Supercon Keynote: Megan Wachs Breaks Down RISC-V

The 2019 Hackaday Superconference kicked off with a marvelous, and marvelously geeky, keynote talk on the subject of RISC-V by Dr. Megan Wachs. She is VP of Engineering at SiFive, a company that makes RISC-V processors in silicon, but the talk is a much more general introduction to the RISC-V open instruction-set architecture (ISA) and why you’d care. The short answer to the latter is the same reason you care about any other open standard: it promotes interoperability, reusable toolchains, and will result in us all having access to better and faster CPUs.

The video is embedded below, and it’s absolutely worth a watch. Unfortunately, The video is missing the first few minutes, you can follow along through her slides (PDF) and read through our brief recap below of what fell down the video hole.

Continue reading “Supercon Keynote: Megan Wachs Breaks Down RISC-V”

New Part Day: LED Driver Is FPGA Dev Board In Disguise

Our new part of the day is the ColorLight 5A-75B, a board that’s meant to drive eight of those ubiquitous high-density color LED panels over gigabit Ethernet. If you were building a commercial LED wall, you’d screw a bunch of the LED panels together, daisy-chain a bunch of these boards to drive them, supply power, and you’d be done. Because of that high-volume application, these boards are inexpensive, around $15 each, and available as quickly as you can get stuff shipped from China.

But we’re not here to talk commercial applications. Managing fast Ethernet and pushing so many pixels in real time is a task best handled by an FPGA, and [Tom Verbeure] noticed that these things were essentially amazing FPGA development boards and started hacking on them. [q3k] put it up on GitHub, and you can follow along with the chubby75 reverse engineering project to dig into their secrets.

While the first generations of these boards used the old-standby Spartan 6, things got interesting for fans of open FPGA tools when newer versions were found using the Lattice ECP5-25 chips, the little brother of the stonking big chip [Sprite_TM] used on the 2019 Hackaday Supercon badge. If you want to grab one you’re looking for ColorLight boards marked with revision 6 or 7 as of this writing.

What does this mean? For the price of a gourmet hamburger, you get an FPGA that’s big enough to run a RISC-V softcore, two 166 MHz, 2 MB SDRAMS, flash for the FPGA bitstream, a bazillion digital outputs on 5 V level shifters, and two gigabit Ethernet ports. The JTAG port is broken out in 0.1″ headers, and it works with OpenOCD, which is ridiculously convenient. How’s that for a well-stocked budget FPGA dev board that’s served by a completely open toolchain? Continue reading “New Part Day: LED Driver Is FPGA Dev Board In Disguise”

Bringing The Blockchain To Network Monitoring

If you need to make sure your computer isn’t being messed with, you’ll have a look at the log files. If something seems fishy, that’s grounds for further investigation. If you run a large network of computers, you’ll probably want to look over all of the logs, but you won’t want to run around to each computer individually. Setting up a central server to analyze the logs exposes an additional attack surface: the logs in transit. How do you make sure that the attackers aren’t also intercepting and sanitizing your log file reports?

The answer to this question, and nearly everything else, is blockchain! Or maybe it’s not, but in this short presentation from the 2019 Hackaday Superconference, Shanni Prutchi, Jeff Wood, and six other college students intend to find out. While Shanni “rolls her eyes” at much of blockchain technology along with the rest of us, you have to admit one thing: recursively hashing your log data to make sure they’re not tampered with doesn’t sound like such a bad idea. Continue reading “Bringing The Blockchain To Network Monitoring”

36C3: All Wireless Stacks Are Broken

Your cellphone is the least secure computer that you own, and worse than that, it’s got a radio. [Jiska Classen] and her lab have been hacking on cellphones’ wireless systems for a while now, and in this talk gives an overview of the wireless vulnerabilities and attack surfaces that they bring along. While the talk provides some basic background on wireless (in)security, it also presents two new areas of research that she and her colleagues have been working on the last year.

