Downloading Data Through The Display

HIPAA – the US standard for electronic health care documentation – spends a lot of verbiage and bureaucratese on the security of electronic records, making a clear distinction between the use of records by health care worker and the disclosure of records by health care workers. Likewise, the Federal Information Security Management Act of 2002 makes the same distinction; records that should never be disclosed or transmitted should be used on systems that are disconnected from networks.

This distinction between use and disclosure or transmission is of course a farce; if you can display something on a screen, it can be transmitted. [Ian Latter] just gave a talk at Kiwicon that provides the tools to do just that. He calls it ThruGlassXfer (TGXf), and it does exactly what it says on the tin: anything that can be displayed on a screen can be transmitted. All you need are the right tools.

Continue reading “Downloading Data Through The Display”

Logic Simulator Atanua Goes Free, Possibly Open Source

The history of software is littered with developers that built a great product, gave people a reasonable option to license the software, and ended up making a pittance. There’s a reason you don’t see shareware these days – nobody pays. It looks like [Gates] had a point with his Open Letter to Hobbyists.

Such is the case with Atanua. [Jari] built a nice little graphical logic simulator that has tens of thousands of downloads, and is being used in dozens of universities. [Jari] has sold only about 60 licenses for Atanua, netting him only a few thousand Euro. You can’t develop software with a pittance, so now [Jari] is giving Atanua away. This neat little logic simulator has reached the end of its life, the license is free, and [Jari] is out of the business.

This isn’t an ideal situation, but [Jari] is strongly considering open-sourcing Atanua. The code is a little bit of a mess at the moment, and cleaning it up will require a bit of work. [Jari] is leaving the option to buy a license for Atanua open, and anyone who wants to see this bit of software open sourced could buy a license or hundred.

While this isn’t great news for [Jari], if you’re looking for a neat tool to learn digital logic, you now have a very nice free option. Atanua simulates individual logic gates, 74-series chips, and even an 8051 microcontroller in real-time (up to about 1 kHz), with enough buttons, LEDs, and displays to do some very cool stuff. It’s more than enough to learn digital logic on, and good enough for a test bed for some odd and bizarre projects you might have floating around your head.

USB On The Teensy 3 From The Ground Up

When implementing USB on a microcontroller, most people are going to reach for V-USB if they’re using an AVR, one of Microchip’s USB libraries if a PIC is involved, or any number of the USB libraries for various ARM processors. [Kevin] had a different idea. As a challenge to himself, he wrote a USB device driver for the Teensy 3.1 microcontroller board, getting as close to the bare metal as he could get.

Writing a USB device driver first required a literature review. There are a few peculiarities in the Freescale K20 family of microcontrollers – the one found in the Teensy 3.1 – that dictate the need for a specific memory layout, using several clocks, and handling all the USB descriptors. [Kevin] started with the clocks, every last one of which must be enabled. The clock is generated by the Multipurpose Clock Generator from a 16MHz crystal, PLL’ed to the frequencies the USB module needs, and sent out over the System Integration Module.

Following the flowcharts and sequences found in the Freescale reference guide told [Kevin] exactly what needed to be done with the startup sequence, and offered a few suggestions on what needed to be done to set up all the interrupts. [Kevin] spent an incredible amount of time documenting, programming, and smashing his head against the keyboard for this tutorial, but he does give everyone a great opportunity to learn from his struggles.

While [Kevin] has a mostly complete USB device driver, his work is far from done. That’s alright, because this project wasn’t meant to be a full-featured driver; it’s still missing real error handling, strings in the configuration, and a real VID/PID. That’s alright, it’s still a great exercise in building something from scratch, especially something that very few people have built successfully.

Oh, blatant Hackaday Store plug for the Teensy 3.1.

Reverse Engineering Capcom’s Crypto CPU

There are a few old Capcom arcade titles – Pang, Cadillacs and Dinosaurs, and Block Block – that are unlike anything else ever seen in the world of coin-ops. They’re old, yes, but what makes these titles exceptional is the CPU they run on. The brains in the hardware of these games is a Kabuki, a Z80 CPU that had a few extra security features. why would Capcom produce such a thing? To combat bootleggers that would copy and reproduce arcade games without royalties going to the original publisher. It’s an interesting part of arcade history, but also a problem for curators: this security has killed a number of arcade machines, leading [Eduardo] to reverse engineering and document the Kabuki in full detail.

While the normal Z80 CPU had a pin specifically dedicated to refreshing DRAM, the Kabuki repurposed this pin for the security functions on the chip. With this pin low, the Kabuki was a standard Z80. When the pin was pulled high, it served as a power supply input for the security features. The security – just a few bits saved in memory – was battery backed, and once this battery was disconnected, the chip would fail, killing the game.

Plugging Kabuki into an old Amstrad CPC 6128 without the security pin pulled high allowed [Eduardo] to test all the Z80 instructions, and with that no surprises were found; the Kabuki is fully compatible with every other Z80 on the planet. Determining how Kabuki works with that special security pin pulled high is a more difficult task, but the Mame team has it nailed down.

The security system inside Kabuki works through a series of bitswaps, circular shifts, XORs, each translation different if the byte is an opcode or data. The process of encoding and decoding the security in Kabuki is well understood, but [Eduardo] had a few unanswered questions. What happens after Kabuki lost power and the memory contents – especially the bitswap, address, and XOR keys – vanished? How was the Kabuki programmed in the factory? Is it possible to reprogram these security keys, allowing one Kabuki to play games it wasn’t manufactured for?

