How To Reverse Engineer Silicon

A few semesters back, [Jordan] was in an Intro to Hardware Security course at CMU. The final project was open ended, and where some students chose projects like implementing a crypto algorithm or designing something on an FPGA, [Jordan] decided to do something a little more ambitious. He wanted to decapsulate and reverse engineer an IC. No, this isn’t taking a peek at billions of transistors — [Jordan] chose a 74-series Quad XOR for this project — but it does show what goes into reverse engineering silicon, and how even simple chips can be maddeningly confusing.

The first step to reverse engineering a chip is decapsulation, and for this [Jordan] had two options. He could drop acid, or he could attack a ceramic package with an endmill. While hot nitric acid is effective and fun, it is a bit scary, so [Jordan] mounted a few chips in a 3D printed holder wedged in the vice on his mill. By slowly bringing the Z axis down a few thou at a time, he was able to find the tiny 1 mm square bit of silicon embedded in this chip. With the help of a grad student and the cleanroom, this square of sand was imaged with a very nice microscope.

Now that [Jordan] had an image of the silicon itself, he had to reverse engineer the chip. You might think that with less than a dozen transistors in there, designing an XOR out of transistors is something anyone with a bit of Minecraft experience can do. This line of thinking proved to be a trap. Technically, this wasn’t an XOR gate. It was a transmission gate XNOR gate with a big inverter on the output. Logically, it’s the same, but when it comes to silicon fabrication, the transmission gate XNORs aren’t able to sink or source a lot of current. By designing the chip as an XNOR with an inverter, the chip designers were able to design a simple chip that could still meet the spec.

While [Jordan] managed to reverse engineer the chip, this was quite possibly the simplest chip he could reverse engineer. The Quad XOR is just the same silicon repeated four times, anyway. This is the baseline for all efforts to reverse engineer silicon, and there were still a few confusing traps.

Win Big Prizes With Repairs You Can Print

Another month, another contest, and this time we’re looking for the best 3D printed repairs you’ve built.

The Repairs You Can Print Contest on Hackaday.io is a challenge to show off the real reason you bought a 3D printer. We want to see replacement parts, improved functionality, or a tool or jig that made a tough repair a snap. Think of this as the opposite of printing low poly Pokemon or Fallout armor. This is a contest to demonstrate the most utilitarian uses of a 3D printer. Whether you fixed your refrigerator, luggage, jet engine, vacuum cleaner, bike headlight, or anything else, we want to see how you did it!

The top twenty projects in the Repairs You Can Print contest will be rewarded with $100 in Tindie credit. That’s a Benjamin to spend on parts, upgrades, and components to take your next project to the next level!

Students and Organizations Can Win Big

The Best Student and Best Organization will win a Prusa i3 MK3!

This contest is open to everyone, but we’re also looking for the best projects to come from students and hackerspaces. We’ll be giving away two amazing 3D printers to the best Student entry and best Organization entry. These two top projects will be awarded an Original Prusa i3 MK3 with the Quad Material upgrade kit. This is one of the finest 3D printers you can buy right now, and we’re giving these away to the best student, hackerspaces, robotics club, or tool lending library.

If you have a project in mind, head on over to Hackaday.io and create a project demonstrating your 3D printed repair!

What is This Contest All About?

This contest is all about Repairs You Can Print, but what does that actually mean? Instead of printing Pokemon or plastic baubles on your desktop CNC machine, we’re looking for replacement parts. We’re looking for commercial, off the shelf items that were broken, but repaired with the help of a 3D printer. Is your repair good enough to show off as part of the contest? Yes! That’s the point, we want to see the clever repair jobs that people often don’t spend much time talking about because they just work.

Need some examples? Sure thing.

A while back, [Elliot Williams], one of the fantastic Hackaday Editors, had a broken vacuum cleaner. The wheels were crap, but luckily they were designed as a single part that snaps into a swivel socket. Over six or so years, the original wheels in this vacuum gave out, but a replacement part was quickly printed and stuffed into the socket. The new wheels have been going strong for a year now. That’s an entire year of use for a vacuum for five cents worth of plastic and an hour’s worth of printing time.

Need another example? My suitcase was apparently dragged behind a luggage cart for miles at either ORD or PHL. When it arrived on the baggage carousel, one wheel was shredded, and the wheel mount was ground down to almost the axle. The rest of the bag was still good, and I just removed the old wheel, salvaged the bearings, and printed a new wheel out of PLA. This suitcase has now traveled 60,000 miles with a 3D printed wheel, and it’s only now looking worse for wear.

How To Get In On The Action

We’re looking for the best repairs, jigs, and tools you’ve ever printed. To get started, head on over to Hackaday.io, create a new project, and document your repair. The Repairs You Can Print contest will run from Tuesday, January 16th, 2018 through 12 PM PST Tuesday, February 20th, 2018. Here’s a handy count down timer for ‘ya.

New Part Day: MEMS Loudspeakers

MEMS, or Micro ElectroMechanical Systems, are the enabling technology that brings us smartphones, quadcopters, tire pressure monitors, and a million other devices we take for granted today. At its most basic level, MEMS is simply machining away silicon wafers to make not electronic parts, but electromechanical parts. The microphone in your cell phone isn’t an electret mic you would find in an old brick phone from the 80s — it’s a carefully crafted bit of silicon, packed in epoxy, and hanging off a serial bus.

Despite the incredible success of MEMS technology, there is still something in your smartphone that’s built on 19th-century technology. Loudspeakers haven’t changed ever, and the speaker in your newest iThing is still a coil of wire and some sort of cone.

Now there’s finally a MEMS loudspeaker A company called USound has developed the first loudspeaker that isn’t just a bunch of wire and a magnet. This is a speaker built from a silicon wafer that can be as small as 3 mm square, and as thin as 1 mm. Since these speakers are built on silicon, you can also add an amp right onto the package. This is quite literally a speaker on a chip, and we’d bet that there are already engineers at Samsung looking at stuffing this into a flagship phone.

ST and USound announced these extraordinarily small speakers would actually be made, but so far it’s been just that — an announcement. This changed at CES where ST demonstrated VR goggles with multiple MEMS speakers. Does this mean MEMS speakers are on their way to Mouser and Digikey? We eagerly await the product announcement and demo dev board kit.

Hackaday Links: The ‘S’ In ‘CES’ Stands For Snake Oil

Remember IRDA? Before we had Bluetooth and WiFi, the cool kids connected their computers and printers together over fancy Infrared connections. Yes, your computer probably still has the drivers, but the hardware is nowhere to be found. For good reason, too: we now have Bluetooth and WiFi. This year, at CES, IRDA is making a comeback. MyLiFi is a product from OLEDCOMM that puts infrared connectivity in a lamp. All you need to do is plug an Ethernet cable into a desk lamp, a proprietary dongle into your computer, and you too can reap the benefits of a wireless connection with a range measured in meters. One of the selling points of this product is that this gives you wireless Internet ‘without radio waves’, marketing to the idiots who think RF causes cancer or whatever. It’s a stupid product that’s a highlight of the entire trade show.

During this year’s CES, Intel tweeted, “With each person on earth soon to be producing ~1.5 GB of #data each day, it is a resource without limits“. Two criticisms: First, ‘Earth’ should be capitalized. Second, data mined from individuals — which includes personal data and metadata including where you were, and who you talked to — is a resource to be extracted by capitalism. Welcome to the post-privacy society, brought to you by #CES2018.

Oh, crap, we’re getting into cryptocurrency…

Kodak has announced their own blockchain. Is Kodak going to the moon? Yes, but hold on: this might be a good idea. Kodak wants to use a blockchain for ‘image rights management’, where photographers can register, archive, and license their work. It’s a blockchain, and also a solution to a problem: something you don’t see much of these days. Shares of KODK shot up from $3.15 on Monday to somewhere north of $10 this week. Is it a good idea? Who knows, but someone put the word ‘blockchain’ in a press release and made a buttload of cash.

The guy behind the Maker Movement wants to create a blockchain platform for Makers. Who’s this guy behind the Maker Movement? Mark Hatch, former CEO of TechShop and someone who is purportedly on the board of Maker Media (Oh, that’s how Make got the scoop on the TechShop closure -ED). He’s creating a Blockchain for Makers. This blockchain will take two forms. The first is to allow ‘easy confirmation of skills’? Is little Bobby certified to use the table saw? Check the Blockchain. The second barb in our paw is a ‘currency token’ that provides an easy way to pay for related goods or services. There’s no mention if these services are makerspace dues, or some sort of payment system where creators can collect money from people who really really want Raspberry Pis stuffed into 3D printed Nintendos.

In drone news, I am reporting there are no fixed-wing drones on display at CES. Last year, Underwater ROVs outnumbered autonomous fixed-wing aircraft, and this year the scales tipped even further towards submersibles. The laws of physics don’t change for 1/10th scale aircraft, and fixed-wing drones will be more efficient than their multicopter counterparts at nearly every task.

We all know (or should) that safes in Las Vegas hotel rooms aren’t secure. CES 2018 has finally innovated on the hotel safe and come up with something you really don’t want to put your money, wallet, or passport in. It’s an Internet of Things safe. What are the features? Well, it’s small and lightweight and provides little in the way to mount anything. That’s great if you just want to steal the entire safe. But what about breaking into the safe? Don’t worry, the entire thing is made out of plastic. A quick whack to the top of the safe will open it right up.

Bradley Gawthrop: What You Need To Know About Wiring

Wiring — as in plugging wires together and crimping connectors, not the Arduino IDE thingy — is an incredibly deep subject. We all know the lineman’s splice is the best way to solder two wires together, and NASA’s guide to cables and connectors is required reading around these parts. However, there’s a lot that can be said about connectors and cabling, and one of the best people to explain it all is Bradley Gawthrop. He spent the last ten years building pipe organs, and with that comes tens of thousands of relays, solenoids, switches, and valves. All of these parts are connected by thousands of miles of wire, and are arguably as complex as an old-school telephone exchange. If there’s someone you need to talk to about connecting hundreds of thousands of parts together, Bradley is your guy.

