DC Zia 30-in-ONE Badge for DEF CON 30

Nostalgic 30-in-ONE Electronics Badge For DEF CON 30

December 9, 2022 by 12 Comments

[hamster] and the DC Zia crew offered up a throwback 30-in-ONE Learn Electronics indie badge for DEF CON 30. The badge is inspired by the Radio Shack “100-in-1” style project kits that so many of us cut our teeth on back in the 70s and 80s.

DC Zia is a hacker group loosely associated with New Mexico who have been working together to make an indie badge for DEF CON each year.  If you aren’t familiar with the badgelife community of hardware hackers and programmers who make electronic indie conference badges, check out our BadgeLife Documentary.

The 30-in-ONE badge is provided in the form of a kit, so the learning and fun begins with assembling the badge. From there, an included booklet guides the badge holder through building and experimenting with 30 different circuits.

The included components include resistors, capacitors, LEDs, transistors, switches, transformer, speaker, OLED display, battery box, and a bundle of jumper wires for making any desired circuit connections.  The documented circuits have compelling titles such as the Electric Cat, Light Theremin, Grandfather Clock, and Frequency Counter.

Flashback to what DC Zia, and other groups, were up to five years prior in our expose on The Hardware Badges of DEF CON 25.

Continue reading “Nostalgic 30-in-ONE Electronics Badge For DEF CON 30”

Cargo Culting And Buried Treasure

December 3, 2022 by 55 Comments

I have no idea how true the stories are, but legend has it that when supplies were dropped on some Melanesian islands during WWII, some locals took to replicating runway signs in order to further please the “gods” that were dropping them. They reportedly thought that making landing strips caused laden airplanes to visit. Richard Feynman later turned this into a metaphor about scientific theory – that if you don’t understand what you’re doing deeply, you may be fooling yourself.

I’d like to be a little bit more forgiving of adherents of technological cargo cults. Because the world around us is very complicated, we often just take things as they are rather than understanding them deeply, because there’s simply only so deep you can go into so many fields.

Is someone who doesn’t know the i386 machine language cargo-culting their way through a job as a web backend developer? Probably not. But from the perspective of an assembly-language programmer, any of us who write in compiled or interpreted programming languages are cargo-culting coding. You don’t need to understand a cell phone to dial home, but can you really say that you understand everything about how one works?  Or are you just going through the motions?

So while some reliance on metaphor and “well, it worked last time” is perfectly normal, I think noticing when you cargo-cult is also healthy. It should also be a warning sign, or at least a flag to remind yourself that there may be dragons here. Or maybe just a buried learning opportunity, the X that marks the spot where digging deeper might be productive.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

TEGA: Typescript Embedded Game Boy (Macro) Assembler

December 1, 2022 by 2 Comments

[Francis Stokes] has a real love for the original Game Boy, suggesting that owning this machine pushed him along a certain path that many of us would recognize. Developing Game Boy games isn’t particularly difficult from a hardware point of view, as you can easily buy special cartridges that have an SD card slot, allowing custom code. [Francis] had the idea of easy software development by producing a typescript hardware abstraction library, TEGA (or TypeScript Embedded Game Boy Macro Assembler). This provides a safe environment in which to play with the code, which can then be run inside an emulator such as BGB, before being deployed onto actual hardware.

The video embedded below — which we warn you now is a long one — goes into extensive justification and technical explanation of how [Francis] leverages typescript to create lots of nice features to produce safe code, whilst handling many of the Game Boy’s architectural restrictions, as well as the weirdness of the Sharp SM83 processor that powers it. We particularly liked the built-in support for on-the-fly asset compression, since every byte matters in the meager 32 Kb system, it’s nice not to have to think about it all the time! After discussing TEGA, the Game Boy hardware, the ins and outs of a demo game Block Jump, and then how to debug with BGB, we’re pretty confident many of you will be in a strong position to bust out a Game Boy application in the future!

As an aside, we did also stumble upon a new hardware guide provided by Finnish programmer and Game Boy superfan [Joonas Javanainen] which will help frame some of the topics [Francis] was talking about.

You may recall a little while back, the same author targeted the RISC-V using code written in typescript. After all, when you’re comfortable with a tool, you can shape it to do practically anything.

Continue reading “TEGA: Typescript Embedded Game Boy (Macro) Assembler”

Silicon Sleuthing: Finding A Ancient Bugfix On The 8086

November 28, 2022 by 31 Comments

Few CPUs have had the long-lasting influence that the 8086 did. It is hard to believe that when your modern desktop computer boots, it probably thinks it is an 8086 from 1978 until some software gooses it into a more modern state. When [Ken] was examining an 8086 die, however, he noticed that part of the die didn’t look like the rest. Turns out, Intel had a bug in the original version of the 8086. In those days you couldn’t patch the microcode. It was more like a PC board — you had to change the layout and make a new one to fix it.

The affected area is the Group Decode ROM. The area is responsible for categorizing instructions based on the type of decoding they require. While it is marked as a ROM, it is more of a programmable logic array. The bug was pretty intense. If an interrupt followed either a MOV SS or POP SS instruction, havoc ensues.

Continue reading “Silicon Sleuthing: Finding A Ancient Bugfix On The 8086”

Reverse Engineering “The Seven Words (and More) You Can’t Say On TV”

November 21, 2022 by 24 Comments

For as visionary as he was, [George Carlin] vastly underestimated the situation with his classic “Seven Words You Can’t Say on TV” bit. At least judging by [Ben Eater]’s reverse engineering of the “TVGuardian Foul Language Filter” device, it seems like the actual number is at least 20 times that.

