English

New Designs Updated Monthly

View All Products

11 Years Of Industry Experience

View All Products

Quality First, Reputation First, Service Fist

View All Products

Photodiode Amplifier Circuit Spy on Mobile Phone | Hacker Day

2021-12-16 08:18:49 By : Ms. Susan Cai

To help his friend prepare for his presentation at DEFCON this weekend, [Craig] built an infrared photodiode amplifier circuit. This circuit extends the detection range of hackers from a few inches to a few feet. We are fascinated by some well-designed analog circuits, if you are too, be sure to check out the video embedded below.

The conversation involves fingerprinting the phone through infrared radiation emitted by the proximity sensor. For example, these sensors can tell the phone whether to hold the phone to the ear. Of course, if the IR transmitter in the proximity sensor is running all the time, it will consume battery power, so the manufacturer will only turn them on intermittently. If different manufacturers use different modes, you can fingerprint the phone-if you can detect infrared rays from a long enough distance, then you can use it.

This brings us to the infrared photodetector amplifier. This circuit is "almost" a simple operational amplifier current-to-voltage (transimpedance) amplifier. But there are also complications. In order to obtain a very high gain, the circuit becomes easy to oscillate due to the inherent capacitance of the photodiode, so there is a damping capacitor in the feedback loop. To avoid rail-to-rail shocks, [Craig] biased the positive input and added some diodes in the feedback loop to reduce the output range. As the output goes to the microcontroller, it runs through the comparator to make it good and digitized. Finally, [Craig] used a good large photodiode with good sensitivity.

We want to know why [Craig] spent so much effort to keep the first stage op amp from being saturated when he tracked it with a comparator. anyone?

In any case, it is cool to be able to detect infrared pulses from a distance. Did you know that photodiodes can be used to detect (beta and gamma) radiation? The same warnings regarding oscillations and signal conditioning apply!

Why should we avoid saturation, even with a comparator following? One word: speed. Saturated op amps will be limited by the recovery slew rate.

+1 is just for more information: http://www.analog.com/library/analogdialogue/archives/37-04/comparator.html

Why is it speed? It's 750Hz!

"Speed" refers to the rise and fall time; not the period.

Using cheap eBay Fresnel lenses, this can be a good front end for anti-infrared speed trap warning systems.

The problem with infrared warning systems is that when you detect light, they have already read your speed. Their range is not as wide as the old radar system, they usually aim the laser at your license plate and use retroreflective plates to reflect the light back to them. At least, they are doing this here, and the technology may be different for provinces/states that do not require front panels.

@Jeff Do you provide a link to more detailed documentation/detailed information?

I don't think he can now. [Jeff] was stopped for speeding and is currently explaining to the police officer that his speedometer must be wrong.

If you don't believe in Wikipedia, please get this link from the police forum. http://forums.officer.com/t102024/

Well, if there is no reflective license plate, the device may take up the peak speed of all reflections. The next considerable fast reflection comes from the top of the wheel cover (about 180% of the car speed...this probability will be quite low, IMHO. But there are always Bayesian statistics, so those who know they are speeding will never go to the police forum to find possible misunderstandings...

Anyway, good luck, trying to explain Bayesian statistics to the police...

Another possible reading may be the mirror (mirror-like) reflection of the target car, the retroreflective traffic sign facing the same side of the road, or the retroreflective license plate of the car on the opposite lane. First, give a reading case of 2 times the target car speed. Or the second case of 2X target speed + 1X vehicle in the opposite lane...

I understand, but I don't understand. Is there anything other than telling you what you can find from the photo or when they walked past the target when they took out their phone? Of course it is useful to know what phone they are using, but this method seems complicated. I think I have to watch the speech when it is released.

Leithoa-As I said before, these HaD people (I also mean the United States now :-)) are like citizens of DARPA. Obviously, the following [Tim Quester] stumbled upon some amazing things about our phones and tablets. As your post implies, the first half of the first paragraph of the summary below will interest you.

BIO "Tim K (@bjt2n3904 [on Twitter]): is an electronic engineer living in Virginia Beach. He likes designing embedded systems and using radios. Previously, he has taught at conferences such as Kiwicon and Cyber​​​​ Software-defined radio seminar. His favorite programming language is solder." (The "solder" thing is a witty remark by the late Bob Pease)

