Judge Spotlight: Sprite_TM

Sprite_TM

His friends call him [Jeroen], but everyone else on the Internet knows this god of hacks and mods as [Sprite_TM]. He’s done everything from hacking hard drive controllers to making the best computer ever made even better. As one of the preeminent hardware hackers around, we’re proud to have [Sprite] as a judge in The Hackaday Prize, and happy to interview him on his thoughts on connected devices, the cloud-based Internet of Things, and his process of opening up black box devices for some sometimes subtle modifications.


judge-spotlight-q5You’re well known for your highly technical electronic hacks on your
blog SpritesMods. What about the professional side of your life, what kind
of projects keep you busy there?

judge-spotlight-a5I’m a software developer for a big broadcasting equipment manufacturer. Every now and then a hardware project comes along and I try to grab those too.

[Read more...]

[Sprite_TM] OHM2013 Talk: Hacking hard drive controller chips

hacking-hard-drive-controllers

Even if he hadn’t done any firmware hacking on this hard drive [Sprite_TM's] digital exploration of the controller is fascinating. He gave a talk at this year’s Observe, Hack, Make (OHM2013) — a non-commercial community run event in the Netherlands and we can’t wait for the video. But all the information on how he hacked into the three-core controller chip is included in his write up.

[Sprite_TM] mentions that you’re not going to find datasheets for the controllers on these drives. He got his foot in the door after finding a JTAG pinout mentioned on a forum post. The image above shows his JTAG hardware which he’s controlling with OpenOCD. This led him to discover that there are three cores inside the controller, each used for a different purpose. The difference between [Sprite_TM's] work and that of mere mortals is that he has a knack for drawing surprisingly accurate conclusions from meager clues. To see what we mean check out the memory map for the second core which he posted on page 3 or his article.

Using JTAG he was able to inject a jump into the code (along with a filler word to keep the checksum valid) and run his own code. To begin the firmware hacking portion of the project he pulled the flash ROM off of the board and installed it on that little board sticking out on the left. This made it easy for him to backup and reflash the chip. Eventually this let him pull off the same proof of concept as a firmware-only hack (no JTAG necessary). He goes onto detail how an attacker who has root access could flash hacked firmware which compromises data without any indication to they system admin or user. But we also like his suggestion that you should try this out on your broken hard drives to see if you can reuse the controllers for embedded projects. That idea is a ton a fun!

When we were poking around the OHM2013 website (linked above) we noticed that the tickets are sold out; good for them! But if you were still able to buy them they take Bitcoin as one payment option. Are there any other conferences that allow Bitcoin for registration?

[Sprite_tm] connects an LCD to a tiny Linux board

One of [Sprite_tm]‘s colleagues recently challenged him to connect a small LCD touch screen to a Raspberry Pi. Sadly, [Sprite_tm] has yet to take delivery of a Raspberry Pi, but he did manage to connect an LCD to a Linux board without video capabilities.

Because [Sprite_tm]‘s display has a 16-bit parallel interface, and 16 GPIO pins are hard to come by on the Carambola Linux board, a few shift registers had to be brought into the build to make the LCD work. These shift registers are connected to the Carambola board via an SPI interface; a very simple way to connect all the LCD pins to the Linux board.

Of course, there’s no way for Linux to speak to the LCD without a kernel driver; [Sprite_tm] wrote a framebuffer driver so the LCD can be used as a console, an X session, or used by any other program that can write to a framebuffer device.

Like all good driver authors, [Sprite_tm] is giving away the patch to enable SPI-ified LCD panels on the Carambola along with the shift register schematic. With any luck we’ll also see the Raspi drivers when [Sprite_tm] takes delivery of his Raspberry Pi.

[Sprite_tm]‘s three-component FM transmitter

When the Regency TR-1 transistor radio came out onto the market in the 1950s, it was hailed as a modern marvel of microelectronics. With only four transistors and a handful of other components, the TR-1 was a wonder of modern engineering. [Sprite_tm] may have those old-timers beat, though. He built an FM transmitter with the lowest parts count of any transmitter ever.

