Cable Improvising

A couple of weeks ago I was at Edinburgh Hacklab and wanted to test a USB to Serial converter. I plugged the USB side of the converter into into my netbook and then went about trying to find a suitable Null Modem cable to make a connection to a RS-232 port of the hacklab PC.

I knew the correct cable for the job but the one I own was sitting at my parents house. So I went rummaging in the “adapters of all kinds” box and built myself this work of beauty.

Null Modem "adapter"

Null Modem “adapter”

It consisted (excluding USB to RS232 convertor) of

  • 9 pin Female-Female Gender Changer
  • Male 9 pin to Female 25 pin straight through convertor
  • 25 Pin Male-Male Gender Changer
  • A great big heavy “Null Modem” converter that has been lying around the lab that has two female 25 Pin connectors
  • 25 pin Male to 9pin Female straight through cable.

Amazingly this worked and I was able to type in a terminal on my netbook and see the output at the other end.

Random place

In November last year (2012) I had a week off work and with no particular plans, I felt the urge to go somewhere “random”. I don’t imagine this is an unusual thing to want to do but often the “random” place is picked in a very non-random way, for example, somewhere:

  • You have visited before.
  • That has been suggested by friends, family or acquittance.
  • Has subconsciously slipped into your mind at some point.

I wanted to go to a proper rand() location that wouldn’t be influenced by anything.However I did set a few parameters. The location had to be

  • Reachable on a day trip from Edinburgh
  • Somewhere without criminal trespass laws e.g: Airport, Ministry of Defense land, Prisons etc.
  • On dry land

And that was it….

Continue reading

29c3 My Impressions

Sun sets on the last Day of 29c3

Sun sets on the last Day of 29c3

Having caught up some sleep and recovered my hearing after New Year in Hamburg I thought I should write down some of my thoughts about 29c3 before they drifted out my memory. This was my third CCC, I had attended 27c3 and 28c3 that look place in Berlin.

Getting to Hamburg from Edinburgh wasn’t as straight forward there aren’t any direct flights at this time of year, but changing at Amsterdam isn’t a big deal. Flight might have been a bit more expensive than Berlin but I did leave it quite late (6 weeks) before booking.

The Congress Center Hamburg is *massive* compared with the previous venue in Berlin. Hall 1 especially was much bigger than the Berlin equivalent and I don’t believe  was ever completely filled.

The catering inside CCH was reasonable but less varied than Berlin (especially for a Pestiperian diet) and maybe a little bit more expensive, but still affordable. One night I was caught out by forgetting they would stopping serving at 11pm or so,this was easily solved by some excellent Falafel from a takeaway on the way back to my hostel. There were also several late night food places near CCH so not a big deal.

At the previous congresses I had volunteered as a cloakroom Angel, this year I didn’t. I’m not really completely sure why I didn’t this time but it meant I had more time to spend going to talks etc.

The talks themselves were on the whole very good. I had kinda forgotten about the English translations taking place for German talks so I only attended talks presented in English. Here are a few talks that stood out for me:

  • Many Tamagotchis Were Harmed in the Making of this Presentation 
    A very well delivered and enthusiastic presentation detailing the process of hacking and attempts to reverse engineer Tamagotchis and related hardware.
    Youtube video
  • Hacking Cisco phones
    After last years HP printer hacks Ang Cui was back this time with a Cisco VOIP hack. He demonstrated switch on the handset microphone and streaming audio remotely whilst the handset was in the on hook position.
    Youtube video
  • Writing a Thumbdrive from Scratch
    I missed the first half of this talk and haven’t caught up from the recording but the later bits were very interesting. If an attacker controls the firmware of what appears to be a “normal” USB storage device then standard forensic techniques such as imaging can be easily detected. Responses may include providing alternative data or self-destruction.
    Youtube video

No writeup could be complete without mentioning events around individual harassment and a perception of anti-female atmosphere. Now that the dust has settled it appears likely some of this was deliberate trolling but there are real issues at events such as this and hacker communities in general. I don’t think these are necessarily unique to gender as personal attacks and exclusion based on perceived lack of technical knowledge is more widespread. A good summary of events and where things can go from here is given by the Ada Initiative

So to summarise, an enjoyable congress. I’m sure it will flourish and grow in it’s new home. I’m not sure if I’ll be attending 30c3, maybe need to take a year off, but a lot can change in 355 days!


2012 is almost at an end, so I was thinking back over the year what I had been up to, here are some of those that I can remember (in no particular order)

  • Bought a flat of my own
  • Climbed a Gasometer (unofficially)
  • Elected company directory of Edinburgh Hacklab
  • Did a bit of Lift Surfing (again unofficially)
  • Designed and had my first PCB manufactured (they worked)
  • Visited some great Hackerspaces: Tog, Dublin; Farset Labs, Belfast; London Hackspace
  • Had great fun at EMFCamp
  • Torch bearer at Beltane, and steward at Samhain
  • Helped out friends
  • Sent a mobile phone, with GPS enabled through the post
  • Started blogging
  • …..and some personal stuff that isn’t blogable

Thanks to the people who helped these things happen and provided encouragement when i needed it. If your reading then can I say “Your awesome!”

Bring on 2013.

Don’t worry this self reflective, navel-gazing blog post is just a glitch, normal service will be resumed very shortly….

