Dual-mode Avalanche and RF Random Number Generator

[Paul] designed a new open-hardware RNG (random number generator) that includes two sources of entropy in a small package. The first source of entropy is a typical avalanche diode circuit, which is formed by a pair of transistors. This circuit creates high-speed random pulses which are sampled by the onboard microcontroller.

What makes this design unique is a second entropy source: a CC2531 RF receiver. The RF receiver continuously skips around channels in the 2.5Ghz band and measures the RF signal level. The least-significant bit of the signal level is captured and used as a source of entropy. The firmware can be configured to use either source of entropy individually, or to combine both. The firmware also supports optionally whitening the entropy byte stream, which evens out the number of 1′s and 0′s without reducing entropy.

The OneRNG uses the USB-CDC profile, so it shows up as a virtual serial port in most modern operating systems. With the rngd daemon and a bit of configuration, the OneRNG can feed the system entropy source in Linux. [Paul] also has a good writeup about the theory behind the entropy generator which includes images of his schematic. Firmware, drivers, and hardware design files are open-source and are available for download.

Reverse Engineering a Blu-ray Drive for Laser Graffiti

There’s a whole lot of interesting mechanics, optics, and electronics inside a Blu-ray drive, and [scanlime] a.k.a. [Micah Scott] thinks those bits can be reused for some interesting project. [Micah] is reverse engineering one of these drives, with the goal of turning it into a source of cheap, open source holograms and laser installations – something these devices were never meant to do. This means reverse engineering the 3 CPUs inside an external Blu-ray drive, making sense of the firmware, and making this drive do whatever [Micah] wants.

When the idea of reverse engineering a Blu-ray drive struck [Micah], she hopped on Amazon and found the most popular drive out there. It turns out, this is an excellent drive to reverse engineer – there are multiple firmware updates for this drive, an excellent source for the raw data that would be required to reverse engineer it.

[Micah]‘s first effort to reverse engineer the drive seems a little bit odd; she turned the firmware image into a black and white graphic. Figuring out exactly what’s happening in the firmware with that is a fool’s errand, but by looking at the pure black and pure white parts of the graphic, [Micah] was able guess where the bootloader was, and how the firmware image is segmented. In other parts of the code, [Micah] saw thing vertical lines she recognized as ARM code. In another section, thin horizontal black bands revealed code for an 8051. These lines are only a product of how each architecture accesses code, and really only something [Micah] recognizes from doing this a few times before.

The current state of the project is a backdoor that is able to upload new firmware to the drive. It’s in no way a complete project; only the memory for the ARM processor is running new code, and [Micah] still has no idea what’s going on inside some of the other chips. Still, it’s a start, and the beginning of an open source firmware for a Blu-ray drive.

While [Micah] want’s to use these Blu-ray drives for laser graffiti, there are a number of other slightly more useful reasons for the build. With a DVD drive, you can hold a red blood cell in suspension, or use the laser inside to make graphene. Video below.

Continue reading “Reverse Engineering a Blu-ray Drive for Laser Graffiti”

An SDK for the ESP8266 WiFi Chip

The ESP8266 is a chip that turned a lot of heads recently, stuffing a WiFi radio, TCP/IP stack, and all the required bits to get a microcontroller on the Internet into a tiny, $5 module. It’s an interesting chip, not only because it’s a UART to WiFi module, allowing nearly anything to get on the Internet for $5, but because there’s a user-programmable microcontroller in this board. If only we had an SDK or a few libraries…

The ESP8266 SDK is finally here. A complete SDK for the ESP8266 was just posted to the Expressif forums, along with a VirtualBox image with Ubuntu that includes GCC for the LX106 core used in this module.

Included in the SDK are sources for an SSL, JSON, and lwIP library, making this a solution for pretty much everything you would need to do with an Internet of Things thing. As far as LX106 core is concerned, there’s example code for using the spare pins on this board as GPIOs, I2C and SPI busses, and a UART.

This turns the ESP8266 into something much better than a UART to WiFi module; now you can create a Internet of Things thing with just $5 in hardware. We’d love to see some examples, so put those up on hackaday.io and send them in to the tip line.

FTDI Screws Up, Backs Down

A few days ago we learned chip maker FTDI was doing some rather shady things with a new driver released on Windows Update. The new driver worked perfectly for real FTDI chips, but for counterfeit chips – and there are a lot of them – the USB PID was set to 0, rendering them inoperable with any computer. Now, a few days later, we know exactly what happened, and FTDI is backing down; the driver has been removed from Windows Update, and an updated driver will be released next week. A PC won’t be able to communicate with a counterfeit chip with the new driver, but at least it won’t soft-brick the chip.

