Almost a real RF engineer!

As you will have read, I decided to trying and tackle making an NFC reader. It is my first project in any sort of RF, so a massive learning project, but also a first in terms of trying to fit small components (e.g. QFN-40) on a PCB. The QFN-16 for the FT230X was just about doable with a soldering iron, but now I am in to solder paste and re-flow oven territory (more on a later blog).

I decided to give it a go, and made an NFC board, and to my (quite frankly) shock, it worked! It worked well, in fact - seemingly at least as well as the Elechouse board. I have made some tweaks with smaller components, and that also worked. Designing a PCB can be like a never ending piece of art - always one more small tweak or improvement. I am now working on a 3rd version, with even smaller components, but this time I am starting to do it properly from am RF point of view. Instead of just drawing an antenna track and hoping (which worked, to be fair), I now have an "network vector analyser" to tell me how the antenna and tuning circuit works.

The trick is to test the antenna and make component changes, or even adjust the antenna design. Apparently all sorts of things impact the tuning including any components near it, or just bits of copper track, and so on, even the case (even if plastic). But using one of these gadgets it is possible to work out if you have the tuning right, or close, and make adjustments. I am still learning, but getting there. In that image, you can see I changed the loop length a bit, and as expected the centre frequency moved.

My plan is to have a good quality, tuned, working, NFC reader design (open sourced), that I can sell. Something that is better than the standard Elechouse boards everyone uses. Apart from better RF (well, better than all the cheap copies of the Elechouse) it has red/amber/green LED and tamper switch. This makes it perfect for any sort of access control entry reader. I'm not really expecting to make much money, but would be nice to cover the costs of getting this far and learning this stuff.

I expect to make up a few of a final design, maybe next week, and offer some (free) to people like hackspaces to have a play and give me feedback. Obviously, if they are hit, I could have hundreds properly made and sell them. But this whole project was more aimed at a learning exercise in the first place, so covering my costs would be a huge win.

It almost makes me a proper RF engineer, LOL!


Solder paste, and reflow oven

I got a cheap reflow oven off Amazon. Seems to work, but I am no expert, and there is some advice on the internet about some tweaks and improvements to that model too. However, baby steps.

I also got some solder paste. I do not (yet) have a stencil. So advice on how one uses a solder paste stencil, and what paste you get, and so on, may be useful.

This does, however, pose a problem. Whilst it is very easy to put a spot of paste on the pads for the passives, there is no way in hell I could possibly put paste on each pad on the FT231XQ or USB-C connector. The pins are too fine.

So how to do it. Well, I did wonder if just putting paste over the whole row of pads and relying on surface tension may work. But the other snag is these short turnaround boards from PCB Train have no solder resist. Still, it is worth a try...

Well, not quite. That is the USB-C connector, and you can maybe just see that the end power pads have bridged. As it happens a touch with soldering iron sorted that and all the fine pads were OK. But it is clearly not reliable. Attempts to do this on a simple QFN-16 were less good. I suspect if I got exactly the right amount of paste it might work, but generally, no. And I doubt any chance with a QFN-40.

So what now?

Well, what I was doing with the hot air gun was tinning the pads manually (easy), and putting liquid flux on the chip, and then blasting it. It worked pretty reliably, but the heat was not very controlled and you end up charing the PCB.

So will that work in the over? Well, the short answer is yes! (well sort of)

I tin the find pads, flux the chip and place on tinned pads, solder paste the passives and put them on board, and then reflow. It seems to work most of the time, but occasionally I have to heat gun and push the chip down on to the board to ensure all pins connected.

Just as well, as I have just got the new NFC boards to play with. Fingers crossed.


Well, I made one

As per my earlier blog post, I wondered if I could make a NFC card reader... Well, I have!


I am in a lucky position in many ways - whilst I have a "full time job", a lot of the day to day running of A&A is handled by my management team, so I can "tinker".

