Vintage Computer Festival Switzerland This Weekend

This weekend marks the Vintage Computer Festival Europe – Switzerland, a two-day extravaganza of vintage hardware held in Zurich, Switzerland.

Of interest for this VCF will be an LGP-30 replica (a computer without RAM or ROM released in 1956), an IBM System/360 front panel, lots of blinkenlights, Swiss computers, and [Oscarv], creator of the very successful PiDP-8/I project on Hackaday.io, will be there with his minified PiDP-11/70. If you don’t have one of [Oscar]’s PiDP8 machines sitting on your desk yet, don’t worry — the 11/70 is the one you really want. It is beautiful.

As you would expect from a Vintage Computer Festival, all the standards will be there. The flea market is open, soldering stations are present, talks will be held, and very old and very rare hardware will be blinking. From our experience with Vintage Computer Festivals, Europe does it right. Last year’s festival in Munich was a blast, and this year’s celebration in Zurich looks like it will be as well.

iPhone NVMe Chip Reversed with Custom Breakout Boards

Ever so slowly, the main storage in our computers has been moving from spinning disks, to SSDs over SATA, to Flash drives connected to a PCI something or other. The lastest technology is NVMe — Non-Volitile Memory Express — a horribly named technology that puts a memory controller right on the chip. Intel has a PCI-based NVMe drive out, Samsung recently released an M.2 NVMe drive, and the iPhone 6S and 6S Plus are built around this storage technology.

New chips demand a reverse engineering session, and that’s exactly what [Ramtin Amin] did. He took a few of these chips out of an iPhone, created a board that will read them, and managed to analize the firmware.

Any reverse engineering will begin with desoldering the chip. This is easy enough, with the real trick being getting it working again outside whatever system it was removed from. For this, [Ramtin] built his own PCIe card with a ZIF socket. This socket was custom-made, but the good news is you can buy one from ITEAD. Yes, it is expensive — that’s what you get with a custom-made ZIF socket.

With the chip extracted, a custom PCIe card, and a bit of work with the NVMe implementation for Linux, [Ramtin] had just about everything working. Eventually, he was able to dump the entire file system on the chip, allowing anyone to theoretically back up the data on their iPhone or MacBook Air. Of course, and especially for the iPhone, this data is encrypted. It’s not possible to clone an iPhone using this method, but it is a remarkably deep dive into the hardware that makes our storage tick.”

Creating A PCB In Everything: KiCad, Part 1

This is the continuation of a series of articles demonstrating how to Create A PCB In Everything. In this series, we take a standard reference circuit and PCB layout — a simple ATtiny85 board — and build it with different PCB design tools. Already, we’ve taken a look at the pre-history of PCB design with Protel Autotrax, we learned Fritzing is a joke for PCB design, and we’ve done a deep dive into Eagle. Each of these tutorials serves two purposes. First, it is a very quick introduction to each PCB design tool. Second, this series provides an overall comparison between different PCB design tools.

Now, finally, and after many complaints, it’s time for the tutorial everyone has been waiting for. It’s time for KiCad.

No, like the head of the Bajoran clergy

Although KiCad (pronounced ‘Kai-Cad’ like the head of the Bajoran clergy, not ‘Key-Cad’ like the thing that goes in a lock) is the new hotness when it comes to PCB design. The amazing growth of KiCad installations over the past few years is a long time coming. In development since 1992, KiCad has cemented itself as the premier Open Source PCB design suite, and since 2013 CERN has been making contributions to the project. More recently, the KiCad project has been showing off some amazing new features. These include 3D rendering of boards, interactive routing, push-and-shove, simulation, and dozens of other features that put it on a path to being on par with the top of the line EDA suites. Add in some great community contributions, and you have something really, really amazing. All of this is wrapped up in an Open Source license, free as in speech and beer. If you’re looking for the future of PCB design, Eagle is going to get very good but KiCad is almost there now while being Open Source.

