Reverse-Engineering Makita Batteries To Revive Them

June 15, 2024 by 35 Comments

Modern lithium-ion battery packs for cordless power tools contain an incredible amount of energy, which necessitates that they come with a range of safeties. Although it’s good when the battery management system (BMS) detects a fault and cuts power to prevent issues, there exist the possibility of false positives. Having an expensive battery pack brick itself for no good reason is rather annoying, as is being unable to reuse a BMS in for example a re-manufactured battery. This was the reasoning that led [Martin Jansson] down the path of reverse-engineering Makita batteries for starters.

After that initial reverse-engineering attempt involving a firmware dump of the NEC (Renesas) F0513 MCU, [Martin] didn’t get back to the project until recently, when he was contacted by [Romain] who donated a few BMS boards to the cause. One of these features an STM32 MCU, which made the task much easier. Ultimately [Martin] was able to determine the command set for the Maxim OneWire-based communication protocol, as was a hidden UART mode.

Due to the critical timing required, off-the-shelf programmers didn’t work, so an Arduino Uno-based programmer (ArduinoOBI) was created instead, which can be found on GitHub along with the Open Battery Information desktop application which provides access to these BMS features after connecting to the battery pack. Although only Makita is supported right now, [Martin] would like to see support for other brands being added as well.

This Week In Security: Unicode Strikes Again, Trust No One (Redditor), And More

June 14, 2024 by 7 Comments

There’s a popular Sysadmin meme that system problems are “always DNS”. In the realm of security, it seems like “it’s always Unicode“. And it’s not hard to see why. Unicode is the attempt to represent all of Earth’s languages with a single character set, and that means there’s a lot of very similar characters. The two broad issues are that human users can’t always see the difference between similar characters, and that libraries and applications sometimes automatically convert exotic Unicode characters into more traditional text.

This week we see the resurrection of an ancient vulnerability in PHP-CGI, that allows injecting command line switches when a web server launches an instance of PHP-CGI. The solution was to block some characters in specific places in query strings, like a query string starting with a dash.

The bypass is due to a Windows feature, “Best-Fit”, an automatic down-convert from certain Unicode characters. This feature works on a per-locale basis, which means that not every system language behaves the same. The exact bypass that has been found is the conversion of a soft hyphen, which doesn’t get blocked by PHP, into a regular hyphen, which can trigger the command injection. This quirk only happens when the Windows locale is set to Chinese or Japanese. Combined with the relative rarity of running PHP-CGI, and PHP on Windows, this is a pretty narrow problem. The XAMPP install does use this arrangement, so those installs are vulnerable, again if the locale is set to one of these specific languages. The other thing to keep in mind is that the Unicode character set is huge, and it’s very likely that there are other special characters in other locales that behave similarly.

Downloader Beware

The ComfyUI project is a flowchart interface for doing AI image generation workflows. It’s an easy way to build complicated generation pipelines, and the community has stepped up to build custom plugins and nodes for generation. The thing is, it’s not always the best idea to download and run code from strangers on the Internet, as a group of ComfyUI users found out the hard way this week. The ComfyUI_LLMVISION node from u/AppleBotzz was malicious.

The node references a malicious Python package that grabs browser data and sends it all to a Discord or Pastebin. It appears that some additional malware gets installed, for continuing access to infected systems. It’s a rough way to learn. Continue reading “This Week In Security: Unicode Strikes Again, Trust No One (Redditor), And More”

Programming Ada: Records And Containers For Organized Code

June 4, 2024 by 5 Comments

Writing code without having some way to easily organize sets of variables or data would be a real bother. Even if in the end you could totally do all of the shuffling of bits and allocating in memory by yourself, it’s much easier when the programming language abstracts all of that housekeeping away. In Ada you generally use a few standard types, ranging from records (equivalent to structs in C) to a series of containers like vectors and maps. As with any language, there are some subtle details about how all of these work, which is where the usage of these types in the Sarge project will act as an illustrative example.

In this project’s Ada code, a record is used for information about command line arguments (flag names, values, etc.) with these argument records stored in a vector. In addition, a map is created that links the names of these arguments, using a string as the key, to the index of the corresponding record in the vector. Finally, a second vector is used to store any text fragments that follow the list of arguments provided on the command line. This then provides a number of ways to access the record information, either sequentially in the arguments vector, or by argument (flag) name via the map.

Continue reading “Programming Ada: Records And Containers For Organized Code”

CH32V003 Makes For Dirt Cheap RISC-V Computer

May 31, 2024 by 36 Comments

These days, when most folks think of a computer they imagine a machine with multiple CPUs, several gigabytes of RAM,  and a few terabytes of non-volatile storage for good measure. With such modern expectations, it can be difficult to see something like a microcontroller as little more than a toy. But if said MCU has a keyboard, is hooked up to a display, and lets you run basic productivity and development software, doesn’t that qualify it as a computer? It certainly would have in the 1980s.