This means I can try things out, do R&D pretty much as much as I like, and try and make something like this NFC reader just for the hell of it. Of course there are practical applications - I have several of the Elechouse PN532 NFC readers here because we made access control and alarm systems for the office (and even sold one) which use them. I suspect we could make, and sell, these cards. But a lot of the R&D I do is speculative (and educational) - it might sell, or might lead to something that does, maybe. Indeed, my work on NFC and DESFire cards does look like it had led to a contract that is very worthwhile, but I could not have known that at the start. The more expertise we get as a company, the more we can sell.

So, to answer the questions people have asked, mainly "why?", it is mostly because I can!

Back to the NFC reader itself

I said it may be a nice idea to try and make my own reader, much like the Elechouse reader. Well, I went ahead, a proof of concept, and it works. Yes, I am shocked too.

As a version 1 board it was not perfect. For a start, it seems the data sheet for the crystal shows the underside of the chip pin out, so if you use that as the solder pads you end up back to front. Some messy soldering and wires allowed me to work around that.

I also found soldering a QFN-20 chip hard, even with my heat gun (hence the charring), so I have ordered an oven. I'll blog on that later. I may eventually progress to solder paste masks and the like. We'll see how it goes. Even so, this is all well within the grasp of the amateur / hobbiest.

I also found the LEDs would not work - apart from ordering the wrong LEDs (diode drop was more than the supply voltage, idiot), it seems GPIO P34 does not play and I can't work out why. I have read the data sheet over and over, tried loads of config changes, and it should work, but I cannot make it work (and cannot on the Elechouse boards either), so re-done using other GPIO pins.

Version 1 board - actually works!

Version 2 board

I also decided to move to smaller 0805 components instead of 1206 - simply because of the challenge of fitting all the components on such a small board. I have made a number of value changes to more closely match the PN532 reference circuit. So that is next. I also think the Elechouse boards can overload the receiver, and it meant my Amex card would not read on my board, but a component change and it does now!

But first I need to actually test the two LEDs that should work do in fact work well enough, and test the oven when it arrives. If all goes well I'll order some version 2 boards and test.

What is wrong with other boards?

If you search for NFC readers you find two main types of things you can buy: (a) a nice plastic card reader with rubber feet to sit on your desk and connect via a USB lead to your PC, or (b) a "development board" with lots of 0.1" spaced pins to allow you to tinker, usually quite large. What you don't find is a board designed to actually be used as a component in an access control system.

To be fair, the Elechouse is pretty close - it has lots of extra pads for general tinkering but is not bad. What is lacked was LEDs for feedback and a tamper switch. That is what I have added. Just to be clear, my board is not a copy of the Elechouse, and is based on the reference circuit in the PN532 datasheet.

My board is HSU (High Speed UART) only (as that is better on a length of wire than I2C), only four wires (GND/VCC/TX/RX), and a choice of connectors on either side of the board for easy use in an access system or in a nice simple case as a device on your desk connected to a PC, if that is what you want. I'll do a 3D case design as well for both.

So I actually think my board design will be a good, usable, and even sellable board. If there is any demand I may get a few hundred properly made. But it is also nice that I am making this all open source, not just the s/w drivers, but the actual PCB layouts so you can easily order and make yourself if you want.

This is the version 2 board so far... May be real boards next week.

[P.S. I have ordered these now...]

Update: The V2 board work, and I have sent to an RF engineer to check if I need to make any tweaks before making the next version.


Tooth ache

I am sure we have all had tooth ache. I rarely have to see a dentist and rarely have tooth ache, but, well, I do now, and the delay in getting to actually get it fixed is painful.

Why my whole mouth

I have seen the dentist, and he has booked me in for a filling next week. It seems that it is just one tooth, with a broken filling, and that is it. So why does it feel like my whole jaw is trying to kill me, not just one tooth. I think "referred pain" is the answer, but it is hell. At least now I know it is one tooth I know that is the problem that needs attention.

Why some times and not others

OK I understand if I eat something and get something in the broken tooth on to the nerve, it will hurt, but it is far from that simple. Eating can make it worse, and cleaning my teeth can make it better, yes. But it seems it will be hours, maybe even all day, without a twinge - I can forget I have tooth ache. But then can be hours in agony - meaning I can't think, can't sleep, can't work. There is no clue to it at all.

