This speaker is already known to everyone interested in the topic of portable acoustics, has been repeatedly praised, is sold everywhere and continues to delight the respectable public with its excellent, in my opinion, price/quality/functionality ratio. However, many things that have a beginning also have an untimely end - and sometimes it becomes necessary disassemble the subject for repair. If anyone is interested, please read it.
I will not describe the intricacies of ordering a subject on Aliexpress - the title indicates the cheapest seller at the time of writing the review. In addition, such a column for the same 2 thousand rubles. It’s easy to buy second hand in new condition, at least in Moscow. In offline stores, for this money you can find an “international” or “Indian” version - without a microSD slot - be careful.
So, my closest friends and I already have four such speakers. In full accordance with the theory of probability, burdened by the presence of worthy successors to the family under the age of 3 years, one of these speakers fell from the table onto the tiled floor, and something tumbled in it. The council of the rippers decided: an autopsy!
However, the device is built tightly and looks unapproachable. There are photos of the giblets on the Internet (file Internal Photos), but there is not a word about the actual disassembly. Well, the council of rippers is no stranger to inhumane experiments. Let's begin.
First, peel off the rubber foot on the side of the microSD slot. Underneath there is a single screw. Unscrew it. Nothing happens. :)
Now we arm ourselves with a thin knife (a Victorinox keychain will do :)) and try to press out the latches on the same cover with the SD slot, along its narrow sides. The pictures below show how they are located. With some care, the lid can be easily removed; it is not glued. But there is a microphone glued into it, and a wire goes to it - but it is strong enough and will not interfere with anything.
Now, using the same knife, we go through the gap of the opposite cover to peel off the adhesive tape holding the insides from the front side of the metal case. We will also trim the gap on the side of the already removed cover. Be careful not to insert the knife too deeply so as not to damage the rubber gasket between the giblets and the body. Both the tape and the gasket will be visible in the photo of the removed giblets.
Having peeled off the tape, carefully and quite firmly press the giblets from the side of the removed lid. Do not press on the board - it is better to rest with some tool against the plastic base of the indoor unit or use the tip of a knife as a lever. The force required is quite large and for some time, but if you first unscrewed the screw under the leg, then the giblets are held in place only by the tape and should eventually come out. At the edge two tattered strips of adhesive tape, 7 millimeters each, are visible.
We remove the giblets, pushing the left cover on the wire into the body after them. Two strips of foam tape are visible on the battery - it is one-sided, does not hold the case, and does not affect removal. Along the perimeter of the back side there is the same rubber gasket that ensures the tightness of the volume of the speaker on the back side of the speakers and the correct swing of the passive radiator, on which high-quality bass reproduction in such systems entirely depends. In the area of the connector in the photo, the gasket is dented - the cost of Chinese assembly. If any - straighten and attach with superglue. When opening, try not to bend the body or damage the gasket - otherwise the bass will be killed.
And here he is - a bad tooth, the culprit of the showdown. The magnet of the speaker broke off due to the impact. And not by the adhesive seam (like Poxypol), but by the material (plastic with a large amount of filler, therefore fragile).
Neodymium magnet, quite powerful :)
The speaker coil is of a fairly large diameter, wound on an aluminum frame (strength and good heat dissipation) with a gap to eliminate short-circuited turns (visible in the photo). If your magnet has also fallen off, check whether the edges of the frame are bent and whether the gap is closed. If there is anything, carefully correct it without scratching the wire.
By the way, colleagues, if anyone knows where to buy these or verified speakers of comparable quality separately, please share.
The battery makes it difficult to put the magnet in place, and peeling it off is very problematic. Therefore, we carefully examine the break, try on the magnet so that it fits in the old place without a gap, and only then glue it. I dripped under a positioned magnet A little (!!!) superglue with a toothpick and press firmly for ten seconds. For reliability, the exposed glue was covered with soda - this mixture instantly hardens, forming a fairly dense volumetric seam. Carefully blow the remaining soda out of the speaker. Ideally, it is better to leave the glued device alone for a week so that the “second” glue polymerizes deep in the seam. Naturally, instead of superglue, you can use quick epoxy or even “Moment” - in small quantities, so that drops of glue do not get into the magnetic gap and onto the coil.
