Thursday, 25 February 2016

My take on a nixie clock

As a present I decided to build a nixie tube clock. It was essential to ditch my close-enough attitude and make it look as good as possible. For me the simplest way to complete this idea was to use a microcontroller. I am not cool enough to build a clock out of discrete logic, maybe in the future.Nixie2

I had couple of nixie tubes lying around, I ordered some more to have a total of six. So the clock consist of an Arduino Nano, RTC DS3231, nixie tubes - IN-14 and a power supply. From the start I knew the biggest challenge is building the enclosure. I learned that the easiest way to drive these nixie tubes is with a driver called - К155ИД1.

It’s a binary to decimal decoder and it works quite elegantly. Depending on the binary input it enables the right output.chrome_2016-02-25_17-26-59

It does all the heavy lifting. And then I used three shift registers to drive all the drivers.

In addition I bought a nixie tube power supply that supplies the 170v I need. I could have used 220v wall power but I do not trust myself enough to use that, especially when giving it away.

I wanted this thing to be everything my clock is not.

  • RTC keeps the time even at complete power loss.

  • Simple controls - possible to go back in time~.

  • No alarm function - no need for broken glass.



It is quite straight forward - not too many passive components.



I wanted this thing to be in proportions and as small as possible. In order to achieve this, I decided to sandwich the two PCBs together. I have made many PCBs but only single sided ones. Now was the first time to try to make my own double sided board. It came out okay, did not have to fix many traces. Making double sided boards with the "toner transfer" method is tricky.


The back panel consist of three buttons and a power jack. One click adds a unit of time and when holding it down it removes the desired unit.




I liked the idea of making it out of metal/metallic materials but I don’t have the necessary equipment nor the tools. I decided to make it out of wood. To make it more interesting I routed out all the excess material, instead  of making it out of 4 walls. It looks like a lump of wood which I quite like. It turned out great.


A bit more artistic representation:





Wednesday, 30 December 2015

Recovering from a hard bricked LG Optimus G E975.

Something a tad different this time. I am writing this so I would remember not to fix bricked android phones anymore. Soft brick is easy, boot into download mode, flash the stock firmware and bingo. Hard brick is trickier; the phone is basically a paperweight. The bootloader is messed up so the phone is completely unresponsive – no download mode, no fast boot, no nothing.

So the adventure starts at the beginning.

I managed to get my hands on a bricked LG Optimus G E975. During a wipe in recovery mode, the user rendered the phone useless. Now was my time to work my magic.



  1. Download

  2. Download E975 firmware.bin

  3. Install drivers

  4. Open the program


  1. Select the downloaded firmare.bin file.

  2. Find a good location where to extract the files(for example C:\lg)

  3. Click Extract and wait.

  4. Make sure AP chipset is G.

  5. Choose the right COM port (whatever port Windows assigned)

  6. Find the location specified in step 2. (C:\lg)

  7. Check

  8. Check

  9. Check

  10. START

If it works the first try you are in luck. If it does not work on the first try just smash buttons and pray!



Forums contain a lot of information but the problem is that typically those post were made couple of years ago, so the majority of those links in the posts are now dead. Meaning, if we are lucky we find those thingies via Google.

I was reading about the cases where that exact same phone was dead and I noticed the similarities. Then I found even more threads with the same problem. People said JTAG was the only option. In a nutshell, you send the phone to some workshop to replace the motherboard or they rewrite the bootloader using a JTAG. Not a financially good option because the phone is not completely worthless but worthless enough not to drown it with money.

The only sign of life – connect the phone using a USB cable and we have a device called QHSUSB_BULK. This is some kind of QUALCOMM’s fallback recovery system or something. All phones that have QUALCOMM chips in them, use this feature. Because of that there were a lot of posts about people with their not-so-useful phones.

But I did not find anything useful or something that would give me some hope to revive this phone. Couple of days later while traveling with the public transport I had an idea to google my problem in an another language, specifically - Russian. From personal experiences you can find a lot of obscure and not-easy-to-find information in those Russian forums. Maybe because they are tinkerers, they like to fix stuff. Anyways, I came across this Ultimate Optimus G thread, all in RUSSIAN, woo.

