Backchannel UART without the UART

Anyone who has worked with a microcontroller is familiar with using printf as a makeshift debugger. This method is called tracing and it comes with the limitation that it uses up a UART peripheral. Believe it or not, there are 8051 variants out there that come with only one serial block and you are out of luck if your application needs it to communicate with another device.

[Jay Carlson] has a method by which he can piggyback these trace messages over an on-chip debugger. Though the newer ARM Cortex-M software debugger already has this facility but [Jay Carlson]’s hack is designed to work with the SiLabs EFM8 controllers. The idea is to write these debug messages to a predefined location in the RAM which the debugger can access anyway. His application polls a certain area of the memory and when it finds valid information, it reads the data and spits it out into a dedicated window. It’s using the debugger as a makeshift printf!

[Jay Carlson] used slab8051.dll interface and put together a C# program and GUI that works alongside the SiLab’s IDE. The code is available on GitHub for you to check out if you are working the EFM8 and need a helping hand. The idea is quite simple and can be ported to other controllers in a multitude of ways like the MSP430 perhaps. For those of you who like the Teensy, you might want to take a look at adding debugger support to the Teensy 3.5/3.6.

Hacking iBeacons For Automating Routines

Every self-respecting hacker has an automation hack somewhere in his/her bag of tricks. There are a lot of modern-day technologies that facilitate the functionality like GPS, scripting apps, and even IFTTT. In an interesting hack, [Nick Lee] has combined iBeacons and a reverse engineered Starbucks API to create an automated morning routine.

By creating a mobile app that scans for iBeacons, [Nick Lee] was able to reduce the effort made every morning while heading to his office. When the app encounters a relevant beacon, a NodeJS app sitting in the cloud is triggered. This consequently leads to desired actions like ordering an Uber ride and placing an order for an iced latte.

[Nick Lee] shares the code for the Starbucks application on GitHub for anyone who wants to order their favorite cup of joe automatically. This project can be easily expanded to work with GPS or even RFID tags and if you feel like adding IoT to a coffee machine, you could automate all of your beverage requirements in one go.

Completely Owning the Dreamcast Add-on You Never Had

If you’ve got a SEGA Dreamcast kicking around in a closet somewhere, and you still have the underutilized add-on Visual Memory Unit (VMU), you’re in for a treat today. If not, but you enjoy incredibly detailed hacks into the depths of slightly aged silicon, you’ll be even more excited. Because [Dmitry Grinberg] has a VMU hack that will awe you with its completeness. With all the bits in place, the hacking tally is a new MAME emulator, an IDA plugin, a never-before ROM dump, and an emulator for an ARM chip that doesn’t exist, running Flappy Bird. All in a month’s work!

The VMU was a Dreamcast add-on that primarily stored game data in its flash memory, but it also had a small LCD display, a D-pad, and inter-VMU communications functions. It also had room for a standalone game which could interact with the main Dreamcast games in limited ways. [Dmitry] wanted to see what else he could do with it. Basically everything.

We can’t do this hack justice in a short write-up, but the outline is that he starts out with the datasheet for the VMU’s CPU, and goes looking for interesting instructions. Then he started reverse engineering the ROM that comes with the SDK, which was only trivially obfuscated. Along the way, he wrote his own IDA plugin for the chip. Discovery of two ROP gadgets allowed him to dump the ROM to flash, where it could be easily read out. Those of you in the VMU community will appreciate the first-ever ROM dump.

On to doing something useful with the device! [Dmitry]’s definition of useful is to have it emulate a modern CPU so that it’s a lot easier to program for. Of course, nobody writes an emulator for modern hardware directly on obsolete hardware — you emulate the obsolete hardware on your laptop to get a debug environment first. So [Dmitry] ported the emulator for the VMU’s CPU that he found in MAME from C++ to C (for reasons that we understand) and customized it for the VMU’s hardware.

Within the emulated VMU, [Dmitry] then wrote the ARM Cortex emulator that it would soon run. But what ARM Cortex to emulate? The Cortex-M0 would have been good enough, but it lacked some instructions that [Dmitry] liked, so he ended up writing an emulator of the not-available-in-silicon Cortex-M23, which had the features he wanted. Load up the Cortex emulator in the VMU, and you can write games for it in C. [Dmitry] provides two demos, naturally: a Mandlebrot set grapher, and Flappy Bird.

Amazed? Yeah, we were as well. But then this is the same guy emulated an ARM chip on the AVR architecture, just to run Linux on an ATMega1284p.

