Pi Pico Lays Down The Groove

October 30, 2024 by 8 Comments

From the 60s to perhaps the mid-00s, the path to musical stardom was essentially straight with very few forks. As a teenager you’d round up a drummer and a few guitar players and start jamming out of a garage, hoping to build to bigger and bigger venues. Few people made it for plenty of reasons, not least of which was because putting together a band like this is expensive. It wasn’t until capable electronic devices became mainstream and accepted in popular culture in the last decade or two that a few different paths for success finally opened up, and this groovebox shows just how much music can be created this way with a few straightforward electronic tools.

The groovebox is based on a Raspberry Pi Pico 2 and includes enough storage for 16 tracks with a sequencer for each track, along with a set of 16 scenes. Audio plays through PCM5102A DAC module, with a 160×128 TFT display and a touch-sensitive pad for user inputs. It’s not just a device for looping stored audio, though. There’s also a drum machine built in which can record and loop beats with varying sounds and pitches, as well as a sample slicer and a pattern generator and also as the ability to copy and paste clips.

There are a few limitations to using a device this small though. Because of memory size it outputs a 22 kHz mono signal, and its on-board storage is not particularly large either, but it does have an SD card slot for expansion. But it’s hard to beat the bang-for-the-buck qualities of a device like this, regardless, not to mention the portability. Especially when compared with the cost of multiple guitars, a drum set and a bunch of other analog equipment, it’s easy to see how musicians wielding these instruments have risen in popularity recently. This 12-button MIDI instrument could expand one’s digital musical capabilities even further.

Continue reading “Pi Pico Lays Down The Groove”

Tearing Down Nintendo’s Alarmo Alarm Clock

October 30, 2024 by 6 Comments
All your Nintendo Alarmo are belong to mew~ (Credit: GaryOderNichts, Blogspot)

Most of us will probably have seen Nintendo’s latest gadget pop up recently. Rather than a Switch 2 announcement, we got greeted with a Nintendo-branded alarm clock. Featuring a 2.8″ color LCD and a range of sensors, it can detect and respond to a user, and even work as an alarm clock for the low, low price of €99. All of which takes the form of Nintendo-themed characters alongside some mini-games. Naturally this has led people like [Gary] to buy one to see just how hackable these alarm clocks are.

As can be expected from a ‘smart’ alarm clock it has 2.4 GHz WiFi connectivity for firmware and content download, as well as a 24 GHz millimeter wave presence sensor. Before [Gary] even had received his Alarmo, others had already torn into their unit, uncovering the main MCU (STM32H730ZBI6) alongside a 4 GB eMMC IC, as well as the MCU’s SWD pads on the PCB. This gave [Gary] a quick start with reverse-engineering, though of course the MCU was protected (readout protection, or RDP) against firmware dumps, but the main firmware could be dumped from the eMMC without issues.

After this [Gary] had a heap of fun decrypting the firmware, which seems to always get loaded into the external octal SPI RAM before execution, as per the boot sequence (see featured image). This boot sequence offers a few possibilities for inserting one’s own (properly signed) contents. As it turns out via the USB route arbitrary firmware binaries can be loaded, which provided a backdoor to defeat RDP. Unfortunately the MCU is further locked down with Secure Access Mode, which prevents dumping the firmware again.

So far firmware updates for the Alarmo have not nailed shut the USB backdoor, making further reverse-engineering quite easy for the time being. If you too wish to hack your Alarmo and maybe add some feline charm, you can check [Gary]’s GitHub project.

FLOSS Weekly Episode 807: Bitten By The Penguin

October 30, 2024 by No comments

This week, Jonathan Bennett and Dan Lynch chat with Josh Bressers, VP of Security at Anchore, and host of the Open Source Security and Hacker History podcasts. We talk security, SBOMs, and how Josh almost became a Sun fan instead of a Linux geek.

https://opensourcesecurity.io
https://hackerhistory.com
https://infosec.exchange/@joshbressers
https://anchore.com

Continue reading “FLOSS Weekly Episode 807: Bitten By The Penguin”

Haiku OS’s Beta 5 Release Brings Us Into A New BeOS Era

October 30, 2024 by 28 Comments

The name BeOS is one which tends to evoke either sighs of nostalgia or blank stares, mostly determined by one’s knowledge of the 1990s operating system scene. Originally released in 1995 by Be Inc., it was featured primarily on the company’s PowerPC-based BeBox computers, as well as being pitched to potential customers including Apple, who was looking for a replacement for MacOS. By then running on both PowerPC and x86-based systems, BeOS remained one of those niche operating systems which even the free Personal Edition (PE) of BeOS Release 5 from 1998 could not change.