Right now eating a meal is challenging though.

Temporary fillings

You can buy them (amazon!) and initially they appeared to work, but then not. They don't last long and come out easily. It is now the point where if I put in a temporary filling I will be in agony, so that is no good. Shame.

Pain killers

You would think pain killers would be the answer, so here is the list of what makes fuck all difference!

  • Paracetamol
  • Prescription strength co-codamol
  • Ibuprofen (seems to help a bit, maybe)
  • Bonjela
  • Infant teething granules (aka "baby crack")
  • Sensitive toothpaste

What works?

The only thing that helps, and not for very long, is literally cleaning my teeth with isopropyl alcohol. Obviously used with care although not particularly toxic.

I am, however, trying more normal ethanol ingestion as well as a method to reduce the impact of the pain.

Only a few more days...

P.S. With only 2 days to go, I think I have it - the temporary filling was a problem, but because the actual problem was not where it looked, and putting the filling in the obvious hole in my tooth just forced the broken filling in to a position which caused more pain. Now I see where the issue is, I can put a tiny bit of temporary filling around the broken filling and plug the pain mostly. The clue is that the nerve does not tell you where the pain is located, that is a serious problem!


Home automation for geeks

This is mainly about bridging some of the "trendy apply shit" and "command line forever" types of working for home automation.

Background: I have done quite a bit for home automation here at the new house. There are thousands of IoT devices (smart sockets, lights, switches, all sorts). They all come with their own app, cloud service, and feature set, but thankfully most work using ESP8266 chipset and can be "reflashed" with tasmota. Tasmota is an open source IoT application, and very flexible. It is not that tasmota is "better" than the systems that come with these devices (though it usually is), more that almost any device from almost any manufacturer can be made to work in the same way with the same config. The main one I have been using of late is the Shelly 1, which is very easy to reflash and has a relay and switch input. I do, however, have a number of my own devices, including environmental monitors. The tasmota devices can do lots of automation and send messages to each other as needed. I have, however, tried to keep it simple so a light with a Shelly 1 will have the switch connected and will work the light based on the switch even with no WiFi or Internet working!

These all work over WiFi and connect to an MQTT server. MQTT allows devices to talk to each other using a "topic" (simple text string) rather than that pesky IP addressing stuff :-) But it is very much in the school of "command line" over "GUI".

Bring on apple!

I use an iPhone, but I have not bought in to their home automation. As I say, it is more "command line" for me. That is until now. After much nagging from my son, I have managed to link my Shelly 1 and other devices, including my own environmental sensors, to my iPhone!

  • I have MQTT running on a Raspberry Pi in my loft. It is just apt install mosquitto. You may want to set up some security too.
  • I installed homebridge. There is a Raspberry Pi image even. I just followed the instructions and it worked. Again, set a password!
  • I installed the add on homebridge-tasmota plug in (just search on the plug in tab on the web config for homebridge).
  • I sent a cmnd/tasmotas/SetOption30 1 to turn on Home Assistant Discovery on all my tasmotas.
  • I added the homebridge to me "home" on my iPhone. It asked what room each device was in. It warns it is not an approved bridge :-)

It is worth pointing out it is not perfect. If devices are added afterwards they appear in the "room" where the iPhone thinks the homebridge is located. You can move them to the right room, and rename them, but it is not quite as stable - resetting things can move it back very easily. So I recommend getting on homebridge first then adding the bridge. It asked where each devices it when you do that. You can reset the bridge and re-add if needed.

As for my environmental monitors, I added the necessary home assistant discovery messages, and it works. I had to do a bit of trial and error, and reading the homebridge-tasmota plugin code, but managed to make it see Temperature, Humidity and CO2 properly. Again, it seems better if these are seen by the homebridge before adding the bridge to the iPhone.

But yes, it works. I am all GUI'd up now!


Why Three Words

In case you did not know, What Three Words is a system that assigns three words to a location in the world within a few metres.