Remote Control Central Heating


Over the summer I moved into my own flat. As the weather starts to get colder I’ve found myself thinking that the heating might need switched on once in a while. I don’t need to heat my flat if I’m not around, as long as it’s not so cold the pipes freeze! I’m generally out doing something most weekday evenings and I’m not sure in advance when I’ll be back. I would like to control the heating remotely so i can switch it on when I’m 20 minutes from my flat, just like they showed on Tommorows World in the 1970s. Continue reading

My First PCB

Recently I’ve started a project to add some RGB LEDs around the rim of a Sombrero. Naturally having each LED individually addressable and dimable (using PWM) was a given. Although off the shelf LED strips may have fitted the bill, either as is with a bit of modification I thought this would be a good opportunity to try making some BlinkM clones. I found the Ghetto Pixels – Building an open source BlinkM instructable and decided to use a small PCB to keep thing a bit neater.

After following this very useful guide I was able to get EAGLE 6 running on Debian squeeze and was ready to design the

After many hours spent getting the components and tracks laid out as neat and optimised as I could I showed my design to a few experienced PCB hackers at Edinburgh Hacklab. A useful bit of advise was “Don’t torture the board house”, for example just because they claim to do 6milli tracks doesn’t mean you should use such thin tracks if 10milli tracks are suitable. I also printed the board layout onto normal paper to check that the components fitted and nothing looked obviously wrong.

Printed on normal 80gsm paper at real size (~25x25mm)

I’ve opted for a mixture of surface mount and through hole components. The LED current limiting resistors and decoupling capacitor are surface mounted. I’ve chosen the relatively large 1206 package for resistors, with the rational that it should be easier to solder. Using a thru-hole DIP version of the ATTiny consumes extra board space but given my limited surface mount experience it’s probably wise to learn to walk before running.

My Board

The boards are being manufactured using SeeedStudio’s Fusion PCB service. As the smallest board they do is 50x50mm and my board was 25x25mm I’ve panelised 4 of them onto each by following the Panelizing PCBs Seeed Using Eagle instuctable. I placed my order and submitted my design file on 30th October, received an email on 1st November saying the order was “In production” and was “shipped” on the 6th November. From the experience of others I would expect the board to arrive 2 to 4 weeks after ordering.

Fingers crossed I haven’t made any design errors….

Asda Reduction Barcodes

Like many technical, geeky people I’m often fascinated to find the details behind apparently mundane systems that are around us that most people take for granted. Take for example the “reduced to clear” stickers that supermarkets use to reduce stock as it approaches the Use By/Display Until Date. Each chain of supermarket uses a different system, sometime it’s obvious what the codes mean, other times it’s less obvious. This presents a challenge to reverse engineer.

I’ve thought about the codes a bit in the past and the Tesco Barcode “controversy” rekindled this interest so over the last few months I’ve kept an eye out for opportunities for research.

I should point out right from the outset that the one thing I’m not aiming to do is get anything for a lower price than the supermarket is offering it to sell it for. In fact one of the tests that I would like to do is check if i could pay more for a reduced item than the original price. Obliviously I would test this on sometime quite cheap as I’m not that stupid.

So I’m passing Asda and there are only a few hours left in the day, prime time for reductions. As I head for the entrance I notice an employee reseting the anti-theft devices on trolleys that people have taken over the “red line”, that’s a whole other area of research that I’ve yet to explore…. maybe there is a future blog post in it.

There are a lot of reductions tonight so I head to the self-service checkouts with ingredients for a small feast. I notice that the mini-pork pies reduced to 10p (yes, I know it’s not strictly part a Pescetarian diet but they would have ended up in the bin shortly anyway) are packaged in such a way to make it almost imposable to scan the reduction bar code.

After a half-hearted attempt to scan the barcode, I took my opportunity to press the “Enter barcode button” and start entering the code on the reduction barcode 0..2..0..5..1..8..0..0..0..0..1..1 (oh, woops my clumsy fingers that that last number should have been a 0, oh well just one of those things!)

    Unrecognised Barcode, please try again

Oh maybe I made a mistake with the number of zeros  0..2..0..5..1..8..0..0..0..0..1..1

“Oh let me help, I’ll need to do the reduction barcode for you”

She then swipes her operator barcode card to bring up the operator menu, selects an option and taps in 0..2..0..5..1..8..0..0..0..0..1..0.

So Asda have restricted manually entering reduction price barcode to operators only. That pretty much puts the stops on “mistakes” me as a customer could make. Further research would involve making my own barcodes by scanning a smart phone displaying a barcode image or preparing bits of paper with bar codes in advance, both of which would be pretty hard to pull of without being noticed and would be tricky to explain if noticed.

But all is not lost. Just by looking at the code on the items it’s possible to imply something about them as i already did above about the last two digits. Asda helpfully prints the full item codes on the receipt.So lets look an example for the pork pies


020 – Reduction codes prefix?
518 – This appears to be a “department” or “product type” 518 corresponds to “Deli Pies”
00 – Not sure what this means, appears constant as 00 (possibly thousands & hundreds digits??)
0010 – Reduced price in pounds and pence in this case 10p

Interestingly this format gives very little detail to link back to the product being sold, unlike Tesco codes that have a reference to the original barcode. Asda links to a higer level department code that may contain multiple products. I guess they aren’t too bothered or have another way of tracking it.

Stay tuned for more reduction barcode fun…