[Ken Shirriff] Demystifies BeagleBone I/O

If you have ever spent a while delving into the bare metal of talking to the I/O pins on a contemporary microprocessor or microcontroller you will know that it is not always an exercise for the faint-hearted. A host of different functions can be multiplexed behind a physical pin, and once you are looking at the hardware through the cloak of an operating system your careful timing can be derailed in an instant. For these reasons most of us will take advantage of other people’s work and use the abstraction provided by a library or a virtual filesystem path.

If you have ever been curious enough to peer under the hood of your board’s I/O then you may find [Ken Shirriff]’s latest blog post in which he explores the software stack behind the pins on a BeagleBone Black to be of interest. Though its specifics are those of one device, the points it makes have relevance to many other similar boards.

He first takes a look at the simplest way to access a Beagle Bone’s I/O lines, through virtual filesystem paths. He then explains why relying so heavily on the operating system in this way causes significant timing issues, and goes on to explore the physical registers that lie behind the pins. He then discusses the multiplexing of different pin functions before explaining the role of the Linux device tree in keeping operating system in touch with hardware.

For some Hackaday readers this will all be old news, but it’s safe to say that many users of boards like the BeagleBone Black will never have taken a look beyond the safely abstracted ways to use the I/O pins. This piece should therefore provide an interesting education to the chip-hardware novice, and should probably still contain a few nuggets for more advanced users.

We’ve seen a lot of [Ken]’s work here at Hackaday over the years, mostly in the field of reverse engineering. A few picks are his explanation of the TL431 voltage reference, a complete examination of the 741 op-amp, and his reverse engineering of the 1970s Sinclair Scientific calculator.

We appreciate [Fustini]’s tip on this story.

BeagleBone Black image: BeagleBoard.org Foundation [CC BY-SA 3.0], via Wikimedia Commons.

Intel Releases The Tiny Joule Compute Module

At the keynote for the Intel Developers Forum, Intel CEO Brian Krzanich introduced the Intel Joule compute module, a ‘maker board’ targeted at Internet of Things developers. The high-end board in the lineup features a quad-core Intel Atom running at 2.4 GHz, 4GB of LPDDR4 RAM, 16GB of eMMC, 802.11ac, Bluetooth 4.1, USB 3.1, CSI and DSI interfaces, and multiple GPIO, I2C, and UART interfaces. According to the keynote, the Joule module will be useful for drones, robotics, and with support for Intel’s RealSense technology, it may find a use in VR and AR applications. The relevant specs can be found on the Intel News Fact Sheet (PDF).

This is not Intel’s first offering to the Internet of Things. A few years ago, Intel partnered up with Arduino (the Massimo one) to produce the Intel Galileo. This board featured the Intel Quark SoC, a 400MHz, 32-bit Intel Pentium ISA processor. It was x86 in an Arduino format. This was quickly followed by the Intel Edison based on the same Quark SoC, which was followed by the Intel Curie, found in the Arduino 101 and this year’s DEF CON badge.

We’ve seen plenty of Intel’s ‘maker’ and Internet of Things offerings, but we haven’t seen these platforms succeed. You could spend hundreds of thousands of dollars in market research to determine why these platforms haven’t seen much success, but the Hackaday comments will tell you the same thing for free: the documentation for these platforms is sparse, and nobody knows how to make these boards work.

Perhaps because of the failures of Intel’s IoT market, the Joule differs significantly from previous offerings. Although it can be easily compared to the Raspberry Pi, Beaglebone, and a hundred other tiny single board computers, the official literature for the Joule makes a comparison between it and the Nvidia Jetson easy. The Nvidia Jetson is a high-power, credit card-sized ‘supercomputer’ meant to be a building block for high-performance applications, such as drones and anything that requires video or a very fast processor. The Joule fits into this market splendidly, with demonstrated applications including augmented reality safety glasses for Airbus employees and highway patrol motorcycle helmet displays. Here, the Joule might just find a market. This might even be the main focus of the Joule – it can be integrated onto Gumstix carrier boards, providing a custom single board computer with configurable displays, connectors, and sensors.

The Intel Joule lineup consists of the Joule 570x and 550x, with the 550x being a bit slower, a Gig less RAM, and half as much storage. They will be available in Q4 2016 from Mouser, Newegg, and other Intel reseller partners.

Nuka-Cola PC Case Really Glows

It’s hard to imagine a video game series with more potential for cool prop projects than Fallout. The Fallout series has a beautiful and unique art style that is chock full of potential for real-world builds. Pip-Boys, Fat Mans, and power armor projects abound. But, most of these projects are purely aesthetic: something to stick on a shelf and show off to your fellow geeks.

