Single page Print

Drawing up some plans
First off, I don't profess to be an electronics expert. The closest I got to electrical engineering was playing with resistors in second-semester physics lab in college. In my testing, these circuits were functional and no magic smoke was released. I am also not an expert in network security. I am simply applying the little bit that I do know about the matter to make something reasonably safe. Gerbils who chose to follow these instructions do so at their own peril. Anyone following these directions should probe all wires with a digital multimeter (DMM) before connecting anything. All pinouts and voltages are based on the ATX12V v2.4 standard. If you encounter a voltage other than +5V or ground, stop immediately. It should go without saying, but unplug the PC before connecting any wires, too.

At least one gerbil has read this far and has already put paws to keyboard to say something about how programming a microcontroller is too complicated and that using a Belkin Wemo or other Wi-Fi enabled power switch to remotely power off a computer would be easier. I have a couple Wemo switches in my house, and they work well. Unfortunately, they don't require any authentication when accessed on a local network. Anyone with a Linux box and access to my network could signal a Wemo unit to switch on or off. Worse yet, if a device with Amazon's Alexa is on the same network, it can control a Wemo switch with nothing more than a voice command. In addition, the power buttons on the front of the computer would be rendered useless by a Wi-Fi switch. Overall, I don't think this approach accomplishes the goals set out for this project, and the complete lack of any authentication bolsters my decision to go in a different direction.

A Raspberry Pi Zero W has the GPIO pins to be able to accomplish the design goals, and the $10 price wouldn't break the bank. The Pi Zero W has the ability to send and receive TLS-encrypted communications. I saw two problems with this approach. First, the Pi Zero W supplies are still a bit thin on the ground. More importantly, Raspberry Pi boards have been very finicky when it comes to power outages in my experience. The device does no good if a brownout has caused the Pi to become unresponsive. After all, the device has to be more fault-tolerant than the system it monitors and controls. The popular Raspberry Pi 3 has even more connectivity and can be configured to run from a more robust storage medium, but the $35 price and the Pi 3's peak current draw of 2.4A are both too high for this application.


The NodeMCU development board

I have some experience using Espressif's ESP8266 microcontroller. The ESP8266 is a tiny chip with built-in Wi-Fi capability. ESP8266 development boards are available on eBay and Amazon for as little as $2 shipped, but those boards are missing some convenient extras. Just a couple extra dollars nets a NodeMCU development board with its extra digital and analog general-purpose input-output (GPIO) pins, a couple of on-board buttons, a voltage regulator for converting +5V to the ESP8266's native +3.3V, and a built-in USB-to-serial chip that makes programming and powering the device much more convenient.

The ESP8266 doesn't have the processing punch or the software libraries needed to be able to act as the server in TLS-encrypted transmissions, but it does have the ability to operate as a very basic HTTP server, an MQTT client, and a WPA2-encrypted Wi-Fi access point. 

When the device is in AP mode, the user can attach to the non-internet-connected AP broadcast by the ESP8266 and navigate to 192.168.4.1 in any web browser. The web interface presents buttons to press the power switch for a moment (0.2 seconds), five seconds, or 30 seconds. The user can also configure the Wi-Fi and MQTT settings through the same web interface. Since commands are transmitted over an isolated, encrypted Wi-Fi network protected by a unique password, we can assume that even "unencrypted" HTTP communications are not subject to easy snooping.

If MQTT options are given, the device will listen for commands from an MQTT broker, allowing somewhat more secure control over the power switch while remaining connected to the primary Wi-Fi network. Use of MQTT is inherently less secure, but I think the risk can be minimized by using an access control list in the MQTT broker software. Essentially, the device subscribes to one MQTT topic for commands and publishes status messages on a second topic. The subscription topic can be set up with permissive subscription access but restrictive publication settings. I set up my own broker so that only one MQTT user has publication and subscription access to the topic going to the remote start device. A second, less privileged user has subscribe-only access to that same topic. Another topic used for messages from the device to the broker has permissive access control in both directions, because I don't care if anyone on my network is snooping on those messages. Our MQTT messages are sent as plain text, so I make sure to only publish to the restricted topic from the MQTT server itself. That way, the publication password is not broadcast.

Control over a remote power switch wouldn't give a rogue agent a user's private information or bank account number, but teenage offspring turning off your PC in the middle of a Netflix binge session could certainly be annoying. The ESP8266 uses WPA2 with TKIP and AES, and TKIP cannot be disabled. For maximum safety, users should not have clients connected to the access point unless the device is actively in use. Local attackers can potentially gain access to TKIP-enabled WPA2 networks by forcing a connected client to disconnect and analyzing the resulting connection handshake when the client reconnects. The device is not 100% secure, but I suspect that Silverstone's device is perhaps more susceptible to local attackers with a bit of RF hacking ability. If your Wi-Fi network has been owned, you have bigger problems on your hands than someone turning your computer off.


