Apple likes to use annoying pentalobe screws on their devices. While it’s relatively easy to buy a pentalobe screwdriver, why bother, when you probably already have a substitute in your house? Anyone who uses x-acto knives should have a pile of blades with broken off tips. These blades are a quick and dirty surrogate for a pentalobe screwdriver. The tool:
Simply stab the tip of the x-acto knife into the pentalobe screw, and carefully twist:
The screws are so tiny that there isn’t much friction, so even though the knife blade isn’t a perfect fit, I’ve never stripped a screw. The same method works on small Torx and Philips screws. I’ve used this technique on many different devices over the years.
I just replaced the battery in my iPhone 6. When I attempted to power it up with the new battery, I was greeted with this ominous screen:
which is strange, because there’s no way that it was too hot, since it was just booting up, and it wasn’t even warm in the room where I was doing the work. I was worried that maybe I had broken something during the battery swap, but luckily, it was just bad contact in the battery connector. It turns out that there is a temperature sensor in the battery, and if it has a bad connection, then the iPhone will think that the battery is overheating. I tried pressing down on the battery connector, but that didn’t work. Next, I simply disconnected/reconnected the battery connector, and it booted up normally. Whew!
So, if you replace your iPhone battery, and it suddenly gets the over temperature warning screen, first check the battery connection. If the warning still won’t go away, but it goes away when you reconnect your old battery, then your new battery probably has a bad temperature sensor.
To remove the screen, I simply attached a suction cup at the end of the screen near the button. Then, while pulling up on the suction cup just enough to make a gap between the bottom of the screen and the back, I slid a guitar pick into the gap, starting at the bottom, and working my way down the edges of the phone, pushing it in gently. You can feel the clips releasing as you push the guitar pick in, and the screen will start to pop out, clip by clip. In Step 6 of the iFixIt instructions, they don’t emphasize the need to release the clips. If you just pull up, you’ll probably damage some or all of them.
I didn’t bother disconnecting the screen. In iFixIt’s instructions, they ask you to unscrew the screen connectors and completely remove the screen. Presumably, this is so that you don’t risk damaging the screen connector, lest you let it swivel back more than 90 degrees from the back. I didn’t bother disconnecting the screen, and instead, held it ajar with my left hand while doing everything else with my right hand. This is because the tiny connectors are very fragile in the iPhone, and I didn’t want to damage the screen connector when disconnecting it, or losing the screws (I had a very bad experience when I was trying to change the battery of my iPhone 4 a few years ago.. the replacement came with a connector that was very tight.. and when I tried to disconnect it, the whole socket broke off the PCB, rendering the iPhone useless).
I don’t have a pentalobe screwdriver, and I don’t intend to buy one. I’ve successfully removed/replaced the screws at the bottom of several iPhones using a Xacto knife as a screwdriver. The tips of my #11 Xacto blades always break off, and the broken off tip fits perfectly into the pentalobe screws.
Now, I’m waiting for the replacement battery to charge up, to see if it’s any good. I always have trouble finding replacement batteries that actually work better than the broken old batteries that they replace. There are a lot of shady suppliers out there who sell used or low quality batteries. I used the free Battery Life app to check the charge cycle count:
The vendor I bought the battery from claimed that it would have zero charge cycle count, and it has one, but that’s close enough, so I’ll let it slide for now. The capacity is also at 1752/1752, as expected. Of course, these stats could be faked, but at least they appear to be OK, which is some piece of mind. Only usage testing will reveal whether or not I managed to buy a good replacement battery, or another dud.
I recently bought a Proform 12.0TT treadmill from Costco. One of the major reasons I picked this particular treadmill was because it supports iFit Live, which is supposed to allow you to make custom workouts with google maps. Unfortunately, iFit Live has turned out to be complete garbage. My first frustrations started when I tried to connect my treadmill to my iFit account. I spent a couple of hours and got nowhere, because it kept complaining that it wasn’t able to contact the iFit server. I thought maybe it was that my WiFi wasn’t configured correctly, even though the treadmill was able to obtain a valid IP address. I tried submitting a support ticket, and was completely appalled by the horrible total lack of support. They didn’t even bother to respond to my ticket for more than a week, and by that time, I’d figured out that there server had gone down for a few days… one day, it finally just started talking to their server.
iFit Live, which is the only way to make custom workouts is quite expensive, and the treadmill doesn’t even come with so much as a free trial. It costs $9.99/mo or $99/yr. I was thinking of trying it out, but with their crappy support, I don’t want to give them my money. The worst part is that there’s this really cool iFit app that runs on iOS and Android that lets you visualize your workouts in realtime, but it only works on a handful of treadmills, and mine is not included on the list. Of course, they don’t tell you this, so I didn’t figure it out until I’d already bought the treadmill. Doing the workouts on the treadmill’s rather ugly and primitive display isn’t nearly as cool as via google Street View, or at least tracking it on a live google map.
The treadmill’s controller is garbage, too. It doesn’t let you customize the built-in workouts, and doesn’t even let you input things such as age/gender/weight, so the calorie calculations are completely worthless. I started thinking about hacking my own controller for the treadmill, but then decided to first see what could be done via software.
