Reverse Engineering a NAND Flash Device Management Algorithm

unsoldered flash chip

Put your hand under you chin as here comes a 6 months long jaw-dropping reverse engineering work: getting the data back from a (not so) broken SD card. As you can guess from the picture above, [Joshua]‘s first step was to desolder the card’s Flash chip as the tear-down revealed that only the integrated SD-to-NAND Flash controller was damaged. The flash was then soldered on a breadboard so it could be connected to a Digilent Nexys-2 FPGA board. [Joshua] managed to find a similar Flash datasheet, checked that his wire-made bus was reliable and generated two 12GiB dump files on his computer.

In order to extract meaningful data from the dumps he first had to understand how SD-to-NAND controllers work. In his great write-up he provides us with a background of the Flash technology, so our readers can better understand the challenges we face with today’s chips. As flash memories integrate more storage space while keeping the same size, they become less reliable and have nifty problems that should be taken care of. Controllers therefore have to perform data whitening (so neighboring blocks of data don’t have similar content), spread data writes uniformly around the flash (so physical blocks have the same life expectancy) and finally support error correcting codes (so damaged bits can still be recovered). We’ll let our users imagine how complex reverse engineering the implementation of such techniques is when you don’t know anything about the controller. [Joshua] therefore had to do a lot of research, perform a lot of statistical analysis on the data he extracted and when nothing else was possible, use bruteforce…

Sniffing nRF24L01+ Traffic with Wireshark

Wireshark trace

We’re sure that some of our readers are familiar with the difficult task that debugging/sniffing nRF24L01+ communications can be. Well, [Ivo] developed a sniffing platform based on an Arduino Uno, a single nRF24L01+ module and a computer running the popular network protocol analyzer Wireshark (part1, part2, part3 of his write-up).

As these very cheap modules don’t include a promiscuous mode to listen to all frames being sent on a particular channel, [Ivo] uses for his application a variation of [Travis Goodspeed]‘s technique to sniff Enhance Shockburst messages. In short, it consists in setting a shorter than usual address, setting a fix payload length and deactivating the CRC feature. The Arduino Uno connected to the nRF24L01+ is therefore in charge of forwarding the sniffed frames to the computer. An application that [Ivo] wrote parses the received data and forwards it to wireshark, on which can be set various filters to only display the information you’re interested in.

A Nicely Designed Stereo Tube Amp

tube amp

Most of the work that [Ron] has done in the past with vacuum tubes and solid state electronics has been repair. At 59 years old, he finally put together his own stereo tube amplifier and we have to admit it definitely has an awesome look.

The platform is built around the well-known 6V6 beam-power tetrodes which are mostly used by major audio brands for their guitar amplifiers nowadays. The Dynaco 6V6 circuit based PCB was bought from China and minor changes were made to it. The amplifier uses one transformer to convert the US 120VAC into 240VAC and 9VAC, the first being rectified by a glassware PS-14 power supply while the later is converted regulated at 6.3V for the tube heaters. The output stage consists of two Edcor audio transformers (one for each channel) that converts the high voltage for its 8 ohms speakers. The home-made chassis provides proper grounding and as a result you can’t hear any background noise.

We are very curious to know if some our readers have been experimenting with glass tubes for audio applications. Please let us know your experience in the comments section below.

Raspi Ambilight Integrated in a 19″ Rack Packs Lots of Peripherals

raspi ambilight

Ambilight systems create light effects around your monitor that correspond to the video content you’re playing. [Sébastien] just build his (French translated to English, original here) and embedded all the elements in a 19 inch rack he bought from Farnell.

As most ambilight systems we’ve covered over the years the HDMI signal is first split in two, one being sent to his monitor while the other is converted into a S-Video signal. The latter is then captured with a STK1160 stick connected to a Raspberry Pi. A python script using the OpenCV library is in charge of extracting the frames pixels and figuring out what colors should be sent to the SPI connected LPD8806 LEDs. A nice web interface also allows to drive the LEDs from any platform connected to his local network. Finally, a standard HD44780 LCD and an infrared receiver are connected to the raspberry, allowing [Sébastien] to control and monitor his platform. Funny thing: he also had to use two relays to power cycle his HDMI splitter and converter as they often crash. You can check out a demonstration video from a previous revision after the break.

[Read more...]

An Excel Based High Frequency Transistor Amplifier Calculator

amplifier calculator

 

[Paulo] just tipped us about an Excel based high frequency transistor amplifier calculator he made. We’re guessing that some of our readers already are familiar with these class A amplifiers, commonly used to amplify small audio signals. Skipping over the fact that their efficiency is quite low — they are cheap to make, don’t require many components and usually are a great way to introduce transistors to new electronics enthusiasts. All you usually need to do is a few calculations to properly set your output signals and you’re good to go.

Things are however more complex when you are amplifying 200MHz+ signals, as all the components (complex) impedances have to be taken into account so you can get a nice amplification system. On a side note, at these frequencies your transmission lines impedances may even vary depending on how much solder and flux you left on your SMT pads along the way. [Paulo]‘s calculator will therefore compute most of the characteristics of two class A common emitter/collector amplifiers for specified loads.

 

Developed on Hackaday: Beta Testers, Animation and Assembly Videos

3 mooltipass versions

We’re pretty sure that most of our readers already know it by now, but we’ll tell you anyway: the Hackaday community (writers and readers) is currently developing an offline password keeper, the Mooltipass. A month ago we published our first demonstration video and since then the development team has been fairly busy at work.

First things first: we heard (well, read) the comments you left in our previous articles and decided to make a small animation video that will hopefully explain why having an offline password keeper is a good thing. We welcome you to have a look at our script draft and let us know what you think. We updated our GitHub readme and more importantly our FAQs, so feel free to tell us if there are still some questions you have that we didn’t answer. We finally found a short but yet interesting paper about software based password keepers possible security flaws.

Secondly, a little more than 20 prototypes have successfully been assembled and some beta testers actually already received them. As they financially contributed to their units we offered them the possibility to pick a blue, green, yellow or white OLED screen (see picture above). We therefore expect things to gain speed as we’ll have users (or rather bosses) pushing us to improve our current platform and implement much needed features.

Finally, as I figured some of our readers may be interested, I made a quick video of the prototype assembly process (embedded below). It is still a little sketchy and a few changes will be made to make it simpler for production. We expect these next weeks to be full of interesting events as our beta testers / Hackaday readers will be able to judge the work we’ve been doing for so long. We highly recommend you to subscribe to our official Google group to stay updated with our adventures.

Developed on Hackaday: Discovering Shenzhen and its Companies

Assembly line in shenzhen

Two weeks ago we showed a first demonstration video of the offline password keeper (aka Mooltipass) the Hackaday community had been working on for the last 6 months. We received lots of interesting feedback from our dear readers and around a thousand of them let us know they were interested in purchasing the device. We agreed that preferential pricing should be offered to them, as they have been supporting this community driven project for so long.

For the next few days I will be touring Shenzhen and finally meeting the persons who have been assembling my electronics projects for the last 2 years, including the Mooltipass beta testers’ batch. I’ll also meet with Ian from Dangerous Prototypes, talk with the people behind the Haxlr8r program, visit Seeedstudio offices and a CNC shop. If everything goes well with the camera I just purchased in Hong Kong I should have nice things to show you. In the meantime, don’t hesitate to leave a comment below in case you’re in the area…

Follow

Get every new post delivered to your Inbox.

Join 94,415 other followers