Even if he hadn’t done any firmware hacking on this hard drive [Sprite_TM’s] digital exploration of the controller is fascinating. He gave a talk at this year’s Observe, Hack, Make (OHM2013) — a non-commercial community run event in the Netherlands and we can’t wait for the video. But all the information on how he hacked into the three-core controller chip is included in his write up.
[Sprite_TM] mentions that you’re not going to find datasheets for the controllers on these drives. He got his foot in the door after finding a JTAG pinout mentioned on a forum post. The image above shows his JTAG hardware which he’s controlling with OpenOCD. This led him to discover that there are three cores inside the controller, each used for a different purpose. The difference between [Sprite_TM’s] work and that of mere mortals is that he has a knack for drawing surprisingly accurate conclusions from meager clues. To see what we mean check out the memory map for the second core which he posted on page 3 of his article.
Using JTAG he was able to inject a jump into the code (along with a filler word to keep the checksum valid) and run his own code. To begin the firmware hacking portion of the project he pulled the flash ROM off of the board and installed it on that little board sticking out on the left. This made it easy for him to backup and reflash the chip. Eventually this let him pull off the same proof of concept as a firmware-only hack (no JTAG necessary). He goes onto detail how an attacker who has root access could flash hacked firmware which compromises data without any indication to they system admin or user. But we also like his suggestion that you should try this out on your broken hard drives to see if you can reuse the controllers for embedded projects. That idea is a ton a fun!
When we were poking around the OHM2013 website (linked above) we noticed that the tickets are sold out; good for them! But if you were still able to buy them they take Bitcoin as one payment option. Are there any other conferences that allow Bitcoin for registration?
Because [Sprite_tm]’s display has a 16-bit parallel interface, and 16 GPIO pins are hard to come by on the Carambola Linux board, a few shift registers had to be brought into the build to make the LCD work. These shift registers are connected to the Carambola board via an SPI interface; a very simple way to connect all the LCD pins to the Linux board.
Of course, there’s no way for Linux to speak to the LCD without a kernel driver; [Sprite_tm] wrote a framebuffer driver so the LCD can be used as a console, an X session, or used by any other program that can write to a framebuffer device.
Like all good driver authors, [Sprite_tm] is giving away the patch to enable SPI-ified LCD panels on the Carambola along with the shift register schematic. With any luck we’ll also see the Raspi drivers when [Sprite_tm] takes delivery of his Raspberry Pi.
When the Regency TR-1 transistor radio came out onto the market in the 1950s, it was hailed as a modern marvel of microelectronics. With only four transistors and a handful of other components, the TR-1 was a wonder of modern engineering. [Sprite_tm] may have those old-timers beat, though. He built an FM transmitter with the lowest parts count of any transmitter ever.
Like most of [Sprite_tm]’s builds, it’s an unimaginably clever piece of work. [Sprite] overclocked the internal RC oscillator of an ATtiny45 to 24 MHz. After realizing the PLL running at four times the frequency of the oscillator was right in the middle of the FM band, he set about designing a tiny FM transmitter.
[Sprite_tm] remembered his work on MONOTONE and made a short song for hit ATtiny. The firmware for the build takes the notes from his song and varies the 96 MHz PLL frequency a tiny bit, thereby serving as a tiny FM transmitter.
Does it work? Well, if you want to compare it to a Mister Microphone, the range is incredibly limited. That being said it works. It’s an FM transmitter built out of a microcontroller and a battery, and that’s very impressive. Check out [Sprite_tm]’s demo after the break.
By pretty much any metric you care to use, 2020 has been an unforgettable year. Usually that would be a positive thing, but this time around it’s a bit more complicated. The global pandemic, unprecedented in modern times, impacted the way we work, learn, and gather. Some will look back on their time in lockdown as productive, if a bit lonely. Other’s have had their entire way of life uprooted, with no indication as to when or if things will ever return to normal. Whatever “normal” is at this point.
But even in the face of such adversity, there have been bright spots for our community. With traditional gatherings out of the question, many long-running tech conferences moved over to a virtual format that allowed a larger and more diverse array of presenters and attendees than would have been possible in the past. We also saw hackers and makers all over the planet devote their skills and tools to the production of personal protective equipment (PPE). In a turn of events few could have predicted, the 2020 COVID-19 pandemic helped demonstrate the validity of hyperlocal manufacturing in a way that’s never happened before.
For better or for worse, most of us will associate 2020 with COVID-19 for the rest of our lives. Really, how could we not? But over these last twelve months we’ve borne witness to plenty of stories that are just as deserving of a spot in our collective memories. As we approach the twilight hours of this most ponderous year, let’s take a look back at some of the most interesting themes that touched our little corner of the tech world this year.
Six years on from the emergence of the Espressif ESP8266 we might believe that the focus had shifted to the newer dual-core ESP32. But here comes a twist in the form of the newly-revealed ESP32-C3. It’s a WiFi SoC that despite its ESP32 name contains a RISC-V core in place of the Tensilica core in the ESP32s we know, and uses the ESP8266 pin-out rather than that of its newer sibling. There’s relatively little information about it at the time of writing, but CNX Software have gathered together what there is including a draft datasheet whose English translation is available as a Mega download. As with other ESP32 family members, this one delivers b/g/n WiFi and Bluetooth Low-Energy (BLE) 5, where it differs is the RISC-V 32 Single-core processor with a clock speed of up to 160 MHz. There is 400 kB of SRAM and 384 kB ROM storage space built in.
Why they are releasing the part as an ESP32 rather than giving it a series number of its own remains a mystery, but it’s not hard to see why it makes commercial sense to create it in an ESP8266-compatible footprint. The arrival of competing parts in the cheap wireless SoC space such as the Bouffalo Labs BL602 we mentioned recently is likely to be eating into sales of the six-year-old chip, so an upgrade path to a more capable part with minimal new hardware design requirements could be a powerful incentive for large customers to stay with Espressif.
We’re left to guess on how exactly the rollout will proceed. We expect to see similar developer support to that they now provide for their other chips, and then ESP32-C3 powered versions of existing ESP8266 boards in short order. It’s also to be hoped that a standard RISC-V toolchain could be used instead of the device-specific ones for current Espressif offerings. What we should not expect are open-source replacements for the blobs that drive the on-board peripherals, as the new chip will share the same closed-source IP as its predecessors for them. Perhaps if the PINE64 initiative to reverse engineer blobs for the BL602 bears fruit, we might see a similar effort for this chip.
With Editor-in-Chief Mike Szczys on a well-earned vacation, Staff Writer Dan Maloney sits in with Managing Editor Elliot Williams to run us through the week’s most amazing hacks and answer your burning questions. What do you do when you can’t hit a golf ball to save your life? Build a better club, of course, preferably one that does the thinking for you. Why would you overclock a graphing calculator? Why wouldn’t you! Will an origami boat actually float? If you use the right material, it just might. And what’s the fastest way to the hearts of millions of kids? With a Super Soaker and a side-trip through NASA.
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!