Check to see if the restored speaker is rustling with the coil against the magnet. If it rustles, you can disassemble the glued one with a hairdryer, but be careful - superglue softens at 70°C, and a neodymium magnet can demagnetize already at 90! SO better be careful from the very beginning.
Let's put everything back together:
The assembled speaker sounded immediately, the previous sound was completely restored, the speaker did not fall apart at full volume :)
I hope that this report has helped someone in the difficult task of curbing the electronic dragon.
Good luck to all!
A wireless headset, through which sound from the phone is transmitted directly to the human ear, is without a doubt a very convenient and practical device.
With its help, your hands remain free and allow you to safely drive a car or simply do everyday things while communicating via mobile communications.
In addition to convenience, it is believed that the radiation from the “blue ray” is much safer than the powerful radiation emanating directly from a mobile phone. For many, this is a very powerful argument in favor of a Bluetooth headset.
For example, it can be successfully repaired or modernized. Below in this article we will describe an option for repairing a Bluetooth headset, namely replacing the hearing speaker.
In what cases might this be needed?
- When you buy a headset at maximum volume in a noisy place, you can’t make out anything from the conversation, and there’s no way to return it back to the store.
- When, over time, the hearing speaker partially or completely fails.
We will talk about replacing the hearing speaker.
Here, in the photo, is a regular headset with a speaker volume problem.
Replacing this speaker, even with the same original one, may not yield anything, so the replacement will take place with a hearing element from cheap, possibly semi-working headphones.
The main thing is to choose an element with the highest output volume.
To do this - if you have several headphones - you need to connect each one in turn and evaluate the sound volume at the same level set on the phone.
But first you need to remove the old speaker. This must be done with the device turned off.
When the speaker is peeled off, carefully unsolder the wires from it.
The length of the remaining wires will be quite enough for comfortable soldering of another element. You can tighten them a little more with tweezers, which will give additional length.
We disassemble the earphone and peel off its speaker.
We apply the soldered speaker to the body, and in a circle, with a stretch, we wrap it with black PVC tape.
Turn on the device and check its operation.
After such repairs, the headset can be used perfectly and the sound will be much better than the original one.
Headphones consist of a wire, a plug and two speakers. Additionally, the headset is equipped with a microphone and volume control. Any of these elements fail over time. Before performing repairs, you need to figure out how to disassemble the headphones so as not to break them completely.
Disassembling and repairing the plug
A faulty plug is detected by kneading the incoming wire with your fingers. The headphones are connected to a mobile phone or computer, play a music file, and then begin diagnostics.
Typically, copper wires break at the entrance to the rubber or plastic casing of the plug and inside it. If, while kneading the cable, sound appears in the speakers from time to time, it means that the plug needs to be disassembled and repaired.
Recommendations: How to fix headphones yourself if one stops working 
, The earphone does not work: fault diagnosis, repair methods 
, DIY headphone repair 
The plug restoration procedure consists of the following steps:
The plug is cut off with pliers from the headphone cable.
The purpose of the repair is to remove the metal part from the casing. The element is firmly soldered. Trying to save the old casing is unwise. It's easier to cut it lengthwise with a sharp knife.
The metal part of the plug is carefully removed from the casing so that the contacts do not break off. Soldered wires should also be saved. The color of the insulation makes it clearer where to solder the wires of the headphone cable.
In the event of a break in the wires from the contacts on the solder itself, the standard circuit shown in the photo is used for connection. The color of the insulation in the headset cable varies from manufacturer to manufacturer. Most often, the common core is in black or yellow insulation. To be sure, it is better to ring the tester from the speakers to the place where the cable is cut.
The headphones can be equipped with a microphone. In such models, instead of three, four wires are hidden under the cable braid. The connection occurs according to a different scheme, shown in the photo.
The cable cut off from the plug is stripped. First, remove the main braid and free the ends of the cores. The edges of thin wires are cleaned with a sharp knife. It is enough to remove 5 mm of the insulation length so that it is enough to solder the copper core to the plug contact.
The wires are twisted from thin veins, and they are all coated with a protective varnish. This coating prevents soldering. The varnish is removed by scraping with a knife or burned with fire from a lighter. The ends of pure copper wires must be tinned. The common wire will be connected at one contact, so it is immediately soldered together.
A new housing for the plug is made from the bottom cap of a ballpoint pen. The wire is inserted through the hole for the writing rod. The put on cap is moved along the cable further from the soldering point.