It turns out the treadmill has a built in telnetd, and if you telnet to its IP number, you can log in as root without using any password. ssh is also supported, but it requires the root password. Once you telnet in, it’s readily apparent that it’s running embedded Linux of some sort on an ARM processor. The treadmill control stuff is all in directory /icon/bin. Here is a list of the running processes:
PID Uid VSZ Stat Command
1 root 652 S init
2 root SWN [ksoftirqd/0]
3 root SW< [events/0]
4 root SW< [khelper]
5 root SW< [kthread]
16 root SW< [kblockd/0]
19 root SW< [khubd]
50 root SW [pdflush]
51 root SW [pdflush]
52 root SW [kswapd0]
53 root SW< [aio/0]
666 root SW [sdioeventd]
667 root SW [sdiod0]
669 root SW [mtdblockd]
709 root SW [nandeventd]
710 root SW [nandthread]
713 root SW< [scsi_eh_0]
739 root 3148 S /usr/bin/syslogd -S -b 10 -D -s 32 -O /tmp/logfile.tx
753 root 2292 S /usr/bin/dropbear
783 root SW [RtmpTimerTask]
784 root SW [RtmpMlmeTask]
785 root SW [RtmpCmdQTask]
786 root SW [RtmpWscTask]
792 root 3124 S /usr/bin/httpd -f -p 8080 -h /icon/bin/html
793 root 3020 S sslwrap -cert /usr/bin/sslwrap.cert -accept 443 -port
794 root 2880 S ./utwatch
795 root 652 S init
796 root 652 S init
798 root 652 S init
800 root 652 S init
810 root 2740 S utaudio
811 root 6476 S utcompete
812 root 2864 S utcontrol
813 root 2744 S utdevcom
814 root 2764 S utinput
815 root 2740 S utlog
816 root 6940 S utnetstatus
817 root 2200 S utuserlog
819 root 2740 S utvalues
820 root 2888 S utwifi
826 root 2872 S utwpl
827 root 2272 S utdisplay
828 root 2740 S utworkout
831 root 4640 R N web_serv
928 root 652 S udhcpc -i apcli0 -a -n -t 4
974 root 664 S telnetd
7348 root 764 S /bin/sh
26665 root 764 S /bin/sh
14635 root 656 R ps
14636 root 648 R sh -c iwconfig
From dmesg, I found that it’s running on a NuMicro NUC950 MCU running at 200MHz with 32MB RAM and 130MB of NAND flash. Here is the entire output of dmesg after bootup:
Linux version 188.8.131.52 (sbarton@sbarton-VirtualBox) (gcc version 4.2.1) #95 PREEMPT Thu Nov 21 10:08:23 MST 2013
CPU: ARM926EJ-Sid(wb)  revision 5 (ARMv5TEJ)
Memory policy: ECC disabled, Data cache writeback
On node 0 totalpages: 8192
DMA zone: 8192 pages, LIFO batch:1
CPU NUC950 (id 0x02900910 system clock:200MHZ)
CPU0: D VIVT write-back cache
CPU0: I cache: 8192 bytes, associativity 4, 32 byte lines, 64 sets
CPU0: D cache: 8192 bytes, associativity 4, 32 byte lines, 64 sets
Built 1 zonelists
Kernel command line: root=/dev/ram0 console=ttyS0,115200n8 initrd=0xa00000,4000000 mem=32M
PID hash table entries: 256 (order: 8, 1024 bytes)
Console: colour dummy device 80×30
selected clock e4e1c0 quot 7
Dentry cache hash table entries: 4096 (order: 2, 16384 bytes)
Inode-cache hash table entries: 2048 (order: 1, 8192 bytes)
Memory: 32MB = 32MB total
Memory: 26440KB available (1676K code, 309K data, 80K init)
Calibrating delay loop… 99.73 BogoMIPS (lpj=498688)
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
checking if image is initramfs…it isn’t (no cpio magic); looks like an initrd
Freeing initrd memory: 3906K
NET: Registered protocol family 16
* You selcet NUC950,Start Init NUC950EVB *
SCSI subsystem initialized
usbcore: registered new driver usbfs
usbcore: registered new driver hub
NET: Registered protocol family 2
IP route cache hash table entries: 256 (order: -2, 1024 bytes)
TCP established hash table entries: 1024 (order: 0, 4096 bytes)
TCP bind hash table entries: 512 (order: -1, 2048 bytes)
TCP: Hash tables configured (established 1024 bind 512)
TCP reno registered
NetWinder Floating Point Emulator V0.97 (double precision)
io scheduler noop registered (default)
NUC900 uart driver has been initialized successfully!
nuc900-uart.0: nuc900_serial0 at MMIO 0xb8000000 (irq = 7) is a NUC900
nuc900-uart.1: nuc900_serial1 at MMIO 0xb8000100 (irq = 8) is a NUC900
nuc900-uart.2: nuc900_serial2 at MMIO 0xb8000200 (irq = 9) is a NUC900
RAMDISK driver initialized: 16 RAM disks of 8192K size 1024 blocksize
loop: loaded (max 8 devices)
Card0 Detect !!!
NUC900 SD driver has been initialized successfully!
CFI: Found no nuc900nor device at location zero
NUC900 USB host driver has been initialized successfully!
nuc900-ehci nuc900-ehci: Nuvoton nuc900 EHCI Host Controller
nuc900-ehci nuc900-ehci: new USB bus registered, assigned bus number 1
nuc900-ehci nuc900-ehci: irq 15, io mem 0xb0005000
nuc900-ehci nuc900-ehci: USB 2.0 started, EHCI 0.95, driver 10 Dec 2004
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 2 ports detected
nuc900-ohci nuc900-ohci: Nuvoton nuc900 ohci Host Controller
nuc900-ohci nuc900-ohci: new USB bus registered, assigned bus number 2
nuc900-ohci nuc900-ohci: io mem 0xb0007000
usb usb2: configuration #1 chosen from 1 choice
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 2 ports detected
Initializing USB Mass Storage driver…
usb 1-2: new high speed USB device using nuc900-ehci and address 2
usb 1-2: configuration #1 chosen from 1 choice
usbcore: registered new driver usb-storage
USB Mass Storage support registered.
ts: Compaq touchscreen protocol output
i2c /dev entries driver
nuc900-i2c-p0 nuc900-i2c-p0: bus frequency set to 100 KHz
nuc900-i2c-p0 nuc900-i2c-p0: i2c-0: nuc900 I2C port0 adapter
client [NAU882] registered with bus id 0-001a
NUC900 Audio driver has been initialized successfully!
