A reader has pointed out to me that Best Buy dropped the price of their 3.5″ Infocast to $49. That’s a crazy good holiday-season-only deal for an open-source, 454 MHz wifi-connected touchscreen linux computer!
The Cake is Not a Lie
November 30th, 2010
Congrats to Adam Gutterman for finding the cake. The cake is hidden on an internal ground layer, printed in “negative” (i.e., lack of copper on a copper plane). The visible-light photos I make of the motherboards are all taken with front-lit scanners, so the negative image is virtually invisible when viewed in that way. There’s also a solid copper ground plane behind the cake as well, so you can’t simply hold the board up to a light to find the cake (hence the larger bounty). The only two methods to find the cake are to either X-ray the board, or to mechanically delaminate the board using either knife or sandpaper (or both) to reveal the cake. And for the record, the region where the cake is located is electrically inert, such that defacing the chumby logo to reveal the cake does not damage the function of the device.
Adam tells the story of how he found the cake:
I’m an EE at a company that outsources almost all of our board assembly tasks. Anything more complicated than QFPs gets sent out–it’s not worth engineer time to assemble things, especially since we’re not particularly skilled assemblers.
Unfortunately, not all projects have the budget for professional installation. During a recent personal project, we hand-assembled a small batch of boards that had pretty tiny LGA packages. Our initial yields were pathetically low, and we suspected that there were some shorts to blame. Since we didn’t have a professional lab to use, we had to go with our personal connections. The board designer found a friend that had access to a medical x-ray machine, so we sweet-talked ourselves into a quick run through their machine. The resulting film let us get over our hump and bring our boards up successfully.
Anyway, as soon as I saw your post, I decided to do the same thing. Unfortunately, the x-ray office was closed for the long weekend, so I wasn’t able to get my ‘stat’ order in until Monday. When I got the films last night, the focus wasn’t clear enough for me to be able to make out any important features. The films, incidentally, are shown in the directory that I posted on your blog. Undeterred, I spent last night trying to get permission to use a PCB inspection facility at a local university. The okay came through this morning, so during lunch today a couple of us set the board up and started looking for features. It took only a couple of minutes to find the cake once we had access to the right equipment!
I didn’t think it would be found so quickly…just one week from original post, for an item that’s entirely concealed on an inner layer. Then again, ladyada got her open-source Kinect drivers in about the same period of time.
This is probably an interesting datapoint for folks who support the theory that burying traces on the inside of a PCB are an effective method for obscuring the transmission of secret information between chips.
Bitbake, Cake, and Black Friday
November 23rd, 2010So, first the pitch — for your Black Friday shopping pleasure, here’s a couple of things that will help scratch that itch to play around with hardware.
First of all, two chumby-powered devices under the Insignia brand in Best Buy are on sale for Black Friday. The original 8″ Infocast device — an 800 MHz linux PC with an 8″ SVGA LCD and touchscreen — is rumored to be on sale for as low as $99 in some stores, although Best Buy’s on-line price pegs it at $129. Either way, it’s a smashing deal for a linux PC.
The other chumby-powered device is the 3.5″ Infocast, which you can think of as the Chumby One Internet Radio’s
The motherboard for the 3.5″ Infocast is shown below, and if it looks familiar, you’d be right.
One small improvement to the 3.5″ Infocast board is the addition of a “mod port” which breaks out several GPIOs, I2C, composite video, and a spare USB port to a 0.1″ pitch header (which is a subset of the pinout that’s featured in the chumby hacker board), shown below.
sudo find me a Cake!
So here’s where the Cake comes in. Somewhere on the motherboard of the Infocast 3.5″, I’ve hidden a cake — the cake is not a lie. The first person who can find the cake and post a photo of it within the next two months will be given a cash prize of US$300. Put in perspective, that’s two months’ wage for a Chinese factory worker (and that’s after the across-the-industry 20% raises that were effected by a string of suicides at Foxconn, where the iPhone is assembled). Given that the standard monthly prize for Name that Ware is just $10, this gives an idea of how hard I think it is to find the cake. But, I promise you — the cake is not a lie.
Bitbake it yourself!
And here’s where the Bitbake comes in. For those who have been wanting to build your own firmware for both the 8″ and 3.5″ chumby platforms, a simple solution finally exists. As announced on the chumby forum, there is now an easy to use Open Embedded configuration that will allow you to build and customize, from scratch, your very own firmware image.
You can configure the firmware to be anything from a minimal console-only build, to one that includes a window system and web browser of your choosing. The build configuration is “complete” in the sense that the product of the OpenEmbedded build is a binary image that you can directly write to the microSD card and boot with no need for further massaging.
Have a happy holiday weekend!
Name that Ware November 2010
November 23rd, 2010The Ware for November 2010 is shown below.
This is another ware in the series of small-context photos of “everyday” hardware. I think there’s enough present here in the image to unambiguously identify at least the type of ware. We shall see!
RFID Transplantation
November 6th, 2010One of the nice things about living in Singapore is its comprehensive mass-transit system. The SMRT blankets the 26-mile by 14-mile island nation with a network of 78 stations and an extensive bus system. This is in stark contrast to San Diego county, which is over 15 times the land area in size but has only 2/3rds the population and is covered by a trolley system with 53 stops. Needless to say, it’s impossible to live in San Diego without a car; while driving is a privilege, it’s a burden when you are required to do it. So, I’m quite happy now to have the option of taking the SMRT, safely answering emails and playing video games while the train takes me to my destination.