To access downloadable content, you need to register, problem is the language barrier. But it is easy enough to overcome if you have learned a tiny bit of Russian. (What do you know, it was not completely useless.) And my favorite part - captchas that were in Russian.

So I found a guide.

I followed it and nothing. Tried all kinds of button combinations - nothing. Error popped up, nothing, again back to Google, nothing. Some people said that in that case the EMMC was dead = the game was ending. But I don’t know why I did not give up at that point, maybe because I had already invested so much time into it. So tried again, nothing. Again, nothing. Then started listening music, tried again, nothing. Started smashing the power button in the rhythm of the music, the windows did not like that so it just started making those noises, when you disconnect/connect a device. Tried again, the error went away. So it rewrote the bootloader and then I saw life, the LG logo popped on the screen. Next thing I know I was in download mode.  And Bob is your uncle! So, how did I fix it? It’s a mystery to me. (smash the power button)

Monday, 17 August 2015

My take on the PA0RDT Mini Whip antenna.

I like shortwave radio because you can receive signals from all over the world, also there are all kinds of mysterious signals to explore.

In the grand scheme - the lower the frequency, the bigger antenna you would need. Well, there are all kinds of antenna designs but I like to think like that way. For example, I have a 27 MHz dipole on my roof that is around 5.3 meters long. If I wanted to listen to lower frequencies ~ around 3 MHz, for optimal performance I would need around 50 meter antenna, so using dipole for lower frequencies is not very space efficient, especially if you do not have any room.

So I decided to build the Mini Whip antenna. It is popular, simple to build and on paper receives frequencies from 10 kHz to 30 MHz, and also it is super tiny.

There are some variations between different designs, but the basic idea is the same.

The schematic I followed.




During my tests it performed well, I was able to receive DCF77 signal for the first time. All other bands seemed to work as well.


Overall fun little nifty antenna.


For permanent outdoor use - one should probably use an enclosure.



Tuesday, 7 July 2015

MIRRORCROCODILE - a tool that helps to mess around with 433Mhz devices

I think the coolest thing to do with computers is to interact with the real world. Computers used to have parallel ports. Parallel ports made it super easy for tinkerers to interface with the real world. I have seen a lot of projects around parallel port but they are the thing of the past. New computers do not ship with parallel ports – nobody uses them – only people, who want to flash LEDs, when they receive a new email etc.

What is the next best thing? What is the thing that every computer has? USB is hard mess around because it is too advanced for simple projects. You need to use controllers and it gets complicated fast - at least for me.

So then, inspired from that triggertrap post I realized – SOUNDCARD. Every computer/phone has a headphone jack. But what happens if you want to listen to music and flash LEDs? Then you buy a cheap USB soundcard from eBay and use that as a platform (You do not want to fry your onboard soundcard, I think).

Soundcard is basically an ADC and a DAC (microphone and headphone jack).

So I had an idea to strap a 433 MHz transmitter and a receiver to the soundcard. In my head it played out like this :

  • You can record devices that use simple modulations (AM/OOK).

  • You can send signals from the computer(GNURadio).

  • You can use replay (transmit, what was received).

So this project needed a cool codename, NSA has l33t codenames so I came up with MIRRORCROCODILE courtesy of



2015-07-02 21.25.50

Mirror attack is the simplest, you only have to record and press play.

Here is a video, where I mimic my wireless doorbell signal. Technically it should work most of the 433 MHz devices that do not use rolling code or not use some other signal modulation.

Or if you want to edit/analyze the data more or even send out completely new stuff - GNURadio should be useful enough.



Thursday, 30 April 2015

Homemade Triggertrap remote trigger

I was reading an article about a Kickstarter project that failed miserably, and found out a company called Triggertrap. Their project failed but they were already selling remote triggers for cameras. Remote triggers are fun, they allow to control camera remotely……..

I have never owned a proper remote trigger, I have always used the time trigger function on my camera.
The remote costs around 42 euros but the app is free. So I thought it should not be hard to build my own remote that works with the app.

The schematic:


Well, ideally you should use optocouplers to separate the electric circuits, but I like to live dangerously.

2015-03-16 01.05.11

It fits neatly in this little red box. Now I can take selfies 10 meters away.