Following the cap, a piece of heat-shrinkable tubing is placed on the wire. The sleeve will protect the wire near the new plug casing from breaking.
The cable cores are soldered to the plug contacts. It is important not to forget about matching the wires to the color of the insulation. Functionality is checked by calling a tester. It’s easier to plug the plug into the connector of your mobile phone or computer.
If both headphones are working properly, put heat-shrink tubing on the plug contacts. It is heated with the fire of a lighter. The tube will fit tightly around the plug contacts. To be safe, you can press it with your fingers while the plastic is hot.
Finally, the inside of the cap is lubricated with epoxy resin. A little glue is applied to the heat shrink tube. The cap is moved along the cable until the back of the plug is completely inserted into it up to the limiter. After a day, the resin will harden and the headphones can be used.
Disassembling vacuum headphones
The wire can break not only at the plug, but also near the speaker. To get to this part in vacuum headphones, perform the following steps:
A seam is found on the headphone body. They try to make a cut on it with a sharp knife. The body is lightly pressed with pliers so that the seam opens.
When the case falls apart into two parts, the back of the speaker with contacts will appear on view. Use a soldering iron to solder the damaged wires, but first mark the color of the insulation with a marker so as not to mix up the wires.
The damaged piece is cut off from the common headset cable. The conductors of a working wire are stripped, after which they are soldered to the speaker contacts, observing the insulation color markings.
The operation of the vacuum headset is checked by connecting it to the connector of a phone or computer. If uninterrupted high-quality sound comes from the speakers, the halves of the headphone housing are glued together.
Disassembly and repair of large headphones
The speakers in the large headphones are hidden inside the case, the disassembly of which is complicated by hidden screws and latches. If all the fasteners are not identified, the plastic elements of the headset will simply break from the applied manual effort. The methods for disassembling headphones from different manufacturers differ. For example, consider several popular models:
Disassembling the Sennheiser HD203 headset begins by removing the ear pads. The soft pads are held in place by snaps that can be easily removed with a plastic card.
There are four screws under the soft pads. They are unscrewed with a screwdriver.
The body halves are not glued together. After unscrewing the screws, the elements can easily be separated into two parts. There are speakers attached to the front panel, to the contacts of which a new wire will have to be soldered.
Headset manufacturer Steelseries Siberia glues soft pads. The ear pads are separated from the body with a screwdriver or knife. The housing halves are fastened in different models using screws or latches. In the second option, disassembly is not complete without breaking off the locks. The assembly of the case with broken latches is carried out using glue. In the future, it will not be possible to disassemble a firmly glued earphone.
Things are simpler with the soft pads in the Razer Kraken headphones. The ear pads are simply put on without being fixed with glue or latches. After removing the covers, a paper sticker becomes visible. Four screws are hidden under it.
Philips and Audio-Technica headphones have similarly unsecured ear pads. The pads are simply placed on the rim of the cup.
Disassembling the microphone housing with volume control
Headphones for computers are produced with a volume control and a microphone. The mobile phone headset is equipped with a call on/off button. All these elements are hidden in a small plastic case attached to a cord. To get to these elements you will have to perform similar actions that are used when disassembling vacuum headphones. The body is glued together, and it can only be separated into two halves by cutting it with a knife.
A malfunction of the volume control is determined by crackling sounds in the speakers and poor sound. The problem lies in the variable resistor. The part consists of a slider that moves along a resistive layer. You can extend the life of the resistor with graphite lubricant. Using a cotton swab, apply the paste to the resistive layer.
A microphone problem is identified by the deterioration in audibility experienced by the subscriber with whom the conversation is taking place. The reason often lies in clogging. The microphone is wiped with cotton wool or gauze soaked in alcohol. After repairing the resistor and microphone, the two halves of the housing are glued together.
Disassembling headphones of any brand is not difficult. The main thing is to be careful. Broken plastic parts cannot be repaired.
Thematic materials:
No sound in headphones
, Headphone pinout 
, Making your own simple headphones and headsets with a microphone 
Everyone knows perfectly well that with the help Bluetooth you can transfer a file from device to device or connect a wireless headset. But its capabilities are not limited to this. Having the right tool with you, you can create real miracles. So why not try yourself as a magician?
