SlideShare uma empresa Scribd logo

Partial reverse-engineering the NDP 2016 LED Wristband

Transferir como PPTX, PDF
Y
yeokm1

A talk I gave at Hackware v2.1 on my attempts at reverse engineering the LED wristband used in NDP 2016. Relevant links are below: Blog post: http://yeokhengmeng.com/2016/08/partial-reverse-engineering-the-ndp-2016-led-wristband/ Github: https://github.com/yeokm1/reverse-engineering-ndp2016-wristband

Tecnologia
1 de 10
Partial reverse-engineering of the NDP 2016 LED Wristband Hackware v2.1 (31 Aug 2016) By: Yeo Kheng Meng (yeokm1@gmail.com) https://github.com/yeokm1/reverse-engineering-ndp2016-wristband http://yeokhengmeng.com/2016/08/partial-reverse-engineering-the-ndp-2016-led-wristband/ 1
Background • Singapore gained independence on 9 August 1965 • 51st National Day Parade (NDP) on 9 August 2016 • NDP 2016 held at National Stadium for $39.4 mil 2 http://www.straitstimes.com/singapore/ndp-goodie-bag-packs-futuristic-feel LED WristbandGoodie bag contents
Wristband in action 3 • Preview 2 on 30 July 2016 • Colour theme for each segment • Band blinks the colour required • Blinks red when shaken post-event Wristband blinking https://www.youtube.com/watch?v=EPwxPJhlR4M Wristband colour change https://www.youtube.com/watch?v=XepiuPZ2TzA
Research • Band manufactured by Pixmob: http://pixmob.com/ 1. Professional (1500 to 150000 attendees) runs on infrared 2. Spark (Up to 1500 attendees) runs on Bluetooth Low Energy 4
Teardown 5 Front IR1: Infrared Receiver LED1: RGB LED IC1: Atmel AT24C02S 2KB, 2-Wire Serial EEPROM (SOT23-5 package) IC2: Abov 81F4204R 8-bit microcontroller (MCU) with 4KB ROM and 192B RAM (TSSOP16 package) Back Single-axis accelerometer CR2032 battery holder
Hardware Reverse Engineering 6 • With my Fluke 87 V
Reverse-engineered schematic 7 • Programming Pads SDATA, SCK • Purpose of R2 and R6? • AT24C02S EEPROM uses I²C bus • MCU does not have hardware I²C • Pixmob engineers probably bit-bang GPIO • AT24C02S’s WP pin shorted to GND • Write-protection disabledParts Single-axis accelerometer CR2032 battery holder IR1: Infrared Receiver LED1: RGB LED IC1: Atmel AT24C02S 2KB, 2-Wire Serial EEPROM (SOT23-5 package) IC2: Abov 81F4204R 8-bit microcontroller (MCU) with 4KB ROM and 192B RAM (TSSOP16 package)
Reverse Engineering approaches 1. Aim TV remotes at it 2. Dump and analyse the assembly code to derive the IR combinations 3. Brute force the IR code combination 8
(Failed attempt to) Brute force IR Protocol • IR Brute Forcer • Microview • ATmega328p • OLED screen • IR LED • Photocell 9
Potential Work • Dump the ROM • Get IR Protocol from Pixmob 10

Recomendados

Windows 3.1 (WFW) on vintage and modern hardware
Windows 3.1 (WFW) on vintage and modern hardwareWindows 3.1 (WFW) on vintage and modern hardware
Windows 3.1 (WFW) on vintage and modern hardwareyeokm1
 
A Science Project: Building a sound card based on the Covox Speech Thing
A Science Project: Building a sound card based on the Covox Speech ThingA Science Project: Building a sound card based on the Covox Speech Thing
A Science Project: Building a sound card based on the Covox Speech Thingyeokm1
 
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiteryeokm1
 
I became a Private Pilot and this is my story
I became a Private Pilot and this is my storyI became a Private Pilot and this is my story
I became a Private Pilot and this is my storyyeokm1
 
What's inside a Cessna 172 and flying a light plane
What's inside a Cessna 172 and flying a light planeWhat's inside a Cessna 172 and flying a light plane
What's inside a Cessna 172 and flying a light planeyeokm1
 
Speaking at Tech meetups/conferences for Junior Devs
Speaking at Tech meetups/conferences for Junior DevsSpeaking at Tech meetups/conferences for Junior Devs
Speaking at Tech meetups/conferences for Junior Devsyeokm1
 
Reflections on Trusting Trust for Go
Reflections on Trusting Trust for GoReflections on Trusting Trust for Go
Reflections on Trusting Trust for Goyeokm1
 
Meltdown and Spectre
Meltdown and SpectreMeltdown and Spectre
Meltdown and Spectreyeokm1
 

