Shmoocon 2017: On Not Reverse Engineering Through Emulation

Right now, I’m at Shmoocon, and it’s living up to all expectations. That’s a tall order — last year, the breakout talk was from [Travis Goodspeed] on his efforts to reverse engineer the firmware for a cheap Chinese radio. Four people in the room for that talk last year bought the radio on Amazon, and now there’s a legitimate open source project dedicated to building firmware and tools to support this radio.

tyteraNow that [Travis] has a few compatriots working on firmware for this radio, he has the same challenges as any other team. The project needs unit tests, and this isn’t easy to do when all the code is locked up inside a radio. Instead of setting up an entire development platform based around a cheap radio, [Travis] came up with a toolchain that’s unlike anything I’ve ever seen. Instead of reverse engineering the firmware for this radio, he’s simply emulating the ARM firmware on the desktop. Development is quick and easy, and he has the live demos to prove it.

The heart of the Tytera radio in question is an STM32F405. This is a pretty common part, and thanks to [Travis]’ work last year, he has all the firmware that ships on this radio. This doesn’t mean he has access to all the radio’s capabilities, though; there’s a black box in the code somewhere that translates .wav files to radio packets and back again. Open sourcing this would usually mean reverse engineering, but [Travis] had a better idea.

Instead of reverse engineering the entire radio, [Travis] is using QEMU to emulate an ARM microcontroller on his desktop, run the relevant code, and completely ignore any actual reverse engineering. Since this radio is already jailbroken and the community has a pretty good idea of where all the functions and subroutines are in the firmware, the most difficult part of pulling this trick off is setting up QEMU.

As a proof of concept, [Travis] downloaded raw AMBE packets from the radio to his laptop. These were then sent through the emulated radio, producing raw audio that was then converted into a .wav file. Effectively, a black box in this radio was emulated, which means [Travis] doesn’t need to know how the black box works.

All the code for this weird emulation / unit test, as well as everything the community has released for this radio is available on the GitHub. A lot of work has gone into the jailbreaking, reverse engineering, and emulation efforts here, making this radio somewhat ironically one of the most open radios you can buy.

Bring Your Palm VII To ShmooCon This Weekend

We’re not even halfway through January, and already the conference season is upon us. This weekend, Hackaday will be attending Shmoocon at the Hilton in Washington, DC. I’ll be there getting the full report on Russian hackers, reverse engineering, and what the beltway looks like with an ice storm during morning rush hour.

What’s in store for Shmoocon attendees? The schedule looks really cool with talks on something like inline assembly in Python, tools for RF reverse engineering, manufacturing and selling a U2F token, emulating ARM firmware, and so much more. Want to attend Shmoocon? Too bad! Tickets sold out in less than 10 seconds, and we’re totally not going to talk about the BOTS Act at all. If you’re clever you can still pick up a barcode on Craigslist for $300-400, but I wouldn’t recommend that.

As we did last year, Hackaday is going to have a lobbycon with Dunkin Saturday morning at 08:30, although which lobby is still up in the air. Check out the Hackaday Twitter for a few real-time updates. This is a bring-a-hack event, and I’ll be showing off how to add 18dBi of gain to a standard ESP8266 module. Show off what you’re working on and get a donut.

The 3D printers of CES

CES is over, and now we can take a step back, distance ourselves from the trade show booths, and figure out where 3D printing will be going over the next year.

The Hype Cycle is a great way to explain trends in fads and technological advances. VR and autonomous cars are very early on the Hype Cycle right now. Smartphones are on the plateau of productivity. 3D printing is head-down in the trough of disillusionment.

For this year’s CES, 3D printing is not even a product category. In fact, the official documentation I found at Prusa’s booth listed their company in the ‘Assistive Technologies’ category. These are dark days for the public perception of 3D printing. The source of this perception can be brilliantly presented in a pair of graphs:


The perception of 3D printing has been tied inexorably to Makerbot. Makerbot presented the only 3D printer on The Colbert Report. Only Makerbot had their 3D printing storefronts featured on CNN. It’s been like this for half a decade, and hopefully things will get better.

This doesn’t mean 3D printing isn’t improving. In fact, it’s the best it’s ever been. CES had the most innovative printers I’ve seen in years. I caught a glimpse of this year’s top-selling printer (and it launches in April). Resin machines are going to be very popular soon. What did CES have to offer? Check it out below.

Continue reading “The 3D printers of CES”

CES2017: Astrophotography In The Eyepiece

If you’ve never set up a telescope in your back yard, you’ve never been truly disappointed. The Hubble can take some great shots of Saturn, nebulae, and other astronomical phenomena, but even an expensive backyard scope produces only smudges. To do astronomy properly, you’ll spend your time huddled over a camera and a computer, stacking images to produce something that almost lives up to your expectations.

