Monday, August 21, 2017

DIY 3D-Printed Electronic Drumkit : Update

After playing my 3d printed drum-kit for a while, I started feeling a bit unsatisfied with some of the parts. I figured I needed a snare drum with a rim shot and a bigger pad area. Also, the hi-hats do not feel like a real hi-hat as it doesn't physically open or close. Very often, I always miss the tempo when opening and closing the hi-hats with just a foot switch. I also figured I would need a new Midi Trigger interface because I cannot just attach those new pads to my existing cheap Medeli drum module. I also expect the look would be a lot cooler with bigger cymbal pads. So, here's what I did.

The Snare

I bought a Millennium Mesh Pad snare just before they discontinued the product Millenium PD-1012 12" Mesh Head Pad for only 66EUR. It's a cheap mesh pad snare. But I did not mind, because I was only interested in the shell. I replaced the head with a Roland V-Drum Powerply (it's a 3-ply). It's quite expensive but is worth it. I got all of them from Thomann online. I re-positioned the piezo sensor though in a way that a foam is pushing it a bit harder to the mesh head to increase sensitivity. Then I bought a $32 snare stand from Swee Lee.

The Hi-hat

I bought an Alesis Pro-X Hi-hat for 80 EUR and a Millenium hi-hat stand for 40EUR. Assembled the wiring and voila! I was a bit disappointed by the quality though. But what would you expect for a $100 hi-hats.

The Module

While looking for the famous Alesis Trigger I/O product online. I learned that the product was discontinued by Alesis and that they sold it to DDRUM. The same product is now known as DDRUM DDTi. I got mine from Thomann as well for 150 EUR. It's a bit expensive, I didn't have a choice because the only other product that does the same is MegaDrum and is more expensive. I also designed and 3D-printed a mounting plate so I could mount the trigger interface to the frame.

The Cymbals

Having a bigger Snare and a bigger hi-hat (12"), I needed bigger cymbals. Otherwise it looks and feels weird. Luckily I found a guy selling a pair of Yamaha cymbals in Carousell for just $100 for the pair. It was a bit dirty and scratchy so I cleaned it up with some leather wipes. I also had to open it up and re-wrire the sensors because Yamaha cymbals are not wired in a standard way where the bell, the rim are independently outputed. A small resistor had to be removed from the Yamaha cymbals to make it work with Roland modules or in this case the DDRUM DDTI trigger interface.

The Pedals

The last thing I upgraded was the pedals, I wanted a double pedal so I could play Metal. Duh!!! I found cheap Millenium pedals again from Thomann as well. It arrived in a box together with the trigger interface and It felt like Christmas.

And finally after putting everything together, here's how it looks now. Isn't it cool? This electronic drum kit cost less than your iPhone. All the toms are 3D-printed.

Sunday, August 13, 2017

Jieming's Router Anomaly

Last night, while randomly watching my router's activities, I found out that it has an active connection to some IP address owned by Amazon and hosted in New York. While trying to do curl request to the server's port 80, it returned a website and when I opened it in browser I was quite surprised because it is a ASUS router's web interface (ASUS RT-AC5300). The weird thing is that I was able to login automatically without being prompted with username and password. And also I am able to see everything, including the local devices connected to the router and administration settings. I tried changing something but it doesn't seem to persist the configuration change. So I took a look at the site's client scripts and it's kind of weird. By the look of the Javascript code, the apply button will never work at all. It looks like it was deliberately done.

I tried digging deeper and see which of  my processes  are connecting to this server and it say's It means some native Mac OS process, behind my back, is connecting to this server in New York for a reason I don't know.

I went back to the remote router's web interface, checkout the client list. There are 2 connected devices to this router listed.

I tried to enable SSH on the router so that I could tunnel to the devices with no success because the changes doesn't get persisted. I spent few hours trying to know more about this router and why is it publicly opened. I setup a Wireshark listener to listen to the wire and look at the packets being sent and received to this router and I left it running overnight. Then I slept at 5:00 AM.

The morning after, the first thing I did was to check the Wireshark trace and was disappointed to not find any entry. When I scanned my active connections again, it seemed that the IP address is no longer there in the list of active connections. But I am seeing new ones and again check them in browser. I was suprised that for another IP address, I was getting exactly the same web interface of an ASUS router. The IP address is also geo-located in New York and owned by Amazon.

When I check the client list (the devices connected to the router), I got exactly the same devices with exactly the same MAC addresses. I realized this must be the same router. But the problem is that when I did a reverse DNS and a trace of the 2 IP addresses, they do not agree. The DNS server is saying that those 2 IP addresses does not belong to the same server. The trace is also being routed differently between the 2 IP addresses. It got me scratching my head for a while.

I stopped for a while, brewed some coffee and spent few minutes over a coffee recalling what i have done so far to investigate. I am running out of options so I went to google. Guess what I searched for? I searched "Jieming-PC" hoping to find some guys also having the same problem with whoever this Jieming is. The first 2 results was from a domain "". So all this time, I was looking at a demo UI of ASUS routers. Whew! That explains why they look the same, with the same clients. That is just one problem solved because I still don't know why a Mac OS ( would connect to a demo UI of an ASUS Router somewhere in New York.

I suspected that maybe because I am opening the my Router administration page and that this page is trying to connect to that server. I investigated further by looking at the source code of the ASUS router admin page and finally I confirmed that the page is connecting to that remote IP address to check for Firmware upgrade. I still have one little problem why did the lsof command say that it was "" who is connecting to that IP and why not "Firefox" (I am using firefox) ?  I did a little and found the exact apple library responsible for the connection. It was apple's WebKit which is obviously used by Firefox.

What Really Happened?

What really happened was that when I opened up my router administration page, the first thing it did was to check if there are new version of Firmware available. I updated the firmware. It connected to and downloaded and installed the firmware. The router rebooted. I had to re-open the router administration page. Again it checked for available firmware versions through Because of load-balancing it got forwarded to some another server (another IP address). This explains why it connected to 2 different IPs. It also turned out that the server used for firmware upgrades are the same server hosting the Demo UI.

Whew!!! Now everything is solved. I can now sleep well knowing that my home network is safe and Jieming is not a Chinese hacker. One lesson I learned and that is I should stop being paranoid.

But anyways, it was a good exercise. I haven't done this kind of things for a long time and now I felt like I'm Sherlock! :D :D