Recomendados

Windows 3.1 (WFW) on vintage and modern hardware
Windows 3.1 (WFW) on vintage and modern hardwareWindows 3.1 (WFW) on vintage and modern hardware
Windows 3.1 (WFW) on vintage and modern hardwareyeokm1
 
A Science Project: Building a sound card based on the Covox Speech Thing
A Science Project: Building a sound card based on the Covox Speech ThingA Science Project: Building a sound card based on the Covox Speech Thing
A Science Project: Building a sound card based on the Covox Speech Thingyeokm1
 
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiteryeokm1
 
I became a Private Pilot and this is my story
I became a Private Pilot and this is my storyI became a Private Pilot and this is my story
I became a Private Pilot and this is my storyyeokm1
 
What's inside a Cessna 172 and flying a light plane
What's inside a Cessna 172 and flying a light planeWhat's inside a Cessna 172 and flying a light plane
What's inside a Cessna 172 and flying a light planeyeokm1
 
Speaking at Tech meetups/conferences for Junior Devs
Speaking at Tech meetups/conferences for Junior DevsSpeaking at Tech meetups/conferences for Junior Devs
Speaking at Tech meetups/conferences for Junior Devsyeokm1
 
Reflections on Trusting Trust for Go
Reflections on Trusting Trust for GoReflections on Trusting Trust for Go
Reflections on Trusting Trust for Goyeokm1
 
Meltdown and Spectre
Meltdown and SpectreMeltdown and Spectre
Meltdown and Spectreyeokm1
 
Gentoo on a 486
Gentoo on a 486Gentoo on a 486
Gentoo on a 486yeokm1
 
BLE Localiser (Full) for iOS Dev Scout
BLE Localiser (Full) for iOS Dev ScoutBLE Localiser (Full) for iOS Dev Scout
BLE Localiser (Full) for iOS Dev Scoutyeokm1
 
BLE Localiser for iOS Conf SG 2017
BLE Localiser for iOS Conf SG 2017BLE Localiser for iOS Conf SG 2017
BLE Localiser for iOS Conf SG 2017yeokm1
 
PCB Business Card (Singapore Power)
PCB Business Card (Singapore Power)PCB Business Card (Singapore Power)
PCB Business Card (Singapore Power)yeokm1
 
SP Auto Door Unlocker
SP Auto Door UnlockerSP Auto Door Unlocker
SP Auto Door Unlockeryeokm1
 
SP IoT Doorbell
SP IoT DoorbellSP IoT Doorbell
SP IoT Doorbellyeokm1
 
Distance Machine Locker
Distance Machine LockerDistance Machine Locker
Distance Machine Lockeryeokm1
 
A Science Project: Swift Serial Chat
A Science Project: Swift Serial ChatA Science Project: Swift Serial Chat
A Science Project: Swift Serial Chatyeokm1
 
The slide rule
The slide ruleThe slide rule
The slide ruleyeokm1
 
Repair Kopitiam Circuit Breaker Training
Repair Kopitiam Circuit Breaker TrainingRepair Kopitiam Circuit Breaker Training
Repair Kopitiam Circuit Breaker Trainingyeokm1
 
A2: Analog Malicious Hardware
A2: Analog Malicious HardwareA2: Analog Malicious Hardware
A2: Analog Malicious Hardwareyeokm1
 
Getting Started with Raspberry Pi
Getting Started with Raspberry PiGetting Started with Raspberry Pi
Getting Started with Raspberry Piyeokm1
 
My Life as a Maker
My Life as a MakerMy Life as a Maker
My Life as a Makeryeokm1
 
Talk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' Huang
Talk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' HuangTalk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' Huang
Talk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' Huangyeokm1
 
Repair Kopitiam Specialty Electrical Equipment
Repair Kopitiam Specialty Electrical EquipmentRepair Kopitiam Specialty Electrical Equipment
Repair Kopitiam Specialty Electrical Equipmentyeokm1
 
Intel Edison: Beyond the Breadboard
Intel Edison: Beyond the BreadboardIntel Edison: Beyond the Breadboard
Intel Edison: Beyond the Breadboardyeokm1
 
The Linux Scheduler: a Decade of Wasted Cores
The Linux Scheduler: a Decade of Wasted CoresThe Linux Scheduler: a Decade of Wasted Cores
The Linux Scheduler: a Decade of Wasted Coresyeokm1
 
Repair Kopitiam Electrical Training
Repair Kopitiam Electrical TrainingRepair Kopitiam Electrical Training
Repair Kopitiam Electrical Trainingyeokm1
 
Raspberry Pi 3 + UART/Bluetooth issues
Raspberry Pi 3 + UART/Bluetooth issuesRaspberry Pi 3 + UART/Bluetooth issues
Raspberry Pi 3 + UART/Bluetooth issuesyeokm1
 
PCB Business Card
PCB Business CardPCB Business Card
PCB Business Cardyeokm1
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Mais conteúdo relacionado

Mais de yeokm1

Gentoo on a 486
Gentoo on a 486Gentoo on a 486
Gentoo on a 486yeokm1
 
BLE Localiser (Full) for iOS Dev Scout
BLE Localiser (Full) for iOS Dev ScoutBLE Localiser (Full) for iOS Dev Scout
BLE Localiser (Full) for iOS Dev Scoutyeokm1
 
BLE Localiser for iOS Conf SG 2017
BLE Localiser for iOS Conf SG 2017BLE Localiser for iOS Conf SG 2017
BLE Localiser for iOS Conf SG 2017yeokm1
 
PCB Business Card (Singapore Power)
PCB Business Card (Singapore Power)PCB Business Card (Singapore Power)
PCB Business Card (Singapore Power)yeokm1
 
SP Auto Door Unlocker
SP Auto Door UnlockerSP Auto Door Unlocker
SP Auto Door Unlockeryeokm1
 
SP IoT Doorbell
SP IoT DoorbellSP IoT Doorbell
SP IoT Doorbellyeokm1
 
Distance Machine Locker
Distance Machine LockerDistance Machine Locker
Distance Machine Lockeryeokm1
 
A Science Project: Swift Serial Chat
A Science Project: Swift Serial ChatA Science Project: Swift Serial Chat
A Science Project: Swift Serial Chatyeokm1
 
The slide rule
The slide ruleThe slide rule
The slide ruleyeokm1
 
Repair Kopitiam Circuit Breaker Training
Repair Kopitiam Circuit Breaker TrainingRepair Kopitiam Circuit Breaker Training
Repair Kopitiam Circuit Breaker Trainingyeokm1
 
A2: Analog Malicious Hardware
A2: Analog Malicious HardwareA2: Analog Malicious Hardware
A2: Analog Malicious Hardwareyeokm1
 
Getting Started with Raspberry Pi
Getting Started with Raspberry PiGetting Started with Raspberry Pi
Getting Started with Raspberry Piyeokm1
 
My Life as a Maker
My Life as a MakerMy Life as a Maker
My Life as a Makeryeokm1
 
Talk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' Huang
Talk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' HuangTalk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' Huang
Talk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' Huangyeokm1
 
Repair Kopitiam Specialty Electrical Equipment
Repair Kopitiam Specialty Electrical EquipmentRepair Kopitiam Specialty Electrical Equipment
Repair Kopitiam Specialty Electrical Equipmentyeokm1
 
Intel Edison: Beyond the Breadboard
Intel Edison: Beyond the BreadboardIntel Edison: Beyond the Breadboard
Intel Edison: Beyond the Breadboardyeokm1
 
The Linux Scheduler: a Decade of Wasted Cores
The Linux Scheduler: a Decade of Wasted CoresThe Linux Scheduler: a Decade of Wasted Cores
The Linux Scheduler: a Decade of Wasted Coresyeokm1
 
Repair Kopitiam Electrical Training
Repair Kopitiam Electrical TrainingRepair Kopitiam Electrical Training
Repair Kopitiam Electrical Trainingyeokm1
 
Raspberry Pi 3 + UART/Bluetooth issues
Raspberry Pi 3 + UART/Bluetooth issuesRaspberry Pi 3 + UART/Bluetooth issues
Raspberry Pi 3 + UART/Bluetooth issuesyeokm1
 
PCB Business Card
PCB Business CardPCB Business Card
PCB Business Cardyeokm1
 

Mais de yeokm1 (20)

Gentoo on a 486
Gentoo on a 486Gentoo on a 486
Gentoo on a 486
 
BLE Localiser (Full) for iOS Dev Scout
BLE Localiser (Full) for iOS Dev ScoutBLE Localiser (Full) for iOS Dev Scout
BLE Localiser (Full) for iOS Dev Scout
 
BLE Localiser for iOS Conf SG 2017
BLE Localiser for iOS Conf SG 2017BLE Localiser for iOS Conf SG 2017
BLE Localiser for iOS Conf SG 2017
 
PCB Business Card (Singapore Power)
PCB Business Card (Singapore Power)PCB Business Card (Singapore Power)
PCB Business Card (Singapore Power)
 
SP Auto Door Unlocker
SP Auto Door UnlockerSP Auto Door Unlocker
SP Auto Door Unlocker
 
SP IoT Doorbell
SP IoT DoorbellSP IoT Doorbell
SP IoT Doorbell
 
Distance Machine Locker
Distance Machine LockerDistance Machine Locker
Distance Machine Locker
 
A Science Project: Swift Serial Chat
A Science Project: Swift Serial ChatA Science Project: Swift Serial Chat
A Science Project: Swift Serial Chat
 
