This morning I went to a fantastic talk called Hack All the Things. It was presented by GTVHacker. If you don’t recognize the name, this is the group that hacked the GoogleTV. They haven’t stopped hacking since that success, and this talk is all about 20+ devices that they’ve recently pwned and are making the info public (that link still had oath when I checked but should soon be public).
The attacks they presented come in three flavors: UART, eMMC, and command injection bugs. I’m going to add the break now, but I’ll give a rundown of most of the device exploits they showed off. I found all amusing, and often comical.
Continue reading “DEFCON 22: Hack All the Things”
North Korean drones! Yes, your local hobby shop has the same aerial reconnaissance abilities as North Korea. Props to Pyongyang for getting v-tail mixing down.
There’s nothing quite as satisfying as the look of a well laid out resistor array, and the folks at Boldport have taken this to a new level. It’s an art piece, yes, but these would make fabulous drink coasters.
Here’s something even more artistic. [cpurola] found a bunch of cerdip EPROMs and bent the pins in a weird chainmaille-esque way. The end result is an EPROM bracelet, just in time for mother’s day. It’s a better use for these chips than tearing them apart and plundering them for the few cents worth of gold in each.
[John] still uses his original Xbox for xmbc, but he’d like to use the controllers with his computer. He never uses the third and fourth controller ports, so he stuck those in his computer. It’s as simple as soldering the controller port module to a connector and plugging it into an internal USB port. Ubuntu worked great, but Windows required XBCD.
[Kerry] has modified an FT232 USB/UART thingy as an Arduino programmer before. The CP2102 USB/UART is almost as popular on eBay, a little less expensive, and equally suited for ‘duino programming. It requires desoldering a resistor and soldering a jumper on a leadless package, but with a fine solder tip, it’s not too bad.
If you have worked with very low cost microcontroller in the past, such as the ATtiny series from AVR, you’ve probably been stuck without a UART peripheral. The usual answer to this problem is to implement the UART in software. It’s not fast, but it works.
Lets say you’re even more limited on resources, and only have a single pin for UART. [Ralph] created a software library and a small circuit that enables half duplex UART using only one pin. With the above circuit, and a 62 byte Arduino compatible library, you can add UART to the tiniest of ATtinys.
In this circuit, the Tx/Rx pin is on the AVR, and the Tx and Rx pins are another device. The circuit relies on the idle state of UART being a logic high signal. When the Tx pin is idle, the transistor stays on. This allows the Tx/Rx pin to pull Rx low when the AVR sends a 0. When the Tx pin sends a 0, the Tx/Rx pin gets pulled low through the diode.
It’s a clever hack, and could definitely help add communication to your next tiny project.
[Joe Grand] has come up with a tool which we think will be useful to anyone trying to hack a physical device: The JTAGulator. We touched on the JTAGulator briefly during our DEF CON coverage, but it really deserves a more in-depth feature. The JTAGulator is a way to discover On Chip Debug (OCD) interfaces on unfamiliar hardware.
Open any cell phone, router, or just about any moderately complex device today, and you’ll find test points. Quite often at least a few of these test points are the common JTAG / IEEE 1149.1 interface.
JTAG interfaces have 5 basic pins: TDI (Test Data In), TDO (Test Data Out), TCK (Test Clock), and TMS (Test Mode Select), /TRST (Test Reset) (optional).
If you’re looking at a PCB with many test points, which ones are the JTAG pins? Also which test points are which signals? Sometimes the PCB manufacturer will give clues on the silk screen. Other times you’re on your own. [Joe] designed the JTAGulator to help find these pins.
Continue reading “JTAGulator Finds Debug Interfaces”
Having a serial port on any Linux box is always useful, but with the tiny computers we’re carrying around in our pockets now, that isn’t always an option. Some of the more advanced phones out there break out a UART on their USB OTG port, but the designers of the Nexus 4 decided to do things differently. They chose to put the Nexus 4’s serial port on the mic and headphone input, and [Ryan] and [Josh] figured out how to access this port.
Basically, the Nexus 4 has a tiny bit of circuitry attached to the microphone input. If the Nexus detects more than 2.8 Volts on the mic, it switches over to a hardware UART, allowing everything from an Arduino to an old dumb terminal to access the port.
The guys used a USB to serial FTDI board wired up to a 3.5 mm jack with a few resistors to enable the hardware UART on their phone. With a small enclosure, they had a reasonably inexpensive way to enable a hardware serial port on a mobile device with GPS, cellular, a camera, and a whole bunch of other sensors that any portable project would love.
EDIT: An anonymous little bird told us this: “You should add a note to the Nexus 4 serial cable post that TX and RX need to be 1.8V. If you use 3.3V USB cables, you will likely eventually fry something. FTDI makes 1.8V IO cables that work – you just need to make the trigger voltage for the mic line.” Take that for what you will.
Unhappy with the performance of his U-verse modem [Jordan] decided to dig in and see if a bit of hacking could improve the situation. Motorola makes this exclusively for AT&T and there are no other modems on the market which can used instead. Luckily he was able to fix almost everything that was causing him grief. This can be done in one of two ways. The first is a hardware hack that gains access to a shell though the UART. The second is a method of rooting the device from its stock web interface.
We think the biggest improvement gained by hacking this router is true bridge mode. The hardware is more than capable of behaving this way but AT&T has disabled the feature with no option for an unmodified device to use it. By enabling it the modem does what a modem is supposed to do: translate between WAN and LAN. This allows routing to be handled by a router (novel idea huh?).
Sometimes you need to toggle or read a few pins on a microcontroller for a project so simple (or so temporary) that coding some firmware is a rather large investment of time. [Jaspreet] had the same problem – wanting to read values and toggle pins without writing any code – so he came up with a rather clever solution to control an MSP430 through a serial connection.
[Jaspreet] calls his project ControlEasy, and it does exactly as advertised: it provides a software interface to control ADC inputs, PWM outputs, and the state of output pins via a desktop computer. ControlEasy does this with a matching piece of code running on any MSP430 with a hardware UART (like the TI Launchpad) sending and receiving data to the computer.
Right now ControlEasy can read analog values, generate PWM output, and set individual pins high and low. [Jaspreet] plans on expanding his software to allow control of LCDs and I2C and SPI devices.
In the video after the break you can see [Jaspreet] fiddling around with some pins on his LaunchPad via the GUI. The software is also available for download if you’d like to try it out, but unfortunately it’s a Windows-only build at this point.
Continue reading “Giving the MSP430 a GUI”