TCP bic registered
NET: Registered protocol family 1
NET: Registered protocol family 17
RAMDISK: Compressed image found at block 0
VFS: Mounted root (romfs filesystem) readonly.
Freeing init memory: 80K
selected clock e4e1c0 quot 7
selected clock e4e1c0 quot 7
selected clock e4e1c0 quot 7
gnand: module license ‘Nuvoton’ taints kernel.
1. ===> write SMCSR
scsi0 : Nuvoton NUC900 GNAND DRIVER!
nand card init
1. ===> write SMCSR
card reset4. ===> write SMCSR
6. ===> write SMCSR
Valid P2LN 577, block 1022
There are a bunch of shell scripts in there to do various things. When the machine boots up, it runs go.sh, which in turn runs loadapp.sh, and then runapp.sh. This loads a bunch of utXXX processes, which are all ELF binaries, unfortunately, and run the core functions of the treadmill. download.sh downloads the latest scheduled workout in your iFit account into /icon/bin/iFit/download/wpl2. It uses http downloads from iFit’s server, machines.iconfitness.com. The server host name is stored in the IFIT_SERVER environment variable, so it’s quite easy to redirect it to download from a different server. I envision writing a local http server to emulate some of the iFit server’s functionality. It’s easy to follow what the script does by just typing bash -x download.sh in the shell. The server uses SOAP for its API (templates contained in /icon/bin/iFit/network), and downloads are handled via a binary called soap_get.
It turns out that the workouts are consist of 2 files: layout.fit, and a file with .wpl extension, which is the actual workout data. the name of the .wpl file is the first field in layout.fit. Unfortunately, wpl is a proprietary binary format, so it will take some effort to figure it out, but once that is done, it will be possible to create your own custom workouts without using ifit.com! The built-in workouts are all stored in /icon/bin/iFit/builtin/builtin.xx where xx is a number.
To get the files off of the machine for easy examination, all you have to do is launch the built-in ftpd command to get an anonymous ftp server. Even though it’s already configured in inetd.conf, the server won’t start unless you launch it manually on the command line:
Substitute your treadmill’s IP number where I have 192.168.1.111. I dumped out the whole /icon/bin directory for perusal. I used the Filezilla ftp client on MS Windows.
One final thing… download_firmware.sh checks for and downloads the latest firmware. The firmware updates are in the form of a .tgz file. You can take a look at the contents by looking at /icon/restore/app.tgz, which is a copy of the firmware that’s probably for recovering from a botched update..
That’s all for now. I’m surprised that iFit left the system so wide open. It’s possible that when they find out that people are hacking their systems that they will close the telnet backdoor, so if you want to play, it’s probably a good idea not to update your firmware.
If you play around with your iFit, please share your discoveries in the comments below.
Update 2016-04-04: Thanks to Stefano Livi’s uber hacking skillz, I’ve created a github repo: iFitWPL. Using information provided by Stefano, I wrote a C++ program to (mostly) decode WPL files. I have not yet had time to write code to create new WPL files, but there is a file where Stefano shows code in an obscure programming language to create a new WPL: Notes_on_wpl.txt. Please contribute to the github repo, and feel free to discuss any progress in the comments below.
The Scosche Rhythm+ is an optical BLE/ANT+ armband heart rate monitor that’s highly recommended by DC Rainmaker. There are many posts around the Internet which claim that it doesn’t have updateable firmware, but that’s not always the case. Prior to firmware V2.5, the Rhythm+ had to be sent back to Scosche for firmware updates, but if you’re lucky to have firmware 2.5+ installed, you can update the firmware yourself with your phone and Scosche’s Fitness Utility. The procedure is quick and easy. Pair the Rhythm+ to your phone and launch the Fitness Utility. You will be presented with the Attributes screen, which lists the current firmware version:
If you have Firmware Revision 2.5 or higher, tap the Commands button, and you’ll be presented with this screen:
Tap the Firmware Update Start button, and the utility will update you to the latest firmware. I got a nice new feature when I upgraded mine to firmware 2.62. Now, after setting my HR Zone Min and HR Zone Max via the Fitness Utility, the LED on the Rhythm+ blinks blue when my HR is below HR Zone Min, purple when I’m between HR Zone Min & Max, and red when I’m above HR Zone Max. I guess if you only use ANT+, and want to save some battery life, you can turn off the BLE Radio as well, but I haven’t tried playing with any of the other functions yet, and I have no idea how you would turn BLE on again, since the app communicates via BLE.
Update 2016-07-11: Reader Atle posted below that v2.62 adds another function for iOS users … click once to start/stop music, and double click to advance tracks in the playlist. I wonder if this works on Android, as well.
It infuriates me how so many WiFi routers are designed with inadequate cooling. I have a whole pile of routers that got flaky or crapped out after a few years due to overheating. The only ones that are still rock solid after years of continuous service are my WRT54Gs. My Linksys E4200 has been getting long in the tooth lately. On hot days, I need to blow a fan on it, and lately, even colder weather, it slows down to a crawl at random times and needs a reboot. I could try installing a big heatsink in it, but I thought maybe it was time for an upgrade to one of the fancier new technology routers. What most people don’t realize about the latest crop of router technology, such as AC3200, is that unless you upgrade your clients, you’re not going to get performance anywhere close to what these things can do. Most of the devices in my house are 2.4GHz 802.11n and can’t even handle MIMO, but smallnetbuilder had an article which showed that you can get a speed boost with 802.11n on a 802.11ac router. I figured I might as well future proof myself and look for a midrange AC router.