The slide rule
The slide ruleThe slide rule
The slide rule
 
Repair Kopitiam Circuit Breaker Training
Repair Kopitiam Circuit Breaker TrainingRepair Kopitiam Circuit Breaker Training
Repair Kopitiam Circuit Breaker Training
 
A2: Analog Malicious Hardware
A2: Analog Malicious HardwareA2: Analog Malicious Hardware
A2: Analog Malicious Hardware
 
Getting Started with Raspberry Pi
Getting Started with Raspberry PiGetting Started with Raspberry Pi
Getting Started with Raspberry Pi
 
My Life as a Maker
My Life as a MakerMy Life as a Maker
My Life as a Maker
 
Talk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' Huang
Talk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' HuangTalk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' Huang
Talk on The Essential Guide to Electronics in Shenzhen by Andrew 'Bunnie' Huang
 
Repair Kopitiam Specialty Electrical Equipment
Repair Kopitiam Specialty Electrical EquipmentRepair Kopitiam Specialty Electrical Equipment
Repair Kopitiam Specialty Electrical Equipment
 
Intel Edison: Beyond the Breadboard
Intel Edison: Beyond the BreadboardIntel Edison: Beyond the Breadboard
Intel Edison: Beyond the Breadboard
 
The Linux Scheduler: a Decade of Wasted Cores
The Linux Scheduler: a Decade of Wasted CoresThe Linux Scheduler: a Decade of Wasted Cores
The Linux Scheduler: a Decade of Wasted Cores
 
Repair Kopitiam Electrical Training
Repair Kopitiam Electrical TrainingRepair Kopitiam Electrical Training
Repair Kopitiam Electrical Training
 
Raspberry Pi 3 + UART/Bluetooth issues
Raspberry Pi 3 + UART/Bluetooth issuesRaspberry Pi 3 + UART/Bluetooth issues
Raspberry Pi 3 + UART/Bluetooth issues
 
PCB Business Card
PCB Business CardPCB Business Card
PCB Business Card
 

Último

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Último (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Partial reverse-engineering the NDP 2016 LED Wristband

  • 1. Partial reverse-engineering of the NDP 2016 LED Wristband Hackware v2.1 (31 Aug 2016) By: Yeo Kheng Meng (yeokm1@gmail.com) https://github.com/yeokm1/reverse-engineering-ndp2016-wristband http://yeokhengmeng.com/2016/08/partial-reverse-engineering-the-ndp-2016-led-wristband/ 1
  • 2. Background • Singapore gained independence on 9 August 1965 • 51st National Day Parade (NDP) on 9 August 2016 • NDP 2016 held at National Stadium for $39.4 mil 2 http://www.straitstimes.com/singapore/ndp-goodie-bag-packs-futuristic-feel LED WristbandGoodie bag contents
  • 3. Wristband in action 3 • Preview 2 on 30 July 2016 • Colour theme for each segment • Band blinks the colour required • Blinks red when shaken post-event Wristband blinking https://www.youtube.com/watch?v=EPwxPJhlR4M Wristband colour change https://www.youtube.com/watch?v=XepiuPZ2TzA
  • 4. Research • Band manufactured by Pixmob: http://pixmob.com/ 1. Professional (1500 to 150000 attendees) runs on infrared 2. Spark (Up to 1500 attendees) runs on Bluetooth Low Energy 4
  • 5. Teardown 5 Front IR1: Infrared Receiver LED1: RGB LED IC1: Atmel AT24C02S 2KB, 2-Wire Serial EEPROM (SOT23-5 package) IC2: Abov 81F4204R 8-bit microcontroller (MCU) with 4KB ROM and 192B RAM (TSSOP16 package) Back Single-axis accelerometer CR2032 battery holder
  • 7. Reverse-engineered schematic 7 • Programming Pads SDATA, SCK • Purpose of R2 and R6? • AT24C02S EEPROM uses I²C bus • MCU does not have hardware I²C • Pixmob engineers probably bit-bang GPIO • AT24C02S’s WP pin shorted to GND • Write-protection disabledParts Single-axis accelerometer CR2032 battery holder IR1: Infrared Receiver LED1: RGB LED IC1: Atmel AT24C02S 2KB, 2-Wire Serial EEPROM (SOT23-5 package) IC2: Abov 81F4204R 8-bit microcontroller (MCU) with 4KB ROM and 192B RAM (TSSOP16 package)
  • 8. Reverse Engineering approaches 1. Aim TV remotes at it 2. Dump and analyse the assembly code to derive the IR combinations 3. Brute force the IR code combination 8
  • 9. (Failed attempt to) Brute force IR Protocol • IR Brute Forcer • Microview • ATmega328p • OLED screen • IR LED • Photocell 9
  • 10. Potential Work • Dump the ROM • Get IR Protocol from Pixmob 10