What is the problem this is trying to solve?

Well, the issue is that people often have an exact location but need to convey that to someone else. The classic example is someone on a telephone call to Emergency services. Reading, Speaking, and Typing a latitude and longitude is very error prone. Reading, speaking an typing three common words is less so.

Does it work?

To be frank, I don't know. But the words can easily be confused with similar words. There are examples where one letter, making a word plural, can give a location a few miles away (though often misheard words will be a long way apart).

Is there a better solution?

Yes, emergency services should get out of the stone age and stop being based on phone calls. A common API to allow calls for voice and video to emergency services with supplementary data should be developed by international co-operation, and become standard on mobile phones. It could allow not only voice, and video, but location data and medical data (many phones have medical data and can even do an ECG, report pulse, temperature, blood sugar, all sorts). This would solve a lot of problems, and I am sure mobile phone operators would be on board with this.

Other ideas?

Well, the issue here is communications. Someone has a device that knows the location and is on a call to someone that needs to know it - whether emergency services, vehicle breakdown, or heck - pizza delivery! How to get that location from an app on the device to someone on the end of a call. That is what W3W does.

Here's an idea...

DTMF is standard on audio calls, and even over mobile it has out of band encoding to work reliably to/from the mobile device if needed. So how about phones (or an app you install) work out that the other party has sent a DTMF sequence. DTMF in to a mobile is rare so something simple like "20" in DTMF would be more than adequate. The phone / app pops up saying "send location?" and if you say yes it sends that as DTMF. A simple *latitude*longitude# would suffice. Maybe use some less common A-D DTMF codes to frame it instead. Of course this could be something an app can send anyway without an in call prompt if the user commands it. It needs some common standard for the DTMF sequence to use, and maybe a check digit is in order.

This would be very easy for the phone app to do. Someone just needs to write a spec. But importantly this is very easy for a call centre system like emergency service, vehicle breakdown, or anyone, to handle automatically. No special API. DTMF is really very standard.

It may be a neat way to do this for now until we have proper multi-media APIs for this.

Or, you know, another "standard"

Plus codes look pretty neat and not that hard to speak. More on the spec here. Given the common usage of using 4 characters and a location name rather than all 8 characters before the plus, this can give a pretty good location with only 4 letters rather than 3 words. Emergency services have a rough location from cell ID anyway, so this has to be better than W3W. Notable some phones (android) have this coding available without installing an app even!

Or even easier than DTMF...


Discussion: Not an Elechouse PN532 board

A company called Elechouse make a PN532 RFID reader board.

There are actually a few PN532 boards available, but the Elechouse one seems to be the most popular. Annoyingly, it seems that there are a lot of cheap copies that don't work as well. It has a number of advantages over the alternatives, mainly (I think) its compact design.

The actual circuit is basically the PN532 reference design from the datasheet.

However, there are a few niggles I have with it where I have used it in projects. My main use case was where this is the external module on an access control system, in a small case. The main issue was it lacked any feedback (e.g. LEDs). I worked around this by using its internal GPIO pins to work a red/green LED, and a tamper switch.

So I was thinking, I could make my own board. The issue for a home made board is soldering the PN532 itself, but I have been practising and am reasonably confident that with a hot air gun I can manage it. The result would be an open source PCB that can be home made. Obviously it could be properly made with pick and place and sold as well.

I am concerned over "feature creep" in such a design, and even just pondering it for a few minutes I am already seeing ways I could be improved on. Thankfully a lot of features could be "optional fit" on the PCB, basically adding no cost when not needed.

But I am in two minds over making this - it will not take too long to design and have made, but may need some tinkering to ensure I have the antenna matching right (and I may even need help with that). Before I start, I am interested in feedback, especially from anyone that may think they would like to use it themselves.

So here are my design thoughts.

