Shmoocon 2016: Efficient Debugging For OS X

January 19, 2016 by Brian Benchoff 27 Comments

Developers love their macs, and if you look at the software that comes with it, it’s easy to see why. OS X is a very capable Unix-ey environment that usually comes on very capable hardware. There is one, huge, unbelievable shortcoming in OS X: the debugger sucks. GDB, the standard for every other platform, doesn’t come with OS X and Apple’s replacement, LLDB is very bad. After crashing Safari one too many times, [Brandon Edwards] and [Tyler Bohan] decided they needed their own debugger, so they built one, and presented their work at last weekend’s Shmoocon.

Building a proper tool starts with a survey of existing tools, and after determining that GDB was apparently uninstallable and LLDB sucked, their lit review took a turn for the more esoteric. Bit Slicer is what they landed on. It’s a ‘game trainer’ or something that allows people to modify memory. It sort of works like a debugger, but not really. VDB was another option, but again this was rough around the edges and didn’t really work.

The problems with the current OS X debuggers is that the tools used by debuggers don’t really exist. ptrace is neutered, and the system integrity protection in OS X El Capitan has introduced protected locations that can not be written to by root. Good luck modifying anything in /Applications if you have any recent Mac.

With the goal of an easy-to-use debugger that was readily scriptable, [Brandon] and [Tyler] decided to write their own debugger. They ended up writing the only debugger they’ve seen that is built around kqueue instead of ptrace. This allows the debugger to be non-invasive to the debugged process, inject code, and attach to multiple processes at once.

For anyone who has every stared blankly at the ‘where is GDB’ Stack Overflow answers, it’s a big deal. [Brandon] and [Tyler] have the beginnings of a very nice tool for a very nice machine.

Hackaday At SCaLE 14x

January 19, 2016 by Brian Benchoff 2 Comments

Next weekend we’ll be at the fourteenth annual Southern California Linux Expo, a fantastic four-day event that covers everything from Apache to PHP, installing Ubuntu on old laptops, people who have their control key just to the right of their left hand pinky as god intended, and something about how much Linux sucks.

The event will feature 150 exhibitors, 130 sessions, tutorials, amateur radio tests, and features keynotes from Mark Shuttleworth, Cory Doctorow, and Sarah Sharp. It is the largest community-run open source and free software conference in North America.

The Hackaday crew will be there makin’ it rain stickers, but that’s not all: Supplyframe, the Hackaday overlords, is sponsoring Game Night at SCaLE. Saturday night will be filled with vintage video games, Nerf artillery, Settlers of Catan, Fireball Island (if someone can find it), and a hacker show and tell. This year is the inaugural SCaLE museum. The theme is Rise of the Machines: A Living Timeline, and will display historic engineering, computing devices, and clever gadgets.

If you’re in the area on Thursday, We’ll also be having a meet and greet at the soon-to-be-finished Supplyframe Design Lab in Pasadena. We only recently got the paperwork to have people in the space, so if you’d like to have a few drinks, have a few snacks, and look at a Tormach, come on over.

Basically, Its Minecraft

January 19, 2016 by Al Williams 40 Comments

[SethBling] really likes Minecraft. How can you tell? A quick look at his YouTube channel should convince you, especially the one where he built a full-blown BASIC interpreter in Minecraft. It is not going to win any speed races, as you might expect, but it does work.

For novelty and wow factor, this is amazing. As a practical matter, it is hard to imagine the real value since there are plenty of ways a new programmer could get access to BASIC. Still, you have to admire the sheer audacity of making the attempt. One Hackaday poster (who shall remain nameless) once won a case of beer by betting someone he or she could write a BASIC compiler in BASIC, so we aren’t sticklers for practicality.

Continue reading “Basically, Its Minecraft” →

Developed On Hackaday : HaDge Update – It’s A HACK

January 19, 2016 by Anool Mahidharia 23 Comments

Work on HaDge – the Hackaday con badge, continues in bits and spurts, and we’ve had some good progress in recent weeks. HaDge will be one conference badge to use at all conferences, capable of communicating between badges.

Picking up from where we left off last time, we had agreed to base it around the Atmel D21, a 32-bit ARM Cortex M0+ processor. To get some prototype boards built to help with software development, we decided to finish designing the HACK before tackling HaDge. HACK is a project that [Michele Perla] started that we have sort of assimilated to act as the prototyping platform for HaDge. We wanted a compact micro-controller board and hence opted for the SAM D21E – a 32 pin package with 26 IO’s.

[Michele Perla] had earlier designed HACK based on the larger 32 pin SAM D21G and used Eagle to draw the schematic and layout. Using the Eagle to KiCad script, he quickly converted the project and got on to making the board layout. I took up the rear guard, and worked on making his schematic (pdf) “pretty” and building up a schematic library of symbols. While [Michele] finished off the board layout, I worked on collecting STEP models for the various footprints we would be using, most of which I could get via 3dcontentcentral.com. The few I couldn’t were built from scratch using FreeCAD. The STEP models were converted to VRML using FreeCAD. Using [Maurice]’s KiCad Stepup script, we were able to obtain a complete STEP model of the HACK board.