Continue reading “Creating A PCB In Everything: KiCad, Part 1”

PoisonTap Makes Raspberry Pi Zero Exploit Locked Computers

[Samy Kamkar], leet haxor extraordinaire, has taken a treasure trove of exploits and backdoors and turned it into a simple hardware device that hijacks all network traffic, enables remote access, and does it all while a machine is locked. It’s PoisonTap, and it’s based on the Raspberry Pi Zero for all that awesome tech blog cred we crave so much.

PoisonTap takes a Raspberry Pi Zero and configures it as a USB Gadget, emulating a network device. When this Pi-come-USB-to-Ethernet adapter is plugged into a computer (even a locked one), the computer sends out a DHCP request, and PoisonTap responds by telling the machine the entire IPv4 space is part of the Pi’s local network. All Internet traffic on the locked computer is then sent over PoisonTap, and if a browser is running on the locked computer, all requests are sent to this tiny exploit device.

With all network access going through PoisonTap, cookies are siphoned off, and the browser cache is poisoned with an exploit providing a WebSocket to the outside world. Even after PoisonTap is unplugged, an attacker can remotely send commands to the target computer and force the browser to execute JavaScript. From there, it’s all pretty much over.

Of course, any device designed to plug into a USB port and run a few exploits has a few limitations. PoisonTap only works if a browser is running. PoisonTap does not work on HTTPS cookies with the Secure cookie flag set. PoisonTap does not work if you have filled your USB ports with epoxy. There are a thousand limitations to PoisonTap, all of which probably don’t apply if you take PoisonTap into any office, plug it into a computer, and walk away. That is, after all, the point of this exploit.

As with all ub3r-1337 pen testing tools, we expect to see a version of PoisonTap for sale next August in the vendor area of DEF CON. Don’t buy it. A Raspberry Pi Zero costs $5, a USB OTG cable less than that, and all the code is available on Github. If you buy a device like PoisonTap, you are too technically illiterate to use it.

[Samy] has a demonstration of PoisonTap in the video below.

Continue reading “PoisonTap Makes Raspberry Pi Zero Exploit Locked Computers”

Crowdfunding: Oh Great, Now Anyone Can Invest In An Indiegogo Campaign

Crowdfunding site Indiegogo has partnered with equity crowdfunding startup Microventures to allow anyone to invest in startups.

The comment sections of crowdfunding sites are almost as bad as YouTube. For every crowdfunding campaign that ships on time, you’ll find dozens that don’t. Thousands of people are angry their Bluetooth-enabled Kitten Mittens won’t be delivered before Christmas. Deep in the comments for these ill-conceived projects, you’ll find a common thread. The backers of these projects invested, and they demand a return. This, of course, is idiotic. Backing a project on Indiegogo or Kickstarter isn’t an investment. It is effectively burning money with the hope Kitten Mittens will eventually show up in your mailbox. Until now.

For an actual investment, there are regulations that must be met. The groundwork for this appeared last year when the Securities and Exchange Commission (SEC) introduced rules for equity crowdfunding. These rules include limitations on how much an individual may invest per year (a maximum of $2,000 or 5% of income, whichever is greater, for individuals with an income less than $100,000 per year), how much money these companies can raise ($1M in a 12-month period), and how an individual can invest in these companies.

Right now, the startups shown on Indiegogo and Microventures include an MMORPG, a distillery and cocktail bar in Washington, DC, a ‘social marketplace for music collaboration’, and a Bluetooth-enabled supercapacitor-powered “Gameball™”. All of these projects actually have documentation, and while the legitimacy of each crowdfunding project is highly dependent on the individual investor, there is a lot more data here than your traditional Indiegogo campaign.

This isn’t fire and brimstone and physics-defying electronic baubles raining down on the common investor, as you would expect from a traditional crowdfunding site tapping into the SEC rules on equity crowdfunding. This is, after all, only a partnership between Indiegogo and Microventures, one of the investment ‘funding portals’ that grew out of the equity crowdfunding regulations. In short, putting an investment opportunity up on Indiegogo will require more effort than a project that is just a few renders of a feature-packed smartphone or a video game with stolen assets.

