Author: Elliot Williams

1449 Articles

Great People And Culture At 34th Chaos Communication Congress

January 2, 2018 by 18 Comments

If you’ve been to a Chaos Communication Congress, you know the feeling — the strange realization after it’s all over that you’re back in the “real world”. It’s somehow alienating and unfriendly in comparison to being surrounded by computer freaks, artists, hackers, activists, coders, and other like-minded individuals over the four days of the Congress. A hand-written poster by the podcasting center read “Endlich, normale Leute” — “At last, normal people” — which is irony piled on irony but the sentiment is still right for certain strange values of “normal”. Normal hackers? You’d probably fit right in.

We cover a lot of the talks from the Congress, because they’re first-class and because you can play along at home, but the real soul of the Congress is people getting together, making something temporary and crazy, talking over their common plans, learning new things directly from one-another, and simply having fun. Here’s our chance to give you a little of the other side of the Congress.
Continue reading “Great People And Culture At 34th Chaos Communication Congress”

34C3: Hacking Into A CPU’s Microcode

December 28, 2017 by 67 Comments

Inside every modern CPU since the Intel Pentium fdiv bug, assembly instructions aren’t a one-to-one mapping to what the CPU actually does. Inside the CPU, there is a decoder that turns assembly into even more primitive instructions that are fed into the CPU’s internal scheduler and pipeline. The code that drives the decoder is the CPU’s microcode, and it lives in ROM that’s normally inaccessible. But microcode patches have been deployed in the past to fix up CPU hardware bugs, so it’s certainly writeable. That’s practically an invitation, right? At least a group from the Ruhr University Bochum took it as such, and started hacking on the microcode in the AMD K8 and K10 processors.

The hurdles to playing around in the microcode are daunting. It turns assembly language into something, but the instruction set that the inner CPU, ALU, et al use was completely unknown. [Philip] walked us through their first line of attack, which was essentially guessing in the dark. First they mapped out where each x86 assembly codes went in microcode ROM. Using this information, and the ability to update the microcode, they could load and execute arbitrary microcode. They still didn’t know anything about the microcode, but they knew how to run it.

So they started uploading random microcode to see what it did. This random microcode crashed almost every time. The rest of the time, there was no difference between the input and output states. But then, after a week of running, a breakthrough: the microcode XOR’ed. From this, they found out the syntax of the command and began to discover more commands through trial and error. Quite late in the game, they went on to take the chip apart and read out the ROM contents with a microscope and OCR software, at least well enough to verify that some of the microcode operations were burned in ROM.

The result was 29 microcode operations including logic, arithmetic, load, and store commands — enough to start writing microcode code. The first microcode programs written helped with further discovery, naturally. But before long, they wrote microcode backdoors that triggered when a given calculation was performed, and stealthy trojans that exfiltrate data encrypted or “undetectably” through introducing faults programmatically into calculations. This means nearly undetectable malware that’s resident inside the CPU. (And you think the Intel Management Engine hacks made you paranoid!)

[Benjamin] then bravely stepped us through the browser-based attack live, first in a debugger where we could verify that their custom microcode was being triggered, and then outside of the debugger where suddenly xcalc popped up. What launched the program? Calculating a particular number on a website from inside an unmodified browser.

He also demonstrated the introduction of a simple mathematical error into the microcode that made an encryption routine fail when another particular multiplication was done. While this may not sound like much, if you paid attention in the talk on revealing keys based on a single infrequent bit error, you’d see that this is essentially a few million times more powerful because the error occurs every time.

The team isn’t done with their microcode explorations, and there’s still a lot more of the command set left to discover. So take this as a proof of concept that nearly completely undetectable trojans could exist in the microcode that runs between the compiled code and the CPU on your machine. But, more playfully, it’s also an invitation to start exploring yourself. It’s not every day that an entirely new frontier in computer hacking is bust open.

34C3: The First Day Is A Doozy

December 27, 2017 by 8 Comments

It’s 5 pm, the sun is slowly setting on the Leipzig conference center, and although we’re only halfway through the first day, there’s a ton that you should see. We’ll report some more on the culture of the con later — for now here’s just the hacks. Continue reading “34C3: The First Day Is A Doozy”

Hackaday At 34C3

December 24, 2017 by 19 Comments

It’s that time of year. While the rest of the Christmas-celebrating world sits around and plays with the toys that they got out from under the tree, German nerds head off to the biggest European hacker con: the 34th annual Chaos Communications Congress, running Dec. 27th through 30th.

The CCC is both a grandparent among hacker cons, and the most focused on using technology to improve the world and bringing folks together. (The “communications” in the name is a dead giveaway.) This year’s motto, “tuwat!” is slangy-dialecty for “do something!” and is call to get up off the couch and use your super-powers for good.

