[Sprite_TM] OHM2013 Talk: Hacking Hard Drive Controller Chips

August 2, 2013 by 16 Comments

Even if he hadn’t done any firmware hacking on this hard drive [Sprite_TM’s] digital exploration of the controller is fascinating. He gave a talk at this year’s Observe, Hack, Make (OHM2013) — a non-commercial community run event in the Netherlands and we can’t wait for the video. But all the information on how he hacked into the three-core controller chip is included in his write up.

[Sprite_TM] mentions that you’re not going to find datasheets for the controllers on these drives. He got his foot in the door after finding a JTAG pinout mentioned on a forum post. The image above shows his JTAG hardware which he’s controlling with OpenOCD. This led him to discover that there are three cores inside the controller, each used for a different purpose. The difference between [Sprite_TM’s] work and that of mere mortals is that he has a knack for drawing surprisingly accurate conclusions from meager clues. To see what we mean check out the memory map for the second core which he posted on page 3 of his article.

Using JTAG he was able to inject a jump into the code (along with a filler word to keep the checksum valid) and run his own code. To begin the firmware hacking portion of the project he pulled the flash ROM off of the board and installed it on that little board sticking out on the left. This made it easy for him to backup and reflash the chip. Eventually this let him pull off the same proof of concept as a firmware-only hack (no JTAG necessary). He goes onto detail how an attacker who has root access could flash hacked firmware which compromises data without any indication to they system admin or user. But we also like his suggestion that you should try this out on your broken hard drives to see if you can reuse the controllers for embedded projects. That idea is a ton a fun!

When we were poking around the OHM2013 website (linked above) we noticed that the tickets are sold out; good for them! But if you were still able to buy them they take Bitcoin as one payment option. Are there any other conferences that allow Bitcoin for registration?

Building A Hard Drive Scratch Controller

August 2, 2013 by 12 Comments

hard-disk-scratch-controller

If you’re reading this blog then chances are you have a dead hard drive hanging out somewhere in your house. Here’s a weekend project that will put it back into use. [Andreas] took on the popular project which combines a hard drive and optical mouse to build a scratch controller.

The gist of the build is that you use an optical mouse sensor to track the movement of the platter. But [Andreas] made things harder on himself by not using the USB capability of the mouse and mapping it in software for his needs. Instead he plucked the sensor from the mouse, reading it using an Arduino. After much trial and error with the best way to coat the underside of the platter to play nicely with the sensor he managed to get it up and running. The controller issues commands using the MIDI protocol, forming a strong foundation for future upgrades which could lead to a full-blown DJ console hack.

Continue reading “Building A Hard Drive Scratch Controller”

Printing An Aston Martin DB4

August 2, 2013 by 27 Comments

CAR

With 3D printers finding their way into the workshops of makers the world over, it was bound to happen sooner or later. [Ivan Sentch] is making an Aston Martin DB4 with a 3D printer.

Before we board the hype train, let’s go over what this is project is not: [Ivan] isn’t making any metal parts with his 3D printer, and the chassis and engine will be taken from a donor car. Also, the printed plastic parts won’t actually make their way into the final build; the 3D printed body panels will be used to pull the final panels in fiberglass. That being said, it’s still an impressive undertaking that’s going to cost [Ivan] $2250 NZD in plastic alone.

[Ivan]’s body panels are made by taking a DB4 model in Solidworks, slicing it up into 105mm squares, giving each square extruded sides, and finally securing them to the wooden form after the parts are printed. There’s still an awful lot of work to be done once the 3D printed parts are all glued together, but it’s still an amazingly impressive – and cheap – way to create a replica of a very famous automobile.

BeagleBone SensorCape Lets You Measure Just About Anything

August 2, 2013 by 24 Comments

beaglebone-sensor-cape

Here’s another entry in the 2013 Intern Design Challenge which motivates summer Interns at Texas Instruments to build something cool for one of a handful of embedded platforms. This entry, developed by [Michael Leonard] is a cape for the BeagleBone Black which has footprints for a bunch of different sensors.

