Completely Owning The Dreamcast Add-on You Never Had

If you’ve got a SEGA Dreamcast kicking around in a closet somewhere, and you still have the underutilized add-on Visual Memory Unit (VMU), you’re in for a treat today. If not, but you enjoy incredibly detailed hacks into the depths of slightly aged silicon, you’ll be even more excited. Because [Dmitry Grinberg] has a VMU hack that will awe you with its completeness. With all the bits in place, the hacking tally is a new MAME emulator, an IDA plugin, a never-before ROM dump, and an emulator for an ARM chip that doesn’t exist, running Flappy Bird. All in a month’s work!

The VMU was a Dreamcast add-on that primarily stored game data in its flash memory, but it also had a small LCD display, a D-pad, and inter-VMU communications functions. It also had room for a standalone game which could interact with the main Dreamcast games in limited ways. [Dmitry] wanted to see what else he could do with it. Basically everything.

We can’t do this hack justice in a short write-up, but the outline is that he starts out with the datasheet for the VMU’s CPU, and goes looking for interesting instructions. Then he started reverse engineering the ROM that comes with the SDK, which was only trivially obfuscated. Along the way, he wrote his own IDA plugin for the chip. Discovery of two ROP gadgets allowed him to dump the ROM to flash, where it could be easily read out. Those of you in the VMU community will appreciate the first-ever ROM dump.

On to doing something useful with the device! [Dmitry]’s definition of useful is to have it emulate a modern CPU so that it’s a lot easier to program for. Of course, nobody writes an emulator for modern hardware directly on obsolete hardware — you emulate the obsolete hardware on your laptop to get a debug environment first. So [Dmitry] ported the emulator for the VMU’s CPU that he found in MAME from C++ to C (for reasons that we understand) and customized it for the VMU’s hardware.

Within the emulated VMU, [Dmitry] then wrote the ARM Cortex emulator that it would soon run. But what ARM Cortex to emulate? The Cortex-M0 would have been good enough, but it lacked some instructions that [Dmitry] liked, so he ended up writing an emulator of the not-available-in-silicon Cortex-M23, which had the features he wanted. Load up the Cortex emulator in the VMU, and you can write games for it in C. [Dmitry] provides two demos, naturally: a Mandlebrot set grapher, and Flappy Bird.

Amazed? Yeah, we were as well. But then this is the same guy emulated an ARM chip on the AVR architecture, just to run Linux on an ATMega1284p.

STM32CubeMX Makes Makefiles

When hardware manufacturers make GUI code-generation tools, the resulting files often look like a canned-spaghetti truck overturned on the highway — there’s metaphorical overcooked noodles and red sauce all over the place. Sometimes we think they’re doing this willfully to tie you into their IDE. Not so the newest version of ST’s graphical STM32CubeMX, which guides you through a pleasant pin-allocation procedure and then dumps out, as of the latest version, a clean Makefile.

Yes, that’s right. This is a manufacturer software suite that outputs something you can actually use with whatever editor, GUI, compiler, or environment that you wish — even the command line. Before this release, you had to go through a hacky but functional script to get a Makefile out of the CubeMX. Now there’s official support for real hackers. Thanks, ST!

If you’re compiling on your own, you’ll need to update the BINPATH variable to point to your compiler. (We use the excellent GNU ARM Embedded Toolchain ourselves, which is super-easy to install on almost any Linux.) If you want to use STM32CubeMX with the Eclipse IDE, [kali prasad yadav] sent us PDF instructions — it’s not hard.

If you doubt that the availability of a free, open, and non-constraining toolchain can matter for a silicon vendor, we’d point to AVR and the Arduino platform that spun off of their support of GCC. Sure, Atmel still pushes their all-in-one wonder, Atmel Studio, which is better than the Arduino IDE by most any metric. But Studio is closed, and Arduino is open. We’d love to see the number of Studio users compared with Arduino users.

Congratulations to ST for taking a big step in the right, open-toolchain, direction.

A Bright Idea For Reflow Soldering

There are almost as many ways to reflow a surface-mount circuit board as there are hackers. Today, we add another method to the list. [Dasaki] converted a halogen floodlight into an SMT oven, and did so with all the bells and whistles. Check the video below the break.

We’ve actually seen the low-tech version of this hack before, but it’s nothing we would want to use on a daily basis. [Dasaki] needed to get 100 boards done, so it was worth the effort to get it right.