The required resistors and optocouplers

To make the contraption more electrically robust, the remote starter design uses integrated circuits called optocouplers to isolate the NodeMCU side from the PC side of the monitoring and control circuits. Optoisolators work by separating two circuits from each other with an insulating gap between them. One side powers a special LED, and the other side contains a transistor that activates in response to illumination from that LED. The LED and the transistor are both packed inside of a small plastic housing. The optocoupler protects the device on the control side of the circuit from happenings on the transistor side. In this case, the optocoupler is going to act like a tiny low-power relay.

I picked up a pack of ten Sharp PC817 optocouplers on Amazon for under $6 with Prime shipping. A more patient gerbil could get ten pieces for under a dollar direct from China, and those in bigger cities could probably pop into an electronics supply house and walk out with a handful of them. The completed device will require two optocouplers. One is for the the power button circuit and the second one is for a circuit that allows the NodeMCU to tell if the attached PC is powered on or not.

Each optocoupler needs a a 220Ω resistor to knock down the voltage on the LED side of the device down to about 1.2V, the operating voltage of the LED inside the optocoupler. I used two resistors from a giant assortment of resistors I bought on eBay for less than $10. Connections can be made using with pieces of solid-core 22 AWG wire cut to length.

A little piece of stripboard is also required. The resistors, wires, and perfboard can be sourced just about anywhere that sells hobbyist electronics parts, including ebay, Amazon, or Radio Shack. Those with lots of circuit prototyping experience can use any type of proto board they like. I like strip board because it frees me from having to make solder bridges.

Anyone at home planning to build one of these devices will have to make their own decisions as to how to wire things up.  The device really only needs four wiring connections: constant +5V power, switched +5V power, ground, and the positive wire of the power button front panel connector. I decided to use three separate ground connections for the device power, power sensing, and power button circuits, but this is not necessary.


ATX pinout diagram by Collab, update by Sbmeirow, source: Wikimedia Commons
 

In my experience, the trickiest one to find is a constant +5V source. Most enthusiast systems will have constant +5V on pin nine of the ATX power connector. This wire is typically purple, but owners of high-fashion power supplies with all-black cabling will need to count wires and refer to ATX pin diagrams. If in doubt, probe carefully with a DMM. Many motherboards also offer constant +5V through one or more of the USB headers. Pins one and two of USB 2.0 headers are +5V and are usually red. If your PC will charge a smartphone even when it is turned off, tapping into USB header wires is an option. The motherboard in my HTPC does not provide power to USB devices when it is shut off, so I had to go to the ATX connector wiring for power. I have a Lenovo SFF machine with an external power brick that had no constant +5V wiring inside the case at all. In a machine like this, power from an external source is probably the only available option. The PCI and PCIe connectors have +5V pins, but that is territory probably best left unexplored.

The power button wiring can really only be tapped in one location, but this location is almost always very easy to find and identify. One could easily tap into the power button wiring. I decided instead to make a T-harness that connects to the motherboard front panel connector, the existing power button wiring, and to the wiring from my NodeMCU project board. It was easy to make using DuPont wires and empty connector shells from eBay. It required only a couple of solder joints and some heat shrink tubing to make. When the positive power button wire is connected to ground, the PC will power up or down, so do not leave it loose inside the case.


Custom T-harness for power button circuit connections

Switched +5V power, on the other hand, is ubiquitous inside a PC case. The ATX connector has several switched +5V wires, which are usually orange. Four-pin Molex and SATA power connectors also have +5V switched wires, which are normally red. Those looking not to void their power supply warranty could tap into a cheap power splitter or Molex-to-SATA power adapter cable. Ground connections can be found in just about every PC connector. Ground wires are usually black, but some power supplies use black wires for everything. Tapping an extension cables for the 24-pin ATX connector is another option for those looking not to void their power supply's warranty.

I made all of my connections with solder, but other options are available. Thicker wires, like those in the ATX connector, can be tapped with 3M red t-tap (3MRTT) connectors. The tap connects to a male spade terminal, and these can usually be disconnected at least a couple of times. Thinner wires don't work reliably with t-taps; these thin wires can be tapped using UR IDC connectors.  UR IDC connectors provide a great connection with corrosion protection and strain relief, but you do have to cut the tapped wire to use them. Regular pliers can crimp UR IDC connectors in a pinch, but UR crimping pliers make it much easier. Soldering requires no additional materials and provides reliable connections, but has little strain resistance. Pick your poison.