Welcome to my electronic lab! Over the last few years or so many people asked me about my personal lab, so today I am giving you a virtual tour of it.
We will go over what gear I use and how I set everything up so I can do my experiment efficiently. Along the way I will answer the questions that has been asked about my setup in my various posts. In particular, I will provide a rationale of why I choose one type of hardware versus another. The quantity of hardware described in this post might seems overwhelming but keep in mind here that it took me years to build this lab. I merely add a new piece here and there based of my needs and opportunity.
Disclaimer: I don’t claim my setup is the best but it works for my use-cases: tinkering with electronic, doing security research and repairing various pieces of equipment. If you have suggestions on how to improve it, let me know.
All my equipment is installed on a big and stable desk that I bought from IKEA (BEKANT model). As extra storage room, I used an extra thick shelf from IKEA as well (LACK model). Sadly the brackets (IKEA Ekby Töre model) used to fix the shelf to the desk without drilling are discontinued which prevents me from adding an additional shelf. If you know a place where I can find a similar product let me know.
All units are connected to an Intel NUC Swift Canyon barebone either via Ethernet or via USB when Ethernet is not supported. The NUC has 32GB of RAM and a 512GB SSD. This small PC allows me to handle the firmware upgrades, capturing screenshots of the different gears at once, handle the software defined radio (SDR) through its front USB3 port, dump NAND flash memories, etc. And the form factor is just great, leaving most of the space free. The 23” LCD screen is mounted on a Ergotron articulated arm. Again, the rationale here is just to keep the workspace clean.
To avoid damaging the wood of the desk, I put an ESD mat from Vermason. It provides a good protection and also has a standard ESD stud on each corner. I’m using that have a standard ESD wristband and the soldering station is also connected to it. I never felt that ESD protection was mandatory but considering that the mat was the most expensive piece in having the ESD setup done, I thought it was worth buying the few cables required to connect the mat to the ground through a 1M resistor and have the soldering iron properly connected too.
Finally, to provide power to everything on the desk, I am using a huge outlet (thanks to the very efficient form factor of the Swiss power plugs compared to the big fatty European one that I had to use when I was living in France) that provides me not less than 16 plugs!
Soldering, desoldering, and accessories
Of course we couldn’t talk about an electronic lab without starting with soldering and desoldering equipment. No matter what you’re doing, it’s really mandatory to have a soldering iron where you can control the temperature. Otherwise it’s like being a butcher who only uses an axe to cut the meat. I used noname stations for a while but at the end it always ended up the same way: something breaks or you want to change the tip of the iron but the model is discontinued and you cannot find spare parts anymore. So I decided to stay with a known brand and I bought a JBC soldering station. Be careful, it is super expensive. Really! But it is also amazingly good. It heats up almost instantly, I can have up to 4 different irons connected to the control station, I can change the tip of the iron in 2 seconds without burning my fingers. It’s just fantastic and modular but I also acknowledge that not everyone can afford it and may prefer cheaper alternatives such as Weller or Hakko which are very good too. I use a DME-2A control station with 3 tools (and stands):
- a T245 iron for general purpose soldering (through hole component, drag soldering SMD, etc.) with tips/cartridges C245-102 (2mm bevel tip), C245-759 (2.4mm chisel) and C245-931 (2.7mm spoon)
- a T210 iron for precision soldering with the cartridge C210-019 (0.2mm chisel)
- a PA120 micro-tweezers iron with C120-002 (0.2mm tip) which is pretty convenient for soldering or reworking SMD components, especially the small form factors such as 0402 or smaller.
For desoldering, nothing beat a hot air gun. Classically hot air guns are provided in the shape of a big chunky control station with an embedded air pump. I used to have such station but it was big, heavy, the cable transporting the hot air was warm, the air flow was somehow disappointing (ok, it was a noname station so it was definitely not a high end one), and at some point the air pump died. Finally, after seeing a review from Dave Jones (EEVblog), I opted out for the tiny cheap Atten 858D+ station and honestly it just works perfectly well for me. Even if it breaks at some point, it’s nothing but a radial fan in the gun and a heating element in the nozzle. It’s just super easy to service.
One need to protect his lungs because even if we have two, the second one is not there for high availability. So it’s important to have a fume extractor. Nothing fancy here. I just bought an extra filter from the beginning. If you think a fume extractor is not necessary, I encourage you to watch the video from Louis Rossmann on Youtube.