Microsoft has since released a statement and rolled back two versions of the FTDI driver to prevent counterfeit chips from being bricked. The affected versions of the FTDI driver are 2.11.0 and 2.12.0, released on August 26, 2014. The latest version of the driver that does not have this chip bricking functionality is 2.10.0.0, released on January 27th. If you’re affected by the latest driver, rolling back the driver through the Device Manager to 2.10.0.0 will prevent counterfeit chips from being bricked. You might want to find a copy of the 2.10.0 driver; this will likely be the last version of the FTDI driver to work with counterfeit chips.

Thanks to the efforts of [marcan] over on the EEVblog forums, we know exactly how the earlier FTDI driver worked to brick counterfeit devices:

ftdi_evil

[marcan] disassembled the FTDI driver and found the source of the brick and some clever coding. The coding exploits  differences found in the silicon of counterfeit chips compared to the legit ones. In the small snippet of code decompiled by [marcan], the FTDI driver does nothing for legit chips, but writes 0 and value to make the EEPROM checksum match to counterfeit chips. It’s an extremely clever bit of code, but also clear evidence FTDI is intentionally bricking counterfeit devices.

A new FTDI driver, presumably one that will tell you a chip is fake without bricking it, will be released next week. While not an ideal outcome for everyone, at least the problem of drivers intentionally bricking devices is behind us.

Watch That Windows Update: FTDI Drivers Are Killing Fake Chips

The FTDI FT232 chip is found in thousands of electronic baubles, from Arduinos to test equipment, and more than a few bits of consumer electronics. It’s a simple chip, converting USB to a serial port, but very useful and probably one of the most cloned pieces of silicon on Earth. Thanks to a recent Windows update, all those fake FTDI chips are at risk of being bricked. This isn’t a case where fake FTDI chips won’t work if plugged into a machine running the newest FTDI driver; the latest driver bricks the fake chips, rendering them inoperable with any computer.

Reports of problems with FTDI chips surfaced early this month, with an explanation of the behavior showing up in an EEVblog forum thread. The new driver for these chips from FTDI, delivered through a recent Windows update, reprograms the USB PID to 0, something Windows, Linux, and OS X don’t like. This renders the chip inaccessible from any OS, effectively bricking any device that happens to have one of these fake FTDI serial chips.

Because the FTDI USB to UART chip is so incredibly common,  the market is flooded with clones and counterfeits. it’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip.

The workaround for this driver update is to download the FT232 config tool from the FTDI website on a WinXP or Linux box, change the PID of the fake chip, and never using the new driver on a modern Windows system. There will surely be an automated tool to fix these chips automatically, but until then, take a good look at what Windows Update is installing – it’s very hard to tell if your devices have a fake FTDI chip by just looking at them.

Introducing the F*Watch, a Fully Open Electronic Watch

As one of their colleagues was retiring, several CERN engineers got together after hours during 4 months to develop his gift: a fully open electronic watch. It is called the F*Watch and is packed with sensors: GPS, barometer, compass, accelerometer and light sensor. The microcontroller used is a 32-bit ARM Cortex-M3 SiLabs Giant Gecko which contains 128KB of RAM and 1MB of Flash. In the above picture you’ll notice a 1.28″ 128×128 pixels Sharp Memory LCD but the main board also contains a micro-USB connector for battery charging and connectivity, a micro-SD card slot, a buzzer and a vibration motor.

The watch is powered by a 500mA LiPo battery. All the tools that were used to build it are open source (FreeCAD, KiCad, GCC, openOCD, GDB) and our readers may make one by downloading all the source files located in their repository. After the break is embedded a video showing their adventure.

Continue reading “Introducing the F*Watch, a Fully Open Electronic Watch”

Introducing USB Armory, a Flash Drive Sized Computer

[Andrea] tipped us about USB armory, a tiny embedded platform meant for security projects. It is based on the 800MHz ARM Cortex-A8 Freescale i.MX53 together with 512MB of DDR3 SDRAM, includes a microSD card slot, a 5-pin breakout header with GPIOs/UART, a customizable LED and is powered through USB.

This particular processor supports a few advanced security features such as secure boot and ARM TrustZone. The secure boot feature allow users to fuse verification keys that ensure only trusted firmware can be executed on the board, while the ARM TrustZone enforces domain separation between a “secure” and a “normal” world down to a memory and peripheral level. This enables many projects such as electronic wallets, authentication tokens and password managers.

The complete design is open hardware and all its files may be downloaded from the official GitHub repository. The target price for the final design of the first revision is around €100.