With that in mind, [Olimex] has teased the RVPC, which they’re calling the “world lowest cost Open Source Hardware All-in-one educational RISC-V computer” (say that three times fast). The tiny board features the SOIC-8 variant of the CH32V003 and…well, not a whole lot else. You’ve got a handful of passives, a buzzer, an LED, and the connectors for a PS/2 keyboard, a power supply, and a VGA display. The idea is to offer this as a beginner’s soldering kit in the future, so most most of the components are through-hole.

On the software side, the post references things like the ch32v003fun development stack, and the PicoRVD programmer as examples of open source tools that can get your CH32V computer up and running. There’s even a selection of retro-style games out there that would be playable on the platform. But what [Olimex] really has their eye on is a port of VMON, a RISC-V monitor program.

When paired with the 320×200 VGA text mode that they figure the hardware is capable of, you’ve got yourself the makings of an educational tool that would be great for learning assembly and playing around with bare metal programming.

It might not have the timeless style of the Voja4, but at least you can fit it in a normal sized pocket.

Thanks to [PPJ] for the tip.

Don’t Object To Python Objects

May 2, 2024 by 24 Comments

There’s the old joke about 10 kinds of programmers, but the truth is when it comes to programming, there are often people who make tools and people who use tools. The Arduino system is a good example of this. Most people use it like a C compiler. However, it really uses C++, and if you want to provide “things” to the tool users, you need to create objects. For example, when you put Serial in a program, you use an object someone else wrote. Python — and things like Micropython — have the same kind of division. Python started as a scripting language, but it has added object features, allowing a rich set of tools for scripters to use. [Damilola Oladele] shows the ins and outs of object-oriented Python in a recent post.

Like other languages, Python allows you to organize functions and data into classes and then create instances that belong to that class. Class hierarchies are handy for reusing code, customizing behavior, and — through polymorphism — building device driver-like architectures.

Continue reading “Don’t Object To Python Objects”

A render of the USB Blaster, showing all the major parts

The Cheapest USB Blaster Ever, Thanks To CH552

April 30, 2024 by 8 Comments

Here’s a CH552G-based USB Blaster project from [nickchen] in case you needed more CH552G in your life, which you absolutely do. It gives you the expected IDC-10 header ready for JTAG, AS, and PS modes. What’s cool, it fits into the plastic shell of a typical USB Blaster, too!

The PCB is flexible enough, and has all the features you’d expect – a fully-featured side-mounted IDC-10 header, two LEDs, a button for CH552 programming mode, and even a UART header inside the case. There’s an option to add level shifter buffers, too – but you don’t have to populate them if you don’t want to do that for whatever reason! The Hackaday.io page outlines all the features you are getting, though you might have to ask your browser to translate from Chinese.

Sadly, there’s no firmware or PCB sources – just schematics, .hex, BOM, and Gerber .zip, so you can’t fix firmware bugs, or add the missing USB-C pulldowns. Nevertheless, it’s a cool project and having the PCB for it is lovely, because you never know when you might want to poke at a FPGA on a short notice. Which is to say, it’s yet another CH552 PCB you ought to put in your PCB fab’s shopping cart! This is not the only CH552G-based programming dongle that we’ve covered – here’s a recent Arduino programmer that does debugWire, and here’s like a dozen more different CH552G boards, programmers and otherwise.

The Z80 Is Dead. Long Live The Free Z80!

April 28, 2024 by 28 Comments

It’s with a tinge of sadness that we and many others reported on the recent move by Zilog to end-of-life the original Z80 8-bit microprocessor. This was the part that gave so many engineers and programmers their first introduction to a computer of their own. Even though now outdated its presence has been a constant over the decades. Zilog will continue to sell a Z80 derivative in the form of their eZ80, but that’s not the only place the core can be found on silicon. [Rejunity] is bringing us an open-source z80 core on real hardware, thanks of course to the TinyTapeout ASIC project. The classic core will occupy two tiles on the upcoming TinyTapeout 7. While perhaps it’s not quite the same as a real 40-pin DIP in your hands, like all of the open-source custom silicon world, it’s as yet early days.

The core in question is derived from the TV80 open-source core, which we would be very interested to compare when fabricated at TinyTapeout’s 130nm process with an original chip from a much larger 1970s process. While It’s true that this project is more of an interesting demonstration of TinyTapeout than a practical everyday Z80, it does at least serve as a reminder that there may be a future point in which a run of open-source real Z80s or other chips might become possible.

This isn’t the first time we’ve featured a TinyTapeout project.