Colorlight Hub 5A-75B V6.1 Board

[ Also available at https://lucasteske.dev/2020/06/hacking-a-esp32-into-fpga-board ]

Last year I saw a russian guy that found out that this cheap board (US$15~) had an Lattice ECP5 FPGA, which is compatible with Open Source Tool-chains for synthesis. He was running a RISC-V Core inside that and piping the serial through the ethernet ports. I wanted to get one and start playing by myself.

These boards are relatively cheap, about US$15 and contains a Lattice ECP5 FPGA ( LFE5U-25F-6BG381C ), 4MB DRAM, Two Gigabit Ethernet and several level shifters for I/O. This is good because:

  1. That’s a very cheap board by the specs


The “Talk to me, Goose challenge” on Hackasat

[ Also available https://lucasteske.dev/2020/05/hack-a-sat-talk-to-me-goose/ ]

This challenge is just after the “Can you hear me now?” challenge (see https://medium.com/@lucasteske/hack-a-sat-can-you-hear-me-now-c6f68ed6086b ). Now LaunchDotCom has a new Satellite called Carnac 2.0.

There are two attached files. The first one is the manual of the satellite in which we can see the onboard equipment:


The challenge

[ Also available at https://lucasteske.dev/2020/05/hack-a-sat-phasors-to-stun/ ]

I got really excited about it because its a SDR one. And everyone that knows me know that I love SDR stuff.

The zip file itself contains a wav file which they told us is not an audio but an radio signal


The challenge

[ Also available at https://lucasteske.dev/2020/05/hack-a-sat-can-you-hear-me-now/ ]

That challenged asked us to decode a Telemetry data that was being sent over a TCP port. If you open the netcat, the following happen:


Home Assistant Integrated TouchPanel

[ Also available at https://lucasteske.dev/2019/12/integrating-hacked-touch-panel-into-home-assistant/ ]

In the previous article I showed a simple hack of a chinese Touch Panel. Now I have successfully integrated it Home Assistant and I’m able to turn my room light on / off. Here is how.

From now on I will assume you have ESPHome working on your machine and Home Assistant configured. ESPHome is very easy to install if you have python pip:

pip install esphome

Should install everything you need.

First let’s create our project. I will call it touchpanel.yml:

File touchpanel.yml

Check the comments in this file to change the required…


Dimmer Touch Panel

[ Also available at https://lucasteske.dev/2019/12/hacking-dimmer-touch-panel-with-esp8266/ ]

I bought two of these LED Touch Panel Dimmers in Banggood and they look pretty good. But since my house automation has its own way to controlling the lights I wonder if I could hack them to send info to Home Assistant.

The first thing I opened one of them to check what’s inside. It has two boards connected by a Flat Cable


DISCLAIMER: This procedure is highly ilegal basically anywhere in the world. Be sure to run this in a closed RF environment (aka Faraday Cage)

This article works with any LimeSDR version.

[ Also available at https://lucasteske.dev/2019/12/creating-your-own-gsm-network-with-limesdr/ ]

For this example we will use the Osmocom GSM Stack in the NITB (Network in the box) mode. In this mode the phones connected to you BTS will be able to call each other and send SMS messages. There is also the Interconnect mode in which the BSC (Base Station Controller) connects to a ISDN or IPBX (for example Asterisk) to manage the…


How to perform a very simple MitM Attack on a Intelbras/Dahua IP Cameras / DVR. This uses Ettercap to do an ARP Poison and a simple GoLang Script to fetch the username/password.

Disclaimer: This type of attack is basically illegal anywhere in the world. My intentions with this tutorial is to demonstrate why you should ALWAYS use a TLS connection for ANYTHING. Use for you own risk.

For the purpose of responsible disclosure, I contacted Intelbras on Twitter on 11/08/2019 and let them know I expected a reply from them until 17/08/2019. …


That’s not the first time I get a Chinese hardware that has some proprietary protocol that does not follow a single standard. It’s funny because when you get a VERY cheap thing, you expect to use many standards as possible to reduce the development cost, but some chinese developers just want to do it yourselves.

I present you the “VRCAM” and it’s SOUP protocol (any relation to SOAP is just a mere coincidence :P)

The Hardware

Let’s first start with the hardware itself. It’s a 2 Megapixel sensor with 1280x960 video resolution. It features 3 IR Lamps (same model as the raspberry…


When the GOES-16 was first announced I got interested in their GRB Downlink (although the first try was at HRIT downlink). Basically GRB is a replacement for the old PDR downlink in GOES 13/14/15 generation, which gives few advantages over the old link:

  • Uses market standard DVB-S2 Generic Stream
  • Have FEC (as defined by DVB-S2)
  • Higher bandwidth
  • Easier to receive due DVB-S2 FEC

For those who don’t know, the GRB is a direct rebroadcast of GOES data, with minimum processing as possible (usually just packaged into NetCDF files with calibration parameters) and is intended for anyone that want’s to get…

Lucas Teske

Programming, Hacking, SDR, Satellites. Basically everything technology related. Everything is also posted on my site https://lucasteske.dev/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store