Hacker News new | past | comments | ask | show | jobs | submit login
If you aren't soldering, you probably aren't testing IoT thoroughly (pentestpartners.com)
57 points by asclepi on Mar 14, 2018 | hide | past | web | favorite | 17 comments

> Testing hardware and extracting firmware is VERY likely to require soldering skills.

Yeah, headers will be removed, etc. You may not have easy access to the pins you need.

This is a useful collection of soldering/desoldering tips for those that don't do it much.

If everybody should learn to code, maybe everybody should learn to mod hardware without destroying it or hurting yourself.

> Some people swear by PTFE insulated magnet wire. This should be “stripped” by the heat of the soldering iron… I just can’t get comfy with it.

Magnet wire is enamel insulated. You can burn it off, but scraping it with a scalpel is probably better.

You can buy PTFE wire. You should not attempt to burn off the insulation. That would release harmful smoke. PTFE wire is a good choice for a beginer because the insulation is harder to burn and it doesn't shrink back with heat, unlike PVC. It's a bit harder to use otherwise - it's harder to strip, and the insulation is a bit stiffer than PVC.

Source: I used to build "chock control interfaces" that were full of PTFE wire looms.

This is a nice article with some useful advice for beginners. I think most important is to just get junk PCBs and practice taking things off, or putting things on. You really need to get some familiarity with how solder flows on different types of board or different components.

> Decide if you want to remount the component or re-use the rest of the device. We will take more care if we do.

When I was doing it we'd only ever remove faulty components. Often it's safer to chop the legs off, remove the body, and then you can use small amounts of heat to remove each pin. This protects the PCB, which is usually the expensive bit. (Especially if it's populated with components.)

Odd little article - this has the feel of generic blog content that's there to promote a website.

Meta, but I'm really turned off by this gatekeeping title.

When I read the tittle I thought if you have to do a lot of soldering you're not doing design for test very well.

(I do a lot of soldering)

I'm also really against the recommendation to use lead solder. First off it's expensive and harder and harder to get. But in a professional setting it opens you to a regulatory mess.

That said 60/40 lead solder is trash compared to 60/37/3 lead tin/antimony solder.

Agreed. Even a small amount of lead cross-contamination can cause your product to get rejected in RoHS regions. This has happened to my company.

Getting a palette of product shipped back to you is not a fun event.

60/37/3 lead/tin/antimony solder

A quick search seems to indicate that this is not available for purchase anywhere?

That's because the OP is clueless. :-(

DON'T use lead-free solder, unless forced to. Lead-free solder is a nightmare.

Use leaded 63/37 solder, although 60/40 is fine.

Lead free solder definitely isn't a nightmare. The early versions might've been, but modern lead-free is just fine. The only gripe I have with it is that the flux is more aggressive and eats into my soldering iron tips a lot faster.

I think I have the ratio's wrong, I think it's 0.5% antimony.

But I haven't seen it in about 20 years. Even before then most solder was 60/40.

I'm trying really hard to see how the title is in any way gatekeeping.

If I say "if you just look at the exhaust, instead of using proper equipment, you probably aren't testing emissions thoroughly", am I gatekeeping against those poor emissions testers that just don't have any equipment?

Why not that long ago for technical /research programmers knowing how to solder was a given.

You're definitely looking for reasons to be offended.

Using metcal and 60/40 is an odd recommendation. Metcals are great for reproducibility since they don't have arbitrary tip temp choices, but for exploratory work I like using a quality iron like Pace..

63/37 is way easier to deal with when soldering since it's harder to create a cold joint with it.

What I find when doing dev work, being able to vary the temp as needed helps a lot. Like trying to solder the ground pin on a test connector that has was too much thermal relief. (Six layer board with a thermal relief on each layer? Good luckski)

Also a 5X binocular microscope is really good to have. Time goes by. The eyes get weak and the parts get smaller.

To me, the testing demarcation would be packet sniffing, not soldering. Too many IOT devices are sending hundreds of kilobytes of data home for no reason.

Just FYI, I've worked with this "security" company a year ago and they suggested in one of their pentest reports that a password field not explicitly disallowing autofill (built-in browser password management and iCloud Keychain) is a security risk, against all advice that password managers are a good thing and their use should be encouraged.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact