GrblHAL CNC Controller Based On RP2040 Pico

August 11, 2023 by Chris Lott 18 Comments

[Phil Barrett] designed a new CNC controller breakout board called the PicoCNC which uses the Raspberry Pi Pico RP2040 module and grblHAL. It packs a bunch of features typical of these controllers, and if you use the Pico W, you get WiFi connectivity along with USB. And if you don’t want connectivity, you can execute G-code directly from a micro SD card. The board is available in kit form, and schematics are posted on the GitHub repository above. Some of the features include four axes of motion, spindle control, limit switches, relay drivers, expansion headers, and opto-isolation.

This isn’t [Phil]’s first controller board. He also designed the grblHAL-based Teensy CNC controller breakout board, a step up from the usual Arduino-based modules at the time and boasting Ethernet support as well. According to the grblHAL site, nine different processors are now supported. There are well over a dozen CNC controller breakout boards listed as well. And don’t forget [bdring]’s 6-Pack grbl-ESP32 controller, a modular breakout board we covered a few years back. So pick your favorite board or roll your own and get moving.

This Week In Security: It’s Con Season

August 11, 2023 by Jonathan Bennett 8 Comments

It must be Blackhat/DEFCON season. Up first in the storm of named vulnerabilities, we have Downfall. The PDF has the juicy details here. It’s quite similar to the Zenbleed issue from last week, in that it abuses speculative execution to leak data via a hidden register. Unlike Zenbleed, this isn’t direct access, but using cache timing analysis to extract individual bytes using a FLUSH+RELOAD approach.

The key to the vulnerability is the gather instruction, which pulls data from multiple locations in memory, often used to run a followup instruction on multiple bytes of data at once. The gather instruction is complex, takes multiple clock cycles to execute, and uses several tricks to execute faster, including managing buffers to avoid multiple reads. In certain cases, that instruction can be interrupted before it completes, leaving the data in the cache. And this data can be speculatively accessed and the values leaked through timing analysis.

This flaw affects 6th generation Intel Core processors through 11th. Mitigations are already rolling out via a microcode update, but do carry a performance hit for gather instructions. Continue reading “This Week In Security: It’s Con Season” →

Using JTAG To Dump The Xbox’s Secret Boot ROM

August 11, 2023 by Maya Posch 13 Comments

When Microsoft released its first entry into the video game console market with the Xbox, a lot of the discussions at the time revolved around the fact that it used a nearly off-the-shelf Intel CPU and NVIDIA GPU solution. This made it quite different from the very custom consoles from Nintendo and Sony, and invited thoughts on running custom code on the x86 console. Although the security in the console was hacked before long, there were still some open questions, such as whether the secret boot ROM could have been dumped via the CPU’s JTAG interface. This is the question which [Markus Gaasedelen] sought to answer.

The reason why this secret code was originally dumped by intercepting it as it made its merry way from the South to the North Bridge (containing the GPU) of the Xbox was because Microsoft had foolishly left this path unencrypted, and because the JTAG interface on the CPU was left disabled via the TRST# pin which was tied to ground. This meant that without removing the CPU and adding some kind of interposer, the JTAG interface would not be active.

A small issue after the harrowing task of desoldering the CPU and reinstalling it with the custom interposer in place was to keep the system integrity check (enforced by an onboard PIC16 MCU) intact. With the CPU hooked up to the JTAG debugger this check failed, requiring an external injection of the signal on the I2C bus to keep the PIC16 from resetting the system. Yet even after all of this, and getting the secret bootrom code dumped via JTAG, there was one final system reset that was tied to the detection of an abnormal CPU start-up.

The original Xbox ended up being hacked pretty thoroughly, famously giving rise to projects like Xbox Media Center (XBMC), which today is known as Kodi. Microsoft learned their lesson though, as each of their new consoles has been more secure than the last. Barring some colossal screw-up in Redmond, the glory days of Xbox hacking are sadly well behind us.

USB-C Cable Tester Is Compact And Affordable

August 11, 2023 by Chris Lott 32 Comments

We’ve all been bitten before by USB cables which were flaky, built for only charging, or just plain broken. With the increased conductor count and complexity of USB Type C, there are many more ways your cable can disappoint you. Over in Austria, [Peter Traunmüller] aka [petl] has designed the C2C caberQU USB C cable tester. This small PCB tester checks every wire on the cable, including the shield, and both connector orientations. He also makes a version for testing USB A to C cables (see video below the break).

Automatic cable testers are often associated with factory production, where you want to test a large quantity of cables quickly and automatically, and are priced accordingly. But this project makes it affordable and easy for anyone to test single cables in a home lab or small office.

The tester only checks for basic continuity, but that should solve a majority of USB-C cable problems. All the documentation for this tester is available on the project’s GitHub repository, including Gerbers, schematics, and mechanical details. Or if you’d rather buy one pre-made, [petl] has put them up for sale on Tindie. Continue reading “USB-C Cable Tester Is Compact And Affordable” →