After lots of research on smallnetbuilder’s site, I settled on the Linksys WRT1900AC. This router, built by Belkin, is a nod to the venerable WRT54G, and is designed to be hacked with open source firmware. The specs are pretty good, even in the 2.4GHz band, which is often neglected these days, and I was particularly impressed with the speed of its NAS function, which vastly outperforms anything out there. It has a USB 3.0 port + a combo USB3.0/eSATA port on the back, and lightning fast storage performance. When I received it, I was impressed with the build quality. This thing is a beast! It looks like a WRT54G on steroids, and makes its predecessory look like a toy. Big & beefy and heavy. I specifically got the V1 because it has a built in cooling fan which kicks in only when necessary (which isn’t very frequent, due to its gigantic heatsinks). The later V2, also known as the WRT1200ACS, no longer has a fan. This is not going to be a full review of the WRT1900AC, but only a synopsis of my experiences trying to get decent 2.4GHz throughput out of it.
I really wanted to like the WRT1900AC. It is a thing of beauty, and I spent quite a few hours trying to tweak it, but to no avail. Despite the 90Mbps 2.4GHz LAN to WAN downlink throughput measured by smallnetbuilder, I was not able to get more than about 30Mbps downlink out of any of the devices in my house, even when sitting only a few feet from the WRT1900AC. This is only about half what I get out of my old E4200, which works as fast wirelessly as it does through Ethernet, maxing out at almost 60Mbps, which is the speed of my Time Warner cable service. No amount of tweaking over two days (about 6 hours of mucking with it) could speed up the 2.4GHz downlink performance. I scoured google for tweaks and even tried OpenWRT. I figured that I could figure out to get more speed out of it with OpenWRT’s tweakability, but it actually got slightly slower.
Although the speed with a very strong signal was only half as fast as my E4200, at the edges of my house, where the signal was weak, the WRT1900AC performed admirably, giving not only better throughput, but also being able to actually function at distances where the E4200 signal was completely dead. This left me in a dilemma, because the extended range is actually pretty useful to me. Also, for some reason, the storage performance came up quite short of what was tested by smallnetbuilder. I have a Seagate 2TB USB 3.0 drive, which is normally connected to a hacked Pogoplug E02 running Debian linux. The Pogoplug only supports USB 2.0, and doing a file copy across the network on Windows 8.1, I the maximum throughput I get is about 11MBps. Disappointingly, when attached directly to the USB 3.0 port on the WRT1900AC, the throughput topped out at a measly 4MBps. This was the last straw for me.
The 5GHz wireless performance on the other hand, was terrific. It easily saturated my 60Mbps downlink. But I can’t just switch to 5Ghz, because its range is too short in my house, and the signal drops out in some of my bedrooms. Also, not all of my devices support the 5GHz band. So, with a heavy heart, I decided to return the WRT1900AC. Just as I suspected, upgrading to the fancy 802.11ac router doesn’t necessarily help performance with 802.11n clients. In fact, looking at smallnetbuilder’s testing, lots of the latest and greatest routers put less emphasis on 2.4GHz performance, so if like me, you don’t have any 802.11ac clients, you should save your money and buy something cheaper. As for me, I’m going to try hacking a temperature-controlled fan into my old E4200, and see if that makes it more stable.
I recently discovered the PCD Mobility Rev Bluetooth HRM on Amazon.com, for the ridiculously low price of $7.95 including shipping (currently also available on eBay for $9.95). This is a Bluetooth 4.0 (Bluetooth Smart/Bluetooth Low Energy) HRM with strap, for half the price of a replacement strap for a Garmin or Polar HRM! Despite the 1 star reviews on Amazon, I figured that if the HRM was total trash, I would still have a decent spare HRM strap. It arrived a few days ago, and I put it through its paces on a couple of workouts. I wasn’t expecting much, given the bad reviews, and was pleasantly surprised to find that it’s actually a decent piece of hardware.
The receiver is a bit chunkier and clunky looking compared to my Garmin HRM:
Note how it uses industry standard metal snaps, spaced that the standard distance, so the receiver and strap are compatible with Garmin/Polar/Wahoo/etc.
The Mobility Rev uses a CR2032 battery (included). The battery door has a rubber o-ring to seal out moisture from your sweaty chest. I don’t know how water resistant it is, however, and am not going to try immersing it. Unlike the Garmin, which requires a small Philips screwdriver to replace the battery, the Mobility Rev’s battery cover easily comes off with a twist of a coin.
The Mobility Rev strap (bottom) is the same quality and of similar design to my Polar strap (top):
I use the Polar strap with my Garmin HRM, because the fancy strap that it came with has rather sharp and hard edges that chafe during a long workout.
So far, I have taken the Mobility Rev HRM out for a 1.5 hour bike ride and a 3.5 mi trail run, using the Wahoo Fitness app on an iPhone 6, and it has worked quite well. Here are the metrics I use for evaluating wireless heart rate monitors:
accuracy: Since this is a cheapo HRM, I’m not going to do detailed testing with graphs. At steady state, the heart rate reading is identical to that from my fingertip SpO2 meter. On my 1.5 hour bike ride, I didn’t bother to bring another HRM to compare against, but the heart rate readings looked consistent with my experience, and there were no dropouts or spikes, even when I was riding over very bumpy pavement. On my 3.5 mi trail run, I brought along my Garmin HRM, and did concurrent recordings. I was disappointed to find that during the first minute of recording, the Mobility Rev spiked up abnormally to 144 bpm before stabilizing at my true HR of 109 bpm. This phenomenon, however, is a regular occurrence with my optical HRM’s (Wahoo Rhythm+ and Garmin Forerunner 225 built-in). Since I was wearing two heart rate straps, making the sensor placement less than ideal, it’s possible that this glitch was due to poor contact with my chest. After this initial spike, it settled down, and had identical readings to the Garmin during the rest of the workout, deviating by 1 bpm on occasion, even when my heart rate was fluctuating, due to my switching back and forth between hiking and running. My Pyle strap often spikes up to unrealistically high HR’s when there is intense vibration from my running. The Mobility Rev displayed no such aberrant behavior. For the most part, I was impressed by the accuracy and consistency of its readings.
