Fixing A Tractor Dashboard From Over 10,000 Miles Away

February 3, 2024 by 6 Comments

[BuyItFixIt] is well known as a dab hand at, well, fixing things… and presumably buying them, too. Recently, they received an email calling for help of the former kind. One of their Australian viewers owned the same model of tractor, but with a dead digital dash. Thankfully, help was at hand!

The problem turned out to be due to a dead EEPROM on the Australian tractor. In contrast, [BuyItFixIt] had a perfectly working dashboard on their tractor. Thus, they set about disassembling the dash and dumping the EEPROM to try and sort the stricken farm implement. This posed some risk of ending up with two dead dashboards, necessitating a careful hand. In any case, the Case tractor had a fairly simple dash with a majority of through-hole components, making it fairly easy to work with. The Microchip 93LC46B chip was in a DIP package, and was removed with the aid of some low-melting point solder in short order. The contents of the EEPROM were then dumped to a file using a XGecu T48 programmer.

With the file sent off via email, the Australian tractor owner flashed a fresh EEPROM and reinstalled it in their cluster. They were greeted with success, with the only complication being that the hours reading on the cluster had to be corrected to match the previous reading on their machine.

It’s a fairly simple story of fixing an embedded system, but it’s an educational one. It also comes with a deeper dive into how the CASE dashboard works. Just about anyone with basic electronic skills could pull this off and save an entire tractor in the process. It’s great to see these jobs documented so that we can all learn useful basic skills like these. Video after the break.

Continue reading “Fixing A Tractor Dashboard From Over 10,000 Miles Away”

Hackaday Links Column Banner

Hackaday Links: January 28, 2024

January 28, 2024 by 16 Comments

From the “No good deed goes unpunished” files, this week came news of a German programmer who probably wishes he had selected better clients. According to Heise Online (English translation), a freelance programmer — referred to only as “defendant” in the article — was retained by a company to look into a database problem in their system. His investigation revealed that the customer’s database was being filled with log messages from a third-party service called Modern Solution GmbH & Co. KG. over a MySQL connection to a remote server. Assuming this connection was dedicated for his client’s use, the programmer looked at the executable used to make the connection with a text editor, which revealed a password in plain text. Upon connecting to the remote database, he found that it not only contained data for all of Modern Solution’s customers, but also data for all the end users of their customers.

Realizing he’d unintentionally wandered into verboten territory, the programmer immediately backed out and contacted Modern Solutions. They quickly fixed the issue, and then just as quickly reported him to the police. Their “investigation” revealed that the programmer had “decompiled” the executable to obtain the password, in violation of German law. The judge agreed, stating that merely looking at and using the password constituted a criminal offense, regardless of intent and despite the fact that Modern Solution had provided the password to the programmer’s client when they sold them the software. The upshot of all of this nonsense? A €3,000 fine for the programmer, if the verdict stands on appeal. It could have been worse, though; German law allows for up to three years in prison for such offenses.

Continue reading “Hackaday Links: January 28, 2024”

Erasing EEPROMs Isn’t Always As Easy As It Seems

January 20, 2024 by 2 Comments

When is 14 volts not actually 14 volts? Given [Anders Nielsen]’s recent struggles with erasing an old-school EEPROM, it’s when you really need it that things tend to go pear-shaped.

A little background is perhaps in order. [Anders] is working on a scratch-built programmer for ROMs to complement his 65uino project, which puts a complete 6502 computer into the footprint of an Arduino Uno. He wisely started the ROM programmer project at the beginning, which was to generate the correct voltages for programming. This turned out to be not as easy as you might think thanks to the solderless breadboard’s parasitic effects on the MIC2288 switching boost regulator he chose.

The video below is a continuation of the programmer build, which ends up being just as fraught as the first part. Being able to generate the programming voltages is one thing; getting them onto the right pins at the right time using nothing but the 5-volt GPIOs on a microcontroller is another. In true retro fashion, [Anders] tackled that problem with a pair of small-signal transistors, which seemed to work once the resistor values were sorted, at least when applying a 12-volt signal intended to show the ROM’s hard-coded manufacturer ID on the data bus.

But erasing the ROM, which requires 14 volts while the chip enable line is held high for 100 ms, proved a little trickier. Despite multiple tries, the ROM wouldn’t erase thanks to the 14-volt rail being dragged down to around 9 volts. [Anders] fixed that with a new base resistor on the driver, to increase the current and keep the voltage up where it needs to be. Just goes to show you that the data sheets don’t always tell the whole story.

We’ve been enjoying the unfolding story of this programmer, and we’re looking forward to the next installment.

Continue reading “Erasing EEPROMs Isn’t Always As Easy As It Seems”

Hackaday Podcast Episode 253: More Wood Robot, Glitching And Fuming Nitric Acid, We Heart USB-C

January 19, 2024 by 4 Comments

This week Hackaday Editors Elliot Williams and Tom Nardi start things off with a traffic report from the Moon, which has suddenly become a popular destination for wayward robots.