One of the new hacks is based on the fact that a phone that wants to support both Bluetooth and WiFi needs to figure out a way to share the radio, because both protocols use the same 2.4 GHz band. And so it turns out that the Bluetooth hardware has to talk to the WiFi hardware, and it wouldn’t entirely surprise you that when [Jiska] gets into the Bluetooth stack, she’s able to DOS the WiFi. What this does to the operating system depends on the phone, but many of them just fall over and reboot.

Lately [Jiska] has been doing a lot of fuzzing on the cell phone stack enabled by some work by one of her students [Jan Ruge] work on emulation, codenamed “Frankenstein”. The coolest thing here is that the emulation runs in real time, and can be threaded into the operating system, enabling full-stack fuzzing. More complexity means more bugs, so we expect to see a lot more coming out of this line of research in the next year.

[Jiska] gives the presentation in a tinfoil hat, but that’s just a metaphor. In the end, when asked about how to properly secure your phone, she gives out the best advice ever: toss it in the blender.

Hackaday Is Going To The 36th Chaos Communication Congress

It’s that time of year again here in Germany. The mulled wine flows all night long at the Christmas markets, the Krampus runs wild in the streets, and hackers are perched frantically behind their keyboards and soldering irons, trying to get their last minute projects “finished” for the 36th annual Chaos Communication Congress (36C3) in Leipzig.

We’ll have an assembly for all fans and friends of the Jolly Wrencher, so if you’re coming to Congress, you can come join us or at least stop by and say hi. [Elliot] and [Sven] and a number of Hackaday.io luminaries will be on hand. (Ask us about secret stickers and an as-yet unannounced upcoming Hackaday conference.)

Even if you’re not able to make it, you should keep your eyes on Hackaday from the 27th to the 30th, because we’ll be reporting on the best of Congress. But you don’t have to take our word for it: the Chaos Computer Club makes all of the talks available on livestream during the event, many with simultaneous translation, and final edited versions often appearing just a few hours afterwards.

We’ve looked through the schedule, and it’s going to be a hum-dinger! Gather ’round the glowing box with your friends at your own local hackerspace, or call in sick from work and make yourself some popcorn. This is must-see nerd TV.

Whether you’ve been naughty or nice, swing by our assembly if you’re going to be in Leipzig for the last few days of 2019. See you there!

Kerry Scharfglass Secures Your IoT Things

We’ve all seen the IoT device security trainwrecks: those gadgets that fail so spectacularly that the comment section lights up with calls of “were they even thinking about the most basic security?” No, they probably weren’t. Are you?

Hackaday Contributor and all around good guy Kerry Scharfglass thinks about basic security for a living, and his talk is pitched at the newcomer to device security. (Embedded below.) Of course “security” isn’t a one-size-fits-all proposition; you need to think about what threats you’re worried about, which you can ignore, and defend against what matters. But if you’ve never worked through such an exercise, you’re in for a treat here. You need to think like a maker, think like a breaker, and surprisingly, think like an accountant in defining what constitutes acceptable risks. Continue reading “Kerry Scharfglass Secures Your IoT Things”

David Williams Is “FPGA-Curious”

If you hadn’t noticed, we had a bit of an FPGA theme running at this year’s Superconference. Why? Because the open-source FPGA toolchain is ripening, and because many of the problems that hackers (and academics) are tackling these days have become complex enough to warrant using them. A case in point: David Williams is a university professor who just wanted to build a quadruped robotics project. Each leg has a complex set of motors, motor drivers, sensors, and other feedback mechanisms. Centralizing all of this data put real strains on the robot’s network, and with so many devices the microcontrollers were running out of GPIOs. This lead him to become, in his words, “FPGA-curious”.

If you’re looking for a gentle introduction to the state of the art in open-source FPGAs, this is your talk. David covers everything, from a bird’s eye view of hardware description languages, through the entire Yosys-based open-source toolchain, and even through to embedding soft-CPUs into the FPGA fabric. And that’s just the first 18 minutes. (Slides for your enjoyment, and you can watch the talk embedded below the break.)
Continue reading “David Williams Is “FPGA-Curious””