signal stability: During use, the signal was rock solid and never dropped out.
range: my iPhone 6 was able to reliably receive the signal 40 feet away from the HRM even while indoors.
overall fit and finish: The plastic casing seems of decent quality, and the strap is of comparable quality to the Polar HRM strap.
reliability: Since I have only had it for a day, I don’t yet know if it will crap out after just a few uses. I will update this article after more testing.
Using the free LightBlue Explorer iOS app, I found that it identifies itself as BLUETOOTH SMART HRM, and reports the following device information:
The manufacturer string is Maxwell Guider. It’s a nice touch that it seems to support reporting of battery status, but I don’t have any partially dead batteries to test with, so I don’t know if it actually outputs anything besides 100% [Update: see below, it always outputs 100% even with bad batteries].
One caveat of the Mobility Rev HRM is that it only outputs heart rate, so you can’t use it for HRV analysis, which requires R-R interval data. I tried to use it with the Elite HRV app on my iPhone, and it wasn’t able to read any HRV data. As a cross check, I took a look at the raw heart rate data output, and found that it indeed only reports 8-bit heart rate and nothing else. Most people, however, are only interested in heart rate, and won’t find this to be a problem.
I have only had the Mobility Rev BT HRM for a day, so I don’t yet know if it will stop working after only a short period of use. If there are any changes to its performance, I will update this article. Even if it does fail, I’ll still be happy to have an extra $8 Garmin/Polar/Wahoo/etc compatible strap.
Update 2015-11-24: After only 3 days of use, it died. I tried putting several new CR2032’s into it, and it was still dead. I was ready to write it off as a piece of junk until I finally found one that works. Now, it’s working perfectly again. I think the people who are reporting on Amazon that it connects inconsistently or fails after a couple of days are just suffering from weak cells. This device seems to need a higher voltage than others in order to function properly. The functional cell has an open circuit voltage of 3.25V, while another that reads 3.21V doesn’t work. This makes me question the manufacturer’s claim of 1800hrs battery life. Also, during this testing, I found that the Battery Level service is fake, and always outputs 100%. Some of the weak cells would actually operate it for a few seconds at at time before cutting out, and it still outputted a Battery Level of 100%.
Update 2015-12-03: I’ve used the Mobility Rev HRM for at least 8 hours of cycling and running workouts now, and the readings have been absolutely rock solid. No spiking up of HR during the start of a workout, no spiking up of HR during running, and no dropouts. The HR readings are totally glitch free. One problem I’ve had, however, is that sometimes, it’s a bit difficult to get the unit to wake up. I wetting the strap contacts usually helps. One time, I had it mounted upside down on the strap, and it woke up when I inverted it. I’m surprised that it seems to be sensitive to L/R, but unit is actually labeled for left & right sides on the back. In the meantime, the price dropped to $6 on Amazon, so I ordered a 2nd one to keep as a spare.
Banggood.com recently had a special on the Gopher TechnologyCPS-3205 bench power supply. After searching for reviews, which were generally favorable, I decided to get one for $42.99 including shipping. At this low price, I figured it was worthwhile if it worked at all. The unit is small, fanless, and appears well-constructed. What convinced me to try it was Voltlog’s exhaustive video review of the CPS-3205C, which is a more expensive version with active PFC:
I am not able to use the CPS-3205C, because it only works on 240V, unlike the CPS-3205, which is dual-voltage 120/240V.
Upon unboxing, my initial impression of the CPS-3205 was very good. The unit is quite compact, nicely built, and easy to use. One trivial but annoying defect, however, is that the front panel meters are mislabeled. The voltmeter (on the left) is labeled A and the ammeter (on the right) is labeled V:
I can’t imagine how such a glaring error could have happened. The photos on Gopher’s website, and most photos from various vendors have the meters labeled correctly:
I started to wonder whether Banggood was selling counterfeits, also because mine is labeled GOPHERT rather than GOPHER. However, my fears were laid to rest when I found this photo on Gopher’s own website:
There are definitely genuine devices out there labeled GOPHERT and with the V and A reversed.
One important attribute of the CPS-3205 is that it doesn’t suffer from voltage transients at power up and power down, which can fry an attached circuit, unlike another cheap power supply I was considering, the PS-305D. Here is a test of the PS-305D’s nasty startup transient: Quick test of the PS-305D PSU. Although Voltlog’s testing shows that the CPS-3205 doesn’t suffer from startup voltage transients, there’s even a second layer of protection. By default, the outputs are disabled when it’s powered up. The ammeter displays OFF, and you must press the ON/OFF button on the front panel to enable the output. This further assures that the power is already stable by the time it reaches your attached circuit. Note that the ON/OFF button only controls the output. The main power switch is on the back of the unit. If, for some reason, you prefer to have the output enabled a power on, you can toggle this feature by holding the ON/OFF button depressed for 5 sec. If the ammeter displays dOn, then the output is enabled at power on, and if it displays dOF, then it’s disabled at power on.
The CPS-3205 has over current, over voltage, and over temperature protection, so it’s pretty robust.
