The first full day of DEF CON was packed with hacking hardware and cars. I got to learn about why your car is less secure than you might think, pick some locks, and found out that there are electronic DEF CON badges after all. Keep reading for all the detail.
Our Chrome browser thinks it’s a Chromecast dongle. Here’s a screenshot of it playing a YouTube video. Note the tile banner and onscreen controls which are just like the ones you’d see on the actual hardware. Give it a try yourself by downloading the Leapcast Python package which [dz0ny] programmed.
After cloning the GitHub repo we had a few problems compiling the package. Turns out we needed to install python-dev and that took care of it. Starting the daemon is a simple command, we specified our Chrome binary path as well as added a few flags
leapcast --name HAD --chrome /usr/bin/google-chrome --fullscreen
Once that was running the Android YouTube app automatically detected Leapcast as a Chromecast device. It gave us a tutorial overlay mentioning the new share icon on the interface. Pressing that icon during playback launched an Incognito window which played the video. [dz0ny] links to a device config JSON file in the README. If you check it out you’ll notice that Netflix is listed as “external” while the others are not. This is because the Chromecast protocol uses a binary for Netflix. The others do it with local websockets or a cloud proxy so they work just fine with this setup.
There are basically two ways to compute data. The first is with a DSP, a chip that performs very specialized functions on a limited set of data. These are very cheap, have amazing performance per watt, but can’t do general computation at all. If you’d like to build a general-purpose computer, you’ll have to go with a superscalar processor – an x86, PowerPC, or any one of the other really beefy CPU architectures out there. Superscalars are great for general purpose computing, but their performance per watt dollar is abysmal in comparison to a DSP.
A lot of people have looked into this problem and have come up with nothing. This may change, though, if [Ivan Godard] of Out-of-the-Box computing is able to produce The Mill – a ground-up rethink of current CPU architectures.
Unlike DSPs, superscalar processors you’d find in your desktop have an enormous amount of registers, and most of these are rename registers, or places where the CPU stores a value temporarily. Combine this with the fact that connecting hundreds of these temporary registers to places where they’ll eventually be used eats up about half the power budget in a CPU, and you’ll see why DSPs are so much more efficient than the x86 sitting in your laptop.
[Ivan]‘s solution to this problem is replacing the registers in a CPU with something called a ‘belt’ – basically a weird combination of a stack and a shift register. The CPU can take data from any position on the belt, perform an operation, and places the result at the front of the belt. Any data that isn’t used simply falls off the belt; this isn’t a problem, as most data used in a CPU is used only once.
On paper, it’s a vastly more efficient means of general purpose computation. Unfortunately, [Ivan] doesn’t quite have all the patents in for The Mill, so his talks (two available below) are a little compartmentalized. Still, it’s one of the coolest advances in computer architecture in recent memory and something we’d love to see become a real product.
Even if he hadn’t done any firmware hacking on this hard drive [Sprite_TM's] digital exploration of the controller is fascinating. He gave a talk at this year’s Observe, Hack, Make (OHM2013) — a non-commercial community run event in the Netherlands and we can’t wait for the video. But all the information on how he hacked into the three-core controller chip is included in his write up.
[Sprite_TM] mentions that you’re not going to find datasheets for the controllers on these drives. He got his foot in the door after finding a JTAG pinout mentioned on a forum post. The image above shows his JTAG hardware which he’s controlling with OpenOCD. This led him to discover that there are three cores inside the controller, each used for a different purpose. The difference between [Sprite_TM's] work and that of mere mortals is that he has a knack for drawing surprisingly accurate conclusions from meager clues. To see what we mean check out the memory map for the second core which he posted on page 3 or his article.
Using JTAG he was able to inject a jump into the code (along with a filler word to keep the checksum valid) and run his own code. To begin the firmware hacking portion of the project he pulled the flash ROM off of the board and installed it on that little board sticking out on the left. This made it easy for him to backup and reflash the chip. Eventually this let him pull off the same proof of concept as a firmware-only hack (no JTAG necessary). He goes onto detail how an attacker who has root access could flash hacked firmware which compromises data without any indication to they system admin or user. But we also like his suggestion that you should try this out on your broken hard drives to see if you can reuse the controllers for embedded projects. That idea is a ton a fun!
When we were poking around the OHM2013 website (linked above) we noticed that the tickets are sold out; good for them! But if you were still able to buy them they take Bitcoin as one payment option. Are there any other conferences that allow Bitcoin for registration?
If you’re reading this blog then chances are you have a dead hard drive hanging out somewhere in your house. Here’s a weekend project that will put it back into use. [Andreas] took on the popular project which combines a hard drive and optical mouse to build a scratch controller.
The gist of the build is that you use an optical mouse sensor to track the movement of the platter. But [Andreas] made things harder on himself by not using the USB capability of the mouse and mapping it in software for his needs. Instead he plucked the sensor from the mouse, reading it using an Arduino. After much trial and error with the best way to coat the underside of the platter to play nicely with the sensor he managed to get it up and running. The controller issues commands using the MIDI protocol, forming a strong foundation for future upgrades which could lead to a full-blown DJ console hack.
With 3D printers finding their way into the workshops of makers the world over, it was bound to happen sooner or later. [Ivan Sentch] is making an Aston Martin DB4 with a 3D printer.
Before we board the hype train, let’s go over what this is project is not: [Ivan] isn’t making any metal parts with his 3D printer, and the chassis and engine will be taken from a donor car. Also, the printed plastic parts won’t actually make their way into the final build; the 3D printed body panels will be used to pull the final panels in fiberglass. That being said, it’s still an impressive undertaking that’s going to cost [Ivan] $2250 NZD in plastic alone.
[Ivan]‘s body panels are made by taking a DB4 model in Solidworks, slicing it up into 105mm squares, giving each square extruded sides, and finally securing them to the wooden form after the parts are printed. There’s still an awful lot of work to be done once the 3D printed parts are all glued together, but it’s still an amazingly impressive – and cheap – way to create a replica of a very famous automobile.
Here’s another entry in the 2013 Intern Design Challenge which motivates summer Interns at Texas Instruments to build something cool for one of a handful of embedded platforms. This entry, developed by [Michael Leonard] is a cape for the BeagleBone Black which has footprints for a bunch of different sensors.
Use it to turn your BeagleBone into a weather station by populating the temperature, pressure, and humidity sensors. Or perhaps you’d prefer an IMU for your next quadcopter by populating the MPU-9150 chip on the pad labeled ‘9-Axis’. This part is an accelerometer, gyroscope, and digital compass all in one. There’s also room for a light sensor and an IR remote control receiver, with the large square pads on the right servung as breakouts for input buttons. If you want all the nitty-gritty on the sensors he designed for [Michael's] done a great job of compiling a reference manual for the board.