  • A small square board (note the Elechouse is not actually square, but I am thinking the same sort of size, maybe 42mm x 42mm) with simple mounting holes.
  • Components can be only on one side making easier to mount (same as Elechouse).
  • Using larger (e.g. 1206) components that can more easily be hand soldered.
  • Not having the big DIP switch - I am thinking fixed HSU mode, but maybe pads for a link to make I2C mode as they use the same pins. This is to keep the profile low, and hence easier to fit in a smaller case. My testing suggested HSU is just as fast as I2C for actual card access, and much more reliable as tx/rx are driven at each end not just pulled up like I2C, so survive a long cable. So HSU is likely to be the fixed mode for this board.
  • Whilst it may have additional pads, the main 4 pins for connection are GND, VBAT, TX, RX (Note TX/RX could be I2C). The VBAT can be 3.3V to 5V but signals would be 3.3V.
  • The 4 pins for connection would probably be 0.1" header, and 2.5mm SPOX (straight or right angle) header, and 2x2 molex milli-grid in the centre of the board. Design to allow connectors to be either side of the board. This makes mounting as a reader very flexible.
  • Pad to allow a contact switch on either side of the board as a tamper contact - connected to a GPIO pin.
  • Three LEDs arranged in a corner in traffic light style, Red / Amber / Green, connected to GPIO pins. This is perhaps the most important feature as it allows feedback to a user. These can be pads for a small 1206 LED as well as through plated for standard leaded LEDs. Again, making pads both sides to allow LEDs to be either side as needed. Leaded LEDs can be more useful in a simple case design instead of light pipes.

Some possible feature creep...

  • An FTDI FT230X and 4 pins for USB lead connection, so can be used as serial to HSU mode USB device. This would allow it to work as a USB connected reader and hence for applications using a Raspberry Pi, or simply for connection to a PC for configuring cards on a security system. Given that you can so easily get an FTDI in a USB plug and serial lead, this probably really is unnecessary as that could be used with the 4 pin serial connection directly with ease.

Obviously I can include some 3D case designs too.

But I am interested in feedback - would you use such a board? Would you make one yourself if I do this (all open source)? Would you need other features? Would you take away any features I have suggested?

P.S. This is the sort of idea... Though obviously this shows multiple connectors when you would only use one. This idea is any of the connectors, switch, and LEDs could go either side as required. OK I have ordered these...

P.P.S. Err, it works. OK one of the LEDs does not, as on P34, which I just cannot get to be GPIO for some reason, and the crystal pin out was wrong, but it actually talks NFC!!!! I am gob smacked. More in a later blog.


The good, the bad, and the ugly

There are lots of different people in the world. Living in a social bubble, one does not always encounter some of the extremes. Having our dog go missing has highlighted some of the differences though.

The good

There are lots of good people:

  • People that have helped look for Lilly, walking around the area, checking under hedges, knocking on doors and asking people. Putting a lot of time in to help.
  • People that tried to catch her to return her to us.
  • People that have published details and shared details, and given us kind words of support.
  • Even the police, and now the press, that have taken it seriously.
Thank you all. Hopefully she will be returned.

The less good

There are obviously people that are more indifferent. I can understand that. I can understand that people probably have just ignored a dog wandering alone. I understand it even more during a pandemic - not just hassle to catch a dog and hand her in, but it means interacting with more people to do so. There can be other reasons for not helping, too. But either way, thank you for not being bad, though.

The bad

It seems, from reports we have had, that someone picked up Lilly, in a car, and took her away. Initially we thought this was good, as they would surely hand her over to police, vet, council, etc.

Sadly not, no sign of her. This is why the police are now treating this as a theft.

She is old, spayed, and no value to anyone else - why do this?

The ugly

There are people that actively call those that have lost pets (no doubt from a burner phone), demand money, and threaten to cut the dogs head off and put it on the gate if not paid. I am at a loss for words, sorry.


UK Cyber Security Council

There is a press release for a new UK Cyber Security Council (here).

It is not 100% clear who they are, and whilst they mention various links with government and NCSC it is not 100% clear to me how they are linked, or who the Cyber Security Alliance is exactly. The press release looks a tad shoddy with broken markdown/CMS.

So it may be important news.