I am not going to go into detail on operation of the CPS-3205, because it’s easy to read in the manual, and Voltlog demos it in his video. Suffice to say that the adjustment knob is very handy, because every time you press it, it shifts to a different digit to adjust, making it very fast to do fine or coarse adjustments. The LOCK button locks the adjustment knob and ON/OFF button from changes, and a nice feature is that it’s persistent even if you power the unit off/on.
WARNING: One attribute that’s not clearly stated in the manual is that in constant voltage (CV) mode, the current set in the constant current (CC) mode is an upper limit for the current that can be output. So, for instance, when the voltage is set to 25.00V and the current is set to 100mA, no more than 100mA can be output, so the output voltage will drop if you attempt to draw >100mA. I found this out the hard way, because mine had the current set to 000mA when I received it, so the output was zero in CV mode. I thought the unit was defective, as shown in my video:
After I played around with it some more, I realized that I had to switch it to CC mode and turn up the current before it would output any voltage.
I tested the accuracy of the CPS-3205 against a TES 2208 DMM. This TES meter has been my workhorse for the past 35 years or so, and has never been recalibrated. It’s no Fluke, but in my testing against other meters it’s been pretty good. That being said, I haven’t tested its accuracy in well over 15 years.
Out of the box, I tested a few random voltages in CV mode, and they were spot on. However, the ammeter displayed 5mA even when no current was flowing. Before running the tests below, I calibrated the CPS-3205 against the TES 2208 DMM, following the procedure at the bottom of this article. In the tables below, the readings are all shown to their maximum resolution.
The performance in CV mode was quite impressive, tracking to within .1V, and well within its rated spec of <=0.3% + 10mV.
TES 2208 DMM
Generally, the voltage reacted to setting changes within a second, but when I dialed it down from 28.00V to 00.01V, it seemed like it took about a minute to ramp down and finally stabilize. Interestingly, at low voltages <=.10V, even though the panel meter displays on the high side, the actual output is actually quite a bit more accurate.
In CC mode, the performance was not as impressive, but within the rated spec of <=0.3%+20mA.
TES 2208 DMM
While CC mode’s accuracy isn’t very good it’s still within its rated spec. The .3%+20mA accuracy makes it basically useless at low currents, so don’t use it for tiny loads, such as 20mA LED’s. The lower currents is where the PS-305D is a better performer.
I didn’t bother testing output ripple, because the accuracy of my CPS-3205 was very similar to that of Voltlog’s CPS-3205C, so I’m going to assume that the output ripple is similar. Also, I am not going to post teardown photos, because Voltlog’s video already goes over the innards of the CPS-3205C in quite some detail.
I am impressed that such an inexpensive piece of Chinese equipment is of such high quality. The CPS-3205 is well mode, easy to use, and surprisingly, comes from the factory fairly well calibrated. The user interface is well thought out.
Being a switch mode supply, it is light, compact, and quiet. Even though it’s fanless, it runs cool at the currents I tested.
One quibble I have is that the binding posts are in the rear of the unit. I wish that they were on the front panel, so I wouldn’t have to reach behind it. Also, the binding posts are lacking a hole drilled into the bolt for easy insertion of wires, and I wish the standoffs were a bit higher, so that they stood a bit farther away from the case.
The CPS-3205 not accurate enough for lab use, but for general hobby use, the performance is pretty impressive, as long as you can live with .3%+20mA accuracy on current control. It’s a great buy for the price. Currently, it can be had for <$50USD if you search around. It’s too bad that the current control isn’t better <100mA. It would have been nice to have the functionality to be able to run it between 5-25mA.
For those who want to re-calibrate the unit, it is easy to do, and the procedure is listed below.
WARNING: ONCE YOU ENTER CALIBRATION MODE, YOU MUST COMPLETE THE ENTIRE PROCEDURE. IF CALIBRATION MODE IS ABORTED BEFORE COMPLETION, THE UNIT WILL ALWAYS DISPLAY ECP/ECP(OCP) AND BE NON-FUNCTIONAL UNTIL YOU COMPLETE A CALIBRATION CYCLE:
A user has reported below that attempting the calibration procedure on a CPS-1610 resulted in the display getting stuck on ECL/ECL. Procede with caution and at your own risk. I myself have had no issues arise, and I have calibrated my two CPS-3205 units several times. However, !!!PROCEED AT YOUR OWN RISK!!!
1. Set V/A switch to A
2. Power on while adjustment knob is pressed in. PUSH OFF will be displayed
3. Press ON/OFF once, then LOCK twice. Display will be 03.00/001.
4. Hook up voltmeter to outputs and adjust output voltage to 3.00V with adjustment knob. Pressing the adjustment knob will toggle the sensitivity – ammeter will alternate 001/010 (001 is fine adjust, 010 is coarse adjust).
5. Press ON/OFF and display will be 30.00/001. Adjust output voltage to 30.00V
6. Hook up ammeter across outputs (dummy load is optional… the resistance in the leads is sufficient). Press ON/OFF and display will be 0001/1.00. Adjust current to 1.00A.
7. Press ON/OFF and display will be 0001/5.00. Adjust current to 5.00A.
8. Press ON/OFF and unit will return to normal operation, with OFF displayed and outputs disabled.
UPDATE:Roger Clark, the STM32DUINO guru, posted a comment below, informing me that you can upload to Bootloader 2.0 by simply loading the updater sketch, without a USB->UART adapter, so you can try that first, and save my procedure below for if it somehow fails and bricks your Maple Mini.
The procedure looks pretty straightforward, but I ran into some snags. Perhaps the easiest way to change the bootloader in a Maple Mini is to use the STM32’s built-in serial bootloader to flash it in. The serial bootloader is in ROM, so it’s a fail-safe method to program the chip. The technique involves hooking up UART1 to a USB->UART adapter. I had a spare CP2101-based adapter that works with 3.3V hardware:
Actually the RX1 & TX1 pins are 5V tolerant, so you can even use a 5V USB->UART adapter. Just make sure to hook up 5V -> vin instead of to Vcc, or you’ll be in for a very unpleasant surprise.