HACK is now ready to go for board fabrication and assembly. We plan to get about 20 boards made and hand them out to developers for working on the software. The GitHub repository has all the current files for those who’d like to take a look – it includes the KiCad source files, PDFs, gerbers, data sheets and images. The board will be breadboard compatible and also have castellated pads to allow it to be soldered directly as a module. Let us know via group messaging on the HACK project page if you’d like to get involved with either the software or hardware development of HaDge.

In a forthcoming post, we’ll put out ideas on how we plan to take forward HaDge now that HACK is complete. Stay tuned.

J.C. Bose And The Invention Of Radio

January 19, 2016 by Dan Maloney 68 Comments

The early days of electricity appear to have been a cutthroat time. While academics were busy uncovering the mysteries of electromagnetism, bands of entrepreneurs were waiting to pounce on the pure science and engineer solutions to problems that didn’t even exist yet, but could no doubt turn into profitable ventures. We’ve all heard of the epic battles between Edison and Tesla and Westinghouse, and even with the benefit of more than a century of hindsight it’s hard to tell who did what to whom. But another conflict was brewing at the turn of 19th century, this time between an Indian polymath and an Italian nobleman, and it would determine who got credit for laying the foundations for the key technology of the 20th century – radio.

Continue reading “J.C. Bose And The Invention Of Radio” →

Shmoocon 2016: Reverse Engineering Cheap Chinese Radio Firmware

January 19, 2016 by Brian Benchoff 128 Comments

Every once in a great while, a piece of radio gear catches the attention of a prolific hardware guru and is reverse engineered. A few years ago, it was the RTL-SDR, and since then, software defined radios became the next big thing. Last weekend at Shmoocon, [Travis Goodspeed] presented his reverse engineering of the Tytera MD380 digital handheld radio. The hack has since been published in PoC||GTFO 0x10 (56MB PDF, mirrored) with all the gory details that turn a $140 radio into the first hardware scanner for digital mobile radio.

The Tytera MD380 is a fairly basic radio with two main chips: an STM32F405 with a megabyte of Flash and 192k of RAM, and an HR C5000 baseband. The STM32 has both JTAG and a ROM bootloader, but both of these are protected by the Readout Device Protection (RDP). Getting around the RDP is the very definition of a jailbreak, and thanks to a few forgetful or lazy Chinese engineers, it is most certainly possible.

The STM32 in the radio implements a USB Device Firmware Upgrade (DFU), probably because of some example code from ST. Dumping the memory from the standard DFU protocol just repeated the same binary string, but with a little bit of coaxing and investigating the terrible Windows-only official client application, [Travis] was able to find non-standard DFU commands, write a custom DFU client, and read and write the ‘codeplug’, an SPI Flash chip that stores radio settings, frequencies, and talk groups.

Further efforts to dump all the firmware on the radio were a success, and with that began the actual reverse engineering of the radio. It runs an ARM port of MicroC/OS-II, a real-time embedded operating system. This OS is very well documented, with slightly more effort new functions and patches can be written.

In Digital Mobile Radio, audio is sent through either a public talk group or a private contact. The radio is usually set to only one talk group, and so it’s not really possible to listen in on other talk groups without changing settings. A patch for promiscuous mode – a mode that puts all talk groups through the speaker – is just setting one JNE in the firmware to a NOP.

The Tytera MD-830 ships with a terrible Windows app used for programming the radio — The Tytera MD-380 ships with a terrible Windows app used for programming the radio

With the help of [DD4CR] and [W7PCH], the entire radio has been reverse engineered with rewritten firmware that works with the official tools, the first attempts of scratch-built firmware built around FreeRTOS, and the beginnings of a very active development community for a $140 radio. [Travis] is looking for people who can add support for P25, D-Star, System Fusion, a proper scanner, or the ability to send and receive DMR frames over USB. All these things are possible, making this one of the most exciting radio hacks in recent memory.

Before [Travis] presented this hack at the Shmoocon fire talks, intuition guided me to look up this radio on Amazon. It was $140 with Prime, and the top vendor had 18 in stock. Immediately after the talk – 20 minutes later – the same vendor had 14 in stock. [Travis] sold four radios to members of the audience, and there weren’t that many people in attendance. Two hours later, the same vendor had four in stock. If you’re looking for the best hardware hack of the con, this is the one.

Why No Plane Parachutes? And Other Questions.

January 19, 2016 by Nava Whiteford 54 Comments

This week I was approached with a question. Why don’t passenger aircraft have emergency parachutes? Whole plane emergency parachutes are available for light aircraft, and have been used to great effect in many light aircraft engine failures and accidents.

But the truth is that while parachutes may be effective for light aircraft, they don’t scale. There are a series of great answers on Quora which run the numbers of the size a parachute would need to be for a full size passenger jet. I recommend reading the full thread, but suffice it to say a ballpark estimate would require a million square feet (92903 square meters) of material. This clearly isn’t very feasible, and the added weight and complexity would no doubt bring its own risks.

Continue reading “Why No Plane Parachutes? And Other Questions.” →