Although a somewhat common feature on cars these days, tire pressure sensors (TPS) are also useful on bicycles. The SKS Airspy range of TPS products is one such example, which enables remote monitoring of the air pressure either to a special smartphone app (SKS MYBIKE) or to a Garmin device. Of course, proprietary solutions like this require reverse-engineering to liberate the hardware from nasty proprietary firmware limitations, which is exactly what [bitmeal] did with a custom firmware project.

Rather than the proprietary and closed communication protocol, the goal was to use the open ANT+ sensor instead, specifically the (non-certified) TPS profile which is supported by a range of cycling computers. Before this could happen the Airspy TPS hardware had to be first reverse-engineered so that new firmware could be developed and flashed. These devices use the nRF52832 IC, meaning that development tools are freely available. Flashing the custom firmware requires gaining access to the SWD interface, which will very likely void the warranty on a $160 – 240 device.

The SWD programmer is then attached to the 1.27 mm spaced SWD holes per the instructions on the GitHub page. After flashing the provided .hex file you can then connect to the TPS as an ANT+ device, but instructions are also provided for developing your own firmware.

In a recent video, [Shahriar] from The Signal Path has unveiled the intricate design and architecture of optical HDMI cables, offering a cost-effective solution to extend HDMI 2.0 connections beyond the limitations of traditional copper links. This exploration is particularly captivating for those passionate about innovative hardware hacks and signal transmission technologies.

[Shahriar] begins by dissecting the fundamentals of HDMI high-speed data transmission, focusing on the Transition Minimized Differential Signaling (TMDS) standard. He then transitions to the challenges of converting from twisted-pair copper to optical lanes, emphasizing the pivotal roles of Vertical-Cavity Surface-Emitting Lasers (VCSELs) and PIN photodiodes. These components are essential for transforming electrical signals into optical ones and vice versa, enabling data transmission over greater distances without significant signal degradation.

A standout aspect of this teardown is the detailed examination of the optical modules, highlighting the use of free-space optics and optical confinement techniques with lasers and detectors. [Shahriar] captures the eye diagram of the received high-speed lane and confirms the VCSELs’ optical wavelength at 850 nm. Additionally, he provides a microscopic inspection of the TX and RX chips, revealing the intricate VCSEL and photodetector arrays. His thorough analysis offers invaluable insights into the electronic architecture of optical HDMI cables, shedding light on the complexities of signal integrity and the innovative solutions employed to overcome them.

For enthusiasts eager to take a deeper look into the nuances of optical HDMI technology, [Shahriar]’s comprehensive teardown serves as an excellent resource. It not only gives an insight in the components and design choices involved, but also inspires further exploration into enhancing data transmission methods.

Car infotainment systems somehow have become a staple in today’s automobiles, yet when it comes down to it they have all the elegance of a locked-down Android tablet. In the case of the Honda infotainment system that [dosdude1] got from a friend’s 2016/2017-era Honda Accord, it pretty much is just that. Powered by a dual-core Cortex-A15 SoC, it features a blazin’ 1 GB of RAM, 2 GB of storage and runs Android 4.2.2. It’s also well-known for crashing a lot, which is speculated to be caused by Out-of-RAM events, which is what the RAM upgrade is supposed to test.

After tearing down the unit and extracting the main board with the (Renesas) SoC and RAM, the SoC was identified as being an automotive part dating back to 2012. The 1 GB of RAM was split across two Micron-branded packages, leaving one of the memory channels on the SoC unused and not broken out. This left removing the original RAM chips to check what options the existing pads provided, specifically potential support for twin-die chips, but also address line 15 (A15). Unfortunately only the A15 line turned out to be connected.

This left double capacity (1 GB) chips as the sole option, meaning a total of 2 GB of RAM. After installation the infotainment system booted up, but only showed 1 GB installed. Cue hunting down the right RAM config bootstrap resistor, updating the boot flags and updating the firmware to work around the LINEOWarp hibernation image that retained the 1 GB configuration. Ultimately the upgrade seems to work, but until the unit is reinstalled in the car and tested it’s hard to say whether it fixes the stability issues.

Thanks to [Dylan] for the tip.

In the process of making everything ‘smart’, it would seem that rings have become the next target, and they keep getting new features. The ring that [Aaron Christophel] got his mittens on is the SR08, which appears to have been cloned by many manufacturers at this point. It’s got an OLED display, 1 MB Flash and a Renesas DA14585 powering it from a positively adorable 16 mAh LiPo battery.

The small scale makes it an absolute chore to reverse-engineer and develop with, which is why [Aaron] got the €35 DA14585 development kit from Renesas. Since this dev kit only comes with a 256 kB SPI Flash chip, he had to replace it with a 1 MB one. The reference PDFs, pinouts and custom demo firmware are provided on his GitHub account, all of which is also explained in the video.

