[Ken Shirriff] Demystifies BeagleBone I/O

If you have ever spent a while delving into the bare metal of talking to the I/O pins on a contemporary microprocessor or microcontroller you will know that it is not always an exercise for the faint-hearted. A host of different functions can be multiplexed behind a physical pin, and once you are looking at the hardware through the cloak of an operating system your careful timing can be derailed in an instant. For these reasons most of us will take advantage of other people’s work and use the abstraction provided by a library or a virtual filesystem path.

If you have ever been curious enough to peer under the hood of your board’s I/O then you may find [Ken Shirriff]’s latest blog post in which he explores the software stack behind the pins on a BeagleBone Black to be of interest. Though its specifics are those of one device, the points it makes have relevance to many other similar boards.

He first takes a look at the simplest way to access a Beagle Bone’s I/O lines, through virtual filesystem paths. He then explains why relying so heavily on the operating system in this way causes significant timing issues, and goes on to explore the physical registers that lie behind the pins. He then discusses the multiplexing of different pin functions before explaining the role of the Linux device tree in keeping operating system in touch with hardware.

For some Hackaday readers this will all be old news, but it’s safe to say that many users of boards like the BeagleBone Black will never have taken a look beyond the safely abstracted ways to use the I/O pins. This piece should therefore provide an interesting education to the chip-hardware novice, and should probably still contain a few nuggets for more advanced users.

We’ve seen a lot of [Ken]’s work here at Hackaday over the years, mostly in the field of reverse engineering. A few picks are his explanation of the TL431 voltage reference, a complete examination of the 741 op-amp, and his reverse engineering of the 1970s Sinclair Scientific calculator.

We appreciate [Fustini]’s tip on this story.

BeagleBone Black image: BeagleBoard.org Foundation [CC BY-SA 3.0], via Wikimedia Commons.

Die Photos Of A Runner’s RFID Chip

A mass participation sporting event such as a road race presents a significant problem for its record keepers. It would be impossible to have ten thousand timekeepers hovering over stopwatches at the finish line, so how do they record each runner’s time? The answer lies in an RFID chip attached to the inside of the bib each runner wears, which is read as the runner crosses the line to ensure that their time is recorded among the hundreds of other participants.

[Ken Shirriff] got his hands on a bib from San Francisco’s “Bay to Breakers” race, and set about a teardown to lay bare its secrets.

The foil antenna pattern.
The foil antenna pattern.

Stripping away the foam covering of the RFID assembly revealed a foil antenna for the 860-960MHz UHF band with the tiny RFID chip at its centre. The antenna is interesting, it’s a rather simple wideband dipole folded over with what looks like a matching stub arrangement and an arrow device incorporated into the fold that is probably for aesthetic rather than practical purposes. He identified the chip as an Impinj Monza 4, whose data sheet contains reference designs for antennas we’d expect to deliver a better performance.

After some trial-by-fire epoxy removal the tiny chip was revealed and photographed. It’s a device of three parts, the power scavenging and analog radio section, the non-volatile memory that carries the payload, and a finite-state logic machine to do the work. This isn’t a proper processor, instead it contains only the logic required to do the one task of returning the payload.

He finishes off with a comparison photograph of the chip — which is about the size of a grain of salt — atop a 1980s 8051-series microcontroller to show both its tiny size and the density advancements achieved over those intervening decades.

Since RFID devices are becoming a ubiquitous part of everyday life it is interesting to learn more about them through teardowns like this one. The chip here is a bit different to those you’ll find in more mundane applications in that it uses a much higher frequency, we’d be interested to know the RF field strength required at the finish line to activate it. It would also be interesting to know how the system handles collisions, with many runners passing the reader at once there must be a lot of RFID chatter on the airwaves.

We’ve featured [Ken]’s work before, among many others in his reverse engineering of Clive Sinclair’s 1974 scientific calculator, and his explanation of the inner workings of the TL431 voltage reference. Though we’ve had many RFID projects on these pages, this appears to be the first teardown of one we’ve covered.

The IBM 1401’s Unique Qui-Binary Arithmetic

Old mainframe computers are interesting, especially to those of us who weren’t around to see them in action. We sit with old-timers and listen to their stories of the good ol’ days. They tell us about loading paper tape or giving instructions one at a time with toggle switches and LED output indicators. We hang on every word because its interesting to know how we got to this point in the tech-timeline and we appreciate the patience and insanity it must have taken to soldier on through the “good ol’ days”.