Finally, you will also need some accessories such as a tip cleaner, tweezers, soldering wick, flux, solder, and side cutters. I haven’t put links everywhere because there’s nothing too critical except the diameter of the solder: just be aware that to do very fine pitch soldering, you need to have a very fine diameter solder. Soldering 0.5mm (or less) pitch components is not going to work well with a 2mm diameter solder.
Another accessory that I added recently to my setup is a PCB holder. After having spent quite some time looking on the Internet, I opted for PCBite and it’s really really good. Sturdy, durable, comfortable to use. I even think about buying a second set.
As soon as you start soldering SMD, you may want to have a closer look at what you did to ensure that all the solder joint are done correctly. And for that, nothing beats a real optical microscope. You may think that a USB microscope may do the job or that a magnification glass/lamp could be enough. I tried them and they will never provide the same kind of feedback. Using a USB microscope that will show you things on a remote screen is a bit awkward because you’re moving your hands but you’re not looking at them. Maybe it’s just a matter of habit but I didn’t like it. And with the magnification glass, I was lacking the feeling of depth: having both eyes looking through it, it couldn’t reliably tell which hand was on top of the other. So, since the beginning I was using a binocular microscope. But then, with the blog or for publications, I wanted to take pictures of what I was seeing through it. Also on my previous microscope the working distance was pretty small and soldering without having the iron touch the microscope and burn it sometimes implied some uncomfortable positions for my hands. So I recently upgraded that microscope for an AmScope trinocular SM-8TZ-144S-10M. Again, the rationale behind the choice of the articulated arm is that I can push the microscope away when I don’t need it, freeing some space. The trinocular setup allows me to mount a proper Bresser 1080p HD camera on it. I replaced the 10MP camera that was provided because the videos were not as smooth and I would like to be able to shoot some movies of my work in the future. The only disappointment here is that the microscope is not simul-focal. This means that I have to choose between the camera and the left eyepiece; I can’t have both of them at the same time. If I had to rethink that choice, I would definitely go for a simul-focal model. The camera is connected through HDMI (the USB2 output could not sustain full HD resolution at 30fps) to a Magewell XI100DUSB-HDMI capture dongle that sends the feed to the NUC.
The oscilloscope is for the electronics what a good debugger is to a developer or a reverse engineer: a must-have. My first digital oscilloscope was a Mixed Signal Oscilloscope (MSO). But I was a bit disappointed of the logic analyzer and honestly I had no use of having both the analog and the digital signals on the same tiny screen. Therefore I changed it to a Rigol DS4034 oscilloscope. There was recently a sale and it came with the full bundle of options (all protocol decoders, advanced trigger options, and a bandwidth upgrade included) for free which makes it actually a Rigol DS4054 with 500MHz bandwidth. It has a very wide screen and while 2 channels would cover most of my need, there are times when 4 channels are necessary. Unfortunately, the software Rigol provides is not the same quality as their scopes: even with a 100Mbit/s Ethernet link, the UI is not fluid at all. It’s enough to make high quality screenshots without using a USB key but it’s unusable to make video or even control your scope in real time actually. An alternative software called Rigol UltraVision Utilities is available for free on the EEVblog forum and is much better than the official software. But the refresh rate is still not enough for good videos so I may consider in the future using the VGA output of the scope and plug it into a USB capture card connected to the NUC.
An oscilloscope is not enough though; you also need multimeters. And yes, I’ve written that in plurals because you may think about having 2 multimeters: one for measuring the current and the other one for the voltage for example. I’m using a Rigol DM3068 bench multimeter. It has a superb accuracy (6½ digits), covers great ranges of measurements and provides 4 terminal measurements if needed for a reasonable price. The only bad thing about it is that the continuity tester is really slow (i.e. the time between you probing a circuit and hearing the multimeter emitting a beep is long). For my second multimeter I chose a handheld model, an Agilent U1273AX which is a really good piece of gear. Of course, as you would expect if you’ve followed my philosophy when it comes to choosing equipment, I also bought the infrared to USB cable to stream the results back to the NUC.
Nowadays most the electronic world and protocols we can see on a given device are digital and to have a closer look at those, we need a logic analyzer. Like many others, I picked a Saleae Logic one, more precisely the Pro 16 model. Pros are that it simply streams the samples to the computer, it does that over USB3, can sample at up to 100MHz, and has an SDK to allow you to write your own decoder. The main drawback for me is that the samples have to be buffered on the computer and only when you stop capturing you can see them on screen and use decoders. I would prefer to have a “real-time” option here. Also the 100MHz sampling frequency can be an issue when the bus you are looking at goes above 50MHz due to Nyquist limit.
Finally, because I also do some electronic repairs, I added to the lab a programmable electronic load. This allows me to easily test power rails which are usually the first thing to fail on a device, by setting constant current, constant voltage, constant resistance or constant power mode. Very handy to test those cheap power adaptors. Mine is a BK Precision 8601, connected to the NUC over USB.
Should you be experimenting, prototyping or analyzing an equipment, you will need to power the device in a long term, reliable way. And for that you will need a bench power supply. Mine is a Rigol DP832A that I haven’t chosen for it’s cheesy colors on the front panel but for its high precision.
To complement my setup I also added last year an arbitrary waveform function generator, or ArbGen, a Rigol DG1062Z. I kept it with the native 8Mpts memory even though it has physically 16Mpts memory inside and can be unlocked through a software license upgrade. But I’m not using it to generate complex signals at the moment therefore 8Mpts is plenty enough.
Prototyping, debugging, reverse engineering
Another essential piece of equipment that you will need are breadboards. They allow you to quickly prototype something without soldering anything. And to be complete here, you will also need jumper cables here. Personally I bought fairly expensive ones from Schmartboard but they are more durable than the cheap alternatives which tend to break easily. I have an assortment of male-male, male-female and female-female cables.
To easily interface with any device, I also have a bunch of Teensy 3.2. I just love their form factor and they are very powerful: with overclocking, the Teensy 3.2 can go at 96MHz and it embeds a DSP for complex math computation! I also have a RaspberryPi 2.
If you have read my previous articles or if you follow me on Twitter, you should already know that I also have most of the boards derived from the GoodFET project: GoodFET, FaceDancer (USB), GoodThopter (CAN bus) and ApiMote (Zigbee).
I also have a bunch of FTDI development modules such as the FT2232H, FT4232H and UM232H. They can be used to dump NAND memory, quickly interface with serials protocols such as RS232 or RS485 and also act as a fairly fast (~20MHz) JTAG interface that is compatible with OpenOCD. The smaller module even comes in a breadboard-friendly format.
To deal with (E)EPROMs and/or flash memory chips I have a TNM5000 with all the adapters, including the optional TSOP56 for NOR flash that I had to buy separately. I also have a PICkit2 and a PICkit3. The main reason about having both is that the PICkit2 is compatible with Linux. But newer Microchip MCUs require a PICkit3.
When it comes to RFID, I have a Proxmark3 from RiscCorp that I recently upgraded to Proxmark3 RDV2. It comes with much better antennas (sometimes they are a bit too good actually) and in a nicer form factor without the stupid Hirose to USB cable. Also it has a more modern micro-USB plug instead of a mini-USB.
For radio frequency investigations, I have bladeRF x115 since I was part of the Kickstarter campaign with its optional transverter XB-200 for lower frequencies. But that’s not a surprise considering that I am the author and maintainer of the SDRSharp plugin for it.
I also have a bunch of Chipcon/Texas Instrument dongles: CC1111EMK, CC2511EMK and CC2540EMK. They are very handy to quickly deal with some sub-GHz protocol with RFcat or to sniff at Bluetooth LE packets. I also have the complementary Chipcon debugger which allows in conjunction with SmartRF Studio to experiment easily and reflash the dongles with the RFcat firmware (but a GoodFET would have been enough for that purpose).
In order to deal more specifically with Bluetooth and Bluetooth LE protocols, I have an Ubertooth One dongle
I also participated at the crowd funding campaign of Chipwhisperer but I haven’t got the time yet to go through all the documentation and tutorials to use it effectively.
And for more high speed or complex protocols, I have a Terasic Altera Cyclone IV FPGA development kit which allows me through its extensive set of mezzanine boards and GPIOs to interface with pretty much everything provided I spend enough time writing Verilog/VHDL for that.
It makes a quite long article and I hesitated to cut it into several parts but as some choices I made are somehow linked between the categories, I thought it would make more sense to have everything in one single article. I also hope that it will be helpful to some of you and don’t hesitate to tell me in the comments section.