Use it to turn your BeagleBone into a weather station by populating the temperature, pressure, and humidity sensors. Or perhaps you’d prefer an IMU for your next quadcopter by populating the MPU-9150 chip on the pad labeled ‘9-Axis’. This part is an accelerometer, gyroscope, and digital compass all in one. There’s also room for a light sensor and an IR remote control receiver, with the large square pads on the right servung as breakouts for input buttons. If you want all the nitty-gritty on the sensors he designed for [Michael’s] done a great job of compiling a reference manual for the board.

[Michael] didn’t send us a link until he saw the retro-gaming cape we featured on Tuesday. Come on people! Don’t hide in the basement and build stuff unless you’re going to tell us about it.

Continue reading “BeagleBone SensorCape Lets You Measure Just About Anything”

Hackaday At DEF CON 21

August 1, 2013 by 30 Comments

DEF CON 21 Badge

I’ve arrived at the Rio Casino in Las Vegas, Nevada for DEF CON 21. Over the next couple of days, I’ll be talking about what I get up to here.

The main event today is registration, which means getting a neat badge. This year’s badge was designed by [Ryan Clarke]. According to the DEF CON booklet, they are “non-electronic-electronic” badges this year, and DEF CON will be alternating between electronic badges every other year.

The playing card design is printed on a PCB, and uses the silkscreen, solder mask, and copper layers to provide three colors for the artwork. The badge is a crypto challenge, featuring some cryptic characters, numbers, and an XOR gate. I don’t have any ideas about it yet, but some people are already working hard on cracking the code.

Tomorrow, I’ll be heading to a few talks including one on hacking cars that we discussed earlier, and one on decapping chips. I’ll also be checking out some of the villages. The Tamper Evident Village is premiering this year, and they’ll be showing off a variety of tamper proofing tech. I’ll also try to get to the Beverage Cooling Contraption Contest, where competitors build devices to cool beverages (ie, beer) as quickly as possible.

If you have any DEF CON tips, let me know in the comments.

How To Use CoIDE With LPCXpresso Board

August 1, 2013 by 13 Comments

lpcxpresso-coocox

[James Lynch] picked up an LPCXpresso board because he wanted play around with ARM processors. The board, which is shown on the right, provides everything you need to get started. It even ships with a free IDE. But unfortunately the free version of that Code Red IDE is size limited. If he wanted to remove the restriction he would have to pony up $999 for a licensed version. A company might not think twice about this payment, but in the hobby realm that’s simply out of the question. Instead, [James] figured out how to use the CooCox programmer with the LPCXpresso hardware. To get at his 59-page guide on the process follow that link and hit the “Download Zip” button in the lower right for a copy of the PDF file.

The hack comes in two parts. First you need to alter the LPCXpresso board. There is a center line that separates the dev board form the debugger/programmer. These are connected with solder bridges between rows of a dual pin-header. [James] removed the bridges and added said pin header. This allows him to jumper the connections and use it as normal, or attach it to his CooCox programmer as seen above. The second part of the project walks through the process of getting the free CoIDE (also based on Eclipse) to compile and program code for the LPCXpresso.

We’ve seen this dev board here and there, notably in an oscilloscope build.

Blackhat: IOS Device Charger Exploit Installs And Activates Malware

August 1, 2013 by 31 Comments

ios-charger-malware

A team of researchers from Georgia Tech unveiled their findings yesterday at the Blackhat conference. Their topic is a power charger exploit that installs malware on iOS devices. Who would have thought that there’d be a security hole associated with the charging port on a device? Oh wait, after seeing hotel room locks exploited through their power jack this is an avenue that should be examined with all device security.

The demonstration used a charger and an BeagleBoard. Plugging in the charger is not enough to trigger the exploit, the user must unlock the screen while charging for it to go into action. But once that’s done the game is over. Their demo removes the Facebook app and replaces it with an infected impostor while leaving the icon in the same place on your home screen. They notified Apple of their findings and a patch will roll out with iOS7. So when would you plug your device into an untrusted charger? Their research includes a photo from an airport where an iPad is connected to the USB port of a public charging station.

The summary on the Blackhat site has download icons for the white paper and presentation slides. At the time of writing we had a hard time getting them to download but succeeded after several tries.