As one of the many who downloaded BeOS R5 PE and installed it on a Windows system to have a poke at it, I found it to be a visually charming and quite functional OS, but saw no urgent need to use it instead of Windows 98 SE or 2000. This would appear to have been the general response from the public, as no BeOS revival ensued. Yet even as BeOS floundered and Be Inc. got bought up, sold off and dissected for its parts, a group of fans who wanted to see BeOS live on decided to make their own version. First called OpenBeOS and now Haiku, it’s a fascinating look at a multimedia-centric desktop OS that feels both very 1990s, but also very modern.

With the recent release of the R1 Beta 5 much has been improved, which raises the interesting question of how close Haiku is to becoming a serious desktop OS contender.

Continue reading “Haiku OS’s Beta 5 Release Brings Us Into A New BeOS Era”

Use PicoGlitcher For Voltage Glitching Attacks

October 30, 2024 by 5 Comments

We see a fair few glitcher projects, especially the simpler voltage glitchers. Still, quite often due to their relative simplicity, they’re little more than a microcontroller board and a few components hanging off some wires. PicoGlitcher by Hackaday.IO user [Matthias Kesenheimer] is a simple voltage glitcher which aims to make the hardware setup a little more robust without getting caught up in the complexities of other techniques. Based on the Raspberry Pico (obviously!), the board has sufficient niceties to simplify glitching attacks in various situations, providing controllable host power if required.

A pair of 74LVC8T245 (according to the provided BoM) level shifters allow connecting to targets at voltages from 1.8 V to 5 V if powered by PicoGlitcher or anything in spec for the ‘245 if target power is being used. In addition to the expected RESET and TRIGGER signals, spare GPIOs are brought out to a header for whatever purpose is needed to control a particular attack. If a programmed reset doesn’t get the job done, the target power is provided via a TPS2041 load switch to enable cold starts. The final part of the interface is an analog input provided by an SMA connector.

The glitching signal is also brought out to an SMA connector via a pair of transistors; an IRLML2502 NMOS performs ‘low power’ glitching by momentarily connecting the glitch output to ground. This ‘crowbarring’ causes a rapid dip in supply voltage and upsets the target, hopefully in a helpful way. An IRF7807 ‘NMOS device provides a higher power option, which can handle pulse loads of up to 66A. Which transistor you select in the Findus glitching toolchain depends on the type of load connected, particularly the amount of decoupling capacitance that needs to be discharged. For boards with heavier decoupling, use the beefy IRF7807 and accept the glitch won’t be as sharp as you’d like. For other hardware, the faster, smaller device is sufficient.

The software to drive PicoGlitcher and the hardware design files for KiCAD are provided on the project GitHub page. There also appears to be an Eagle project in there. You can’t have too much hardware documentation! For the software, check out the documentation for a quick overview of how it all works and some nice examples against some targets known to be susceptible to this type of attack.

For a cheap way to glitch an STM8, you can just use a pile of wires. But for something a bit more complicated, such as a Starlink user terminal, you need something a bit more robust. Finally, voltage glitching doesn’t always work, so the next tool you can reach for is a picoEMP.

Continue reading “Use PicoGlitcher For Voltage Glitching Attacks”

Supercon 2023: Cuddly Companion Bots

October 30, 2024 by 4 Comments

Even in the advanced world of 2024, robots are still better in science fiction than in reality. Star Trek gave us the erudite and refined Data, Rogue One gave us the fierce yet funny K-2SO, and Big Hero 6 gave us the caring charmer named Baymax. All these robots had smarts, capability, and agency. More than that, though—they were faithful(ish) companions to humans, fulfilling what that role entails.

The thing is, we’re not gonna get robots like that unless somebody builds them. [Angela Sheehan] is a artist and an educator, and a maker—and she’s trying to create exactly that. She came down to the 2023 Hackaday Supercon to tell us all about her efforts to create cuddly companion bots for real.

Continue reading “Supercon 2023: Cuddly Companion Bots”

Portable Solder Paste Station Prevents Smears With Suction

October 30, 2024 by 30 Comments

Applying solder paste to a new custom PCB is always a little nerve-racking. One slip of the hand, and you have a smeared mess to clean up. To make this task a little easier, [Max Scheffler] built the Stencil Fix Portable, a compact self-contained vacuum table to hold your stencil firmly in place and pop it off cleanly every time.

The Stencil Fix V1 used a shop vac for suction, just like another stencil holder we’ve seen. The vacuum can take up precious space, makes the jig a little tricky to move, and bumping the hose can lead to the dreaded smear and colorful language. To get around this [Max] added a brushless drone motor with a 3D printed impeller, with a LiPo battery for power. The speed controller gets its PWM signal from a little RP2040 dev board connected to a potentiometer. [Max] could have used a servo tester, but he found the motor could be a little too responsive and would move the entire unit due to inertia from the impeller. The RP2040 allowed him to add a low pass filter to eliminate the issue. The adjustable speed also means the suction force can be reduced a little for easy alignment of the stencil before locking it down completely.

We love seeing tool projects like these that make future projects a little easier. Fortunately, [Max] made the designs available so you can build your own.

Continue reading “Portable Solder Paste Station Prevents Smears With Suction”