Open Source Firmware For Hoverboards

2015 was two years ago, and to the surprise of many, we actually had hoverboards at the time. Of course, these weren’t Back to the Future-style hovering skateboards; they were crappy two-wheeled balancing scooters that suffered a few battery explosions and were eventually banned from domestic flights by some carriers. But oh boy, there were some funny Vines of these things.

While the rest of the world moved on from hoverboards, [Casainho] has been working on Open Sourcing the firmware for these interesting bits of electronics and motors. Now, his work is wrapping up and he has new firmware for electric unicycles and hoverboards.

The popular and cheap electric unicycles and hoverboards that have been swimming across the Pacific from the great land of Ali Baba for the past five years are based around a single, cheap controller board. This controller board is built around the STM32F1038T6 microcontroller, and are able to control a pair of three-phase brushless motors. The teardown began on the electric unicycle forum and was completely documented in a GitHub repo.

The Open Source firmware is now mostly complete, although the necessary self-balancing function doesn’t work. We’re thinking that’s alright; with this new firmware, these electric unicycles have a crazy amount of torque and could be the basis for a few very cool builds. You can check out a video of this torque below.

If two wheels seems far too safe, exercise your inner daredevil with a 3D printed unicycle conversion for a hoverboard.

Continue reading “Open Source Firmware For Hoverboards”

Phase Modulation With An FPGA

There are two radio modulation schemes everyone should know. Amplitude modulation changes the amplitude — or ‘volume’, if you will — of a carrier frequency and turns all radio into channels owned and operated by a church. Frequency modulation changes the pitch of a carrier frequency and is completely run by Clear Channel. Amateur radio operators are familiar with dozens of other modulation schemes, but there’s one hardly anyone touches. Phase modulation is weird and almost unheard of, but that doesn’t mean you can’t implement it on an FPGA. [nckm] is transmitting audio using phase modulation on an FPGA (Russian, here’s the Google Translatrix).

This hardware is just an Altera MAX10 board, with a single input used for serial data of the audio to be transmitted, and two outputs, each connected to a few bits of wire for a quarter-wave antenna. No, there’s no output filter or anything else except for a few bits of wire. It’s an experiment, chillax.

The Verilog for this project receives an audio signal as serial data in mono, 22050 BPS, 8-bit unsigned samples. These samples are fed into a dynamic PLL with phase shift in the FPGA. Shifting the phases also changes the frequency, so [nckm] can receive this audio signal with the FM transmitter on his phone.

Is this really phase modulation if it’s being received by an FM radio? Eh, maybe. PM and FM are closely related, but certainly distinguishable as modulation schemes in their own right. You can grab [nckm]’s code over on the gits, or check out the video demo below.

Continue reading “Phase Modulation With An FPGA”

The Nintendo PlayStation: Finally Working

The Nintendo PlayStation is not a misnomer. Before the PS1, Sony teamed up with Nintendo to produce a video game console that used CD-ROMs as a distribution platform. These plans fell through, Sony went on to design the PS1, Nintendo the N64, but a few prototype ‘Nintendo PlayStations’ made it out into the wild. One of these unbelievably rare consoles was shipped to a company that eventually went into bankruptcy. The console was found when the contents of an office building were put up for auction, and last year, [Ben Heck] tore it apart.

It’s taken a year, but now this Nintendo PlayStation is finally working. This console now plays audio CDs and games written by homebrewers. The hardware lives, and a console once forgotten lives once more.

The last time [Ben Heck] took a look at the Nintendo PlayStation, the CD-ROM portion of the console was non-functional. The Super Nintendo was still functional, but for this prototype, the CD-ROM was completely self-contained and required a ‘boot cartridge’ of sorts to access anything on a CD. Somehow or another — [Ben] thinks it was a wonky cable or a dead cap — The CD-ROM came to life. Yes, jiggling a cable was the extent of the repair, after spending an inordinate amount of time reverse engineering the console.

With the CD-ROM working, [Ben] got audio playing and tried out of the few homebrew games for this PlayStation prototype. Super Boss Gaiden didn’t quite work because this game was designed to load in chunks. Another game written for this console, Magic Floor, was small enough to fit in the entirety of the CD-ROM’s buffer and loaded correctly. That doesn’t mean the game worked; there are some slight differences between the Nintendo PlayStation emulator and the actual hardware that now exists. [Ben] emailed the author of Magic Floor, and now, after a quarter-century, the Nintendo PlayStation works.

