Broadpwn – All Your Mobiles are Belong to Us

Researchers from Exodus Intel recently published details on a flaw that exists on several Broadcom WiFi chipsets. It’s estimated to affect nearly 1 Billion devices, from Android to iPhone. Just to name a few in the top list:

  • Samsung Galaxy from S3 through S8, inclusive
  • All Samsung Notes3. Nexus 5, 6, 6X and 6P
  • All iPhones after iPhone 5

So how did this happen? And how does a bug affect so many different devices?

A smart phone nowadays is a very complicated mesh of interconnected chips. Besides the main processor, there are several other secondary processors handling specialized tasks which would otherwise clog up the main CPU. One of those is the WiFi chipset, which is responsible for WiFi radio communications — handling the PHY, MAC and MLME layers. When all the processing is complete, the radio chipset hands data packets over the kernel driver, which runs on the main CPU. This means that the radio chipset itself has to have some considerable data processing power to handle all this work. Alas, with great power comes great responsibility.

Continue reading “Broadpwn – All Your Mobiles are Belong to Us”

Blob-less Raspberry Pi Linux Is A Step Closer

The Raspberry Pi single board computer has been an astounding success since its launch nearly five years ago, to the extent that as of last autumn it had sold ten million units with no sign of sales abating. It has delivered an extremely affordable and pretty powerful computer into the hands of hobbyists, youngsters, hackers, engineers and thousands of other groups, and its open-source Raspbian operating system has brought a useful Linux environment to places we might once have thought impossible.

The previous paragraph, we have to admit, is almost true. The Pi has sold a lot, it’s really useful and lots of people use it, but is Raspbian open-source? Not strictly. Because the Broadcom silicon that powers the Pi has a significant amount of proprietary tech that the chipmaker has been unwilling to let us peer too closely at, each and every Raspberry Pi operating system has shipped with a precompiled binary blob containing the proprietary Broadcom code, and of course that’s the bit that isn’t open source. It hasn’t been a problem for most Pi users as it’s understood to be part of the trade-off that enabled the board’s creators to bring it to us at an affordable price back in 2012, but for open-source purists it’s been something of a thorn in the side of the little board from Cambridge.

This is not to say that all is lost on the blob-free Pi front. Aided by a partial pulling back of the curtain of secrecy by Broadcom in 2014, work has quietly been progressing, and we now have the announcement from [Kristina Brooks] that a minimal Linux kernel can boot from her latest open firmware efforts. You won’t be booting a blob-free Raspbian any time soon as there are bugs to fix and USB, DMA, and video hardware has still to receive full support, but it’s a significant step. We won’t pretend to be Broadcom firmware gurus as we’re simply reporting the work, but if it’s your specialty you can find the code in its GitHub repository. Meanwhile, we look forward to future progress on this very interesting project.

We reported on the partial Broadcom release back in 2014. At the time, the Raspberry Pi people offered a prize to the first person running a native Quake III game on their hardware, sadly though they note the competition is closed they haven’t linked to the winning entry.

The Raspberry Pi 3 Compute Module Is On Its Way

The Raspberry Pi Foundation founder Eben Upton has revealed in an interview with PCWorld that there will be a new version of the organisation’s Compute Module featuring the faster processor from the latest Raspberry Pi 3 boards, and it will be available “In a few months”.

The Compute Module was always something of an odd one out among the Raspberry Pi range, being a stripped-out Raspberry Pi chipset on a SODIMM form factor card without peripherals for use as an embedded computer rather than the standalone card with all the interfaces we are used to in the other Pi boards. It has found a home as the unseen brains behind a selection of commercial products, and though there are a few interface boards for developers and experimenters available for it we haven’t seen a lot of it in the world of hackers and makers. Some have questioned its relevance when the outwardly similar Pi Zero can be had for a lower price, but this misses the point that the two boards have been created for completely different markets.

The Pi 3’s 1.2 GHz 64-bit quad-core ARM Cortex-A53 BCM2837 SoC will certainly up the ante in the Compute module’s market, but it will be interesting to see what changes if any they make to its form factor. The Foundation’s close ties with Broadcom mean that they have done an impressive job in maintaining backward compatibility at a hardware level between the different generations of their product, but it is unclear whether this extends to the possibility of the new module maintaining a pin-for-pin compatibility with the old. We’d expect this to be an unlikely prospect.

It is certain that we will see a new generation of exciting commercial products emerging based around the new module, but will we see it making waves within our domain? This will depend on its marketing, and in particular the price point and quantity purchase they set for it. The previous board when added to a Compute Module Development board was an expensive prospect compared to a Raspberry Pi Model B that became more unattractive still as newer Pi boards gained more capabilities. If they price this one competitively and perhaps if any cheaper open hardware breakout boards emerge for it, we could have a valuable new platform on our hands.

Here’s our coverage of the original Compute Module launch, back in 2014.

[via Liliputing and reddit].

BCM2837 image: By Jose.gil (Own work) [CC BY-SA 4.0], via Wikimedia Commons.

