Using An FPGA To Glitch The Olimex LPC-P1343

After trying out hardware hacking using an FPGA to interface with target hardware, [Grazfather] was inspired to try using the iCEBreaker (one of the many hobbyist FPGAs to have recently flooded the market) to build a UART-controllable glitcher for the Olimex LPC-P1343.

FPGA Modules (The cmd module intercepts what the host computer sends over UART, the resetter holds the reset line until the target is reset, the delay starts counting on reset and waits for a configured number of cycles before sending its signal, the trigger waits for the delay to finish before telling the pulse module to send a pulse, and the pulse works similar to the delay module and outputs to the power multiplexer.)

When the target board boots up, the bootROM reads the flash and determines whether the UART goes to a shell and if the shell can be used to read out the flash. This is meant for developing firmware and debugging it in the bootloader, only flashing a version when the firmware is production-ready. The vulnerability is that only a specific value read from address 0x2FC and the state of a few pins can lock the bootloader in the expected way, and any other value at the address causes the bootROM to consider the device unlocked. Essentially, the mechanism is the opposite of how a lock ought to work.

The goal is to get the CPU to misread the flash at the precise moment it is meant to be reading the specific value, then jumping to the bootloader in the unlocked state. The FPGA can be used as a tool between the host machine and target board, communicating via UART. The FGPA can support configuring the delay between resetting the target board and pulsing a ‘glitch voltage’, as well as resetting the target board and activating the glitch. The primary reasons for using the FPGA over a different microcontroller are that the FPGA allows for precise timing (83.3ns precision) and removes worries about jitters (a Raspberry Pi might have side effects from OS scheduling and other processes and microcontrollers might have interrupts messing up the timing).

The logic analyzer view

To simulate the various modules, [Grazfather] used Icarus Verilog as well as GTKWave to observe the waveforms generated. A separate logic analyzer observes the effects on real hardware.

With enough time, it is possible to brute force any combination of delay and width until you get a dump of the flash you’re not meant to read. You can check out how the width of the pulse gets wider until the max, when the delay is incremented and the width values are tried again.

Continue reading “Using An FPGA To Glitch The Olimex LPC-P1343”

The United States Air Force Would Like You To Hack Into Their Satellite

The Air Force is again holding its annual “Space Security Challenge” where they invite you to hack into a satellite to test their cybersecurity measures. There are actually two events. In the first one, $150,000 is up for grabs in ten prizes and the final event offers a $100,000 purse divided among the three top participants (first place takes $50,000).

Before you get too excited, you or your team has to first qualify online. The qualification event will be over two days starting May 22. The qualifying event is set up a bit like the TV show Jeopardy. There is a board with categories. When a team solves a challenge in a category it receives a flag that is worth points as well as getting to unlock the next challenge. Once a challenge is unlocked however, any team could potentially work on it. There are more rules, but that’s the gist of it. At the end of the event, the judges will contact the top 10 teams who will then each have to submit a technical paper.

Continue reading “The United States Air Force Would Like You To Hack Into Their Satellite”

DJ Scratches Out Club Music With Tape, Not Turntables

It goes without saying that not everyone has the same taste in music, and what sounds amazing to one person will be the next person’s noise. But even if you’re not into hip-hop and the whole DJ scene, it’s hard not to be impressed with what [Jeremy Bell] has done here with his homemade tape loop “scratching” rig.

Most people have probably seen a DJ in a club using dual turntables to scratch or “scrub” a vinyl record back and forth to create effects that add to the music. Part musician and part performance artist, DJs and “turntablists” tend to be real crowd-pleasers. [Jeremy]’s “ScrubBoard” uses a loop of 2″ audiotape, the kind recording studios once used for multitrack recordings. The loop is driven across a wide platen by a motor with a foot pedal control, which he can use to quickly reverse the direction of travel and control the speed of the tape. A pair of playback heads are wired into the amplifier and can be positioned anywhere on the sometimes moving, sometimes stationary tape. The sounds he can create are rhythmic, percussive, and at times frenetic, but they’re always interesting. Check it out in action in the video below.

This version of the ScrubBoard is far from the first [Jeremy] has built. You may recall his first prototype from our coverage in 2014; that one used just a few feet of 1/4″ tape fixed to a board. He was still able to get some great sounds from it, but this version should really change things for him. 

Continue reading “DJ Scratches Out Club Music With Tape, Not Turntables”

Building A New RF Remote From Scratch

We’ve seen no shortage of projects that use the ESP8266 or ESP32 to add “smart” features to existing home appliances, often by pairing the microcontroller with a radio or IR transmitter. If your device has an existing remote, integrating it into a custom home automation system is often just a matter of getting a few cheap modular components and writing some simple code to glue it all together.

But what if the appliance you want to control doesn’t use a common frequency? That’s a question that [eigma] recently had to answer after finding the remote control for the bedroom ceiling fan was operating at a somewhat unusual 304 MHz. Something like the MAX1472 could probably have been tuned to this frequency, but the chip doesn’t seem to be available in a turn-key module as the popular 315 MHz transmitters are.