Of course "Cyber Security" is important to all of us. One of the tips I can give you when it comes to cyber security is that you should be careful to ensure that contact details you publish actually belong to you. The press release includes contact details for press :-

[Screenshot, as it has since been corrected]

So, understandably, press will email press@ukcybersecurity.org.uk for more details. Good.

The problem is that if the domain ukcybersecurity.org.uk is not actually owned by UK Cyber Security Council, that could lead to loads of bogus emails to whoever owns it. Worse, if it is not owned by anyone, then some fraudster could quickly register it.

You may think it is no big deal, but it sort of is. If a fraudster can hijack even one point of contact for an organisation they can do a lot of damage. It becomes easy for them to impersonate that organisation. When it is the press contact for a new organisation they get a huge "foot in the door" as they can reply with helpful details on the organisation along with more contact details (names, email, website, phone, postal), all of which are likely to be helpfully published verbatim by the press who have made enquiries.

This then leaves a trail of misinformation on the internet and search engines for the new organisation, possibly swamping the actual accurate details, and allowing fraud to continue for years.

Fortunately for the UK Cyber Security Council the domain they published in the press release (ukcybersecurity.org.uk), the domain that was not theirs, and was not anyone's, has been registered not by a fraudster but by someone that decided it would be prudent to register in order to stop a fraudster doing so. It took a while to stop laughing at the irony first, but now, yes, the UK Cyber Security Council are welcome to ukcybersecurity.org.uk. They can email me at press@ukcybersecurity.org.uk for more information (be nice). Do follow me on twitter.

Of course it is also a sensible cyber security move to register related domains as well, so as to avoid some types of fraud happening. You cannot register every possible alternative, obviously. One issue though is not having an actual web site when you "launch". I am sure you can guess what happens if you try to go the the UK Cyber Security Council's actual domain (ukcybersecuritycouncil.org.uk) as a web site? That's right, not even a bland holding page or perhaps a copy of the press release. Indeed, having no web site on your actual domain makes you look fake, and the fraudsters look legit.

As to whether the UK Cyber Security Council is an organisation you should consider talking to when it comes to advice on cyber security - well, I'll leave that one up to you...

P.S. thanks to Spy Blog on Twitter for pointing this out. He tweeted what looks like their Twitter account so that they could fix this quickly.

Best comment I have seen so far, proper LOL at the last line!


  • Someone has created PGP keys for press and security addresses at this domain (obviously no idea who).
  • Various people have registered the related domains and set up web sites, e.g. ukcybersecuritycouncil.uk, because the UK Cyber Security Council did not think of protecting the obvious alternatives in advance.
  • Someone from an omarketing.com email, implying they were from UK Cyber Security Council, sent an email to a rather odd contact for me (not as above) asking that I delete this post "as stated". Whilst I'm happy to delete the domain if that press release is fixed, or transfer it to UK Cyber Security Council, I don't see any reason I would remove this blog post.
  • Looks like late Sunday they have fixed that press release at last, although the bad markup on the page has not been fixed.
  • Some actual press enquiries asking me about it all (i.e. they have seen this blog), and some reports on this fiasco. Thanks - nice to be called "one of the good guys".
  • Oddly, one news article was removed. It was reposted elsewhere, and we don't know why it was removed by the host site, but seems strange.
  • Someone called saying the UK Cyber Security Council would like the domain. They called A&A press office number saying that they had been trying to email admin at my Mastodon instance, neither of which contacts make a lot of sense, especially when I said how to contact me in this blog post!
  • I have given the domain to them now (i.e. set the Registrant), just waiting for them to let me know what Tag they want it on at Nominet.
  • Domain has now been retagged to their ISP. No doubt they will eventually get around to setting new name servers.
  • Fri 9th, finally it is on their DNS now. Handed over.

Wow, instead of pointing to the same site, or having a simple redirect, they actually pointed it to a site redirection service thing somehow, which, of course, does not work with https. Yay for "cyber security".

NOTSCO (Not TOTSCO) One Touch Switching test platform (now launched)

I posted about how inept TOTSCO seem to be, and the call today with them was no improvement. It seems they have test stages... A "simul...