Introduction: Generic Switch Hijacker
This article describes how to build a solid state microcontroller device that controls physical switches. It is very inexpensive to make (4$ or so), assuming you have a microcontroller programmer. The circuit itself is of trivial complexity.
This project is very simple, and involves no stunning new techniques. It would serve as a good first microcontroller project. The assembly source code will be provided to you in this article.
I have a really cool boss at work. Sometimes, we like to play practical jokes on each other.
Unfortunately for him, I'm a scientist.
My purpose here is to make various devices in the workplace turn on mysteriously for short periods of time. Radios, noisy printers, even those annoying musical birthday cards hidden in some commonplace object.
Over and above that, the project is an example of how you control heavier loads with an AVR than the output pins can deal with themselves. This is a wide variety of things, since the output pins only give you a small voltage, and very limited current. This circuit could be expanded with a relay to control some very heavy loads indeed.
This project is very simple, and involves no stunning new techniques. It would serve as a good first microcontroller project. The assembly source code will be provided to you in this article.
I have a really cool boss at work. Sometimes, we like to play practical jokes on each other.
Unfortunately for him, I'm a scientist.
My purpose here is to make various devices in the workplace turn on mysteriously for short periods of time. Radios, noisy printers, even those annoying musical birthday cards hidden in some commonplace object.
Over and above that, the project is an example of how you control heavier loads with an AVR than the output pins can deal with themselves. This is a wide variety of things, since the output pins only give you a small voltage, and very limited current. This circuit could be expanded with a relay to control some very heavy loads indeed.
Step 1: Design and Circuit.
For this project, you can use almost any microcontroller, 5v voltage regulator, and NPN transistor. I used:
1x ATtiny26L-8PU (~2$)
1x TL780 5v voltage regulator (~0.7$)
1x N2222 transistor (~0.07$)
1x 9v battery, or 12v remote control battery to save space
...and of course my trusty STK500, now with ZIF sockets added!
The basic design is this: The microcontroller goes through two timing loops. A long loop for determining when to turn the device on, and a short loop to determine how long to keep the device on. When it's time to cause trouble, the microcontroller sends a logic high out pin 14 (Least Significant Bit of PORTA). This fires the transistor.
If you have connected the clamps to the leads on a switch, it causes the resistance across the switch to suddenly drop from very high to less than 1 ohm, which is enough for most devices to consider the switch on. Keep in mind that transistors are also diodes, so if it doesn't work... the polarity of the clamps is probably wrong, switch them! Also, this device requires a decent 9v battery, say with over 8v potential left... other than that it doesn't use much power.
There are a lot of unused pins, so of course you could use them to control more switches for more chaos, but this was sufficient for my purposes.
The next step is the source code I wrote to get this thing going. The default lengths for the "on" and "off" states are approximately 10 seconds and 13 minutes respectively. There are comments in the code on how to change these values.
Finally, please excuse the extensive use of the "nop" function (it spends a CPU cycle doing nothing) to tweak the timers. It's inelegant since it can break the rjmp function if you're not careful about how many you use!
1x ATtiny26L-8PU (~2$)
1x TL780 5v voltage regulator (~0.7$)
1x N2222 transistor (~0.07$)
1x 9v battery, or 12v remote control battery to save space
...and of course my trusty STK500, now with ZIF sockets added!
The basic design is this: The microcontroller goes through two timing loops. A long loop for determining when to turn the device on, and a short loop to determine how long to keep the device on. When it's time to cause trouble, the microcontroller sends a logic high out pin 14 (Least Significant Bit of PORTA). This fires the transistor.
If you have connected the clamps to the leads on a switch, it causes the resistance across the switch to suddenly drop from very high to less than 1 ohm, which is enough for most devices to consider the switch on. Keep in mind that transistors are also diodes, so if it doesn't work... the polarity of the clamps is probably wrong, switch them! Also, this device requires a decent 9v battery, say with over 8v potential left... other than that it doesn't use much power.
There are a lot of unused pins, so of course you could use them to control more switches for more chaos, but this was sufficient for my purposes.
The next step is the source code I wrote to get this thing going. The default lengths for the "on" and "off" states are approximately 10 seconds and 13 minutes respectively. There are comments in the code on how to change these values.
Finally, please excuse the extensive use of the "nop" function (it spends a CPU cycle doing nothing) to tweak the timers. It's inelegant since it can break the rjmp function if you're not careful about how many you use!