Built-in technology module Bluetooth(or, more formally, IEEE 802.15.3) has long ceased to be a curiosity. The cost of the module is so meager that only a lazy manufacturer does not build it into a mobile, laptop or PDA. And even then - for marketing reasons. In a word, Bluetooth Almost everyone uses it. But only a few know that by using technology they risk giving away their confidential data. But let's start with the good!
Trick 1: Use BT to remotely access your computer
Once, for a presentation, I invited one long-legged friend to press the space bar to flip through the slides in Power Point. This pleasure cost me an expensive lunch and two hours of empty conversations with Barbie girl. After that, I firmly decided: next time I will solve the problem of the lack of a remote control in a different way. And he walked around using his mobile phone! Yes, yes, right from your phone you can flip through slides, control music - and do God knows what else. The main thing is that BT modules are installed on your mobile phone and computer. Not only will you save money and effort, but you will also look unapologetically fashionable. Anyone who uses the utility can demonstrate such a trick
Bluetooth Remote Control, which was recently updated to version 3.0. It allows you to control your computer from the screen of any mobile phone. Everything is very simple. A special server part is installed on the computer, and a client program written in Java is installed on the phone (MIDP 2.0 is required). After setting up a simple circuit, you will be able to remotely control your computer's mouse and keyboard. And most importantly, you will get access to the remote desktop. Real Remote Desktop right from your mobile phone screen! Well, you can spend much more successful time with a long-legged friend. Bluetooth Remote Control useful here too: to put
romantic music :).
Trick 2: Access control using BT
If you work in a room where a dozen colleagues are sitting with you, you probably had to lock your computer when you go to another room. And what? Before you have time to step away, someone will already be rummaging through your hard drive. The layout is not the most pleasant. In general, it is imperative to lock your computer, the question is how? You can use the standard features of Windows and enter a long password ten times a day. Or do it beautifully using technology Bluetooth. Everything is as simple as two and two. You walk away from the computer and it immediately locks. You come back and the lock is gone! The only condition: both the computer and the mobile phone must have the module installed
Bluetooth, and the program is installed in the system LockItNow(you can easily). However, you can tell your friends and colleagues about telepathic capabilities, and then sell the secret for money :). By the way, if you don’t have a BT module at hand, you can replace it with a phone that supports “blue tooth” (connect via COM port).
Trick 3: Capture BT traffic from the air
Mastery begins with understanding. Have you ever wanted to look inside the protocol and find out how data is exchanged through the “blue tooth”? Listening to Bluetooth traffic can only be executed “inwardly”, that is, the outgoing and incoming traffic of the node on which you issued the commands is intercepted. In this matter, the so-called Host Controller Interface (HCI) is of no small importance, which allows you to access the transmitter. The HCI node is usually connected to the device driver node Bluetooth(incoming flow) and to the L2CAP node (outgoing flow). The Windows platform does not provide this feature by default. However, third party developers have released
special drivers that allow convert a standard dongle into a sniffer. Traditionally indicative in this regard is the work FTS4BT Wireless Bluetooth Protocol Analyzer, costing a lot of money. The product is catchy because it supports the new Bluetooth v2.0 + EDR, on the basis of which modern devices operate and, moreover, is capable of decoding all traffic from the air on the fly, carefully sorting audio, application protocol data and much more. It is clear that for sniffing (and in general) the most relevant are Class 1 USB dongles, the range of which reaches one hundred meters.
Trick 4: Working with the BT adapter directly
For a long time Bluetooth stacks for Windows provided such meager capabilities that programmers simply avoided this platform. This explains that most programs for serious “blue tooth” fun are developed for the Nix platform. We will look at some of the tricky tricks specifically for this platform, namely FreeBSD(Let me remind you that on the disk of the previous issue we posted the latest 7.0 release of this OS). The technology itself Bluetooth officially began to be supported on it only from the 5th branch based on the Netgraph subsystem. I'm glad that most USB adapters are compatible with the ng_ubt driver (you need to install it before connecting the device). Shall we try?