[Eduardo] figured being able to encrypt new, valid code was the first step to running code encrypted with different keys. To test this theory, he wrote a simple ‘Hello World’ for the Capcom hardware that worked perfectly under Mame. While the demo worked perfectly under Mame, it didn’t work when burned onto a EPROM and put into real Capcom hardware.

That’s where this story ends, at least for the time being. The new, encrypted code is valid, Mame runs the encrypted code, but until [Eduardo] or someone else can figure out any additional configuration settings inside the Kabuki, this project is dead in the track. [Eduardo] will be back some time next week tearing the Kabuki apart again, trying to unravel the mysteries of what makes this processor work.

Making MicroView Wordy

Despite the MicroView shipping a ton of units, we haven’t seen many projects using this tiny Arduino and OLED display in a project. Never fear, because embedded systems engineer, podcaster, and Hackaday Prize judge [Elecia White] is here with a wearable build for this very small, very cool device.

The size and shape of the MicroView just cried out to be made into a ring, and for that, [Elicia] is using air-drying bendy polymer clay. To attach the clay to the MicroView, [Elecia] put some female headers in a breadboard, and molded the clay over them into a ring shape. It works, and although [Elecia] didn’t do anything too tricky with the headers and clay, there are some interesting things you could do running wires through the clay.

What does this ring do? It’s a Magic 8 Ball, a game of Pong controlled by an accelerometer, a word-of-the-day thing (with definitions), all stuffed into a brass silicon, OLED, and clay knuckle. Video below.

If you’re wondering, Turbillion (n). A whirl; a vortex.

Continue reading “Making MicroView Wordy”

Over-engineering Ding Dong Ditch

One day, [Samy]’s best friend [Matt] mentioned he had a wireless doorbell. Astonishing. Even more amazing is the fact that anyone can buy a software defined radio for $20, a small radio module from eBay for $4, and a GSM breakout board for $40. Connect these pieces together, and you have a device that can ring [Matt]’s doorbell from anywhere on the planet. Yes, it’s the ultimate over-engineered ding dong ditch, and a great example of how far you can take practical jokes if you know which end of a soldering iron to pick up.

Simply knowing [Matt] has a wireless doorbell is not enough; [Samy] needed to know the frequency, the modulation scheme, and what the doorbell was sending. Some of this information can be found by looking up the FCC ID, but [Samy] found a better way. When [Matt] was out of his house, [Samy] simply rang the doorbell a bunch of times while looking at the waterfall plot with an RTL-SDR TV tuner. There are a few common frequencies tiny, cheap remote controls will commonly use – 315 MHz, 433 MHz, and 900 MHz. Eventually, [Samy] found the frequency the doorbell was transmitting at – 433.8 MHz.

After capturing the radio signal from the doorbell, [Samy] looked at the audio waveform in Audacity. It looked like this doorbell used On-Off Keying, or just turning the radio on for a binary ‘1’ and off for a binary ‘0’. In Audacity, everything the doorbell transmits becomes crystal clear, and with a $4 434 MHz transmitter from SparkFun, [Samy] can replicate the output of the doorbell.

For the rest of the build, [Samy] is using a mini GSM cellular breakout board from Adafruit. This module listens for any text message containing the word ‘doorbell’ and sends a signal to an Arduino. The Arduino then sends out the doorbell code with the transmitter. It’s evil, and extraordinarily over-engineered.

Right now, the ding dong ditch project is set up somewhere across the street from [Matt]’s house. The device reportedly works great, and hopefully hasn’t been abused too much. Video below.

Continue reading “Over-engineering Ding Dong Ditch”

Fail of the Week: Teddy Top and Fourteen Fails

Last summer, [Quinn] made the trip out to KansasFest, the annual Apple II convention in Kansas City, MO. There, she picked up the most modern Apple II system that wasn’t an architecturally weird IIGS: she lugged home an Apple IIc+, a weird little machine that looks like an old-school laptop without a screen.

Not content with letting an old computer just sit on a shelf looking pretty, [Quinn] is working on a project called the Teddy Top. ‘Teddy’ was one of the code names for the Apple IIc, and although add-ons to turn this book-sized computer into something like a laptop existed in the 80s, these solutions have not withstood the test of time. [Quinn] is building her own clamshell addition to her IIc+, and somehow failing at something she’s done hundreds of times before.

While the IIc+ has an NTSC composite output, the super-special video add-ons for the IIc+ used a DB15 expansion connector. Here, any add-on could access video sync signals, the a sound signal from the audio circuit, and even a +12V line that could drive loads up to 300 mA. It just so happened the display [Quinn] is using for this project runs at 12V, 200 mA. Everything was great, but as a worthy trustee of this computer’s Earthly existence, [Quinn] thought a bit of current limiting should be included in her addon. She designed a circuit around an NPN power transistor, that would allow the display to draw power until the load was around 250mA. After that, the transistor would start dumping excess power as heat. Yes, a fuse would be better. [Quinn] calls this Fail #1. There are thirteen more to go.

Continue reading “Fail of the Week: Teddy Top and Fourteen Fails”