Blinded by Light-Summary "Did you know that some of your tablets and smartphones can broadcast IR even when the screen is turned off? These signals can be used to discover and identify specific operating systems, and in some cases they can be used To identify specific devices? This course is designed to help you understand that it’s not just RF betraying your identity and places you’ve been. This live demo will reveal the current use of infrared (IR) proximity in cellular devices (and other devices) The possibility of accidental tracking while detecting the detector. This demonstration will show students how to recognize smartphones, Android and iPhone through IR patterns displayed at a distance. This course will teach the technology of fingerprinting these patterns. Topic: History: Past IR exploits and how to learn from it. Hardware: photodiode VS LED comparators and why we need them. The amplifier improves the ir collection technology of everyday products. The improved IR filter is used to read the signal's logic analyzer and oscilloscope technology. Software: Use arduino to evaluate IR in the field. How to understand signals that are not in the library will also provide viewers with guidance on how to make their own infrared detection equipment to detect infrared in various situations. The tool will allow people to know when their equipment triggers IR responds and discovers whether the devices around them are using IR. It also allows them to demodulate and view the type of data sent via IR. Classes will be encouraged to discover and target their own devices as a proof of concept."

Source: http://defcon-wireless-village.com/speakers.htm (from [Craig] above)

Sorry, I removed L from .HTML-the link should be http://defcon-wireless-village.com/speakers.html

Leithoa-This vulnerability can be compared with placing an infrared beacon on the target car and tracking him with an infrared camera (i.e. loose tail?). If you know the IR patterns issued by other brands and models, you can compare it with other IR beacons in the hypothetical room and find out where your target is among the many other IR beacons. [Craig] It is recommended to place the detector on a sniper scope and point it around the room to track your target. To stop the exploit, just turn the front of the phone in the hip holster so that your camera faces out. In this way, the infrared array fires toward your hips instead of outwards.

@tb69rr actually ran this project! I just helped some firmware and demos. It's fun to work with him! (And thanks for your article HaD!)

Like I said before, I know what it is doing, but I still don't understand how useful it is. This simple "tracking device" can be frustrated by putting the phone in your pocket instead of using the waist bag of the 00s.

Unless you use proxy sensors to send/receive data, all you do is narrow the range that can be clearly seen by the person responsible for tracking the suspect. Even if you can tell that they are using some 3rd party apps to control the screen brightness, in rare cases, this will not provide you with any actionable information. Of course, if they obtain commercial/national secrets over the phone, and you want to track a specific device or identify it in a pile of evidence, but in other cases you still need to monitor the team to be within the sight of the person you are in anyway.

I agree with you 100%. However, this idea is a bit cool because it means that you don't have to place any electronic asset devices on the target (that is, errors). You only need to know his IR information. When you enter a large conference center in a loose tail, your gadgets can pick him out of the crowd. Your team approach may scare the suspects because they stick out like a sore thumb in such an event (ie, flat cut, no visible ink, no piercing or no earlobe enhancement, Motorola headset, Oakleys (indoor), etc.) Yes, putting the phone in your pocket will fail if it doesn’t face outwards, because infrared rays can penetrate thin clothes. But most people like belt holsters (especially men). The device can detect the infrared reflections of the face (when using a mobile phone) and reflective clothing. The sniper range is a bit prominent.

I think that with some work, this idea may be very useful. It just needs some evolution. I believe someone will come up with some solutions, and soon...

>But most people like belt holsters (especially men).

Where are they now? I see that maybe 0.5% of users have hip holsters. Another 99.5% of men use pockets, while women seem to be 60/40 pockets/wallets. It is absurd to say "most like a holster".

Eric-Well, let me say it again: "...Most men I see in my daily activities (in the northeastern United States) seem to like a hip holster with a belt, as if it were a gun Something like that. Some young women I have seen like to put their smartphones in the back pockets of their jeans, with the top of the phones sticking out." So my experience is not absolute. I think there are exceptions to the rules. The belt support looks very practical. When it sounds, you can grab it quickly. It sounds counterintuitive to fumble for it in my pocket or purse. I keep getting calls from the "pocket dialer". This is too annoying! All you hear is people walking and background noise. greet! Loudness doesn't work either.

I'm thinking of inventing a long button hole on the left or right side of the bottom of the T-shirt for men who like to wear sweatpants and unfolded T-shirts (that is, the ugly American look?). Hemming holes can support your leather case clip, and won't push down sweatpants without a belt. It looks weird to clip it to your collar. If your drawstring is too loose, clip it to your sweatpants and your pants will fall off. It is annoying to carry it. There is also a problem with the upper arm jogging holster.

Attempting to analyze any non-obvious analog design is equivalent to correctly analyzing the winning code of the international obfuscated C code competition. The only way to justify educational (?) print space in such a design is to provide absolute details—all details—by the designer. See some outstanding works by the late Bob Pease.

Please be kind and respectful to help make the comment section great. (Comment Policy)

This website uses Akismet to reduce spam. Learn how to handle your comment data.

By using our website and services, you explicitly agree to the placement of our performance, functionality and advertising cookies. Learn more

Featured Products

News & Blog