Reverse-Engineering A Russian Tornado-S Guidance Circuit Board

January 16, 2024 by Maya Posch 21 Comments

With Russian military hardware quite literally raining down onto the ground in Ukraine, it’s little wonder that a sizeable part of PCBs and more from these end up being sold on EBay. This was thus where [msylvain] got a guidance board from a 300 mm Tornado-S 9M542 GLONASS-guided projectile from, for some exploration and reverse-engineering. The first interesting surprise was that the board was produced in February of 2023, with the Tornado-S system having begun production in 2016.

Presumed location of the PCB under investigation in the Tornado-S rocket.

The 9M542 and similar rocket projectiles are designed to reach their designated area with as much precision as possible, which where the guidance system comes into play. Using both GLONASS and inertial navigation, the rocket’s stack of PCBs (pictured) are supposed to process the sensor information and direct the control system, which for the 9M542 consists out of four canards. The board that [msylvain] is looking at appears to be one of the primary PCBs, containing some DC-DC and logic components, as well as three beefy gate arrays (ULAs). While somewhat similar to FPGAs, these are far less configurable, which is why the logic ICs around it are needed to tie everything together. For this reason, gate array technology was phased out globally by the 1990s due to the competition of FPGAs, which makes this dual-sided PCB both very modern and instantly vintage.

This is where a distinct 1980s Soviet electronics vibe begins, as along the way of noting the function of each identified IC, it’s clear that these are produced by the same Soviet-era factories, just with date stamps ranging from 2018 to more recent and surface-mount DIP-sized packages rather than through-hole.

Continue reading “Reverse-Engineering A Russian Tornado-S Guidance Circuit Board” →

Betavoltaic Battery Rated To Provide Power For 50 Years

January 16, 2024 by Maya Posch 47 Comments

A newly introduced battery called the BV100 by Chinese Betavolt Technology promises to provide half a century of power, at 100 μW in a 15x15x5 mm package. Inside the package are multiple, 2 micron-thick layers nickel-63 isotope placed between 10 micron-thick diamond semiconductor, with each diamond layer using the principle of betavoltaics to induce an electrical current in a similar fashion to a solar panel using light. Ni-63 is a β emitter with a half-life of 100 years, that decays into copper-63 (Cu-63), one of the two stable forms of copper.

From the battery’s product page we can glean a bit more information, such as that the minimum size of the betavoltaic battery is 3x3x0.03 mm with one layer of Ni-63 and two semiconductor layers, allowing for any number of layers to be stacked to increase the power output within a given package. Also noted is that the energy conversion rate of the β energetic event is about 8.8%, which could conceivably be improved in the future.

Although this battery may seem new, it’s actually based on a number of years of research in diamond semiconductors in betavoltaics, with V. S. Bormashov and colleagues in 2018 reporting on a similar diamond semiconductor with Ni-63 isotope layer battery. They noted a battery specific energy of 3300 mWh/g. Related research by Benjian Liu and colleagues in 2018 showed an alphavoltaic battery, also using diamond semiconductor, which shows another possible avenue of development, since alpha particles are significantly more energetic.

Whether we’ll see Betavolt’s BV100 or similar products appear in commercial products is still uncertain, but they plan to have a 1 Watt version ready by 2025, which when packaged into the size of an average Li-ion battery pack could mean a mobile power source that will power more than a pacemaker, and cost less than the nuclear batteries powering the two Voyager spacecraft and all active Mars rovers today.

Breaking The Flash Encryption Feature Of Espressif’s Microcontrollers

January 15, 2024 by Maya Posch 16 Comments

Espressif’s ESP32 microcontrollers come with a Flash encryption feature that when enabled ensures that the data and code stored on the (usually external) Flash chip is encrypted with AES-256 (ESP32) or better (ESP32-C3, -C6). For the ESP32 this encryption feature has been shown to be vulnerable to side channel attacks (SCA), leading [courk] to not only replicate this result with a custom ESP Correlation Power Analysis (CPA) board (pictured) that captures power usage of the MCU, but also to try his luck with the ESP32-C3 and ESP32-C6 parts that should be tougher nuts to crack.

Whereas the ESP32 uses a fairly straightforward AES-256 encryption routine that together with the exposed Flash communication lines on the QSPI bus make for a textbook SCA example, the ESP32-C3 ups the encryption to XTS-AES, which uses two 128-bit keys on the -C3 part (XTS-256). This particular MCU is still susceptible to the same SCA attack with CPA, making it somewhat harder to attack than the ESP32, but by no means impossible.

Continue reading “Breaking The Flash Encryption Feature Of Espressif’s Microcontrollers” →

PDP-11 Trouble With A Ruthless Power Supply Issue

January 15, 2024 by Maya Posch 9 Comments

After [David Lovett] of [Usagi Electric] was donated a few cars full of DEC PDP-11 minicomputers of various flavors and vintages, he passed on most of them to loving homes, but kept a few of them himself. One goal of this being to put together a PDP-11 system that could be more easily taken to vintage computer shows than the ‘rollable’ PDP-11s he had access to prior. Of 1980s PDP-11s, the first-generation Large Scale Integration (LSI) PDP11/03 system (so-called Q-Bus models) is among the smallest, taking up about as much space as a 1980s desktop PC, while supporting the second generation LSI PDP-11/23 cards. It all seemed so easy until [David] tried testing the PDP-11/03’s PSU and everything went south.