However, one small irritation I’ve encountered with the SMRT is that the “EZlink” RFID card system used in Singapore conflicts with the two other RFID subway cards in my wallet (the Shenzhen Tong and the Hong Kong Octopus card), so as I pass through the busy turnstyles, about half the time I get an invalid card error, causing much irritation among the people behind me as I sort through my RFID card collection to pick out the EZlink card.
Having seen Japan’s Suica system integrated into mobile phones, I thought, why not stick the EZlink chip inside my phone? Since the EZlink card also serves as a payment card, I can get around the city with nothing but my phone, buying beverages at 7-11, and paying taxi, bus and train fares while texting my buddies without carrying a scrap of cash.
As a general note, transplanting RFID chips is a much cleaner solution from both the legal and technical perspective versus cracking the security and programming your own RFID to be compatible with the existing payment system. While many of the security systems used in RFID are already broken or have serious known vulnerabilities, I can’t think of any country where the authorities would take kindly to you doing it. And, while the 3DES system used in the EZlink’s security isn’t the strongest out there, it’s still hard enough to crack that it’s just not worth the effort.
Transplanting the RFID chip ended up taking only a couple hours in the end; I think it’s a handy enough hack that I’m sharing the details on how to do it. Unfortunately, few of my American readers would have an immediate use for it, since RFID payment and subway transportation technology really hasn’t reached most of the US population…I must remark at this point that living overseas really highlights how behind the US is in some areas. I have 100 Mbit broadband service in my home for about US$60/month…and just a couple months ago they rolled out 1 Gbit fiber-to-the-home in my neighborhood, and I’m tempted to upgrade, although I’m not quite sure what, exactly, I’d do with a Gigabit connection. It’s also sad to find in the details of my Japanese mobile data plan that the US’s 3G service is classified in the same performance tier as Africa’s 3G services.
Note to locals: I picked the EZlink card (as opposed to the competing NETS system) because they have convenient top-up kiosks in the station where you just lay the card on a pedestal to recharge it. The NETS system requires you to put the card into a slot reader, or to give it to an agent, both of which are not an option when you’ve hacked the card into a mobile phone.
The EZlink card uses a 13.56 MHz contactless RFID system, so inside the card there’s an actual silicon chip, and an embedded antenna. Above is a photo of the card with the chip’s location (top right corner) revealed. The easiest way to locate the chip is to look at the reflection of a lightbulb off the surface and observe the slight bump underneath the surface where the chip is located. Outline the location with a marker and use a hobby knife to scrape away at the plastic.
Scraping away at the plastic on the opposing side as well makes the chip easier to release:
Lift the chip out very delicately, as there is a loop of copper wire bonded to the chip’s leadframe. If pulled too hard, the leadframe will be damaged — it must be kept intact, since an alternate antenna will be soldered to the leadframe later on. Below is a photo of the chip lifted up partially, revealing the copper wires.
Below is a photo of the chip’s leadframe, with arrows pointing to the solder points on the leadframe. Notice how the metal on the left and right side are not actually electrically connected to the metal paddle in the center, thus creating three electrically isolated regions. Take caution not to short them together.
Now that the chip is free, attach it to a suitable antenna. For this hack, I took a 13.56 MHz RFID bracelet and re-used the antenna from it. The bracelet is made by Precision Dynamics, a PDC Smart Superband 470. You can also make your own antenna, but RFIDs are so common it may be easier to scavenge an existing antenna out of any used 13.56 MHz RFID.
Cutting open the band is easily done with a pair of scissors:
Next, carefully cut the existing chip out of the antenna. Since it’s all printed on thin flexible plastic, this is easily done with a hobby knife.
Above is a photo of the partially-cut chip. When cutting the chip out, be sure to leave the antenna contacts on either side, as these will be used to solder to the EZlink RFID chip’s leadframe tabs. Below is a photo of the chip itself, after it has been freed of its bond to the antenna.
Next, lay some kapton tape down in the region of the RFID chip bonding area to protect the delicate antenna traces underneath. Slide the RFID chip in between the antenna contacts, and solder it down:
Soldering the chip takes a deft hand, since you’re soldering onto soft plastic that will melt if you apply too much heat. However, a bit of solder flux applied before the operation and a temperature-controlled iron set to the lowest temperature that will still melt solder makes things easier.
And that’s basically it! The final EZlink chip + grafted antenna assembly is very thin and flexible:
It’s thin enough to be taped inside the battery compartment of my local phone. Positioning of the antenna is important; it needs to clear the battery pack as much as possible, as the battery pack interferes with the RFID signal. Here’s a photo of the compartment with the back cover off:
I’m guessing the TSA would not be entertained if they found this on me given the recent use of mobile phones in cargo bombs…which is why I stuck it into my local-only feature phone, instead of my international-use Blackberry.
And, here it is, in my local SMRT station, showing the latest balance:
The final antenna+RFID assembly is thin and flexible enough to be hidden in a number of convenient locations; it could be put into the wristband of a watch, sewn into clothing (although, I wouldn’t put this through the wash), or integrated into jewelry.