To begin at the beginning, a couple of weeks ago [Alec] over at everyone’s favorite nerd hangout Technology Connections did a video on the TVGuardian, a device that attempted to clean up the language of live TV and recorded programming. Go watch that video for the details, but for a brief summary, TVGuardian worked by scanning the closed caption text for naughty words and phrases, muted the audio when something suggestive was found in a lookup table, and inserted a closed caption substitute for the offensive content. In his video, [Alec] pined for a way to look at the list of verboten words, and [Ben] accepted the challenge.

The naughty word list ended up living on a 93LC86 serial EEPROM, which [Ben] removed from his TVGuardian for further exploration. Rather than just plug it into a programmer and dumping the contents, he decided to roll his own decoder with an Arduino, because that’s more fun. And can we just point out our ongoing amazement that [Ben] is able to make watching someone else code interesting?

The resulting NSFW word list is titillating, of course, and the video would be plenty satisfying if that’s where it ended. But [Ben] went further and figured out how the list is organized, how the dirty-to-clean substitutions are made, and even how certain words are whitelisted. That last bit resulted in the revelation that Hollywood legend [Dick Van Dyke] gets a special whitelisting, lest his name becomes sanitized to a hilarious [Jerk Van Gay].

Hats off to [Alec] for inspiring [Ben]’s fascinating reverse engineering effort here.

Continue reading “Reverse Engineering “The Seven Words (and More) You Can’t Say On TV””

The Meraki AP PCB on a desk, case-less, with three USB-UARTs connected to its pins - one for interacting with the device, and two for monitoring both of the UART data lines.

Flashing Booby-Trapped Cisco AP With OpenWrt, The Hard Way

October 26, 2022 by 48 Comments

Certain manufacturers seriously dislike open-source firmware for their devices, and this particular hack deals with quite extreme anti-hobbyist measures. The Meraki MR33, made by Cisco, is a nice access point hardware-wise, and running OpenWrt on it is wonderful – if not for the Cisco’s malicious decision to permanently brick the CPU as soon as you enter Uboot through the serial port. This AP seems to be part of a “hardware as a service” offering, and the booby-trapped Uboot was rolled out by an OTA update some time after the OpenWrt port got published.

There’s an older Uboot version available out there, but you can’t quite roll back to it and up to a certain point, there was only a JTAG downgrade path noted on the wiki – with its full description consisting of a “FIXME: describe the process” tag. Our hacker, an anonymous user from the [SagaciousSuricata] blog, decided to go a different way — lifting, dumping and modifying the onboard flash in order to downgrade the bootloader, and guides us through the entire process. There’s quite a few notable things about this hack, like use of Nix package manager to get Python 2.7 on an OS which long abandoned it, and a tip about a workable lightweight TFTP server for such work, but the flash chip part caught our eye.

The flash chip is in TSOP48 package and uses a parallel interface, and an iMX6.LL devboard was used to read, modify and flash back the image — hotswapping the chip, much like we used to do with old parallel-interface BIOS chips. We especially liked the use of FFC cables and connectors for connecting the flash chip to the devboard in a way that allows hotswapping – now that we can see it, the TSOP 0.5 mm pitch and 0.5 mm FFC hardware are a match made in heaven. This hack, of course, will fit many TSOP48-equipped devices, and it’s nice to have a toolkit for it in case you don’t have a programmer handy.

In the end, the AP got a new lease of life, now governed by its owner as opposed to Cisco’s whims. This is a handy tutorial for anyone facing a parallel-flash-equipped device where the only way appears to be the hard way, and we’re glad to see hackers getting comfortable facing such challenges, whether it’s parallel flash, JTAG or power glitching. After all, it’s great when your devices can run an OS entirely under your control – it’s historically been that you get way more features that way, but it’s also that the manufacturer can’t pull the rug from under your feet like Amazon did with its Fire TV boxes.

We thank [WifiCable] for sharing this with us!

(Ed Note: Changed instances of “OpenWRT” to “OpenWrt”.)

Why Learn Ancient Tech?

October 15, 2022 by 68 Comments

The inner orbits of the Hackaday solar system have been vibrating with the announcement of the 2022 Hackaday Supercon badge. The short version of the story is that it’s a “retrocomputer”. But I think that’s somehow selling it short a little bit. The badge really is an introduction to machine language or maybe a programming puzzle, a ton of sweet blinky lights and clicky buttons, and what I think of as a full-stack hacking invitation.

Voja Antonic designed the virtual 4-bit machine that lives inside. What separates this machine from actual old computers is that everything that you might want to learn about its state is broken out to an LED on the front face, from the outputs of the low-level logic elements that compose the ALU to the RAM, to the decoder LEDs that do double-duty as a disassembler. You can see it all, and this makes it an unparalleled learning aid. Or at least it gives you a fighting chance.

So why would you want to learn a made-up machine language from a non-existent CPU? Tom Nardi and I were talking about our experiences on the podcast, and we both agreed that there’s something inexplicably magical about flipping bits, calling the simplest of computer operations into action, and nonetheless making it do your bidding. Or rather, it’s anti-magical, because what’s happening is the stripping away of metaphors and abstractions. Peering not just behind, but right through the curtain. You’re seeing what’s actually happening for once, from the bottom to the top.

As Voja wrote on the silkscreen on the back of the badge itself: “A programmer who has never coded 1s and 0s in machine language is like a child who has never run barefoot on the grass.” It’s not necessary, or maybe even relevant, but learning a complex machine in its entirety is simultaneously grounding and mind-expanding. It is simply an experience that you should have.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!