Rather than hack the ring and destroy it like his first attempts, [Aaron] switched to using the Renesas Software Update OTA app to flash custom firmware instead. A CRC error is shown, but this can be safely ignored. The ring uses about 18 µA idle and 3 mA while driving the display, which is covered in the provided custom firmware for anyone who wants to try doing something interesting with these rings.

If hacking on consumer hardware is about figuring out what it can do, and pushing it in directions that the manufacturer never dared to dream, then this is a very fine hack indeed. [Portasynthica3] takes on the Yamaha PSR-E433, a cheap beginner keyboard, discovers a shell baked into it, and takes it from there.

[Portasynthinca3] reverse engineered the firmware, wrote shellcode for the device, embedded the escape in a MIDI note stream, and even ended up writing some simple LCD driver software totally decent refresh rate on the dot-matrix display, all to support the lofty goal of displaying arbitrary graphics on the keyboard’s dot-matrix character display.

Now, we want you to be prepared for a low-res video extravaganza here. You might have to squint a bit to make out what’s going on in the video, but keep in mind that it’s being sent over a music data protocol from the 1980s, running at 31.25 kbps, displayed in the custom character RAM of an LCD.

As always, the hack starts with research. Identifying the microcontroller CPU lead to JTAG and OpenOCD. (We love the technique of looking at the draw on a bench power meter to determine if the chip is responding to pause commands.) Dumping the code and tossing it into Ghidra lead to the unexpected discovery that Yamaha had put a live shell in the device that communicates over MIDI, presumably for testing and development purposes. This shell had PEEK and POKE, which meant that OpenOCD could go sit back on the shelf. Poking “Hello World” into some free RAM space over MIDI sysex was the first proof-of-concept.

The final hack to get video up and running was to dig deep into the custom character-generation RAM, write some code to disable the normal character display, and then fool the CPU into calling this code instead of the shell, in order to increase the update rate. All of this for a thin slice of Bad Apple over MIDI, but more importantly, for the glory. And this hack is glorious! Go check it out in full.

MIDI is entirely hacker friendly, and it’s likely you can hack together a musical controller that would wow your audience just with stuff in your junk box. If you’re at all into music, and you’ve never built your own MIDI devices, you have your weekend project.

Thanks [James] for the gonzo tip!

When it comes to DIY projects, nothing beats the thrill of crafting something that rivals expensive commercial products. In the microphone build video below, [Electronoobs] found himself inspired by DIY Perks earlier efforts. He took on the challenge of building a $20 high-quality microphone—a budget-friendly alternative to models priced at $500. The result: an engaging and educational journey that has it’s moments of triumph, it’s challenges, and of course, opportunities for improvement.

The core of the build lies in the JLI-2555 capsule, identical to those found in premium microphones. The process involves assembling a custom PCB for the amplifier, a selection of high-quality capacitors, and designing lightweight yet shielded wiring to minimize noise. [Electronoobs] also demonstrates the importance of a well-constructed metal mesh enclosure to eliminate interference, borrowing techniques like shaping mesh over a wooden template and insulating wires with ultra-thin enamel copper. While the final build does not quite reach the studio-quality level and looks of the referenced DIY Perks’ build, it is an impressive attempt to watch and learn from.

The project’s key challenge here would be achieving consistent audio quality. The microphone struggled with noise, low volume, and single-channel audio, until [Electronoobs] made smart modifications to the shielded wiring and amplification stages. Despite the hurdles, the build stands as an affordable alternative with significant potential for refinement in future iterations.

Released in 1993, Intel’s Pentium processor was a marvel of technological progress. Its floating point unit (FPU) was a big improvement over its predecessors that still used the venerable CORDIC algorithm. In a recent blog post [Ken Shirriff] takes an up-close look at the FPU and associated ROMs in the Pentium die that enable its use of polynomials. Even with 3.1 million transistors, the Pentium die is still on a large enough process node that it can be readily analyzed with an optical microscope.

In the blog post, [Ken] shows how you can see the constants in each ROM section, with each bit set as either a transistor (‘1’) or no transistor (‘0’), making read-out very easy. The example looks at the constant of pi, which the Pentium’s FPU has stored as a version with no fewer than 67 significand bits along with its exponent.

Multiplexer circuitry allows for the selection of the appropriate entry in the ROM. The exponent section always takes up 18 bits (1 for the significand sign). The significand section is actually 68 bits total, but it starts with a mysterious first bit with no apparent purpose.

After analyzing and transcribing the 304 total constants like this, [Ken] explains how these constants are used with polynomial approximations. This feature allows the Pentium’s FPU to be about 2-3 times faster than the 486 with CORDIC, giving even home users access to significant FPU features a few years before the battle of MMX, 3DNow!, SSE, and today’s AVX extensions began.

Featured image: A diagram of the constant ROM and supporting circuitry. Most of the significand ROM has been cut out to make it fit. (Credit: Ken Shirriff)