Bradley starts his Hackaday Superconference talk with a discussion of the modern prototyping process. We’re pretty far away from dozens of chips sitting around a breadboard with data and address lines these days, and now any sort of prototype is basically a development board with a constellation of modules studded around the perimeter. The best solution for connectors is right angle headers, not only for the reason that the wires stay flat, but also because right angle connectors allow you to probe each and every wire coming out of a board.

Of course, when it comes to wiring, it’s helpful to talk about the wire itself. Instead of having an entire warehouse of wire in every color, gauge, and insulation material hanging above his workshop, Bradley only needs a few options. Right now, he’s only dealing with three gauges of wire — small, medium, and large, or 24, 18, and 12 AWG. That’s one wire for small signals, one wire for a bit of current, and one wire for supply amounts of current. Not only does this cut down on workshop inventory, it also means Bradley only needs three sizes of crimpers and connectors. When it comes to strand count, solid core wire is highly underrated. Not only is it easier to strip and crimp, it can also support its own weight. That’s important, because it means connectors don’t have to bear the weight of the entire cable run.

If you’re looking for the minimal required toolset for running cables and crimping connectors, Bradley has a great little shopping list on his website. The best strippers he’s ever found come from Wiha, but they’ve been EOL’d by the manufacturer. Knipex makes some good strippers, though. You don’t need to spend big money on ferrule crimpers, and some cheapies from BangGood are good enough. Bradley has standardized on Molex SL and Molex KK interconnects, and wire can be sourced easily if you have Amazon Prime.

While the subject matter for Bradley’s talk sounds easy to overlook, connecting parts together in an assembly is a critical skill in itself. We’re glad Bradley could share his experience with us at the Hackaday Superconference.

Apple Passwords: They All ‘Just Work’

When the Macintosh was released some thirty-odd years ago, to Steve Jobs’ triumphant return in the late 90s, there was one phrase to describe the simplicity of using a Mac. ‘It Just Works’. Whether this was a reference to the complete lack of games on the Mac (Marathon shoutout, tho) or a statement to the user-friendliness of the Mac, one thing is now apparent. Apple has improved the macOS to such a degree that all passwords just work. That is to say, security on the latest versions of macOS is abysmal, and every few weeks a new bug is reported.

The first such security vulnerability in macOS High Sierra was reported by [Lemi Ergin] on Twitter. Simply, anyone could login as root with an empty password after clicking the login button several times. The steps to reproduce were as simple as opening System Preferences, Clicking the lock to make changes, typing ‘root’ in the username field, and clicking the Unlock button. It should go without saying this is incredibly insecure, and although this is only a local exploit, it’s a mind-numbingly idiotic exploit. This issue was quickly fixed by Apple in the Security Update 2017-001

The most recent password flaw comes in the form of unlocking the App Store preferences that can be unlocked with any password. The steps to reproduce on macOS High Sierra are simply:

  • Click on System Preferences
  • Click on App Store
  • Click the padlock icon
  • Enter your username and any password
  • Click unlock

This issue has been fixed in the beta of macOS 10.13.3, which should be released within a month. The bug does not exist in macOS Sierra version 10.12.6 or earlier.

This is the second bug in macOS in as many months where passwords just work. Or don’t work, depending on how cheeky you want to be. While these bugs have been overshadowed with recent exploits of Intel’s ME and a million blog posts on Meltdown, these are very, very serious bugs that shouldn’t have happened in the first place. And, where there are two, there’s probably more.

We don’t know what’s up with the latest version of the macOS and the password problems, but we are eagerly awaiting the Medium post from a member of the macOS team going over these issues. We hope to see that in a decade or two.

Glitch Delays And Teensy Audio

With the release of the Teensy 3.6 and the associated audio processing libraries, it’s never been a better time to get into DIY synth and effects projects. [Scott] is a musician and maker of electronic musical instruments, so he decided to leverage the power of the Teensy and make a delay module that really can’t be done any other way.

The function of this delay module is somewhat similar to a multi-head tape-based delay, only it’s completely impossible outside of the digital domain. There are four ‘read heads’ on a circular buffer. The first three heads play small loops within the buffer at different speeds, one at the original speed, one at half speed (and an octave below) and one at double speed (and an octave above). The fourth head doesn’t loop, instead, it plays the delay buffer in reverse. There are, of course, handy knobs for setting the level of each ‘read head’.

This project is built around [Scott]’s port of the JUCE framework, a very powerful audio API that’s now well suited for laptop and embedded development. The files for this project are all available on the GitHub, and [Scott] plans to build an expansion module for CV control of all the parameters.

So, how does this glitch delay sound? Pretty good. The video below is just a tele into a looper pedal, and into the glitch delay. There are surely some ambient post-rock stars wetting their skinny jeans over this one, and it’s a great application of the Teensy’s audio processing power, to boot.

Continue reading “Glitch Delays And Teensy Audio”