Swapping GPIO Pins on the Pi Zero for Audio

The new Raspberry Pi Zero is generating a lot of discussion, especially along the lines of “why didn’t they include…?” One specific complaint has been that audio is only available through the HDMI port. That’s not entirely true as pointed out by Lady Ada over at Adafruit.

Something to remember about the entire Pi family is the pins on the Broadcom processors are multipurpose. Does it increase the confusion or the capabilities? Take your pick. But the key benefit is that different pins can handle the same purpose. For audio the Greater Than Zero Pis (GTZPi) use PWM0_OUT and PWM1_OUT on the processor’s GPIO pins 40 and 45. On the GRZPis these feed a diode, resistor and capacitor network that ends at the audio output jack. They don’t appear on the GPIO connector so cannot be used on the Zero.

The multi-pin, multi-purpose capability of the Broadcom processor allows you to switch PWM0_OUT to GPIO 18 and PWM1_OUT to GPIO 13 or 19. Add the network from the Adafruit note, or check this schematic from the Raspberry Pi site – look at the lower right on the second page.


While you’re checking out the audio hack at Adafruit, read through the entirety of Introducing the Raspberry Pi Zero. Lady Ada provides a great description of the Zero and what is needed to start using it.

If you’re looking for Zero hacking ideas you might check the comments in our announcement about the Zero or article on the first hack we received. There is a lot of grist for the hacking mill in them.

Amazon Dash Button Pwn3d

If you haven’t heard about the Amazon dash button yet we’re glad you quit watching cat videos and have joined us. Just to get you up to speed: the Amazon dash button is a small wireless device that lets your lazy ass order more laundry soap by pushing the “dash button” which should be affixed to something near your washing machine. The pushing of the button will set in motion the gut wrenching process that we used to know as “buying things we ran out of” but thanks to Amazon we can now just cover our entire lives with an assortment of buttons that take zero credentials to physically push. We can’t see that being a problem whatsoever.

Needless to say we as a community set out to find an actual use for these fantastic little devices. [maximus64] has done quite a nice job at enabling this hardware in a most usable way. Most of the hacks we have seen for the dash button remove the physical push button and add a sensor of some kind. Replacing the button with a sensor still uses the WiFi connection to send data from the button to the cloud. Instead of the button ordering more <<product>> from Amazon, a sensor might trigger the dash to increment a counter on your website letting you know that your dog went through the doggy door +1 more times.

[maximus64] has the dash button working in the reverse manner by porting the Broadcom IoT WICED SDK to the button. He is using the dash button as a receiver and when [maximus64] sends the “all good” signal from his laptop to the dash button his garage door opens which you can see in the video after the break. We find this extremely more useful than the dash button’s original intended use. [maximus64] has instructions in the file of the github repo so that you too can hack your dash button in this way.

Continue reading “Amazon Dash Button Pwn3d”

Avago Buys Broadcom For $37 Billion

The economy is doing well, and that means companies are spending money. Companies in the chip business are in fact businesses, and spending money to them means acquisitions and mergers. The latest such deal is Avago Technologies buying Broadcom for $37 Billion USD – the largest deal ever made in the semiconductor industry.

The products made by these two companies aren’t usually found in stock at Adafruit, Sparkfun, or in the BOMs on, but that doesn’t mean these chips aren’t extremely popular in the industry. Avago has a huge catalog of RF goodies and a surprising number of LED products. Broadcom, outside of the SoC found in the Raspberry Pi, likewise isn’t seen very often on workbenches, but their chips are found in everything from set-top boxes to Ethernet and broadband equipment.

Just a few months ago, a merger between NXP and Freescale struck a little bit closer to our hearts, but there is an opportunity for this acquisition to be much more interesting. The company that emerges from the NXP and Freescale merger will be saddled with hundreds of chip lines that all compete with each other – a cornucopia of ARMs, 8051s, Kinetis,  iMX.6, and ColdFires, and that’s just microcontrollers. Avago and Broadcom don’t have a catalog that overlaps nearly as much, and it will be very interesting to see what they can come up with.

Raspberry Pi Quake III Bounty Claimed


For the Raspberry Pi’s second birthday, the Raspi foundation gave us all a very cool gift. Broadcom released the full documentation for the graphics on one of their cellphone chips and offered up a $10k prize to the first person to port that code over to the graphics processor on the Pi and run Quake III. The prize has been claimed, forming the foundation for anyone wanting a completely documented video core on the Pi.

The person to claim this prize is one [Simon Hall], author of the DMA module that’s in the current Raspbian release. Even though Quake III already runs on the Pi, it does so with a closed source driver. [Simon]’s work opens up the VideoCore in the Pi to everyone, especially useful for anyone banging their heads against the limitations of the Pi platform.

You can get your hands on the new video drivers right now, simply by downloading and compiling all the sources. Be warned, though: recompiling everything takes around 12 hours. We’re expecting a Raspbian update soon.