Make Some Noise with the Typewriter Keyboard

Are you an angry programmer? Do you get the frequent urge to smash the return key or space bar after finishing every single line of code? Well then [Konstantin Schauwecker]’s typewriter keyboard is just the thing for you. In his project, [Konstantin] hacked a German Olympia Monica typewriter into a USB keyboard.

The project uses no less than 50 photo interrupters mounted on a custom PCB that mounts directly under the typewriter itself. The circuit board is so designed that the hammer arms take a position in obstructing the opto-interrupters. Every time a key is pressed, the corresponding device sends a signal to an Arduino.

In order to enable the wiring of 50 signals to an Arduino Leonardo, multiplexers and decoders are employed. CD4515, 4×16 line decoders work to activate the optical signals and the CD4067, 16×4 multiplexers are used to return the scans. This forms the traditional scanning keyboard matrix and the whole thing is managed in the Arduino code (available as a zip file).

This project can be a great starting point for anyone who wants to hack their grandpa’s old typewriter or make one in order to annoy the guy sitting next to them. Check out the video below for a demo and teardown and if you prefer Raspberry Pis then check out this mechanical typewriter hack.

Hacking Into…. A Wind Farm?

Pick a lock, plug in a WiFi-enabled Raspberry Pi and that’s nearly all there is to it.

There’s more than that of course, but the wind farms that [Jason Staggs] and his fellow researchers at the University of Tulsa had permission to access were — alarmingly — devoid of security measures beyond a padlock or tumbler lock on the turbines’ server closet. Being that wind farms are generally  in open fields away from watchful eyes, there is little indeed to deter a would-be attacker.

[Staggs] notes that a savvy intruder has the potential to shut down or cause considerable — and expensive — damage to entire farms without alerting their operators, usually needing access to only one turbine to do so. Once they’d entered the turbine’s innards, the team made good on their penetration test by plugging their Pi into the turbine’s programmable automation controller and circumventing the modest network security.

The team are presenting their findings from the five farms they accessed at the Black Hat security conference — manufacturers, company names, locations and etc. withheld for obvious reasons. One hopes that security measures are stepped up in the near future if wind power is to become an integral part of the power grid.

All this talk of hacking and wind reminds us of our favourite wind-powered wanderer: the Strandbeest!

[via WIRED]

Hacking an Inspection Microscope

Sometimes I need to be able to take photographs of very small things, and the so-called macro mode on my point-and-shoot camera just won’t cut it. And it never hurts to have an inspection scope on hand for tiny soldering jobs, either, though I prefer a simple jeweler’s loupe in one eye for most tasks. So I sent just over $40 off to my close friend Alibaba, and a few weeks later was the proud owner of a halfway usable inspection scope that records stills or video to an SD card.

Unfortunately, it’s only halfway useable because of chintzy interface design and a wobbly mount. So I spent an afternoon, took the microscope apart, and got it under microcontroller control, complete with WiFi and a scripting language. Much better! Now I can make microscope time-lapses, but much more importantly I can take blur-free photos without touching the wiggly rig. It was a fun hack, so I thought I’d share. Read on!

Continue reading “Hacking an Inspection Microscope”

USB Charger Fooled into Variable Voltage Source

USB chargers are everywhere and it is the responsibility of every hacker to use this commonly available device to its peak potential. [Septillion] and [Hugatry] have come up with a hack to manipulate a USB charger into becoming a variable voltage source. Their project QC2Control works with chargers that employ Quick Charge 2.0 technology which includes wall warts as well as power banks.

Qualcomm’s Quick Charge is designed to deliver up to 24 watts over a micro USB connector so as to reduce the charging time of compatible devices. It requires both the charger as well as the end device to have compatible power management chips so that they may negotiate voltage limiting cycles.

In their project, [Septillion] and [Hugatry] use a 3.3 V Arduino Pro Mini to talk to the charger in question through a small circuit consisting of a few resistors and diodes. The QC2.0 device outputs voltages of 5 V, 9 V and 12 V when it sees predefined voltage levels transmitted over the D+ and D- lines, set by Arduino and voltage dividers. The code provides function calls to simplify the control of the power supply. The video below shows the hack in action.

Quick Charge has been around for a while and you can dig into the details of the inner workings as well as the design of a compatible power supply from reference designs for the TPS61088 (PDF). The patent (PDF) for the Quick Charge technology has a lot more detail for the curious.

Similar techniques have been used in the past and will prove useful for someone looking for a configurable power supply on the move. This is one for the MacGyver fans.

Continue reading “USB Charger Fooled into Variable Voltage Source”