- Connect the device: kldload ng_ubt
- Copy the stack loading script to a convenient location: cp /usr/share/examples/netgraph/bluetooth/rc.bluetooth /usr/local/etc/rc.bluetooth
- Copy the stack loading script to a convenient place and run: sh /usr/local/etc/rc.bluetoots start ubt0
Now I want to introduce you to the hccontrol utility. This is one of the main programs for working with the BT module. It is the one that performs all operations related to the HCI interface, and has the following syntax: hccontrol –n<имя_hci_узла> <команда>. Let's check the functionality of our device by scanning the air for the presence of devices:
hccontrol –n ubt0hci Inquiry
As a result, the utility will display information about the devices found, including their MAC addresses. It should be noted that each Bluetooth device, be it a headset or an ordinary phone, represents a certain set of services. The basic list includes: CIP (Common ISDN Access), CTP (Cordless Telephony), DUN (dial-up networking), FAX (FAX), FTRN (Obex File Transwer), HSET (Headset), NAP (Network Access Point) . To find out what services a particular device provides, a request is used on a special SPD (Service Discovery Protocol) protocol. The SPD server runs directly on the host machine and is a purely informational component (it cannot be affected by
impossible). You can determine which services are provided by the found devices using the appropriate utility:
# spdcontrol -a
Trick 5: Finding hidden devices
So, we scanned the broadcast and even found out what services are available on active devices. But here's the catch! Some devices do not indicate their presence in any way because they are in “Undiscoverable mode” and do not respond to broadcast requests. Based on your phone settings, you probably know about this security option. However It is still possible to detect such devices!
The most well-known method for detecting them is brute force enumeration of MAC addresses, that is, sequentially sending requests to different addresses from a certain range. To do this, you need to use a very simple utility Redfang, which iterates over the last six bytes of the device address and thus detects hidden devices.
Another option is to use passive techniques: put your device into standby mode, while assigning some attractive name to the network:
hciconfig hci0 name BT_YANDEX
hciconfig hci0 down
hciconfig hci0 up
hcidump -V | grep bdaddr
As a result, all incoming connections will be displayed, among which there may easily be comrades with hidden identifiers.
Trick 6: Intercepting headset conversations from the air
One of the main threats of radio technology is that data can be intercepted. The first thing that comes to mind regarding Bluetooth is listen to conversations of people using a headset. And often it is real! At the hacker festival What the Hack in the Netherlands, specialists from the Trifinite group demonstrated how, using a laptop with Linux, a special program and a directional antenna, you can listen to what the driver is saying through a Bluetooth headset passing car. The group developed a program Car Whisperer(“Car Whisperer”). The program's capabilities are relatively limited: you can only listen to those who forgot to change the factory Bluetooth access passwords like
"0000" or "1234". But believe me, there are a lot of such poor fellows! “Whisperer” is able to wedge in and successfully “pair” devices, receiving information transmitted from the card or headset to the mobile phone. I would like to draw your attention: the utility allows you not only to receive information transmitted between the headset and the mobile phone, but also to inject your own information there. We decided to test the capabilities of this program by downloading Car Whisperer from the developers site.
hciconfig adapter class 0x500204
#0x500204 is the "phone" class
Otherwise, some “smart” devices may suspect something is wrong. Let's look at the syntax of the utility, which looks like this:
./carwhisperer “what we inject into the line” “what we capture from the line” “device address” [channel]
We took the embedded file directly from the utility folder, and specified out.raw as the output:
./carwhisperer 0 message.raw /tmp/out.raw
00:15:0E:91:19:73
The output is the file out.raw. You cannot listen to it in its pure form: it must be converted to audio format, which will require an additional utility. Quite a few audio converters will work, for example:
raw –r 8000 –c 1 –s –w out.raw –t wav –r
44100 –c 2 out.wav
In addition to listening, you can log in, view your phone book, and take advantage of other hands-free features with Bluetooth. The principle is this: first, active devices are searched and checked for the HS (Head Set) service. Next, the MAC address of the device is examined and a connection is attempted using a standard key. If the connection is established, then you can do whatever you want with the device (within the available set of AT commands).
In practice it looks like this. First, all active headsets are searched using the “sdptool search HS” command, which produces a response similar to this:
Inquiring...
Searching for HS on 00:0A:3A:54:71:95 ...
