Posts Tagged ‘hardware’

Smartphones are total crap [en]

lundi, octobre 16th, 2017

Smart phones, despite their popularity, are overrated pieces of shit. They are unfit for normal everyday use and will let you down at the worst moment you can imagine, regardless of how careful you are with them.

3 phones – all dead

Nokia E51

The first smartphone i had. Bought in 2009 and running Symbian S60, the OS was utterly obsolete when i unpacked the phone. The SSL implementation is broken and forced me to switch from Exim (GnuTLS) to Postfix (OpenSSL) on my mail server so i can be able to send e-mails. Typing text on a numeric keypad is just painful. The web browser is unusable. Updating the phone requires a computer running Windows XP and the Nokia software suite. The battery gave way end of 2011, leaving me with only one short phone call of autonomy. Totally useless nowadays.

Samsung Galaxy Nexus

First foray in the Google ecosystem in mid-2012. I had the Apple iPhone in hand at that time, but the apple walled garden just did not convince me with it’s closedness, so i settled for a more open platform. The software was OK, but the hardware is total shit: the wifi died 9 months after purchase, it was like the wifi chip has been pulled from the phone. Beginning of 2014, i cracked the screen with my belt buckle, but it was still usable. Then, in july 2014, during my holidays, the baseband died: impossible to send or receive phone calls, data, and SMSes. The only radio left working was Bluetooth. Oh, and i received only one system update beginning of 2013, making it totally unsecure nowadays if it was working properly. Utterly useless.


Since i was out of phone, i needed a replacement one. The Edward Snowden revelations about mass surveillance made me reconsider which OS my phone would be running. I settled on the Jolla, mainly for being developed and hosted in the European union, despite being manufactured in China. The phone is running SailfishOS, with the DalvikVM to run Android applications. The phone feels cluncky, but is useable. The hardware gave me a lot of issues:

  • The speaker stopped working at random: the only fix was to whack it on the table
  • Bad contact with the battery: The phone rebooted with a battery fully charged
  • The baseband is crashing at random, especially when there is poor coverage. Reboot required to get 3G signal back
  • Bad contact with the USB charging connector: the phone just won’t charge anymore
  • not-so-great camera
  • Very bad android support and the web browser is slow as hell
The aftermath

I was thinking about starting to develop some software for those platforms, turns out they are not worth wasting any time on, except if it can be something simple like a shell script. They are totally insecure by design (in software, in UI design, in hardware, and in general concept), and should not be relied on for anything.

The ideal phone for me has not been invented yet. here are the features i’m looking for in a phone:

  • can survive a 1m drop
  • Can cross 4 countries the same day without requiring a reboot
  • Regular software updates
  • Fully encrypted mass storage
  • Root access and no dependency on third parties, especially the ones in the US (Facebook, Microsoft, Google, Apple)
  • A speaker loud enough so i can hear the ringtone one meter below my ears
  • Dual or triple profile that can be triggered by passcode entry alone (duress mode: a real profile and one or two with fake data, like a TrueCrypt hidden container), so you don’t expose all your data at once to a third party, even under torture.
  • Call filtering: depending on the last profile activated, it will ignore selected calls and/or messages, but will give you everything if you open the « trusted » profile
  • A battery that can last two days on a single charge
  • A decent and well debugged 3G baseband (Yes, 3G: i don’t care about fancy 4G or 5G, give me something stable that works)
  • Fully sandboxed applications (Stop that non-sense of applications that freely access all your data and data from other applications)

For now, i will live without phone. I’m available on several channels (e-mail, IRC, but not facebook). My SIM card will happily live in a 3G dongle, so i can still receive SMS in a limited fashion. Fuck phones, they are a disturbance anyway…

My new phone.


A puzzle solved. [en]

mercredi, juillet 4th, 2012
Vasco Digipass 810

Vasco Digipass 810

Do you remember when i opened my bank calculator ? Beside replacing dead batteries, i wanted to see what made it tick and eventually replace it by an ordinary smartcard reader and some code running on a computer.

Turns out that other people had the same idea, but they beat me by having put more time and energy into that project and ended up producing something usable.