If anything, this is just the continuation of what we’ve had for the past year. Since the SEC released the final regulations for equity crowdfunding, there have been a number of startups wanting to get in on the action. This partnership between Microventures and Indiegogo was perhaps inevitable, and we can only wonder who Kickstarter is about to team up with.

New Part Day: Smoothie For RAMPS

When it comes to 3D printer controllers, there are two main schools of thought. The first group is RAMPS or RAMBo which are respectively a 3D printer controller ‘shield’ for the Arduino Mega and a stand-alone controller board. These boards have been the standard for DIY 3D printers for a very long time, and are the brains for quite a few printers from the biggest manufacturers. The other school of thought trundles down the path of ARM, with the most popular boards running the Smoothie firmware. There are advantages to running a printer with an ARM microcontroller, and the SmoothieBoard is fantastic.

Re-ARM for RAMPS — a Kickstarter that went live this week — is the middle ground between these two schools of thought. It’s a motherboard for RAMPS, but brings the power of a 32-bit LPC1768 ARM processor for all that smooth acceleration, fine control, and expansion abilities the SmoothieBoard brings.

Continue reading “New Part Day: Smoothie For RAMPS”

Hackaday Links: November 13, 2016

The Travelling Hackerbox is going International. I wrote a post on this earlier in the week, and I’m still looking for recipients for the box that are not in the United States. The sign-up form is right here, [the sign up form is now closed] and so far we have good coverage in Canada, Australia, NZ, Northern Europe, and a few in Africa. If you ever want to be part of the Travelling Hackerbox, this is your chance. I’m going to close the sign-up sheet next week. Sign up now.

Like the idea of a travelling hackerbox, but are too impatient? Adafruit now has a box subscription service. Every quarter, an AdaBox will arrive on your doorstep packed to the gills with electronic goodies.

The very recently released NES Classic edition is the 2016 version of the C64 DTV — it’s a Linux system, not as elegant, and there’s little hacking potential. If you want to increase the amount of storage, desolder the Flash chip (part no. S34ML04G200TFI000), and replace it with a larger chip. The NES Classic edition isn’t the coolest retro system coming out — Genesis is back, baby. Brazil has had a love affair with the Genesis/Mega Drive because of their bizarre import restrictions. Now, the manufacturer of the Brazilian Sega clones is releasing a Linux-ified clone. Does anyone know how to export electronics from Brazil?

The CFP deadline for the SoCal Linux Expo is fast approaching. You have until the 15th to get your talks in for SCALE.

Let’s talk about dissolvable 3D printer support material. One of the first materials able to be printed and removed by dissolving in water was PVA. Makerbot sold it for use in their dual extruder machines. PVA does dissolve, but it degrades at higher temperatures and kills nozzles. HIPS can be dissolved with limonene, but it’s really only for use in conjunction with ABS. This week, E3D released their Scaffold support material. It’s a PVA/Polyvinyl alcohol filament — ‘the stuff gel caps are made out of’ was the line we got when E3D previewed Scaffold at MRRF last March. It’s a support material that’s water dissolvable, compatible with most filaments, and is able to produce some amazing prints. It’s available now, but it is a bit pricey at £45 for half a kilo. Brexit is a good thing if you’re paid in dollars.

If you’re into chiptunes, you’ve heard about Little Sound DJ. LSDJ is a cart/ROM capable of toggling all the registers on the Game Boy sound chip, sequencing bleeps and bloops, and generally being awesome. The recently released Nanoloop Mono is not Game Boy software. It’s a few op-amps and a PIC micro pasted on a board that turns the Game Boy into a synth. You get a significantly more 80s sound with the Nanoloop Mono over LSDJ, audio input, and a step sequencer.