Like most of [Sprite_tm]‘s builds, it’s an unimaginably clever piece of work. [Sprite] overclocked the internal RC oscillator of an ATtiny45 to 24 MHz. After realizing the PLL running at four times the frequency of the oscillator was right in the middle of the FM band, he set about designing a tiny FM transmitter.

[Sprite_tm] remembered his work on MONOTONE and made a short song for hit ATtiny. The firmware for the build takes the notes from his song and varies the 96 MHz PLL frequency a tiny bit, thereby serving as a tiny FM transmitter.

Does it work? Well, if you want to compare it to a Mister Microphone, the range is incredibly limited. That being said it works. It’s an FM transmitter built out of a microcontroller and a battery, and that’s very impressive. Check out [Sprite_tm]‘s demo after the break.

[Read more...]

Homebrew NSA Bugs

NSA

Thanks to [Edward Snowden] we have a huge, publicly available catalog of the very, very interesting electronic eavesdropping tools the NSA uses. Everything from incredibly complex ARM/FPGA/Flash modules smaller than a penny to machines that can install backdoors in Windows systems from a distance of eight miles are available to the nation’s spooks, and now, the sufficiently equipped electronic hobbyist can build their own.

[GBPPR2] has been going through the NSA’s ANT catalog in recent months, building some of the simpler radio-based bugs. The bug linked to above goes by the codename LOUDAUTO, and it’s a relatively simple (and cheap) radar retro-reflector that allows anyone with the hardware to illuminate a simple circuit to get audio back.

Also on [GBPPR2]‘s build list is RAGEMASTER, a device that fits inside a VGA cable and allows a single VGA color channel to be viewed remotely.

The basic principle behind both of these bugs is retroreflection, described by the NSA as a PHOTOANGLO device. The basic principle behind these devices is a FET in the bug, with an antenna connected to the drain. The PHOTOANGLO illuminates this antenna and the PWM signal sent to the gate of the FET modulates the returned signal. A bit of software defined radio on the receiving end, and you have your very own personal security administration.

It’s all very cool stuff, but there are some entries in the NSA catalog that don’t deal with radio at all. One device, IRATEMONK, installs a backdoor in hard drive controller chips. Interestingly, Hackaday favorite and current Hackaday Prize judge [Sprite_TM] did something extremely similar, only without, you know, being really sketchy about it.

While we don’t like the idea of anyone actually using these devices, the NSA ANT catalog is still fertile ground for project ideas.

[Read more...]

Micro-Robots Made at Home, Who Needs DARPA Funding?

microbots

We love it when this happens. Sometimes we post about cool technology that companies are developing which might start an outcry of “not a hack” — but then, just sometimes, it still inspires a few readers. [Jeroen Domburg] — who everyone knows as [Sprite_TM] and is a judge for The Hackaday Prize] — saw a recent video about micro robots, a project funded by DARPA, and decided to try making his own.

We shared the original story a few months ago about these replicator like micro-robots, which can quite literally swarm over surfaces, use tools, and manufacture micro-sized parts. The robots themselves are actually just dumb little magnets — the magic is in the surface underneath them.

This sparked an interest in several people, and [Mike] made a very simple version of it, capable of 1-dimensional movement. This inspired [Sprite_TM] to step it up a notch, with his own 2-dimensional version. He’s designed his own PCB that allows him to run current in various directions through the traces of the board — this effectively allows him to control a small neodymium magnet to go whichever way he wants.

[Read more...]

The Hackaday Prize: You Build Open Hardware, We Send You to Space

 

For weeks we’ve been teasing you that something BIG was coming. This is it. Six months from now one hardware hacker will claim The Hackaday Prize and in doing so, secure the grand prize of a trip into space.

You have the skills, the technology, and the tenacity to win this. Even if you don’t take the top spot there’s loot in it for more than one winner. To further entice you, there are eyebrow-raising prizes for all five of the top finishers, and hundreds of other rewards for those that build something impressive. You can win this… you just need to take the leap and give it your all.

[Read more...]