. Experiment.

That is pretty much it. If you are feeling really adventurous, and psychotic, you could build a small box with 12 solenoids to push the buttons. It could quickly program messages and maybe even brute force a password. There are also other ways to do this. There is special software, that you can probably download easily for free, to do this stuff and more. Anyway, be careful with some of these functions, changing the relay strike time may not be too nice, along with other things.

/** For the record, I recommend that you never do this. I have never done this. Any comment I make about a “real-world” situation is fiction. Also, I’ve heard this has been done before so I can’t take credit for figuring it out. */

Here in Baton Rouge, people love TV, especially sports motivated programing. I hate this. Take a place like Plucker’s for instance (if you have never been to Plucker’s, imagine a bar/restaurant built with plasma TVs in-place of drywall). The great people at Plucker’s have assured that no matter where you sit at their round tables you are forced to watch at least 5 different TV programs at the same time, killing all chances of conversation with your friends or family. Alas, there is hope.

TV-B-Gone from Cornfield Electronics is really one of my favorite little inventions. It is an extremely simple and elegant little hack that allows you to turn off (or on) any TV by cycling through the ‘on/off’ codes of every TV manufacturer in less than 60 seconds. The best thing about it is the priority list it uses to start off with the more popular TV brands assuring that you will usually succeed within 10 seconds of pointing the device at the TV. I had a lot of fun playing with my TV-B-Gone but after my first field test, I found that holding up your keys to your head and having people laughing at your table was not going to work out. I needed a stealthier approach which would allow me to conceal my plans from everyone, including the people I was with. So I opened up the TV-B-Gone to see how it worked and found it is ready and willing to be hacked.

My idea was to extend the IR-LED to the button region on the front pocket of my shirt, place the TV-B-Gone module in the pocket, and extend the button through the inside of my shirt and down to my pocket. Essentially, the are only two parts you need to know about: the button which initiates the sequence (which looks like this) and the infra-red led (which looks like this). First, desolder the button and the IR-LED. Remember, the LED is a polarized component, so try to remember which way it was connected. The button can be a little confusing too, but it’s not polarized. Just do some test. Then, cut a few inches of some light gauge wire for the IR-LED and solder the wire to the leads. Do the same for the button and feed the wires from the button through the ’skin-side’ of the inside of your pocket. Here is a picture of the module in the pocket: Remember, the leads on the top (for the button) go into my shirt.

Take the IR-LED and poke the leads through the front of the pocket right under the shirt button and wire it up inside the pocket.

Next, open up the shirt (or flip it inside-out). Get the leads from the TV-B-Gone button and measure out a few long pieces of wire to where your pants pocket would be. I used speaker wire but that’s all I had.

Then solder up the button and tape it to prevent bounces and shorts.

This is the part that goes in your pants pocket so you can inconspicuously trigger the TV-B-Gone. There are a million ways to do this and many are probably better. If you really want to make this a full project, I would recommend a hat, with LEDs all around it (some how disguised) and powered up a little stronger. Also, some kind of auto-fire function, maybe with a 555 timer, would be cool. This technique I have could be a little stronger and have a lot wider field. However, I did manage to turn off nearly every TV at Plucker’s recently without any of my friends noticing it was me. Finished product:

I had an idea for a large POV experiment along the lines of Spoke POV so I decided to make a small proof-of-concept to see if it would work. This model is hand-held, single-speed, and has 5 LEDs for the display. Since this was the morning before I left with my family to go vacation in Florida, I figured I could make it for my niece, who would probably find more uses for it than I could. The idea is the she can put it on her bike wheel and when she gains enough speed, it will spell out her name along the rim of the wheel. First I built a prototype with the Arduino board. Then when I made sure that was working out, I pulled out the Atmega168 and perfed this custom board.

The setup is a standard pin configuration for power, and 5 220-ohm resistors connected to Port C of the Atmega168. Next I took a small project box from Radio Shack and drilled LED holes.

Then I drilled an on/off switch and a space for a 9V battery and inserted the computer.

The program uses a table of characters as a font file. Each character is represented by 3 5-bit binary numbers. For instance, “O” would be { %11111, %10001, %11111 }. Make each one of those numbers vertical columns and the 1’s will draw out an “O”, although it looks like a square due to the low resolution. So the idea is to repeatedly write these bytes, in order, to Port C (the LED’s) and hold them high for just enough time each to make them look like the letters they are spelling out. The program is pretty much self-explanatory so if you want a copy of the source, e-mail me. As for a demonstration, I took a lot of blurry pictures and none of them worked out but it did work with fair-quality results.