A tip for soldering the wires on is to get a roll of 48SWG enamelled copper wire with solderable insulation, which will tin when you apply a soldering iron tip to it. Allows you to solder to fine pins, and even to non filled vias with no problems, and gives a good connection. If the wire is to be there more or less permanent you can then tack it down with some UV cure glue, or even regular gel superglue if the bloom it will have is not going to worry you. Used it to repair damaged solder pads as well, soldering the IC pin to the wire, and then the wire to the track, and a drop of superglue to hold the lot down, followed the next day with a light scrub in IPA ( I was using TCE though, before it was banned from the military as well) to get the bloom off, leaving a good clean firm connection. Lasts decades with no issues, though not going to handle more than 50mA reliably, but getting you a wire out to a place where you can have a small strip of Veroboard 3 holes long, and however many point you want wide, stuck down to some point inside was a good way to have reliable monitoring.

I was about to ask. Thanks!

Me as well 😀

Also lowering the temperature can help, otherwise it takes to much time to solidify, and it's not easy to stay still for so long

You should make a colab with Laurie Wired!

Right?! I remember that bit of lore…

You guys don't?

Had the same thought but using a simpler Arduino loop timed to sense a power rail waking up and a variable to set the timing,

Yes #30 wire-wrap is great. Use Teflon coated wire, it has a higher melting point. You will want to tape it down, solid wire breaks pretty easily when bent a few times.

I also noticed he's soldering to the base of the pins, aiming outwards at 90 degrees... Sometimes it works better when you come over the top, and solder parallel to the pin, down its side. Bend the wire to shape first, and hold it down with your finger on top of the chip. Obviously this doesn't work if you need to use loads of pins on both sides, but it's a trick to keep in mind.

I swear I usually solder better when I'm not recording myself doing it...

That's def the way it goes lol

@@mattbrwnyour tip looks oxidised - get a new one.

​@@mattbrwn I think lots of things are done better when not trying to record yourself doing it. Just having to work around the camera makes it harder before you even start on the psychology of it.

you need to post that link you haven't been doing this long but what you jut did is the most infuriating thing to possibly put into a forum for this kind of hobby.

​@@somacruz8272 youtube has been deleting links in comments for years at this point.

you going to have to either find a place those UART pins are exposed on the board OR remove the chip, solder magnet wire to the traces, then return the BGA chip back to the board... which is easier said than done

But honestly if works it’s not broke.

Update: it worked! But the bootargs is missing on this one, it seems they built the kernel with it's command line baked in to stop this kinda thing (it's a build option, setenv bootargs does nada for me). Glitch immediately after the 2nd 'click' from the IR shutter. Glitching earlier will revert to a u-boot mask ROM i think but it's impoverished with only an 'httpd' command for firmware updates.

​@@foobarf8766Yep sometimes they bake the boot args into the kernel binary or the bootloader so you cant change them unless you try to glitch the flash or flash a custom firmware on it. I also had a device that did not allow me to change the bootargs or any kernel parameters

​@@309electronics5 thanks dude, good to know its not just me! the vendor has a github repo so I can build it maybe but where to find the .config?

This would be a good exercise regardless of how practical it is... good idea!

@@mattbrwn ...just some more brainstorming, maybe an ESP32 with a web interface that would let you could change the boot args for the next boot

I have a Netgear AC1200 R6120 i tried doing this with by monitoring the UART serial console and the R6120 wouldnt boot with it set up, i had to manually short spi pin 2 to pin 4. I tried with a push-button and it wouldnt boot either lol

With such a small memory they may have used an 8 bit CRC. You could brute force this by changing the variable data from 00 to FF and re-testing.

Uboot wasn't able to read flash chip ID so couldn't autoboot and dropped into hush shell. More locked down IoT won't give you a shell, won't let you change bootargs etc.

do you have reference link to read more on this for sigmastar?

There are a bunch of videos getting to U-Boot

PCBite probes :)

I think that's known as a pogo pin, and they appear to be on a wire armature for hands free placement. The pins have a tiny spring inside that helps apply pressure and keep contact.

Hey what do you mean by a wire armature? I'd like to have a similar setup and did a fair bit of googling after watching a previous vid but I must've not had the right terms to search for

@@theodorekorehonen A more common term is probably bendable third hand.

Maybe

Get the server address they use and then use a proxy to connect to the server you want instead.

It looks like you just want to kill access to the server dishing up the Verizon firmware. You should be able to do this with a firewall rule on your router - if destination is nasty IP, drop connection - or sinkhole the domain name in DNS using say a Pi-hole. Use Wireshark to check if the server IP is found via DNS or if it is hard coded to know which is best way to proceed.

​@@dingokidneys Or put the phones on a VLAN that doesn't have DNS specified in the DHCP. Or use a custom DHCP response for those devices that gives no DNS servers.

probably will be with a firmware mod in an upcoming vid.

just added in the pinned comment since more than 1 person asked!

If I recall, uboot will try a list of boot options in an order defined at compile time (much like BIOS on a PC trying the floppy drive then the CD drive, then the hard drive). If this all fails, it drops to the prompt. Most manufacturers don't bother changing any of these defaults... Partly because it isn't necessary for the product to work reliably (if the flash fails, the device is dead anyway), and partly because they set it up for development purposes to boot off multiple things, and simply never bother changing it.

If uboot was built with #define CONFIG_AUTOBOOT_KEYED_CTRLC you can just ctrl-c too I think?

​@@foobarf8766depends. Sometimes Uboot does have that prompt but then it just insta loads the kernel and initrd into memory and boots it so you need some delay so uboot will wait for the ctrl c input and then stop booting

No. The AVB (Android Verified Boot) spec states that when the bootloader can't verify the boot/recovery partition (where the kernel image is), and the bootloader is "locked", the device should enter the RED verified boot state (the boot fails entirely). Also, the bootloader cannot under any condition allow for the loading and execution of unsigned (non-original) code. In practice, this means that if you somehow manage to alter the boot image that's being loaded, the bootloader will refuse to boot and enter some kind of emergency download mode (in the case of Samsung, it's called "ODIN") to let you restore the device. This mode however, will only let you flash firmware that's signed by the manufacturer's key.

C210