There are several programs available that can program the STM32 in serial bootloader mode. I tried both stm32load.py and stm32flash. Also, you will need the binary bootloader file, maple_mini_boot20.bin.
To put the board into serial bootloader mode, press and hold reset and but, release reset, and then release but. The board will look dead. This is normal. Then execute the command to flash in the bootloader. stm32flash is more straightforward, because it doesn’t require you to install Python. There are pre-compiled versions of stm32flash for various platforms in Arduino_STM32’s tools directory. My computer runs Windows 8.1, so I used the stm32flash.exe:
Using Parser : Raw BINARY
Interface serial_w32: 230400 8E1
Version : 0x22
Option 1 : 0x00
Option 2 : 0x00
Device ID : 0x0410 (Medium-density)
– RAM : 20KiB (512b reserved by bootloader)
– Flash : 128KiB (sector size: 4×1024)
– Option RAM : 16b
– System RAM : 2KiB
Write to memory
Wrote address 0x08001b7c (100.00%) Done.
Note that you need to substitute your USB->UART converter’s serial port for COM19.
If you prefer Python, you can use stm32load.py instead. Make sure to use the version from the Arduino_STM32/tools directory. I tried to use the version from STM32duino-bootloader and the version from libmaple, and both of them wrote only the first 512 bytes of the bootloader, so the Maple Mini was no longer detected at all when plugged into my computer.
Here is how to execute stm32loader.py:
C:\git\Arduino_STM32\tools\win>stm32loader.py -p COM19 -evw \hacking\STM32\maple_mini_boot20.bin
Reading data from \hacking\STM32\maple_mini_boot20.bin
Bootloader version 0x22
Chip id 0x410, STM32F1, performance, medium-density
Writing 7036 bytes to start address 0x8000000
Write 256 bytes at 0x8000000
Write 256 bytes at 0x8000100
Write 256 bytes at 0x8000200
Write 256 bytes at 0x8000300
Write 256 bytes at 0x8000400
Write 256 bytes at 0x8000500
Write 256 bytes at 0x8000600
Write 256 bytes at 0x8000700
Write 256 bytes at 0x8000800
Write 256 bytes at 0x8000900
Write 256 bytes at 0x8000A00
Write 256 bytes at 0x8000B00
Write 256 bytes at 0x8000C00
Write 256 bytes at 0x8000D00
Write 256 bytes at 0x8000E00
Write 256 bytes at 0x8000F00
Write 256 bytes at 0x8001000
Write 256 bytes at 0x8001100
Write 256 bytes at 0x8001200
Write 256 bytes at 0x8001300
Write 256 bytes at 0x8001400
Write 256 bytes at 0x8001500
Write 256 bytes at 0x8001600
Write 256 bytes at 0x8001700
Write 256 bytes at 0x8001800
Write 256 bytes at 0x8001900
Write 256 bytes at 0x8001A00
Write 256 bytes at 0x8001B00
Read 256 bytes at 0x8000000
Read 256 bytes at 0x8000100
Read 256 bytes at 0x8000200
Read 256 bytes at 0x8000300
Read 256 bytes at 0x8000400
Read 256 bytes at 0x8000500
Read 256 bytes at 0x8000600
Read 256 bytes at 0x8000700
Read 256 bytes at 0x8000800
Read 256 bytes at 0x8000900
Read 256 bytes at 0x8000A00
Read 256 bytes at 0x8000B00
Read 256 bytes at 0x8000C00
Read 256 bytes at 0x8000D00
Read 256 bytes at 0x8000E00
Read 256 bytes at 0x8000F00
Read 256 bytes at 0x8001000
Read 256 bytes at 0x8001100
Read 256 bytes at 0x8001200
Read 256 bytes at 0x8001300
Read 256 bytes at 0x8001400
Read 256 bytes at 0x8001500
Read 256 bytes at 0x8001600
Read 256 bytes at 0x8001700
Read 256 bytes at 0x8001800
Read 256 bytes at 0x8001900
Read 256 bytes at 0x8001A00
Read 256 bytes at 0x8001B00
Traceback (most recent call last):
File “C:\git\Arduino_STM32\tools\win\stm32loader.py”, line 531, in
I don’t know what’s the cause of the error at the end, but as long as it writes 7036 bytes, you see Verification OK, the bootloader is installed correctly. Whe I ran the bad versions of stm32loader.py, here is what the output looked like:
Bootloader version 22
Chip id `[‘0x4’, ‘0x10′]’
Write 256 bytes at 0x8000000
Write 256 bytes at 0x8000100
Read 256 bytes at 0x8000000
Read 256 bytes at 0x8000100
Even though it showed Verification OK, note how only 512 bytes were written to the Maple Mini.
If you have successfully flashed in the bootloader, the LED will flash continuously after you reset the board, indicating that the bootloader is running. In Arduino, you also must switch the setting to from Original to Bootloader 2.0:
If, for some reason, you want to revert to LeafLabs’ original bootloader, you can download it here: maple_mini_boot.bin.
The built-in STM32 serial bootloader is not only for installing bootloaders. You can also use it to flash in any other BIN file, including Arduino_STM32 sketeches.
Recently, I’ve been searching around for inexpensive higher powered alternatives to AVR-based Arduinos. There are several ARM MCU’s available that give a lot more bang for the buck in terms of RAM, speed, flash, and I/O. While I like PJRC’s Freescale-based Teensy 3.x boards a lot, they’re only available from a single source, and use a proprietary bootloader hosted on a separate MCU. FadeCandy is an OSHW board based on the same MCU as the Teensy 3.0, which is optimized for controlling LED’s. Unlike the Teensy 3.x, it uses an open source bootloader which is hosted on the Freescale MCU itself.