Service Name: Headset
Service RecHandle: 0x10009
Service Class ID List:
"Headset" (0x1108)
"Generic Audio" (0x1203)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 7
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
"Headset" (0x1108)
Version: 0x0100
Next, an attempt is made to open an RFCOMM connection to the SCO audio channel using the command “rfcomm connect 2 00:0A:3A:54:71:95 1” and sending the necessary AT commands. Here is a short statistical note about authorization data for some models of wireless headsets:
Nokia (00:02:EE...) - pin="5475"
Audi UHV (00:0E:9F...) - pin="1234"
O"Neill (00:80:37...) - pin="8761"
Cellink (00:0A:94...) - pin="1234"
Eazix (00:0C:84...) - pin="1234"
By the way, the same principle can be used for unauthorized connection and to all other devices. Using AT commands and the RFCOMM protocol, you can, for example, read an SMS message or even send it from someone else’s phone to a paid number, betting the owner of the device on money. Be vigilant!
Trick 7: DDoS BT devices
The approach is traditional. DDoS can really be carried out when the host device (“master”) performs work that is many times greater than the client’s. This situation is called a Denial Of Service attack. It may freeze the phone or cause the battery to drain quickly. There are several ways to carry out an attack. Let's start with standard tools. The most obvious thing is to ping the device with large packets. This can be done by specifying the “-s” flag to the l2ping utility:
# l2ping -s 10000 -b "MAC address"
The program itself, as you already understood, is a relative of ping in a bluetooth environment and serves to check communications and the presence of a connection. Another method, fundamentally different from the first, is to use the “fuzzing” technique - a kind of lottery technique, because it is not known in advance what will happen. This is a new trend in identifying vulnerabilities in products without analyzing source codes. The technique relies only on interactive communication with an object in a language that it understands, but with absolutely chaotic arguments and variable values. The hacker's task would be to make sure that the visible name of the phone consists of a sufficiently large number of elements. Upon detection of his “master” in 70%
cases when an overflow or denial of service occurs:
hciconfig hci0 name `perl -e "print "ash" x 3137"`
# Linux command
hccontrol –n adapter change_local_name “new name”)
# example for FreeBSD
Many phones still cannot process bomb files. Here is a simple implementation of such a technique.
- First, a “bomb” is prepared. Famous example:
echo `perl -e "print "skvz" x 3137"` > file - Then use a modified utility to interact with OBEX - USSP PUSH (xmailserver.org/ussp-push.html)
./obextool push file 00:0A:3A:54:71:95 `perl -e "print "skvz" x 3137"` 3
In the vast majority of cases, the cause of headphone malfunction is a broken wire, but it also happens that the wire breaks at the entrance to the headphone. It also happens that you need to disassemble the earphone for some kind of mod. Doing this is not always as easy as it seems.The article will show you how to disassemble a vacuum earphone similar to a standard Samsung headset and more.
Main parts each earphone two and they are glued together with glue, which makes parsing difficult.
In order to disassemble the earphone, first of all we go through the edge of a knife or blade along the joint of the parts in a circle:
For clarity, I will call the silver part in front of the speaker the front wall, and the back white part the earcup.
Let's use the pliers
Tricks with a knife will not be enough, and to disassemble the earphone you will have to turn to pliers for help:
If you use standard pliers, then there will be nicks on the earphone, so pliers are advisable with flat spouts without cloves. But even with these, you can damage the earphone, for example, in my case, the coating came off a little from the earcups - some kind of varnish, the existence of which I didn’t even know :-) so to be extra careful, it’s better to press with a cloth.
Why put so much pressure at all?
With that How press , we figured it out, now let's deal with the question why push . P The middle wall is glued to the thicket with something like Chinese super glue. This glue is very strong, but also fragile. When squeezing with pliers, a slight cracking sound will be heard. If you can hear it, then you shouldn’t press harder, otherwise the earphone itself will crunch. In this manner, gently squeeze in a circle along the joint.
Taking the earphone apart
Now we try to disconnect, if it doesn’t want to, then crunch it a little more and try to disconnect again)
It is better to do this with a scalpel or an all-metal knife; a paper knife will not work - it may fly apart, which is quite dangerous.
During the disconnection process, it is best to proceed as shown in the photo. tographies - hold onto the outlet of the bowl and, using a knife, resting on your fingers, push out the front wall. I strongly advise against pulling the sound guide with your fingers ( a white thing sticking out of the front wall that you put on embouchure) it’s quite easy to break it off, and break it off in such a way that you can’t restore it later.
That's all :-) This is a simple way to open your headphones. This option is suitable not only for vacuum plugs but also for shells.