It’s just a Python script to talk to the card. The usage is very straightforward, here are some examples:

To authenticate with the M1 key and the 23543696 challenge, type the following command:

$ ./EMV-CAP -m 1 23543696
Using this software for real financial operations can lead to some risks.
Indeed advantage of using a standalone reader is is to isolate your banking
card from big bad malwares.
Using it in a non-secured reader is taking risk that a keylogger intercepts
your PIN, a malware accesses to your card informations, or even intercepts
your transaction to modify it or operates its own transactions.
Are you sure you want to continue?
If so, type 'YES', or anything else to quit:YES
Enter PIN (enter to abort) :
Response: 45108749

To sign a transaction the same way than the M2 key with the challenges 09356196 and 345, use the following command:

$ ./EMV-CAP -m 2 09356196 345
Using this software for real financial operations can lead to some risks.
Indeed advantage of using a standalone reader is is to isolate your banking
card from big bad malwares.
Using it in a non-secured reader is taking risk that a keylogger intercepts
your PIN, a malware accesses to your card informations, or even intercepts
your transaction to modify it or operates its own transactions.
Are you sure you want to continue?
If so, type 'YES', or anything else to quit:YES
Enter PIN (enter to abort) :
Response: 45201783

Thank you Jean-Pierre Szicora and Philippe Teuwen, nice work !! 🙂

An update to the wall wart hunting [en]

mercredi, avril 4th, 2012

There was some evolution since that article.

Velleman PSIN30012 with some desk clutter

The Power supply: a Velleman PSIN30012

power supply with brackets

I can has brackets ?

I finally decided to make the brackets and installed the power supply in my apartment.

The power supply can output 25A under 12V, should be enough for my applications at the moment.

I pulled some 6 mm² wires through my apartment, inside the same conduits as the network cables. There is one supply going to the datenklo (the toilet host my network, like at the Chaos Communication Camp) and two independent supplies are going to my desk. They only meet at the terminal blocks.

The power supply has been installed in the cupboard near the fuse box and is protected by a 6A breaker at the primary, sharing the circuit with the doorbell.

power supply in place

Installed and wired

6 mm² wires on the power supply

6 mm² wires on the power supply

temporary cable with XLR 4 pin female connector for the wireless router

Temporary cable with XLR 4 pin female connector

The connectors i use for the 12V power sockets are Neutrik XLR 4 pins, they are much more resilient and safer than cigarette lighter plugs (will be part of a rant in a separate article)


None so far, the power supply is running smooth and cool, but the fan is noisy like hell !!

My wireless router is running from that power supply and seems very happy about it.

The future

  • I will have to move the power supply to the datenklo: i have a noisy 24/7 ventilation in there. 🙂
  • Still need a way to integrate the XLR sockets with my light switches in such a way that it look like it’s coming straight from the manufacturer. Will be part of a separate article. 🙂
  • Rebuild my media-PC to work straight from a 12V DC source.
  • Connect LED strips to it: my bar and my kitchen will receive a bunch of LED strips.
  • Figure out how to work with pictures in WordPress, this article is a mess !!

Wall wart hunting [en]

mardi, janvier 17th, 2012

I found in my apartment about 10 wall warts and two linear power supplies that give the same (or similar) voltage for my equipment.

Spools of red and black wire with a power supply

Let the hunt begin

I would like to get rid of those power bricks and have a more consistent and centralized setup. I hope to make some savings in the process by using a more efficient oversized switch mode power supply. Another advantage is that if i want an UPS on that line, i just need to connect a SLA battery.

My apartment will be wired with 6 mm² wires carrying 12VDC: one branch go to the networking area, the other two go to my desk.

Let’s lay down some wires !!