Continue reading “A Bright Idea For Reflow Soldering”

Dropping Zip Bombs On Vulnerability Scanners

If you’ve ever looked at the server logs of a computer that lives full-time on the Internet, you know it’s a rough world out there. You’ll see hundreds of attempts per day to break in to your one random little box. Are you going to take that sitting down? Christian Haschek didn’t.

Instead of simply banning IPs or closing off services, [Christian] decided to hit ’em where it hurts: in the RAM. Now, whenever a bot hits his server looking for a poorly configured WordPress install, he serves them 10 GB of zeroes, compressed down into 10 MB by gzip:

dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip

The classic trick uses zip multiple times on itself, which lets you compress arbitrarily large files into just a few kB. [Christian] tried this with gzip, and discovered that it didn’t automatically recurse, so he’s taking a small bandwidth hit for the team. If you know how to get more data packed smaller using gzip, leave a note in the comments.

Nobody really knows if this works on the bad guys’ servers, but [Christian] said that they stopped hitting him after downloading a couple payloads. If you want to test out what it does to your system, click this link. If you don’t run a server, but phishing e-mails get you hot under the collar, check out [Robbie Gallagher]’s talk on phishing the phishers from last year’s Schmoocon for cathartic tales of revenge.

Tetris On A Soldering Iron

Our commenteers have all said good things about the open-source TS100 soldering iron pencil: things like “it solders well”. But we’ve all got soldering irons that solder well. What possible extra value does having open-source firmware on a soldering iron bring? [Joric] answered that question for us — it can play Tetris. (Video embedded below.)

While that’s cool and all, it wasn’t until we were reading through the README over at GitHub that the funniest part of this hack hit us. Every time you lose a game, the iron tip temperature increases by 10 degrees. Tetris for masochists? The makings of some horrible bar bets? We’re just glad that it’s open-source, because we’re not that good and it would get too hot to handle fast.

We haven’t tried out a TS100 yet, but this hack is almost pushing us to impulse purchase. There are alternative versions of the firmware if you just don’t like the font, for instance. And now, Tetris. Will this become the hot new gaming platform that you’ve been waiting for? Let us know in the comments.

Continue reading “Tetris On A Soldering Iron”

Free As In Beer, Or The Story Of Windows Viruses

Whenever there’s a new Windows virus out there wreaking global havoc, the Linux types get smug. “That’ll never happen in our open operating system,” they say. “There are many eyes looking over the source code.” But then there’s a Heartbleed vulnerability that keeps them humble for a little while. Anyway, at least patches are propagated faster in the Linux world, right?

While the Linuxers are holier-than-thou, the Windows folks get defensive. They say that the problem isn’t with Windows, it’s just that it’s the number one target because it’s the most popular OS. Wrong, that’d be Android for the last few years, or Linux since forever in the server space. Then they say it’s a failure to apply patches and upgrade their systems, because their users are just less savvy, but that some new update system will solve the problem.

There’s some truth to the viruses and the patching, but when WannaCry is taking over hospitals’ IT systems or the radiation monitoring network at Chernobyl, it’s not likely to be the fault of the stereotypical naive users, and any automatic patch system is only likely to help around the margins.

So why is WannaCry, and variants, hitting unpatched XP machines, managed by professionals, all over the world? Why are there still XP machines in professional environments anyway? And what does any of this have to do with free software? The answer to all of these questions can be found in the ancient root of all evil, the want of money. Linux is more secure, ironically, at least partly because it’s free as in beer, and upgrading to a newer version is simply cheaper.

Continue reading “Free As In Beer, Or The Story Of Windows Viruses”

[Daito Manabe] Interview: Shocking!

We’ve loved [Daito Manabe]’s work for a while now. Don’t know [Daito]? Read this recent interview with him and catch up. Is he a hacker’s artist, or an artist’s hacker?

My personal favorite hack of his is laser painting apparatus from 2011. The gimmick is that he uses the way the phosphors fade out to create a greyscale image. Saying that is one thing, but watching it all come together in time is just beautiful.

Maybe you’ve seen his facial-electrocution sequencer (words we never thought we’d write! YouTube link). He’s taken that concept and pushed it to the limit — setting up the same sequences on multiple people make them look eerily like the sacks of meat that they are, until everyone laughs at the end of the experiment and they’re all back to being human.

Anyway, if you didn’t know [Daito], check out the rest of his work. Have any other favorite tech artists that we’re missing? Drop us a line.