Author: Elliot Williams

1449 Articles

[Huan] Liberates A Router

December 16, 2016 by 32 Comments

[Huan Truong] was given a WiFi router and thought he’d improve it by installing a free firmware on it. Unfortunately, the router in question is a bit old, and wasn’t ever popular to begin with, which meant that it was unsupported by the usual open firmware suspects. The problem was that it only had a 4 MB flash to boot off of, but [Huan] was determined to make it work. (Spoiler: he did it, and documented it fully.)

The flash workaround consisted basically of repartitioning the space, and then telling u-boot where to find everything. On a router like the WNR2000 that [Huan] had, the flash is memory-mapped, which meant adding an offset to the flash start (0xbf000000 instead of 0x00000000) and remembering to do this consistently so that he doesn’t overwrite things like the MAC address.

[Huan] went for the LEDE fork of OpenWRT, and rebuilt it from source because he needed a small version to fit inside his limited flash. With this task completed, it worked. All done? Nope, [Huan] then submitted a pull request to LEDE, and now you can enjoy the fruits of his labor without replicating it. But if you’ve got another low-flash, obscure router, you’ve got a head start in getting LEDE up and running on it.

Routers are perhaps the most-hacked device that we see here, and they can be made pretty darn useful with the right firmware. Sometimes getting a custom firmware running is relatively easy, as it was here, and sometimes it requires some deep reverse engineering. But it’s good to keep up your router-hacking chops, because they may not always be as open as they are now.

The Many Faces Of JTAG

December 15, 2016 by 48 Comments

Wouldn’t it be great if there were just one standard for attaching to, programming, and debugging hardware?  If you could just plug in and everything would just work? Dream on, dreamer! But of course we hobbyists aren’t the only people to suffer from multiple standards. Industry has the same problems, writ large. In response to the proliferation of smart devices — microcontrollers, sensors, and their friends — on any given PCB makes it difficult to test them all, much less their function as a system.

The Joint Test Action Group (JTAG) got together in the mid-80s to make automated testing of circuit boards a standardized process. A JTAG port can be found on almost any piece of consumer electronics with enough brains to warrant it, and it’s also a tremendously useful entry point for debugging your own work and hacking into other’s. You’re going to need to use JTAG someday.

Implemented right, it’s a very cool system that lets you test any compliant IC on the board all from a single connector. It’s mostly used by hackers for its ability to run and halt individual processors, and put them in debugging modes, inspecting their memory states, etc. Essentially every microcontroller responds to JTAG commands, and it’s an incredibly widespread and powerful standard. A victory for rationality and standardization!

The connector pinout was, of course, left up to the manufacturer. The horror!

Five Signals

In principle, JTAG uses five signal lines. They form a chain starting at the debugger, where one device’s output is the next device’s input, until the result is returned back to the debugger.

654px-jtag_chain
JTAG, as imagined by Vindicator CC BY 2.5
  • Test Data In (TDI) is the input from the debugger
  • Test Data Out (TDO) is the return end of the chain
  • Test Clock (TCK) clocks this data along synchronously, similarly to SPI
  • Test Mode Select (TMS) lets the devices know that they’re being debugged — it’s a global chip select
  • Test Reset (TRST) is an optional signal that resets all devices in the chain

Continue reading “The Many Faces Of JTAG”

[Fran Blanche] Goes In-Depth With The Maillardet Automaton

December 15, 2016 by 19 Comments

We’re not specialists, but the Maillardet Automaton is one of the more amazing mechanical machines that we’ve seen in a while, and [Fran Blanche] got to spend some time with it in an attempt to figure out how it’s mysterious missing pen apparatus would have worked. The resulting video, embedded below, is partially her narrative about the experiment she’s running, and part straight-up mechanical marvel.

If you need a refresher course on Maillardet’s Automaton, we’ll send you first to Wikipedia, and then off to watch this other video , which has a few great close-ups of the cams that drive everything.

Continue reading “[Fran Blanche] Goes In-Depth With The Maillardet Automaton”

Chris Conlon: Device Security 101

December 14, 2016 by 10 Comments

We all wring our hands over the security (or lack thereof!) of our myriad smart devices. If you haven’t had your home network hacked through your toaster, or baby cam, you’re missing out on the zeitgeist. But it doesn’t have to be this way — smart devices can be designed with security in mind, and [Chris Conlon] came to Pasadena to give us a talk on the basics.

He starts off the talk with three broad conceptual realms of data security: data in transit, data at rest on the device, and the firmware and how it’s updated. A common thread underlying all of this is cryptography, and he devotes the last section of his  talk to getting that right. So if you’d like a whirlwind tour of device security, watch on!

Continue reading “Chris Conlon: Device Security 101”

Converting Film Camera To Digital The Hard Way

December 14, 2016 by 30 Comments

[Robin] is a hobby photographer with some very nice old film camera gear. But who has the money or patience for developing film these days? (Well, lots of people, especially artists, but that’s a different Hackaday article.) So to update his old gear without breaking the bank, he glommed a Sony Nex digital camera onto the back of a nice old Nikon, and documented the process for us.

A friend of mine once said, “never underestimate what a good engineer can do with a file and patience.” [Robin]’s hack essentially consists of grinding the Sony’s CMOS sensor to fit exactly where the film plane would be in the old Nikon. For him, this meant relocating the IR filter glass, because it wouldn’t fit with the shutter, and then slowly and accurately trimming down the edges of the CMOS sensor’s retaining frame until it was just right.

Continue reading “Converting Film Camera To Digital The Hard Way”

TP-Link Debug Protocol Gives Up Keys To Kingdom

December 14, 2016 by 25 Comments

If the headline makes today’s hack sound like it was easy, rest assured that it wasn’t. But if you’re interested in embedded device hacking, read on.

[Andres] wanted to install a custom OS firmware on a cheap home router, so he bought a router known to be reflashable only to find that the newer version of the firmware made that difficult. We’ve all been there. But instead of throwing the device in the closet, [Andres] beat it into submission, discovering a bug in the firmware, exploiting it, and writing it up for the manufacturer.  (And just as we’re going to press: posting the code for the downgrade exploit here.)

This is not a weekend hack — this took a professional many hours of serious labor. But it was made a lot easier because TP-Link left a debugging protocol active, listening on the LAN interface, and not requiring authentication. [Andres] found most of the information he needed in patents, and soon had debugging insight into the running device.

Continue reading “TP-Link Debug Protocol Gives Up Keys To Kingdom”

Ask Hackaday: Dude, Where’s My MOSFET?

December 13, 2016 by 126 Comments

(Bipolar Junction) Transistors versus MOSFETs: both have their obvious niches. FETs are great for relatively high power applications because they have such a low on-resistance, but transistors are often easier to drive from low voltage microcontrollers because all they require is a current. It’s uncanny, though, how often we find ourselves in the middle between these extremes. What we’d really love is a part that has the virtues of both.

The ask in today’s Ask Hackaday is for your favorite part that fills a particular gap: a MOSFET device that’s able to move a handful of amps of low-voltage current without losing too much to heat, that is still drivable from a 3.3 V microcontroller, with bonus points for PWM ability at a frequency above human hearing. Imagine driving a moderately robust small DC robot motor forwards with a microcontroller, all running on a LiPo — a simple application that doesn’t need a full motor driver IC, but requires a high-efficiency, moderate current, and low-voltage-logic compatible transistor. If you’ve been here and done that, what did you use?

Continue reading “Ask Hackaday: Dude, Where’s My MOSFET?”