What’s next for the Nintendo PlayStation? Well, now the emulator for this system can correctly reflect the actual hardware, and hopefully the homebrewers can figure out how to write a game for this system.

Continue reading “The Nintendo PlayStation: Finally Working”

Converting Parallel Port CNCs To USB

If you’re looking for a small, benchtop CNC machine for PCBs and light milling the ubiquitous Sherline CNC machine is a good choice. There’s a problem with it, though: normally, the Sherline CNC controller runs off the parallel port. While some of us still have a Windows 98 battlestation sitting around, [David] doesn’t. Instead, he built a USB dongle and wrote the software to turn this mini CNC into something usable with a modern computer.

First up, the hardware. The core of this build is the rt-stepper dongle based around the PIC18F2455 microcontroller. With a bare minimum of parts, this chip converts USB into a parallel port for real-time control. It’s fast — at least as fast as the parallel port in the ancient laptops we have sitting around and plugs right into the CNC controller box for the Sherline.

The software is where this really shines. the application used to control this dongle is a hack of the EMC/LinuxCNC project written in nice, portable Python. This application generates the step pulses, but the timing is maintained by the dongle; no real-time kernel needed.

There are a lot of choices out there for a desktop CNC machine made for routing copper clad board, wood, brass, and aluminum. The Othermill is great, and Inventables X-Carve and Carvey are more than up for the task. Still, for something small and relatively cheap, the Sherline is well-regarded, and with this little dongle you can actually use it with a modern computer. Check out the demo video below.

Continue reading “Converting Parallel Port CNCs To USB”

Tweezing Diodes

Surface mount diodes are simple enough — all you need to do is make sure you have the anode and cathode in the right order when you place them on the pad when you solder them. These SMD diodes come in industry-standard packages, but do you think there’s an industry-standard way of marking the cathode? Nope, not by a long shot. To solve the problem of figuring out which way the electrons go through his LEDs, [Jesus] built a simple pair of LED tweezers.

The purpose of these tweezers is to figure out which way is up on a LED. To do this, [Jesus] picked up a pair of multimeter and power supply compatible SMD test clips that are sufficiently tweezy. These tweezers come with red and black wires coming out the back, but cutting those leads off, peeling back the insulation and adding a CR2032 battery holder and 220Ω resistor turns these tweezers from a probe into an electrified poker.

To figure out what the arcane symbols on the bottom of an SMD diode mean, all [Jesus] has to do is touch each side of the pair of tweezers to one of the contacts on a LED. If it lights up, it’s that way around. If it doesn’t light up, the battery is dead, or the diode is backwards. It’s a great project, especially since these SMD test clip tweezer things can be had from the usual online retailers for just a few bucks. We would recommend a switch and marking which tweeze is ground, though.

Is Intel’s Management Engine Broken?

Betteridge’s Law of Headlines states, “Any headline that ends in a question mark can be answered by the word no.” This law remains unassailable. However, recent claims have called into question a black box hidden deep inside every Intel chipset produced in the last decade.

Yesterday, on the Semiaccurate blog, [Charlie Demerjian] announced a remote exploit for the Intel Management Engine (ME). This exploit covers every Intel platform with Active Management Technology (AMT) shipped since 2008. This is a small percentage of all systems running Intel chipsets, and even then the remote exploit will only work if AMT is enabled. [Demerjian] also announced the existence of a local exploit.

Intel’s ME and AMT Explained

Beginning in 2005, Intel began including Active Management Technology in Ethernet controllers. This system is effectively a firewall and a tool used for provisioning laptops and desktops in a corporate environment. In 2008, a new coprocessor — the Management Engine — was added. This management engine is a processor connected to every peripheral in a system. The ME has complete access to all of a computer’s memory, network connections, and every peripheral connected to a computer. The ME runs when the computer is hibernating and can intercept TCP/IP traffic. Management Engine can be used to boot a computer over a network, install a new OS, and can disable a PC if it fails to check into a server at some predetermined interval. From a security standpoint, if you own the Management Engine, you own the computer and all data contained within.