[themitch22] wanted something he could actually use, and what does a geek use more than their computer? Thus, he set out to create a Fallout-themed PC case, and a Nuka-Cola vending machine was the perfect choice for inspiration.

The attention to detail on the build is astounding, with a functional display (powered by a Raspberry Pi), glowing Nuka-Cola Quantum bottles, and weathering to make it feel like it has survived a nuclear apocalypse. He was also kind enough to post pictures of the entire process, which shows how all of the parts were 3D-printed and assembled.

Need some more Fallout goodness to inspire you next build? Check out this amazing Pip-Boy replica we featured last year.

[thanks to Nils Hitze for the tip]

Unexpected Betrayal From Your Right Hand Mouse

Some people really enjoy the kind of computer mouse that would not be entirely out of place in a F-16 cockpit. The kind of mouse that can launch a browser with the gentle shifting of one of its thirty-eight buttons ever so slightly to the left and open their garage door with a shifting to the right of that same button. However, can this power be used for evil, and not just frustrating guest users of their computer?

We’ve heard of the trusted peripheral being repurposed for nefarious uses before. Sometimes they’ve even been modified for more benign purposes. All of these have a common trend. The mouse itself must be physically modified to add the vulnerability or feature. However, the advanced mice with macro support can be used as is for a vulnerability.

The example in this case is a Logitech G-series gaming mouse. The mouse has the ability to store multiple personal settings in its memory. That way someone could take the mouse to multiple computers and still have all their settings available. [Stefan Keisse] discovered that the 100 command limit on the macros for each button are more than enough to get a full reverse shell on the target computer.

Considering how frustratingly easy it can be to accidentally press an auxiliary button on these mice, all an attacker would need to do is wait after delivering the sabotaged mouse. Video of the exploit after the break.

Continue reading “Unexpected Betrayal From Your Right Hand Mouse”

Weird CPU

How many instructions does [agp.cooper’s] computer have? Just one. How many strip boards does it use? Apparently, 41 five 41-track boards. While being one shy from the answer to life, it is still a lot of boards for a single instruction. The high board count is due to the use of 1970’s vintage ICs including TTL parts, 2114 RAM chips, and 74S571 PROMs.

There are several different architectures for single instruction computers and [agp’s] uses what is technically at TTA (transfer-triggered architecture). That is, the one instruction is a move and the destination or source of the move determines the operation. For example, the Wierd CPU (that’s the name of it) has a P and Q register. If you load those registers and then the ADD register will contain the sum of the two numbers.

Continue reading “Weird CPU”

LastPass Happily Forfeits Passwords to Simple Javascript

Lastpass is a great piece of software when it comes to convenience, but a recent simple hack shows just how insecure software like it can be. [Mathias Karlsson] nabbed a nice $1000 bounty for its discovery.

Lastpass’s auto-fill works by injecting some html into the website you’re visiting. It runs a bit of Javascript to parse the URL. However, the parsing script was laughably vague. By changing the URL of the page, inserting a few meaningless-to-the server slugs into the URL, an attacker could get Lastpass to give it a password and username combo for any website.

The discussion in the HackerNews comment section more-or-less unilaterally agreed that most systems like this have their glaring flaws, but that the overall benefits of having secure passwords generated and managed by software was still worth the risk when compared to having a few commonly reused passwords over multiple sites.

One could get a more secure key manager by using software like KeePass, but it’s missing some of the convenience factor of remote-based services and relies on a user protecting their key files adequately.

Still, as scary as they are, openly discussing hacks like this after responsible disclosure is good because they force companies like Lastpass, who have some very big name clients, to take their code review and transparency more seriously.

DIY Command Station for Kerbal Space Program is Overkill

We’ve seen custom controller mods for Kerbal Space Program before, but a group calling themselves the Makerforce went a step further with their design and build of the KSP “Overkill” Command Station, which has much more in common with a fancy standup arcade unit than a custom controller. Kerbal Space Program is a hit indie game that, among other things, simulates the challenges of spaceflight. Like most games, you use the mouse and keyboard for control but many fans find this too limiting. With the help of a software mod that exposes control and status information over hardware serial communications, the door to full telemetry and remote control was opened to just about anyone to craft their own custom hardware such as flight sticks and status displays. Not content with the idea of having just a joystick and a few buttons critical for the flight process, this project took a different approach.

Continue reading “DIY Command Station for Kerbal Space Program is Overkill”