At CES, Unistellar introduced a device designed to fit over the eyepiece of a telescope to do all of this for you.

According to the guys at Unistellar, this box contains a small Linux computer, camera, GPS, and an LCD. Once the telescope is set up, the module takes a few pictures of the telescope’s field of view, stacks the images, and overlays the result in the eyepiece. Think of this as ‘live’ astrophotography.

In addition to making Jupiter look less like a Great Red Smudge, the Unistellar module adds augmented reality; it knows where the telescope is pointing and will add a label if you’re looking at any astronomical objects of note.

While I wasn’t able to take a look inside this extremely cool device, the Unistellar guys said they’ll be launching a crowdfunding campaign in the near future.

Hackaday Links: January 8, 2017

What do you get when mindless automatons with no capacity for reason or logic converse? While you discuss that in the comments, here are two chatbots on Twitch. The highlights? A few hours ago they were doing the cutesy couple, “‘I love you more!’, ‘No, I love you more!'” thing. This was ended by, “Error, cannot connect to server.” Even robot love is not eternal.

3D printer nozzles wear out. Put a few hundred hours on a brass nozzle, and you’re not going to get the same print quality as when you started. This has led to stainless and silly-con carbide nozzles. Now there’s a ruby nozzle. It’s designed by [Anders Olsson], the same guy who’s using an Ultimaker to print neutron shielding. This guy is a nuclear engineer, and he knows his stuff. This is a nozzle designed to not grind contaminants into extruded plastic, and it looks cool, too.

This is the eighth day of the year, but the guild of independent badge makers of DEF CON are already hard at work. AND!XOR is working on the DC25 badge, that promises to be bigger, badder, and more Bender. I’m loving the Hunter S. Bender theme.

Anyone can design a PCB, but how do you panelize multiple PCBs? There’s a lot to consider – routing, mouse bites, and traces for programming the board while still panelized. This is the best solution we’ve seen. It’s a GUI that allows you to organize Gerbers on a panel, rotate them, add routes and cutouts, and generally do everything a board house does. It’s all Open Source and everything is available on GitHub.

[ducksauz] found a very old ‘computer trainer’ on eBay. It’s a DEC H-500, built to explain the basics of digital electronics and semiconductors to a room full of engineering students. It is an exceptionally beautiful piece of equipment with lovely hand-drawn traces and ‘surface mounted’ 7400 chips mounted on the back side.

CES2017: Complete Register Documentation For The C.H.I.P.

Last October, Next Thing Co., makers of the popular C.H.I.P. platform unleashed the C.H.I.P. Pro, a very capable Linux system on a tiny board. The goal of the C.H.I.P. Pro is to be the brains of a project or product, similar to the Gumstix boards from an ancient era long before the Raspberry Pi.

Introduced alongside the C.H.I.P. Pro was a fantastic little device. The GR8 module is a complete Linux system on a chip, with an ARM Cortex-A8 processor and 256 MB of RAM, all on a relatively small BGA chip. This is a drop-in part that gives any piece of hardware a Linux brain.

There was a datasheet at the time the C.H.I.P. Pro and GR8 module were released, but a datasheet can only go so far. What you really need to use a Linux system on a module is a massive tome filled with descriptions of registers and all the hardware nooks and crannies needed to get the part working. At CES this week, Next Thing Co. brought what everyone has been asking for: an NDA-free complete register documentation for the core they’re using on the GR8 module. This is 400 pages of spiral-bound goodness that will tell you how to do everything with this chip.

Using the C.H.I.P. for products

When the C.H.I.P. was first released, it was easy to write it off as a board glomming on to the popularity of the Raspberry Pi. However, Next Thing Co. didn’t start with the C.H.I.P. – they started with Otto, an animated gif camera built around the Raspberry Pi compute module. The Otto was successful, but the compute module is a little expensive, so Next Thing Co. turned their attention to building a modern, inexpensive version of the old Gumstix boards.

The C.H.I.P. Pro and GR8 is the culmination of this work, and already a few companies have used it in production. At the Next Thing Co. suite, they showed off a new version of the Outernet base station powered by the C.H.I.P. Pro, and the TRNTBL, a wireless, Bluetooth, Airplay, and Spotify-connected turntable.

To illustrate how easy using the C.H.I.P. Pro in a product is, the guys at Next Thing Co. removed the Pi-powered guts of an Otto and replaced it with a C.H.I.P. Pro. There wasn’t much inside – just a battery, camera module, and a few bits and bobs. That’s great for anyone who wants to build a product that needs a relatively fast chip running Linux, and the stuff from Next Thing Co. makes it easy.