2015-04-29 22.18.36

Well really, quite useful thing while doing time lapse photography.


Wednesday, 8 April 2015

RFID experiments

Radio-frequency identification (RFID) is a way to use electromagnetic fields to send and receive data wirelessly. The system consists of two parts: reader and a tag.  Tags can be passive or active. I think the most popular are passive tags. Meaning, there are no batteries needed, the power comes from the reader. The reader constantly sends out an interrogation signal and when a tag absorbs the energy and powers up, it radiates back information from the embedded chip.

Then it divides further - different frequencies, generations, encryptions etc.

Also one popular part is NFC (Near Field Communication) which has better security and other improvements. Latest phones usually come with NFC read/write capabilities built in.  So you can pay with your phone or touch phones together to share information. A lot of possibilities.


RFID/NFC is quite popular in our commercial world.

  • Anti-theft – stores use it to stop people stealing stuff.

  • Tracking people - putting tags inside shoes to track people, some festivals or nightclubs but them inside wristbands.

  • Payment – all kinds of simple payments systems or paying with a phone

  • Transportation - tag on a car so you will be charged automatically etc.

  • Security – opening doors, gates etc.

  • Public transport

  • Passports and other cards – rumored bombs that only explode when there is a US passport nearby.

  • Animal identification

  • Sporting events – games, lap times etc.


Homemade 125 kHz FSK tag reader


So of course there are two ways to approach this problem. The first way is to build your own goods, second way is to buy necessary stuff. I went with the third way – buying stuff and meanwhile building my own stuff.

Went with scanlime’s “World's simplest RFID reader” design and there is also an Arduino implementation of the same thing.




FSK-RFID-reader-v2 (1)

Lately I like to build these “development” beds, where it would be easy to add/remove stuff and also it adds rigidness without having a case.

Blue Plexiglas is pretty hip, got to unleash my artistic skills....

Arduino generates a 125 KHz carrier.


Antenna design.

At first I went pretty loose on the antenna design luckily/obviously that did not work.



The coil needs to resonate at 125 KHz. I chose a random capacitor - 10nF. Working out the inductance gave me 162µH.

If that is done we need to calculate the coil's dimensions that correspond to 162µH.



I used an old bottle with a diameter of 6.9 cm. With that diameter I needed to make a coil with 33 turns.

I also experimented with various diameters and capacitor values – weirdly enough all of them worked.

The biggest problem is that I do not have the right tags. The system detects a tag but it does not decode it (yet?). But it does detect a tag so that is a win I guess.

Here is it in action:

Monday, 16 March 2015

Voice inversion with GNU radio

Voice inversion is security through obscurity. It is an analogue way to obscure transmission content.

There are all kinds of variations of this scrambling, offering different levels of security. The general idea is they take a signal and as the name recommends - inverts it. Meaning low frequencies become high and vice versa.

This scrambling is a pretty old technique. It prevents people from just listening in. Nowadays with fancy software and computers it is pretty obsolete. IT IS OBSOLETE *cough*Elion*cough*.

Software has been floating on the internet a long time, probably used by HAM radio operators. Basic rule is that you take the output from the radio receiver and pipe it to the computer. Computer with its magic outputs it as human understandable information. Now ,for example, it is useful to use a SDR.


Wikipedia suggests:

In the simplest form of voice inversion, the frequency "p" of each component is replaced with "s-p " , where "s"  is the frequency of a carrier wave. This can be done by amplitude modulating the speech signal with the carrier, then applying a low-pass filter to select the lower sideband.

When I read the last sentence I realized, how simple would I it be to demodulate signals with GNU Radio.

Wikipedia suggest the most common carrier frequencies are : 2.632 kHz, 2.718 kHz, 2.868 kHz, 3.023 kHz, 3.107 kHz, 3.196 kHz, 3.333 kHz, 3.339 kHz, 3.496 kHz, 3.729 kHz and 4.096 kHz.




My flow graph:





Technically works the same way as demodulation, only reversed. Simply taking a descrambled audio and it scrambles it. The same flow graph works great.


Screen Shot 2015-03-15 at 21.03.34



Carrier frequency - 3496 Hz