1 minute hackjob: bicycle light battery [en]

dimanche, octobre 30th, 2011

I needed a battery to power the front light of my bicycle last night, here is my solution. You will need:

  • A 4,5V flashlight battery
  • A zip tie
  • An adhesive pad for the zip tie
  • A nose pliers

  • Bend the battery terminals in two, crimp the hinge area.
  • Slightly lift the free side to facilitate the insertion of a wire
  • Attach the adhesive pad to the battery, slide the zip tie in the pad and attach the whole contraption to the bicycle
  • Insert the wires in the clamps you made earlier: let there be light. 🙂
If you can’t find the adhesive zip tie pad, you can still use the good old fashioned duct tape. 🙂

Opening the Vasco Digipass 810 [en]

jeudi, février 24th, 2011
Vasco Digipass 810

Vasco Digipass 810

Many belgian and european banks are providing their customers with a device that look like a small calculator. This device, coupled with your bank card,  is used to secure and authenticate the transactions when using internet banking.

Since that device is fairly standard, there is nothing stopping you from using the reader from bank A with your card from bank Z and vice versa, because the crypto processing is happening on the chip of your card.

Knowing that the heavy crypto work is delegated to the bank card, it is safe to assume that the device is quite dumb: a keypad to feed data to the card, a screen to display the results and a micro-controller to do some simple housekeeping tasks, like update the screen, poll the keypad, clock the card and send/receive data.

I have no proof of what’s described above, but since mine had dead batteries after five years of use, it has become a prime candidate for exploration, so let’s open the case !! 🙂

Ugh !!

Digipass cracked open

Opened !!

It was a tough nut to crack !!

There are no screws and no clips holding it closed: the two halves of the case are welded together !! This is another prime example of planned obsolescence and wasteful engineering. There is no way to open it cleanly, you need to break it apart as careful as possible to get access to the main PCB and the batteries. Your ability to close the box afterward will fully depend on how you open it in the first place.

The batteries are nothing exotic: just two CR-2032 button cells. They are wired in series on the PCB, because many smartcards require a 5V power supply to work properly.

Circuit board detail

All test pads are clearly labelled !

When you observe the PCB, there are a lot of interesting test points, all properly labeled. A hacker’s dream. 🙂

Fried !!

Unfortunately, while groping at it with a multimeter set to continuity tester, i fried the microcontroller. Apparently, that kind of invasive measurement was enough to kill it.

I wanted to check the continuity between the SDATA test pad and the DATA line on the card connector, the SCLK and the CLOCK line of the card connector. There was no continuity between those points and the J2 pad is still a mystery of what the purpose could be. An optional eeprom maybe ?

I received a new reader to continue with my day to day banking operations, but i still want to see the data flowing between the card and the reader. My mistake is just a setback: i will change strategy and try to (ab)use the reader as-is, without opening the case. 🙂

More to come later. In the meantime, here are the Manufacturer’s information


Soekris Net4801 review [fr]

dimanche, novembre 8th, 2009

I have been using the Soekris Net4801 for a few years and here are my impressions

Soekris_net4801_boardThe good

  • This computer is small, power efficient, reliable and hacker-friendly.
  • It just has the needed hardware to make a decent router out-of-the-box and a little bit more.
  • It comes with a serial console to make configuration easy.
  • The BIOS can be set up, upgraded and flashed from the serial port.
  • It has GPIOs if you want to add custom hardware.
  • Bootable compact flash slot: enable you to build a router with no moving parts.
  • If the compact flash do not meet your needs, there is an optional bracket and cable to plug an IDE laptop harddisk.
  • One PCI slot and one mini-PCI slot for extensions like a WiFi card

The bad

  • This machine is underpowered: if you ask a little bit more than routing to the machine (file serving, playing MP3’s, imap server,…), performances are going straight to the toilet and you end up waiting… waiting… waiting…
  • Lack of USB ports: There is only one USB 1.0 port on the machine, limiting its potential.
  • The CF card slot is on the same IDE bus than the harddisk: if you want to use both, make sure the harddisk is configured as a slave device. You might want to test several compact flash cards for compatibility: many CF cards have a buggy IDE/ATA interface that will cause you headaches.

This machine should not be used as a file server due to the poor disk I/O performances, even with DMA on. I would like to see a similar setup with an Intel Atom CPU, a decent chipset and 4 USB 2.0 ports, then we would have a killer home server appliance.

Where to buy (europe)

I bought my board via Wim Vandeputte. This guy is reliable and is present at every event related to the free software movement.