Step 2: Source Code
START:
.INCLUDE "tn26def.inc" ; Definition file. Google for it if you need a copy.
clr r30
clr r29
clr r28
clr r27
ldi r28,0b00000000
ldi r27, 0b11111111
ldi r26, 0b00000000
clr r25
out DDRA, r27
out PORTA, r28
TIMER:
inc r30
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
cpi r30,0b11111111
breq TIMER2
rjmp TIMER
TIMER2:
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
inc r29
cpi r29,0b11111111
breq TIMER3
rjmp TIMER
TIMER3:
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
inc r25
cpi r25,0b11111111 ;Lower this number to decrease "off" time
breq FUNC
rjmp TIMER
FUNC:
nop
nop
cpi r28, 0x00
breq FUNC2
dec r28
clr r30
clr r29
clr r25
out PORTA, r28
rjmp TIMER
FUNC2:
nop
nop
inc r28
out PORTA, r28
clr r25
clr r30
clr r29
rjmp TIMER4
TIMER4:
inc r30
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
cpi r30,0b11111111
breq TIMER5
rjmp TIMER4
TIMER5:
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
inc r29
cpi r29,0b11111111
breq TIMER6
rjmp TIMER4
TIMER6:
inc r25
cpi r25,0b00000011 ; Increase this number to increase "on" time
breq FUNC
rjmp TIMER4
.INCLUDE "tn26def.inc" ; Definition file. Google for it if you need a copy.
clr r30
clr r29
clr r28
clr r27
ldi r28,0b00000000
ldi r27, 0b11111111
ldi r26, 0b00000000
clr r25
out DDRA, r27
out PORTA, r28
TIMER:
inc r30
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
cpi r30,0b11111111
breq TIMER2
rjmp TIMER
TIMER2:
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
inc r29
cpi r29,0b11111111
breq TIMER3
rjmp TIMER
TIMER3:
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
inc r25
cpi r25,0b11111111 ;Lower this number to decrease "off" time
breq FUNC
rjmp TIMER
FUNC:
nop
nop
cpi r28, 0x00
breq FUNC2
dec r28
clr r30
clr r29
clr r25
out PORTA, r28
rjmp TIMER
FUNC2:
nop
nop
inc r28
out PORTA, r28
clr r25
clr r30
clr r29
rjmp TIMER4
TIMER4:
inc r30
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
cpi r30,0b11111111
breq TIMER5
rjmp TIMER4
TIMER5:
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
inc r29
cpi r29,0b11111111
breq TIMER6
rjmp TIMER4
TIMER6:
inc r25
cpi r25,0b00000011 ; Increase this number to increase "on" time
breq FUNC
rjmp TIMER4
Step 3: Final Note
Have fun, but remember that the transistor has limits in terms of how much power you can pump through it. That means no mains voltage! Besides the fact that it would overload the transistor very fast, this device will not control alternating signals well... unless you apply the modification described below *and* add a relay:
If worrying about clamp polarity annoys you, just wire in a second transistor with the base plate connected to the same source as the first transistor, but with the collector and emitter in the opposite configuration. That way, no matter how you attach the clamps, a logic high coming out of the microcontroller will always "turn on" the switch. Keep in mind the leakage current in this system may be enough to activate some sensitive switches like keyboard matrices, you may need to add a resistor in series for this application.
Remember that you can leech power from the target device instead of using a battery.
Finally... I installed the device inside an ancient accounting calculator, the type that have print functions. I reverse-engineered the keypad matrix using a paperclip to determine which IC pins when connected would cause paper feed, and connected the correct pins together with the device. Then, I disabled the switch that allows you to turn off the print function.
I consider the machine properly subverted. It turns on the quite noisy paper feed every 10 minutes, for 10 seconds, whenever the device is on.
It also worked well with the circuit from one of those hyper-obnoxious musical birthday cards.
My workplace is now more bizarre!
If worrying about clamp polarity annoys you, just wire in a second transistor with the base plate connected to the same source as the first transistor, but with the collector and emitter in the opposite configuration. That way, no matter how you attach the clamps, a logic high coming out of the microcontroller will always "turn on" the switch. Keep in mind the leakage current in this system may be enough to activate some sensitive switches like keyboard matrices, you may need to add a resistor in series for this application.
Remember that you can leech power from the target device instead of using a battery.
Finally... I installed the device inside an ancient accounting calculator, the type that have print functions. I reverse-engineered the keypad matrix using a paperclip to determine which IC pins when connected would cause paper feed, and connected the correct pins together with the device. Then, I disabled the switch that allows you to turn off the print function.
I consider the machine properly subverted. It turns on the quite noisy paper feed every 10 minutes, for 10 seconds, whenever the device is on.
It also worked well with the circuit from one of those hyper-obnoxious musical birthday cards.
My workplace is now more bizarre!