MC68k SBC with a monitor, keyboard and mouse

Motorola 68000 SBC Runs Again With A Raspberry Pi On Top

August 31, 2021 by Robin Kearey 30 Comments

Single-board computers have been around a long time: today you might be using a Raspberry Pi, an Arduino, or an ESP32, but three decades ago you might find yourself programming a KIM-1, an Intel SDK-85, or a Motorola 68000 Educational Computer Board. These kind of boards were usually made by processor manufacturers to show off their latest chips and to train engineers who might use these chips in their designs.

[Adam Podstawczyński] found himself trying to operate one of these Motorola ECBs from 1981. This board contains a 68000 CPU (as used in several Macintoshes and Amigas), 32 kB of RAM, and a ROM program called TUTOR. Lacking any keyboard or monitor connections, the only way to communicate with this system is a pair of serial ports. [Adam] decided to make the board more accessible by adding a Raspberry Pi extended with an RS232 Hat. This add-on board comes with two serial ports supporting the +/- 12 V signal levels used in older equipment.

It took several hours of experimenting, debugging, and reading the extensive ECB documentation to set up a reliable connection; as it turns out, the serial ports can operate in different modes depending on the state of the handshake lines. When the Pi’s serial ports were finally set up in the right mode, the old computer started to respond to commands entered in the terminal window. The audio interface, meant for recording programs on tape, proved more difficult to operate reliably, possibly due to deteriorating capacitors. This was not a great issue, because the ECB’s second serial port could also be used to save and load programs directly into its memory.

With the serial connections working, [Adam] then turned to the aesthetics of his setup and decided to make a simple case out of laser-cut acrylic and metal spacers. Custom ribbon cables for the serial ports and an ATX break-out board for power connections completed the project, and the 40-year-old educational computer is now ready to educate its new owner on all the finer points of 68000 programming. In the video (embedded after the break) he shows the whole process of getting the ECB up and running.

[Adam] made a similarly clever setup with a Commodore 64 and an Arduino earlier. [Jeff Tranter] recreated a similar 68000 development board from scratch. And a few years ago we even featured our own custom-built 68k computer.

Continue reading “Motorola 68000 SBC Runs Again With A Raspberry Pi On Top” →

DOOM On A Desk Phone Is Just The Tip Of The Iceberg

August 13, 2021 by Tom Nardi 23 Comments

These days we expect even the cheapest of burner smartphones to feature a multi-core processor, at least a gigabyte of RAM, and a Linux-based operating system. But obviously those sort of specs are unnecessary for an old school POTS desktop phone. Well, that’s what we thought. Then [Josh Max] wrote in to tell us about his adventures in hacking the CaptionCall, and now we’re eager to see what the community can do with root access on a surprisingly powerful Linux phone.

As the names implies, the CaptionCall is a desk phone with an LCD above the keypad that shows real-time captions. Anyone in the United States with hearing loss can get one of these phones for free from the government, so naturally they sell for peanuts on the second hand market. Well, at least they did. Then [Josh] had to go ahead and crack the root password for the ARMv7 i.MX6 powered phone, started poking around inside of its 4 GB of onboard NAND, and got the thing running DOOM.

If you’re interested in the technical details, [Josh] has done a great job taking us step by step through his process. It’s a story that will be at least somewhat familiar to anyone who’s played around with embedded Linux devices, and unsurprisingly, starts with locating a serial port header on the PCB.

Finding the environment variables to pretty tightly locked down, he took the slow-route and dumped the phone’s firmware 80 characters at a time with U-Boot’s “memory display” command. Passing the recovered firmware image through binwalk and a password cracker got him the root credentials in short order, and from there, that serial port got a whole lot more useful.

[Josh] kicked the phone’s original UI to the curb, set up an ARM Debian Jessie chroot, and started working his way towards a fully functional Linux environment. With audio, video, and even keypad support secured, he was ready to boot up everyone’s favorite 1993 shooter. He’s been kind enough to share his work in a GitHub repository, and while it might not be a turn-key experience, all the pieces are here to fully bend the hardware to your will.