[Ken Shirriff] is making those good ol’ days come alive with a series of articles relating to his work with hardware at the Computer History Museum. His latest installment is an article describing the strange implementation of the IBM 1401’s qui-binary arithmetic. Full disclosure: It has not been confirmed that [Ken] is an “old-timer” however his article doesn’t help the argument that he isn’t.

Ken describes in thorough detail how the IBM 1401 — which was first introduced in 1959 — takes a decimal number as an input and operates on it one BCD digit at a time. Before performing the instruction the BCD number is converted to qui-binary. Qui-binary is represented by 7 bits, 5 qui bits and 2 binary bits: 0000000. The qui portion represents the largest even number contained in the BCD value and the binary portion represents a 1 if the BCD value is odd or a 0 for even. For example if the BCD number is 9 then the Q8 bit and the B1 bit are set resulting in: 1000010.

The qui-binary representation makes for easy error checking since only one qui bit should be set and only one binary bit should be set. [Ken] goes on to explain more complex arithmetic and circuitry within the IBM 1401 in his post.

If you aren’t familiar with [Ken], we covered his reverse engineering of the Sinclair Scientific Calculator, his explanation of the TL431, and of course the core memory repair that is part of his Computer History Museum work.

Thanks for the tip [bobomb].

A Detailed Look at the 7805 Voltage Regulator

We’re quite sure that all hobbyists have used the 7805 voltage regulator at least once in their lives. They are a simple way to regulate 7V+ voltages to the 5V that some of our low power projects need. [Ken Shirriff] wrote an amazingly detailed article about its theory of operation and implementation in the silicon world.

As you may see in the picture above such a regulator is composed of very different elements: transistors, resistors, capacitors and diodes, all of them integrated in the die. [Ken] provides the necessary clues for us to recognize them and then explains how the 7805 can have a stable output even when its temperature changes. This is done by using a bandgap reference in which the difference between transistor base-emitter voltages for high and low current is used to counter the effects of temperature. As some elements looked a bit odd during [Ken]’s reverse engineering process, he finally concluded that what he purchased on Ebay may be a counterfeit (read this Reddit comment for another opinion).

How Hacker News Page Rankings Really Work

Page rankings are the secret sauce of websites that automatically aggregate user submissions. The basic formula used by Hacker News was published a few years back. But there are several pieces of the puzzle that are missing from that specification. [Ken Shirriff] recently published an analysis that digs deeper to expose the article penalization system used by Hacker News’ ranking engine.

One might assume that the user up and down votes are what determine a page’s lifespan on the front page. But it turns out that a complex penalization system makes a huge difference. It takes into account keywords, and domain names but also weighs controversy. It’s a bit amusing to note that this article on the topic was itself penalized, knocking it off of the front page.

You can get the full details of the system from his post, but we found his investigation methods to be equally interesting. He scraped two pages of the news feed every minute using Python and the Beautiful Soup package (a pretty common scraping practice). This data set allowed him to compare the known algorithm with actual results. What was left were a set of anomalies that contained enough sense for him to reverse engineer the unpublished formulas being used.

[Ken Shirriff] completely reverse engineers the 1974 Sinclair Scientific calculator

Wow. Seriously… Wow! The work [Ken Shirriff] put into reverse engineering the Sinclair Scientific is just amazing. He covers so much; the market forces that led [Clive Sinclair] to design the device with an under-powered chip, how the code actually fits in a minuscule amount of space, and an in-depth look at the silicon itself. Stop what you’re doing and read it right now!

This calculator shoe-horned itself into the market when the HP-35 was king at a sticker price of $395 (around $1800 in today’s money). The goal was to undercut them, a target that was reached with a $120 launch price. They managed this by using a Texas Instruments chip that had only three storage registers, paired with a ROM totaling 320 words. The calculator worked, but it was slow and inaccurate. Want to see how inaccurate? Included in the write-up is a browser-based simulator built from the reverse engineering work. Give it a try and let us know what you think.

Now [Ken] didn’t do all this work on his own. Scroll down to the bottom of his post to see the long list of contributors that helped bring this fantastic piece together. Thanks everyone!

[Thanks Ed]