Reverse SSH Tunnel – when you cannot SSH to your host

Sometimes you need a workaround for SSH to an host. On my case, i cannot SSH to a ppp connected Raspberry Pi, but he can SSH to every other host. Solution is simple: ppp-Pi will SSH to a remote SSH server leaving a door open. Then i can SSH to my host, and login to my Pi. Confused? I know.

There’s a pretty good explanation on StackExchange.

Continue reading “Reverse SSH Tunnel – when you cannot SSH to your host”

3G to WiFi Raspberry Pi gateway

[Edit]: Thanks Hackaday for the highlight! Part two of the hack – having a 77 year old learning how to use an Android phone – is ongoing. Proof of success: her instagram account.

After building my DIY 16.5 dBi (probably with pornographic levels of VSWR – hopefully i can get an antenna analyzer on that by the next few weeks) and proofing the concept of a feasible 3G gateway, i had to put everything inside a nice IP65 box and set it up outside. Initially i was aiming at using a modded WR703N with Rooter firmware and a Huawei E3131. After burning both of them, i had to resort to a Raspberry Pi Zero.

Principle of operation: Raspberry Pi handles the PPP session from the USB modem, creates an WiFi network via hostapd and uses iptables for the rest.

Notes on weatherproofing something

Basics first:

  • water + electronics = bad. Solution?
    • Sealed box.
  • heat + electronics = bad. Solution?
    • Sealed box with ventilation.
  • Sealed box with ventilation + electronics = moisture during low temperature. Solution?
    • Heat it when it’s cold.
  • 230VAC outside = bad idea. Solution?
    • Industrial grade 230VAC to 5VDC PSU – i used this one from Mean Well – RS-35-5 (link to manufacturer) placing it within the attic and routing 5m of 2×0.75mm2 cable outside – 6m total, minimum voltage drop.

So, this is not a trivial problem to solve. My solution? IP65 grade box (IP rating table right here) with a breathing hole, DHT22 sensor inside, DS18B20 outside, python measuring things. More details below…

Continue reading “3G to WiFi Raspberry Pi gateway”

Hacking Aux-IN to a car’s CD player

I’ve seen this a few times, and it’s a hack worth to share.

Many times, we found ourselves owning a car with a CD player, but no AUX-IN. Who uses CD’s these days, anyway? Noah decided to un-crapify his car audio on a 2001 Ford Focus.

The hack itself is pretty simple. Open up the unit, and you’ll find two separate modules: CD player, and radio/amplifier unit. Both are connected through a flex cable.

Taping the CD Player
Taping the CD Player

Noah was fortunate, since he had taps for each pin, so he didn’t had to solder directly on the plug’s pins. So, he identified ROUT, LOUT and a ground connection, soldered the pins, and he’s ready to go.
Since he tapped on the CD player’s pins, a CD must be inserted in order to trigger the input.
Easy as recording an audio CD without any tunes in int: plain old silence.

Similar hacks:


Reverse engineering a Hit Clip

You should read this excellent article on reverse engineering a Hit Clip.

Hit Clips were small cheap digital audio players that could play music off of little plastic cartridges.  The audio was mono, sounded terrible, and only included a 60 second sample of a single song.

Head over here for more: .

Hacking MicroSD cards

You should read the latest on hacking MicroSD cards by Bunnie Studios (

Some points to consider:

  • Every card has a ARM microcontroller;
  • Flash is usually bad, but it doesn’t go to waste. a 16GB card with 80% bad flash can be sold as a 2GB one;
  • Remember number 1? It can allow arbitrary code execution.
MicroSD Card controller
MicroSD Card controller



Interested on reading more?

This is the whole write up – – and here’s the whole video. Enjoy!

Decoding OWL CM130 wireless monitor signal

So, i have a OWL CM130 wireless energy monitor for keeping an eye on power consumption at home.
It’s a great little gadget, but also a very cheap one: i bought it a few years ago for around 30€ in eBay, but it won’t let me do anything with the data, other than display it.

The OWL CM130 kit
The OWL CM130 kit

These usually work in 433MHz band, and i happen to have a 433MHz AM receiver similar to this one:

And this is the pinout:

FS1000A 433MHz receiver and transmitter pinout
FS1000A 433MHz receiver and transmitter pinout


So, i thought “This is a no brainer”!

Continue reading “Decoding OWL CM130 wireless monitor signal”