Historically, running DOOM on a new piece of hardware has been the harbinger of bigger and better things to come. With unfettered access to its Linux operating system up for grabs, we predict the CaptionCall is going to become a popular hacking target going forward, and we can’t wait to see it.

Roomba Gets Alexa Support With An ESP8266 Stowaway

March 9, 2021 by Tom Nardi 11 Comments

The modern home is filled with plenty of “smart” devices, but unfortunately, they don’t always speak the same language. The coffee maker and the TV might both be able to talk to your phone through their respective apps, but that doesn’t necessarily mean the two appliances can work together to better coordinate your morning routine. Which is a shame, since if more of these devices could communicate with each other, we’d be a lot closer to living that Jetsons life we were promised.

Luckily, as hardware hackers we can help get our devices better acquainted with one another. A recent post by [MyHomeThings] shows how the ESP8266 can bridge the gap between a Roomba and Amazon’s Alexa assistant. This not only allows you to cheaply and easily add voice control to the robotic vacuum, but makes it compatible with the Amazon’s popular home automation framework. This makes it possible to chain devices together into complex conditional routines, such as turning off the lights and activating the vacuum at a certain time each night.

The hack depends on the so-called Roomba Open Interface, a seven pin Mini-DIN connector that can be accessed by partially disassembling the bot. This connector provides power from the Roomba’s onboard batteries as well as a two-way serial communications bus to the controller.

By connecting a MP1584EN DC-DC converter and ESP8266 to this connector, it’s possible to send commands directly to the hardware. Add a little glue code to combine this capability with a library that emulates a Belkin Wemo device, and now Alexa is able to stop and start the robot at will.

We’ve seen this sort of trick used a few times before to add backdoor Alexa support to various gadgets, and it’s always interesting to see what kind of unusual hardware folks are looking to make an integral part of their smart home.

Apple II Talks To 3D Printer With A Little Modern Help

February 21, 2021 by Tom Nardi 15 Comments

Controlling most desktop 3D printers is as easy as sending them G-code commands over a serial connection. As you might expect, it takes a relatively quick machine to fire off the commands fast enough for a good-quality print. But what if you weren’t so picky? If speed isn’t a concern, what’s the practical limit on the type of computer you could use?

In an effort to answer that question, [Max Piantoni] set out to control his Ender 3 printer with an authentic Apple IIc. Things were made a bit easier by the fact that he really only wanted to use the printer as a 2D plotter, so he could ignore the third dimension in his code. All he needed to do was come up with a BASIC program that let him create some simple geometric artwork on the Apple and convert it into commands that could be sent out over the computer’s serial port.

Unfortunately, [Max] ran into something of a language barrier. While the Apple had no problem generating G-code the Ender’s controller would understand, both devices couldn’t agree on a data rate that worked for both of them. The 3D printer likes to zip along at 115,200 baud, while the Apple was plodding ahead at 300. Clearly, something would have to stand in as an interpreter.

The solution [Max] came up with certainly wouldn’t be our first choice, but there’s something to be said for working with what you know. He quickly whipped up a program in Unity on his Macbook that would accept incoming commands from the Apple II at 300 baud, build up a healthy buffer, and then send them off to the Ender 3. As you can see in the video after the break, this Mac-in-the-middle approach got these unlikely friends talking at last.

We’re reminded of a project from a few years back that aimed to build a fully functional 3D printer with 1980s technology. It was to be controlled by a Commodore PET from the 1980s, which also struggled to communicate quickly enough with the printer’s electronics. Bringing a modern laptop into the mix is probably cheating a bit, but at least it shows the concept is sound.

Continue reading “Apple II Talks To 3D Printer With A Little Modern Help” →

Linux Fu: Serial Untethered

February 11, 2021 by Al Williams 28 Comments

Serial ports used to be everywhere. In a way, they still are since many things that appear to plug in as a USB device actually look like a serial port. The problem is that today, the world runs on the network. Sure, you can buy a terminal server that converts a serial port to an Ethernet port, but what fun is that? In this article, I’m going to show you how to stream serial ports over the network using some available Linux tools. It isn’t perfect, and it won’t work for every case, but when it works it works well.