Anonymizing an ATtiny85 via laser

From there, they’ll go over a fire-tending contraption that’s equal parts madness and brilliance, two decades of routers being liberated by OpenWRT, impressive feats of chip decapping, and USB-C’s glorious rise to power.

You’ll also hear about the latest developments in laptop RAM, exploits against the flash encryption used on the ESP32, and Android powered oscilloscopes. The duo will wrap things up with horror stories from the self-checkout aisle, and a look at the fantastical rolling power station that Dan Maloney has been building in his driveway.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Oh look, an MP3 version!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 253: More Wood Robot, Glitching And Fuming Nitric Acid, We Heart USB-C”

Two pictures of the mobo side by side, both with kapton tape covering everything other than the flash chip. On the left, the flash chip is populated, whereas on the right it's not

Enabling Intel AMT For BIOS-over-WiFi

January 5, 2024 by 28 Comments

Intel ME, AMT, SMT, V-Pro… All of these acronyms are kind of intimidating, all we know about them is that they are tied to remote control technologies rooted deep in Intel CPUs, way deeper than even operating systems go. Sometimes though, you want remote control for your own purposes, and that’s what [ABy] achieved. He’s got a HP ProDesk 600 G3 Mini, decided to put it into a hard to reach spot in his flat, somewhere you couldn’t easily fetch a monitor and a keyboard for any debugging needs. So, he started looking into some sort of remote access option in case he’d need to access the BIOS remotely, and went as far as it took to make it work. (Google Translate)

The features he needed are covered by Intel AMT — specifically, BIOS access over a WiFi connection. However, his mini PC only had SMT enabled from the factory, the cut-down version of AMT without features like wireless support. He figured out that BIOS dumping was the way, promptly did just that, found a suitable set of tools for his ME region version, and enabled AMT using Intel’s FIT (Flash Image Tool) software.

Now, dumping the image could be done from a running system fully through software, but apparently, flashing back requires an external programmer. He went with the classic CH341, did the 3.3 V voltmod that’s required to make it safe for flash chip use, and proceeded to spend a good amount of time making it work. Something about the process was screwy, likely the proprietary CH341 software. Comments under the article highlight that you should use flashrom for these tasks, and indeed, you should.

This article goes into a ton of detail when it comes to working with Intel BIOS images — whichever kind of setting you want to change, be it AMT support or some entirely different but just as tasty setting, you will be well served by this write-up. Comments do point out that you might want to upgrade the Intel ME version while at it, and for what it’s worth, you can look into disabling it too; we’ve shown you a multitude of reasons why you should, and a good few ways you could.

NHL 94 Sega Genesis ROM hack playing on LCD monitor.

NHL ’24 ROM Hack Reimagines Classic Game, Zamboni And All

January 1, 2024 by No comments

Thirty years is a long time to keep a piece of software alive, but there aren’t many pieces of software like NHL ’94 for the Sega Genesis. Despite new annual iterations of publisher Electronic Arts’ NHL hockey video game some players never connected with it like quite like they did in 1994. For years now it’s been a tradition for members of the NHL ’94 forums to incorporate the hockey league’s current players into the Sega Genesis original, however, the work [Adam] contributed this season goes beyond a mere roster update. This NHL ’24 ROM hack is more like a complete overhaul. Everything that was old is new again. Continue reading NHL ’24 ROM Hack Reimagines Classic Game, Zamboni And All”

This Week In Security: Triangulation, ProxyCommand, And Barracuda

December 29, 2023 by 6 Comments

It’s not every day we get to take a good look inside a high-level exploit chain developed by an unnamed APT from the western world. But thanks to some particularly dedicated researchers at Kaspersky, which just happens to be headquartered in Moscow, that’s exactly what we have today. The name Operation Triangulation was picked, based off part of the device fingerprinting code that rendered a yellow triangle on an HTML canvas.

The entire talk is available, given this week at the 37th Chaos Communication Congress, 37c3. The exploit starts with an iMessage attachment, delivered silently, that exploits an undocumented TrueType font instruction. Looking at the source code implies that it was a copy-paste error where a programmer didn’t quite get the logic right for a pointer calculation. That vulnerability gives a memory write primitive that pivots into code execution. What’s particularly interesting is that Apple silently fixed this bug January 2023, and didn’t make any public statements. Presumably there were an uptick of crash logs that pointed to this problem, but didn’t conclusively show attempted exploitation.

The exploits then moves to using NSExpression as a next stage. NSExpression is an ugly way to write code, but it does allow the exploit chain to get to the next stage, running JavaScript as an application, without Just In Time compilation. The JS payload is quite a beast, weighing in at 11,000 lines of obfuscated code. It manages to call native APIs directly from JS, which then sets up a kernel exploit. This is multiple integer overflow flaws that result in essentially arbitrary system memory reads and writes. Continue reading “This Week In Security: Triangulation, ProxyCommand, And Barracuda”