Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Cybergibbons 🚲🚲🚲 Profile picture
@cybergibbons
Feb 24 24 tweets 9 min read Read on X
Scrolly
I've obtained one of these "EMP generators" that are intended to cause glitches in gaming machines, either for free gaming or to dump coins.

It's pretty odd.
Image
Image
Most prominent is the 3-pin device on top.

It's an NPN transistor for RF.

It's socketed and comes with a spare....
Image
Image
Superficially... when you press the button, it generates a field that can light up a fluorescent tube... Image
The instructions are... well... interesting. Image
Peeling the shrink wrap off, we can see how homebrew this is.

There's some kind of transformer on the top, with a large coil with a smaller one. Almost Tesla coil like. Image
There is a button to trigger it, two DIP switches (which I think you should only turn one on) and a trimmer pot. I can't tell what the trimmer pot does.

Image
Image
Image
Really oddly, it has three (3!!!) charging ports. I think you need to charge each one in turn. So three batteries and no charge controller?

Oddly the PSU is 12.5V... so it could really have nothing controlling charge. Image
Each one is hovering at about 12V - so possibly 36V in series? Not sure. Image
One DIP switch is continuous, the other is pulse.

A little bit of smoke came out just now. The transistor does get very hot very fast.
It's so hot glued together that taking it apart further is going to be risky...
Holy fuck nugget, that is really janky. Image
So yeah, it's 3*3 Li-Ion packs with each jack cross 3 of them. Dodgy. Image
The little board has a 555. Contacts are labelled VCC, GND, OUT-

Image
Image
Image
So with the main transistor out, the little 555 board is simply pulling the output low at around 12kHz. Duty cycle is about 60%.

Trimmer changes this frequency from about 8Hz to 25Hz.

So the top part must just be self-resonant, and this turns it on and off. Image
So with the dip switches set to "constant" (i.e. 36V applied to the resonant board, you end up with an approximately 58MHz signal on the base of the transistor. Image
And a crazy 230V on the collector! Image
I've tried to quickly reverse it... but what?

Surely I have made a mistake here?

The bigger coil is on the left of the transformer, the thinner many windings on the right.

Does this make any sense to anyone? Image
@synx508 has found someone who has looked at these before.

Schematics are almost identical. Very surprised these really oscillate so much and don't nuke themselves, given they are shorting the transistor across the rails.


Image
On the spectrum analyser, with just a short length of wire we are seeing powerful emissions at 50MHz and many harmonics.

Would be interesting to see what this does to electronics.
Image
Image
I wonder why "150MHz" is in the title? I mean, it is making noise on 150MHz, but also every other harmonic of 50MHz. Image
I mean, it seems to have some impact on electronics.

No resets, but then this is a modern microcontroller in here.
In this position, it's not doing much to the game... but check out the bench PSU!
It certainly causes things to happened that you don't expect!

I suspect this may be causing issues with the video memory.
I don't really have any targets to hand that I want to risk breaking currently. It may be interesting to see what this does to bootloaders on various devices.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Cybergibbons 🚲🚲🚲

Cybergibbons 🚲🚲🚲 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @cybergibbons

Cybergibbons 🚲🚲🚲 Profile picture
Jan 14
I'm trying to decode some digital modes from an SDR and I think I've found the most capable but least user friendly software, ever.

Now, it is free. And it seems to be the best available. BUT OMG, the UI.

This is the config screen. Image
Then you get the main RX/TX screen.

Can you spot the button you need to press to open the control of frequency? Image
It's this one! Image
Read 13 tweets
Cybergibbons 🚲🚲🚲 Profile picture
Dec 18, 2023
After the #FlipperZero threads, there's been a few people questioning the ethics and legality of these devices, particularly with respect to NFC cloning.

I think explaining some of the history of NFC security - particularly Mifare Classic - attacks might help. Image
Mifare Classic cards are everywhere.

In the UK and US, most hotels and a very large proportion of commercial access control systems will use Mifare Classic.

We've known that they have serious security weaknesses in these cards for over a decade, yet they are still used. Image
The cards have a number of "sectors" of memory, and to be able to read or write these, you need to know a 48 bit key for that sector.

For a Mifare Classic 1K, there are 16 sectors, with two keys per sector, so possibly 32 keys!
Read 24 tweets
Cybergibbons 🚲🚲🚲 Profile picture
Dec 17, 2023
Onto another aspect of the Flipper Zero... and not really knowing what it does.

The Frequency Analyzer seems pretty opaque. When it works, it works, but under what conditions does it work? Image
There is documentation, but it doesn't really explain any of the limitations.

docs.flipper.net/sub-ghz/read#b…
The sub-GHz part of the Flipper is driven by a TI CC1101 RF transceiver. This is in the same family as the CC1110 that was famously turned into a spectrum analyser in the IM-ME instant messenger toy.

hackaday.com/2010/03/17/im-…
Read 22 tweets
Cybergibbons 🚲🚲🚲 Profile picture
Dec 17, 2023
I finally caved and bought a Flipper Zero.

Whilst it's useful, there's a fair few bits of it that aren't particularly well explained.

Let's start with the Mifare Classic reading!

What's it doing, and how is it doing it? Image
There are two dictionaries stored on the SD card in the device - both in /nfc/assets/

mf_classic_dict.nfc (built-in dictionary)
mf_classic_dict_user.nfc (user dictionary) Image
The built-in dictionary in the stock firmware has 1244 keys in it.

The built-in dictionary in XFW firmware has 3851 keys in it.

(not sure why the number shown differs on the device)
Read 23 tweets
Cybergibbons 🚲🚲🚲 Profile picture
Jan 21, 2023
I'm looking at the VDDI-PROG and how it bypasses security mechansisms on many automotive microcontrollers.
It's a nice device, in a good plastic case.

Double-sided board, no components on back.

Minimal silkscreen.

The 3V lithium cell is interesting - I'm not sure what needs backup.

No 32.768kHz crystal for an RTC and no real need.
Main microcontroller is an STM32F407.
Read 61 tweets
Cybergibbons 🚲🚲🚲 Profile picture
Jan 20, 2023
Remember: seek out those to troll, do not let them seek out you.
Remember.
They don't learn, do they?
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(