There are a lot of STM32 boards of various types available on eBay and AliExpress. LeafLabs’ Maple series of STM32 boards were pioneers in adapting Arduino for use with the STM32 platform. Unfortunately, the boards were quite expensive, and with the proliferation of cheap Chinese clones, they business was not sustainable, and they discontinued the line. Luckily, the OSS community has picked up the pieces, notably Roger Clark’s Arduino_STM32 project. The current state of the project is very impressive. Not only has Arduino compatibility been greatly improved, but they have created a new bootloader, and many other STM32 families are not supported beyond the Maple’s STM32F1.
I decided to dive in when I had a project that needed 10 PWM channels. The Maple Mini fit the bill. I bought a couple of BAITE BTE14-07 Maple Mini clones. They are quite cheap, under $4.50 including shipping from China. The board is packaged in an anti-static bag, and includes header pins:
While the pinouts, LED, and buttons of the BAITE BTE14-07 are identical to the original LeafLabs Maple Mini, the BAITE version is only 2-layer, instead of 4-layer. Also, instead of using two MCP1703 voltage regulators, one for the digital and one for the analog plane, the BAITE uses a single AMS1117. This means that LeafLabs version is probably more suitable for applications where ADC accuracy is required, but the BAITE version is better when more current is needed to drive attached peripherals.
I tried some sample sketches using Arduino 1.6.5 and Arduino_STM32, and the BAITE board worked perfectly. Some people on the STM32duino board consider it to be somewhat of a benchmark as far as Maple Mini clones go, so it’s probably a good bet for n00bs to the platform like me.
I’ve had my 2002 Honda Reflex scooter for many years. It tends to sit a lot in the garage, and I go through only about 2 tanks of gas a year, so lots of gunk probably builds up in the fuel system. One problem that I’ve always had, but never bothered to fix is that if it sat a long time, it would start cold OK and idle, but then when I tried to open the throttle, it would stall. The worst thing I could do is open up the throttle wide while this was happening… it seems like it would flood the engine, because it would stall, and then become hard to start for a while. Usually, running it for a few minutes and letting it warm up a bit would get it going enough that I could finally rev it up. If I managed to get it to rev w/o stalling just once, then it would run perfectly after that. The above problem would happen only if I let the bike sit for several weeks w/o riding it. Otherwise, it would cold start OK, and no problem with it stalling on initial rev up.
For the last 3 times I’ve ridden it, the problem has gotten a lot worse. I always have to use starter fluid to get it running. Then it idles fine, but stalls instantly when I try to rev it, just like before. But the difference is that now, I have to run it forever before I can rev it without stalling. And even if I manage to get it to rev to say 4000RPM and hold it there a while, when I let it go back to idle, then it goes back to stalling when I try to rev it. This is different from before, in the past, because holding it at 4000RPM for a few seconds just once would fix the stalling when attempting it to rev. Furthermore, now, I have to ride it without stopping for a few miles, or it will again stall when I try to rev it up. Also, there is a bit of hesitation when I start of from a traffic light.
After doing some research on the Internet, I guessed that the problem had something to do with the starting enrichment circuit. Rather than a choke, the Reflex has a starting enrichment valve which blocks a jet that lets in a bit of air when the engine is cold. This causes it to run rich, so functions a bit like a choke. Working on the Reflex’s engine is generally a pain, because it takes so long to take off all the panels to get access to it. To my delight, I discovered that the starting enrichment valve is accessible if you remove the plastic battery cover under the seat. Next to the battery is an access hole to the engine, which gives you peek at the top of the carburetor.
The starting enrichment valve is the black booted assembly pointed to by the red arrow below:
It’s held on by two screws, one of which is circled in red in the photo above. The other one is impossible to photograph, but it’s in the vicinity of where the red arrow points. Make sure to use a strongly magnetized philips screwdriver to remove the screws, to help avoid dropping them into the dark netherworld of the engine compartment. The clip in the photo below is clamped down by the two screws, and it in turn holds the starting enrichment valve in place.
Once the clip is removed, the valve simply lifts out. Mine was moving freely, and looked fairly clean. I didn’t bother testing it it, since my problem is with cold running. The valve is fully extended by default, which blocks an orifice that lets air in, so the engine runs rich. As the engine warms up, the valve is supposed to retract, letting more air into the engine, leaning out the mixture.
I sprayed some carb cleaner on the valve and wiped it off just for the hell of it, and then sprayed more carb cleaner into the jet:
Reinstallation of the starting enrichment valve is just the reverse of the removal. The procedure takes about 3x as long as removing it, especially when your screwdriver slips into the bowels of the engine, and you have to locate it and fish it out. I magnetized the screws to make them stick better to my screwdriver before very carefully putting them back in.
After I put everything back together, the bike started up without start fluid, so cleaning the valve & jet definitely helped a bit, but I still had to warm it up for several minutes before I could open the throttle without stalling. So I only fixed part of the problem. I guess the other jets in the carburetor are still clogged up. I headed out and bought some fuel injector cleaner. After pouring a couple of tablespoonsful into my tank, I added a gallon of gas, and took it on a 10 mile ride. It’s already running smoother, and no longer hesitates when I start off from a traffic light. I’m eager to see how it behaves next time I do a cold start. If the problem still doesn’t clear up after running the gallon of gas through the engine, I guess I’ll have to remove the carb and do a proper cleaning on it… something I’m not looking forward to. Access to the carb will require removing a lot of panels.