The Management Engine and Active Management Technolgy has become a focus of security researchers. The researcher who finds an exploit allowing an attacker access to the ME will become the greatest researcher of the decade. When this exploit is discovered, a billion dollars in Intel stock will evaporate. Fortunately, or unfortunately, depending on how you look at it, the Managment Engine is a closely guarded secret, it’s based on a strange architecture, and the on-chip ROM for the ME is a black box. Nothing short of corporate espionage or looking at the pattern of bits in the silicon will tell you anything. Intel’s Management Engine and Active Management Technolgy is secure through obscurity, yes, but so far it’s been secure for a decade while being a target for the best researchers on the planet.

Semiaccurate’s Claim

In yesterday’s blog post, [Demerjian] reported the existence of two exploits. The first is a remotely exploitable security hole in the ME firmware. This exploit affects every Intel chipset made in the last ten years with Active Management Technology on board and enabled. It is important to note this remote exploit only affects a small percentage of total systems.

The second exploit reported by the Semiaccurate blog is a local exploit that does not require AMT to be active but does require Intel’s Local Manageability Service (LMS) to be running. This is simply another way that physical access equals root access. From the few details [Demerjian] shared, the local exploit affects a decade’s worth of Intel chipsets, but not remotely. This is simply another evil maid scenario.

Should You Worry?

This hacker is unable to exploit Intel’s ME, even though he’s using a three-hole balaclava.

The biggest network security threat today is a remote code execution exploit for Intel’s Management Engine. Every computer with an Intel chipset produced in the last decade would be vulnerable to this exploit, and RCE would give an attacker full control over every aspect of a system. If you want a metaphor, we are dinosaurs and an Intel ME exploit is an asteroid hurtling towards the Yucatán peninsula.

However, [Demerjian] gives no details of the exploit (rightly so), and Intel has released an advisory stating, “This vulnerability does not exist on Intel-based consumer PCs.” According to Intel, this exploit will only affect Intel systems that ship with AMT, and have AMT enabled. The local exploit only works if a system is running Intel’s LMS.

This exploit — no matter what it may be, as there is no proof of concept yet — only works if you’re using Intel’s Management Engine and Active Management Technology as intended. That is, if an IT guru can reinstall Windows on your laptop remotely, this exploit applies to you. If you’ve never heard of this capability, you’re probably fine.

Still, with an exploit of such magnitude, it’s wise to check for patches for your system. If your system does not have Active Management Technology, you’re fine. If your system does have AMT, but you’ve never turned it on, you’re fine. If you’re not running LMT, you’re fine. Intel’s ME can be neutralized if you’re using a sufficiently old chipset. This isn’t the end of the world, but it does give security experts panning Intel’s technology for the last few years the opportunity to say, ‘told ‘ya so’.

The Raspberry Pi Becomes a SCSI Device

SCSI devices were found in hundreds of different models of computers from the 80s, from SUN boxes to cute little Macs. These hard drives and CDROMs are slowly dying, and with that goes an entire generation of technology down the drain. Currently, the best method of preserving these computers with SCSI drives is the SCSI2SD device designed by [Michael McMaster]. While this device does exactly what it says it’ll do — turn an SD card into a drive on a SCSI chain — it’s fairly expensive at $70.

[GIMONS] has a better, cheaper solution. It’s a SCSI device emulator for the Raspberry Pi. It turns a Raspberry Pi into a SCSI hard drive, magneto-optical drive, CDROM, or an Ethernet adapter using only some glue logic and a bit of code.

As far as the hardware goes, this is a pretty simple build. The 40-pin GPIO connector on the Pi is attached to the 50-pin SCSI connector through a few 74LS641 transceivers with a few resistor packs for pullups and pulldowns. The software allows for virtual disk devices – either a hard drive, magneto-optical drive, or a CDROM – to be presented from the Raspberry Pi. There’s also the option of putting Ethernet on the SCSI chain, a helpful addition since Ethernet to SCSI conversion devices are usually rare and expensive.

Officially, [GIMONS] built this SCSI hard drive emulator for the x68000 computer, developed by Sharp in the late 80s. While these are popular machines for retrocomputing aficionados in Japan, they’re exceptionally rare elsewhere — although [Dave Jones] got his mitts on one for a teardown. SCSI was extraordinarily popular for computers from the 70s through the 90s, though, and since SCSI was a standard this build should work with all of them.

If your retrocomputer doesn’t need a SCSI drive, and you’re feeling left out of the drive-emulation club, the good news is there’s a Raspberry Pi solution for that, too: this Hackaday Prize entry turns a Pi into an IDE hard drive.

Thanks [Gokhan] for the tip!