Hackaday Links: August 12, 2018

Falling into the marvelous space between, ‘I really want to do that’ and ‘but that’s a lot of work and I’m lazy’ comes this reproduction of the motherboard from the original IBM 5150. This is a complete reproduction of the first PC, being sold as a kit. Yes, chips are included, although I highly doubt they’ve gone through the trouble of finding chips with contemporaneous date codes. We’re dying for a writeup on this one.

Someone has found the source code for the first Furby. [Mark Boldyrev] was talking with a few fellows on the MAME forum to see if anyone had the source for the Furby. He was looking into contacting the USPTO for the original source but the red tape involed was a bit too intense. Luckily, that research turned up some info from [Sean Riddle] who somehow already found the original source listing. After [Mark] got in contact, [Sean] posted it as a PDF. Yes, it’s 6502 source, although the microcontroller is technically a SPC81A, with the rest of the hardware consisting of TI50C04 speech chip. (you would not believe how many toys are still shipping with a 6502-ish core somewhere inside). The files are up in the archive, and we’re probably going to have a Furby MAME sometime soon.

The Bitfi hardware wallet is a cryptocurrency storage device being bandied about by [John McAffee], and there’s a quarter million dollar bug bounty on it. It’s ‘unhackable’, and ‘it has no memory’. I’m serious, those are direct quotes from [McAffee]. Both of those claims are nonsense and now it can play Doom.

Oh noes, a new hardware backdoor in x86 CPUs! [xoreaxeaxeax] has published a demo that allows userland code to read and write kernel data (that’s very bad). The exploit comes in the form of the ‘rosenbridge backdoor’, a small embedded processor tightly coupled to the CPU that is similar to, but entirely different from, Intel’s ME. This processor has access to all the CPU’s memory, registers, and pipeline. The good news, and why this isn’t big news, is that this exploit only affects Via C3 CPUs. Yes, the other company besides Intel and AMD that makes x86 CPUs. These are commonly found in industrial equipment and ATMs.

25 thoughts on “Hackaday Links: August 12, 2018

  1. “The good news, and why this isn’t big news, is that this exploit only affects Via C3 CPUs. Yes, the other company besides Intel and AMD that makes x86 CPUs. These are commonly found in industrial equipment and ATMs.“

    Hopefully this doesn’t wind up meaning that it’s easier to hack ATMs or else that will be very bad news indeed (even just a denial of service could wind up being a pain in the ass for lots of ordinary folks).

    1. You need the ability to execute code to do this VIA exploit so you’re already in in deep trouble by this point if somebody can do that on an ATM. Also this extra mode also needs to have been left enabled and not all firmware does that apparently.

      1. ^this, the only place it would come up was if you had some situation where you were sharing hardware across multiple parties, who all needed to stay in their sandboxes, which…. really doesn’t happen at all on industrial hardware.

    2. My thoughts are along the same lines, but it is funny how many people freak out at the personal level and don’t mind the big stuff. A good case in point is cloud based backup. I know a number of people who don’t trust the privacy of it for their personal computers, but are obvious to the fact that many businesses use it, so they are fretting their porn collection being backed up in the cloud, they don’t mind their credit card info and social security numbers etc are being backed up.

  2. Sort of neat for the Model 5150 kit. But a repro of the final Model 5160 revision board would be of more practical use, especially if adapted to support “Turbo” 10 Mhz operation.

    The low price of the kit is amazing, considering what the replacement price for a board from IBM likely was in 1981.

    1. Practical to use for what? Intended use scenario is building a neat DIY kit, preferably with your kid.
      Lets be real here, there is nothing you would want to run on this today. Even nostalgia has its limits.

    2. “We also have added IC sockets for all chips, knowing this is a huge hobbyist advantage, despite the additional cost.”

      It looks like they used cheap sockets. There must be some new meaning of the word “advantage” that I haven’t learned yet. Or does it mean that the users will develop their debugging skills from finding the open circuits on the cheap sockets? That could actually be good training, even if the only thing the users learn is to avoid cheap sockets.

        1. Guess only. Well, more than a guess. They’re “silver” in colour, which I suppose means nickel plated or something like that. They’re dual wiping types, which, unless they’ve made great improvements in the few decades since I stopped using them, probably still suck.

    1. The hardware used is a stripped down cheap chinese android phone.
      So it is likely some random android port of doom.
      “No storage” and “Unhackable” are not things a cheap android phone with all the oem stuff left over from mediatek sdk is.

  3. “The good news, and why this isn’t big news, is that this exploit only affects Via C3 CPUs. Yes, the other company besides Intel and AMD that makes x86 CPUs. These are commonly found in industrial equipment and ATMs.”

    ALTINST

    1. “When set to 1, the ALTINST bit in the FCR enables execution of an alternate (not x86) instruction set. While setting this FCR bit is a privileged operation, executing the alternate instructions can be done from any protection level.
      This alternate instruction set includes an extended set of integer, MMX, floating-point, and 3DNow! instructions along with additional registers and some more powerful instruction forms over the x86 instruction architecture. For example, in the alternate instruction set, privileged functions can be used from any protection level, memory descriptor checking can be bypassed, and many x86 exceptions such as alignment check can be bypassed.
      This alternate instruction set is intended for testing, debug, and special application usage. Accordingly, it is not documented for general usage. If you have a justified need for access to these instructions, contact your VIA representative.”

      right in the documentation, secret indeed

  4. Looking at the photos on PC-Retro site all IC date stamp I can read are from 1983-1984 (Look for 4 digits numbers beginning with an 8. First two year, last two week.)

    How they could have found enough of those old chip to sell kits?

    I suspect they gathered old PC boards, unsoldered all components, did cleanup of the boards and components and sell all that back as a retro kit.

  5. I do understand the temptation to use all-original parts, really I do. But if there’s one single part where using the original bits makes less sense to me, it’s using the original DRAMs.

    1. The design is tied to the DRAMS or at least similar DRAMS. Page sizes, refresh, timing are all intertwined with the CPU bus cycle timing, etc. It may be possible to jump to the 256Kx1 DRAMS, but beyond that you might be better off scrapping the whole thing and using a simulator on a cheap ARM based board with 256MB or more RAM.

      1. Obviously you have to keep the refresh circuitry to remain timing compatible, but you can swap out the DRAMs for a large modern SRAM, bypass the multiplexer (sheet 6 U62 and U79, LS158s) and selectors (sheet 3 U47 and U65, LS138s), and you don’t have to worry about ancient DRAMs power requirements and seeming greater proclivity to breaking…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.