Despite having access to the circuit diagrams of the PSU, figuring out what was going wrong was an absolute nightmare for [David], after some easy fixes involving replacing a blown fuse and bulging capacitors failed to deliver salvation. Reading through the comments to the video, it would seem that people are generally confused about whether this PSU is a linear, switching or some other configuration. What is clear is that with the absolutely massive transformer, it looks more like a linear power supply, but with a lot of protections against over current and other failure modes built-in, all of which rely on transistors and other components that could have gone bad.

Although in round 1 the PDP-11/03 PSU won the battle, we hope that once round 2 commences [David] will have had the proverbial training montage behind him (set to ‘Eye of the Usagi’, probably) and will manage to get this PSU working once more.

Continue reading “PDP-11 Trouble With A Ruthless Power Supply Issue” →

Reverse-Engineering The ESP32’s WiFi Binary Blob With A Faraday Cage

January 15, 2024 by Maya Posch 37 Comments

The Faraday cage constructed by Jasper Devreker.

As part of a team reverse-engineering the binary blob driver for the ESP32’s WiFi feature at Ghent University, [Jasper Devreker] saw himself faced with the need to better isolate the network packets coming from the ESP32-under-test. This is a tough call in today’s WiFi and 2.4 GHz flooded airwaves. To eliminate all this noise, [Jasper] had to build a Faraday cage, but ideally without racking up a massive invoice and/or relying on second-hand parts scavenged from eBay.

We previously reported on this reverse-engineering project, which has since seen an update. Although progress has been made, filtering out just the packets they were interested in was a big challenge. The solution was a Faraday cage, but on a tight budget.

Rather than relying on exotic power filters, [Jasper] put a battery inside a Faraday cage he constructed out of wood and conductive fabric. To get Ethernet data in and out, a fiber link was used inside a copper tube. Initial testing was done using a Raspberry Pi running usbip and a WiFi dongle. The Faraday cage provided enough attenuation that the dongle couldn’t pick up any external WiFi signals in listening mode.

The total cost of this build came down to a hair over €291, which makes it feasible for a lot of RF experiments by hobbyists and others. We wish [Jasper] and the rest of the team a lot of luck in figuring out the remaining secrets of Espressif’s binary WiFi blob using this new tool.

Haiku OS: The Open Source BeOS You Can Daily Drive In 2024

January 15, 2024 by Maya Posch 25 Comments

Haiku is one of those open source operating systems that seem to be both exceedingly well-known while flying completely under the radar. Part of this is probably due to it being an open source version and continuation of the Be Operating System (BeOS). Despite its strong feature set in the 1990s, BeOS never got much love in the wider computer market. Nevertheless, it has a strong community that after twenty-two years of development has now reached a point where you can daily drive it, according to the [Action Retro] channel on YouTube.

One point where Haiku definitely scores points is with the super-fast installation and boot. [Action Retro] demonstrates this on real hardware, and we can confirm that it boots very fast in VirtualBox on a low-end Intel N100-based host system as well. With the recently introduced QtWebEngine-based Falkon browser (formerly known as QupZilla) even JavaScript-heavy sites like YouTube and retro Mac emulators work well. You can even get a Minecraft client for Haiku.

Although [Action Retro] notes that 3D acceleration is still a work-in-progress for Haiku, his 2014-era AMD system smoothly played back 1080p YouTube videos. Although not addressed in the video, Haiku is relatively easy to port existing software to, as it is POSIX-compatible. There is a relatively modern GCC 11.2 compiler in the Beta 4 release from 2022, backed up by solid API documentation. Who doesn’t want to take a poke at a modern take on the OS that nearly became MacOS?

Continue reading “Haiku OS: The Open Source BeOS You Can Daily Drive In 2024” →

Why The IPad Doesn’t Have A Calculator

January 14, 2024 by Maya Posch 78 Comments

For the handful among us who have an iPad tablet from Apple, some may have figured out by now that it lacks a feature that has come standard on any operating system since roughly the early 90s: a calculator application. Its absence on the iPad’s iPadOS is strange since the iPhones (iOS) have always had a calculator application built into the system. Even Apple’s laptop and desktop systems (MacOS/OS X/MacOS) include a calculator. As [Greg] at [Apple Explained] explains in a 2021 video, this seems to have been initially due to Steve Jobs, who didn’t like the scaled-up iOS calculator that the person in charge of iPad software development – [Scott Forstal] – was working on and set an ultimatum to replace or drop it.

In the video, [Greg] shows sections of an interview with Apple software chief [Craig Federighi], who when confronted with the question of why iPadOS doesn’t have a calculator or weather app, quickly slithers out of the way of the incoming question. He excuses the absence with the idea that Apple won’t do anything unless it makes people go ‘wow’ when they use it. Fast-forward two years, and iPadOS 17 still doesn’t have a version of the Apple Calculator app, making for rich meme fodder. One question that gets raised by some is whether Apple really needs to make such an app at all since you can use Spotlight and Siri to get calculations resolved, in the latter case, using the apparently hidden Calculator app.

These days, you can use Google Search as a calculator, too, with it even throwing up a calculator UI when you ask it to perform a calculation, and the App Store is full of various calculator apps, with or without advertising and/or paid features. In this context, what could Apple do with a calculator that would positively ‘wow’ its users?

Continue reading “Why The IPad Doesn’t Have A Calculator” →