[Lee] wrote in to tell us about a Set Top Box he hacked. Before the cable industry lawyers get out their flaming swords… he’s not stealing cable, or really doing much of anything. This is a hack just for the adventure and thrill of making someone else’s hardware design do your bidding without any kind of instructions.
He posted about the adventure in two parts. The first is finding the JTAG header and identifying the pins. Arduino to the rescue! No really, and this is the type of Arduino use we love. Using a package called JTAGenum the board becomes a quick tool for probing and identifying JTAG connections.
The image above shows a different piece of hardware. From looking at it we’re pretty sure this is a Bus Blaster which is specifically designed for JTAG debugging with ARM processors. This is the beginning of the second part of his documentation which involves code dumping and stepping through lines code (or instructions) using OpenOCD and GDB. It’s a chore to follow all that [Lee] discovered just to write his name to the display of the box. But we certainly found it interesting. The display has a convoluted addressing scheme. We assume that there are cascading shift registers driving the segments and that’s why it behaves the way it does. Take a look for yourself and let us know what you think in the comments.
[Vsergeev] tipped us about a neat Cortex-M0 based development board with a total BoM cost under $15. It’s called the ARM Bare Metal Widget (ARM-BMW), focuses on battery power, non-volatile storage and debuggability.
The chosen micro-controller is the 50MHz NXP LPC1114DH28 which provides the user with 32kB of Flash, 8kB of SRAM, a 6 channel ADC and I2C/SPI/UART interfaces among others. The ARM-BMW contains a 2Mbyte SPI flash, an I2C I/O expander, several headers for expansion/debug purposes, 4 LEDs, 2 buttons, 2 DIP switches and finally a JTAG/SWD header for flashing and debugging. As you can see in the picture above you may either populate your own HC49UP crystal or use the internal 12MHz RC oscillator.
The platform can be powered using either a USB cable or a LiPo battery. As you can guess it also includes a much-needed battery charger (the MCP73831T) and a switched capacitor DC/DC converter to supply 3.3V. You may find all the files on the hardware or software repositories.
What do you get when you combine one of the best (and certainly one of the best for the price) software defined radios with the user interface of a 10-year-old iPod? The HackRF PortaPack, developed by [Jared Boone], and demonstrated at DEFCON last weekend.
[Jared] is one of the original developers for the HackRF, a 10MHz to 6GHz software defined radio that can also transmit in half duplex. Since the development of the HackRF has (somewhat) wrapped up, [Jared] has been working on the PortaPack, an add-on for the HackRF that turns it into a portable, ARM Cortex M4-powered software defined radio. No, it’s not as powerful as a full computer running GNU Radio, but it does have the capability to listen in on a surprising amount of radio signals.
Because [Jared] is using a fairly low-power micro for the PortaPack, there’s a lot of tricks he’s using to get everything running smoothly. He gave a lightning talk at the Wireless Village at DEFCON going over the strengths and weaknesses of the chip he’s using, and surprisingly he’s using very little floating point arithmetic in his code. You can check out the video for that talk below.
Continue reading “DEFCON 22: The HackRF PortaPack”
Sometimes GPS watches are too good to be left with their stock firmware. [Renaud] opened his Kalenji 300 GPS watch, reverse engineered it in order to upload his own custom firmware.
The first step was to sniff the serial traffic between the PC and the microcontroller when upgrading firmware to understand the protocol and commands used. [Renaud] then opened the watch, figured out what the different test points and components were. He used his buspirate with OpenOCD to extract the existing STM32F103 firmware. The firmware helped him find the proper value to store in a dedicated register for the boot loader to start.
By looking at the disassembly code he also found the SPI LCD initialization sequence and discovered that it uses a controller similar to the ST7571. He finally compiled his own program which uses the u8glib graphics library. Follow us after the break for the demonstration video.
Continue reading “Reverse Engineering a GPS Watch to Upload Custom Firmware”
[Jason] is back at it again with another new twist on the technically sophisticated and advanced game of Pong. Fashioned in a ‘Chuck E. Cheese’ style platform, the two players stand side by side each other with large foam hammers. A wack sends the 32 bit ARM powered dot skyward and then back down to the other player, where another wack will send the dot back whence it came. A brightly lit scoreboard keeps track of how many dots slip by.
[Jason] is a veteran of pong inspired games, but putting the HammerPong game together brought with it some new challenges. After being unable to squeeze a few MDF panels into his car, and fighting off flies, yard debris and pet dander that were trying to attach themselves to his freshly painted artwork, [Jason] managed to get his project completed.
The HammerPong is powered by an Arduino Due that controls six WS2812 LED strips and runs the background code. Various latches, shift registers and power transistors control the lights and scoreboard. Be sure to check out the linked project for more detail, and take a look at the video demonstration after the break.
Continue reading “HammerPong Game Takes Pong to New Heights”
“Where’s the any key?” Well, it’s right here. After running into trouble with the STM platform, [lukasz.iwaszkiewicz] went with the Texas Instrument C Series Launchpad to construct his “Any Key” HID device. He was able to make use of the TI TM4C123G LaunchPad’s extensive USB library which is laid out into four tiers – the very top tier being Device Class API. This gives the programmer the ability to implement simple devices with just a few lines of code. [lukasz.iwaszkiewicz] points out that ST does not have this option available.
The Any Key uses a host PC program that allows the user to enter keystrokes into a virtual keyboard. This information is then passed to the Any Key device. When it is pressed, it will push the recorded keystrokes back to the host PC. Simple, but effective!
The project is completely open source, and all files and code are available. Be sure to check out the video after the break demonstrating the Any Key in action.
Continue reading “Finally, Someone has found The Any Key”
With tiny Linux boards popping up like dandelions, it was only a matter of time before someone came out with a really tiny Linux board. This is it. It’s a tiny board less than an inch on each side with an 802.11n System on Chip running OpenWrt on Linux. The best part? You can pick one up for $20 USD.
The VoCore isn’t so much as a cut down ARM dev board as it is a cut down router capable of running OpenWrt. It’s not a power house by any means with 8MB of Flash, 32MB of SDRAM, and a 360MHz CPU, but if you ever need something that’s less than an inch square, you probably don’t need that much power.
The VoCore features interfaces for 100M Ethernet, USB host and device, UART, SPI, I2C, I2S, and 20 GPIOs for blinking LEDs and listening to sensors. There’s also a dock that breaks out the Ethernet and USB ports, available as a kit or already assembled.
It’s a pretty cool device, and with low current draw (about 200mA) and being able to accept +5V power, we can easily see this tiny board popping up in a few projects.