If you can’t get over to Leipzig to join us, you’ll be able to read our extensive coverage starting up shortly after the opening ceremonies, and probably stretching well into 2018. And since the CCC media folks manage to stream every talk, hackers all over the world can follow along live. Most talks are in English, so get together with folks in your hackspace and have a video night!

And if you are in Leipzig, be on the lookout for [Elliot] who will be wandering around, attending workshops, and writing down as much as possible. Show me something cool, rave about a particularly good talk, or just say “hi”.

Fairy Dust clipart courtesy [sonoftroll].

Coin Cells: The Mythical Milliamp-Hour

December 22, 2017 by 16 Comments

Just how much metaphorical juice is in a coin cell battery? It turns out that this seemingly simple question is impossible to answer — at least without a lot of additional information. The problem is that the total usable energy in a battery depends on how you try to get that energy out, and that is especially true of coin cells.

Energizer specs its 2032s at 0.2 mA

For instance, ask any manufacturer of the common 3 V lithium 2032 batteries, and they’ll tell you that it’s got 230 mAh. That figure is essentially constant across brands and across individual cells, and if you pull a constant 0.2 mA from the battery, at room temperature and pressure, you’ll get a bit more than the expected 1,150 hours before it dips below the arbitrary voltage threshold of 2.0 V. Just as it says on the tin.

What if you want to do anything else with a coin cell? Run an LED for a decade? Pull all the energy out right now and attempt to start a car? We had these sorts of extreme antics in mind when we created the Coin Cell Challenge, but even if you just want to do something mundane like run a low-power radio sensor node for more than a day, you’re going to need to learn something about the way coin cells behave in the real world. And to do that, you’re going to need to get beyond the milliamp hour rating. Let’s see how deep this rabbit hole goes.

Continue reading “Coin Cells: The Mythical Milliamp-Hour”

Mike Harrison At The Superconference: Flying LCD Pixels

December 11, 2017 by 18 Comments

Mike Harrison, perhaps better known to us as the titular Mike of YouTube channel mikeselectricstuff, is a hardware hacking genius. He’s the man behind this year’s Superconference badge, and his hacks and teardowns have graced our pages many times. The best thing about Mike is that his day job is designing implausibly cool one-off hardware for large-scale art installations. His customers are largely artists, which means that they just don’t care about the tech as long as it works. So when he gets together with a bunch of like-minded hacker types, he’s got a lot of pent-up technical details that he just has to get out. Our gain.

He’s been doing a number of LCD installations lately. And he’s not using the standard LCD calculator displays that we all know and love, although the tech is exactly the same, but is instead using roughly 4″ square single pixels. His Superconference talk dives deep into the behind-the-scenes cleverness that made possible a work of art that required hundreds of these, suspended by thin wires in mid-air, working together to simulate a flock of birds. You really want to watch this talk.


Continue reading “Mike Harrison At The Superconference: Flying LCD Pixels”

How Cheap Can A 3D Printer Get? The Anet A8

December 8, 2017 by 89 Comments

The short answer: something like $200, if your time is worth $0/hour. How is this possible? Cheap kit printers, with laser-cut acrylic frames, but otherwise reasonably solid components. In particular, for this review, an Anet A8. If you’re willing to add a little sweat equity and fix up some of the bugs, an A8 can be turned into a good 3D printer on a shoestring budget.

That said, the A8 is a printer kit, not a printer. You’re going to be responsible for assembly of every last M3 screw, and there are many. Building the thing took me eight or ten hours over three evenings. It’s not rocket surgery, though. There are very accessible videos available online, and a community of people dedicated to turning this box of parts into a great machine. You can do it if you want to.

This article is half how-to guide and half review, and while the fun of a how-to is in the details, the review part is easy enough to sum up: if you want the experience of building a 3D printer, and don’t mind tweaking to get things just right, you should absolutely look into the A8. If you want a backup printer that can print well enough right after assembly, the A8 is a good deal as well; most of the work I’ve put into mine is in chasing perfection. But there are a couple reasons that I’d hesitate to recommend it to a rank beginner, and one of them is fire.

Still, I’ve put 1,615 m (1.0035 miles) of filament through my A8 over 330 hours of run-time spread across the last three months — it’s been actively running for 15% of its lifetime! Some parts have broken, and some have “needed” improving, but basically, it’s been a very functional machine with only three or four hours of unintentional downtime. My expectations going in were naturally fairly low, but the A8 has turned out to be not just a workhorse but also a decent performer, with a little TLC. In short, it’s a hacker’s printer, and I love it.

Continue reading “How Cheap Can A 3D Printer Get? The Anet A8”