There were a few possible options, including using a software defined radio (SDR), but [eigma] didn’t want to spend a fortune on this project or wait months for parts to get shipped from overseas. The most straightforward solution was to design a custom transmitter tuned to the proper frequency using discrete components; something of a dark art to those of us who’ve been spoiled by the high availability of modular components.

What follows is an fascinating look at the design, testing, and troubleshooting of a truly scratch-built transmitter. You won’t find any ICs here, the carrier signal is generated with just a transistor, some carefully measured pieces of wire, and a handful of passive components. By modulating the signal with an ESP32, [eigma] successfully makes the oddball ceiling fan an honorary member of the Internet of Things.

The write-up that [eigma] has done is an absolutely invaluable resource if you ever find yourself in need of rolling a bespoke transmitter. It easily ranks among some of the most informative radio reverse engineering work we’ve covered, and you’d be wise to file this one away for future reference. That said, most of the newer hardware you’re going to run into will probably be utilizing a widely-supported frequency like 433 MHz.

An All Lead Screw 3D Printer You Can Build Yourself

There was a time when the curious hardware hacker  had to build their own 3D printer, because commercial models were so expensive as to be unaffordable except by well-funded institutions. We’re fortunate then to live in an era in which a good quality off-the-shelf machine can be had without breaking the bank, but that is not to say that home-made 3D printers are a thing of the past. Instead the community of rapid prototyping experimenters continue to push the boundaries of the art, and from that we all benefit. An example comes from [Morgan Lowe], whose 3DLS lead screw driven 3D printer joins the freely downloadable designs to be found on Thingiverse.

If at first sight you think it looks a little familiar, you are correct, as it takes its frame design from the popular AM8 metal frame upgrade for the Anet A8 off-the-shelf printer. It draws heavily from other A8 upgrades, and brings in some parts such as the extruder and bed from the Creality Ender3. This is the beauty of incremental open source, and the result is a belt-free printer that does a decent-looking Benchy on the bench, and as a party piece manages to print a slightly more hairy little plastic boat when suspended at 45 degrees by a rope from the ceiling.

When dipping a toe into the world of home made 3D printers it’s interesting to take a look into some of the earlier Hackaday RepRap posts, and see how far we’ve come.

Wolfram Physics Project Seeks Theory Of Everything; Is It Revelation Or Overstatement?

Stephen Wolfram, inventor of the Wolfram computational language and the Mathematica software, announced that he may have found a path to the holy grail of physics: A fundamental theory of everything. Even with the subjunctive, this is certainly a powerful statement that should be met with some skepticism.

What is considered a fundamental theory of physics? In our current understanding, there are four fundamental forces in nature: the electromagnetic force, the weak force, the strong force, and gravity. Currently, the description of these forces is divided into two parts: General Relativity (GR), describing the nature of gravity that dominates physics on astronomical scales. Quantum Field Theory (QFT) describes the other three forces and explains all of particle physics. Continue reading “Wolfram Physics Project Seeks Theory Of Everything; Is It Revelation Or Overstatement?”

New Contest: Making Tech At Home

Put that parts bin to good use and build something! That’s the gist of the Making Tech at Home contest where your inner pack rat can shine by building from the parts you have on hand.

So what are you supposed to build? We’re not particular, we just want it to be cool. Grab everyone’s attention with an awesome project, and then win our hearts with the story of where you found the components.

Daniel Domínguez’s Parts Bin Self Portrait is an excellent example

An excellent example is the Parts Bin Self Portrait seen here that was a runner-up in the Circuit Sculpture contest. [Daniel Domínguez] talks about cutting out his silhouette from a scrap of prototyping board, pulling dev boards out of the parts box, and finding a ceiling fan on the side of the road which ended up donating the wire from the windings of its motor.

Your story is what’s important here. You can build a sleek and beautiful bit of gear that doesn’t look hacky at all — tell us about what the finished project does, but we also need to hear what parts you had on hand, where they came from, and what led you to use them. There is an element of satisfaction when that broken thermostat that you’ve been squirreling way for ten years, or the accidentally ordered reel of 0402 resistors, ends up getting used. Dust off that electronics hoard and get building!

Prizes Sent Out Throughout the Contest

This contest runs until July 28th, but you won’t have to wait that long to score some loot. Thirty entries will win a grab bag of stuff from Digi-Key and we’ll pick a few projects every week as we work toward that number. Help us decide what to send in those grab bags by voting for the gear you like the most.

Once the contest wraps up, three top winners will receive a mega grab bag stuffed with $500 worth of components. You know… to add to your parts bin for all those future builds.

If you’re anything like us, people deliver their broken stuff to you because they’ve heard you build things out of broken electronics. You feel torn about keeping old hardware around, but feel guilty about sending it to the landfill. When you order parts you get multiples just so you have them on hand for the next project. You were made for this competition, and no matter who the prizes go to, we want a look inside your parts bin.