Everything is a File, Until it Isn’t

At some point in the past, Unix — the progenitor of Linux — treated virtually everything as a file, and all files were created more or less equal. Programs didn’t care if a file was local, on the network, from a tape drive, or arriving over a named pipe.

But things started to change. Even though a serial port is just a file under Linux, it has some special attributes that let you set, for example, baud rates. Worse, some programs “know” too much about files and insist on certain naming conventions. So, in theory, you should be able to create a network socket, connect one end to a serial port and the other end to a program, and be done with it. In theory.

Continue reading “Linux Fu: Serial Untethered” →

Serial Studio: Easily Visualise And Log Serial Data

January 31, 2021 by Danie Conradie 28 Comments

Outputting data from a microcontroller over a serial port is convenient and easy, but formatting, visualizing, and analyzing the data can be tedious and frustrating. [Alex Spataru] knows this all too well, having spent too many hours building and debugging custom dashboards. To save himself and others the same frustration in the future, he created Serial Studio, a tool for quickly building dashboards for serial data.

The only input required for Serial Studio to create a dashboard is a simple JSON structure specifying the data’s format, and how it should be grouped and displayed. Originally Serial Studio required all the JSON data to be sent over serial, which is fine for simple data but quickly becomes cumbersome for more complex applications. To solve this, [Alex] added a feature allowing the JSON document with the format information loaded from the computer, while only the data is sent over serial.

Serial Studio includes several visualization options, including raw line graphs, bar/level indicator, dial indicator, the artificial horizon for IMU data, or a map widget. It can also output the formatted data to a CSV file for further analysis in other software. A console window is also included for viewing raw data or debugging purposes. See the usage demo after the break.

We like Serial Studio’s ease of use and adaptability, and we’ll likely use it for our own projects in the future. It is compatible with Linux, Windows, and Mac thanks to the Qt framework, and the code is open-source and available on GitHub.

If you’ve ever watched one of the BPS.Space model rocket launch videos, you’ll know how critical data logging, visualization and analysis is for [Joe Barnard]’s work. Serial Studio is perfect for such applications, and [Alex] used it extensively for simulated satellite competitions at his university. Continue reading “Serial Studio: Easily Visualise And Log Serial Data” →

Nissan Gives Up Root Shell Thanks To Hacked USB Drive

January 30, 2021 by Tom Nardi 46 Comments

For the impatient Nissan owners who may be joining us from Google, a hacker by the name of [ea] has figured out how to get a root shell on the Bosch LCN2kai head unit of their 2015 Xterra, and it looks like the process should be the same for other vehicles in the Nissan family such as the Rogue, Sentra, Altima, and Frontier. If you want to play along at home, all you have to do is write the provided image to a USB flash drive and insert it.

Now for those of us who are a more interested in how this whole process works, [ea] was kind of enough to provide a very detailed account of how the exploit was discovered. Starting with getting a spare Linux-powered head unit out of a crashed Xterra to experiment with, the write-up takes the reader through each discovery and privilege escalation that ultimately leads to the development of a non-invasive hack that doesn’t require the user to pull their whole dashboard apart to run.

The early stages of the process will look familiar to anyone who’s messed with embedded Linux hacking. The first step was to locate the board’s serial port and connect it to the computer. From there, [ea] was able to change the kernel parameters in the bootloader to spawn an interactive shell. To make things a little easier, the boot scripts were then modified so the system would start up an SSH server accessible over a USB Ethernet adapter. With full access to the system, the search for exploits could begin.

A simple script on the flash drive enables the SSH server.

After some poking, [ea] discovered the script designed to mount USB storage devices had a potential flaw in it. The script was written in such a way that the filesystem label of the device would be used to create the mount point, but there were no checks in place to prevent a directory traversal attack. By crafting a label that read ../../usr/bin/ and placing a Bash script on the drive, it’s possible to run arbitrary commands on the head unit. The provided script permanently adds SSHd to the startup process, so when the system reboots, you’ll be able to log in and explore.

So what does [ea] want to do with this new-found exploit? It looks like the goal is to eventually come up with some custom programs that extend the functionality of the in-dash Linux system. As it seems like these “infotainment” systems are now an inescapable feature of modern automobiles, we’re certainly excited to see projects that aim to keep them under the consumer’s control.