Finding Undocumented 8086 Instructions Via Microcode

July 17, 2023 by Al Williams 23 Comments

Video gamers know about cheat codes, but assembly language programmers are often in search of undocumented instructions. One way to find them is to map out all of a CPU’s opcodes and where there are holes, try those values, and see what happens. Not good enough for [Ken Shirriff]. He prefers examining the CPU’s microcode and deducing what each part of it does.

Microcode is a feature of many modern CPUs. The CPU runs several “microcode” instructions to process a single opcode. For the Intel 8086, there are 512 micro instructions, each with 21 bits. Each instruction has two parts: a part that moves a source to a destination and another that performs some other operation, such as an ALU operation. [Ken] explains it all in the post, including several hidden registers you can’t see, but the microcode can.

Searching for holes in the opcode table.

Some of the undocumented instructions are probably not useful. They are either impractical or duplicate a function you can already do another way. Not all of the instructions are there for technical reasons. For example, opcode D6, commonly known as SALC for “Set AL to Carry”, seems to exist only as a trap for anyone making a carbon copy of Intel’s microcode. When other companies like NEC made 8086 clones, having an undocumented instruction would strongly suggest they just copied Intel’s intellectual property (in NECs case, they didn’t).

Other cases happen where an instruction just doesn’t make sense. For example, you can pop all segment registers, and though it is not documented, you can deduce that POP CS should be opcode 0F. The problem is there is no sane reason to pop CS off the stack. The instruction works; it just isn’t useful. The opcodes from 60-6F are conditional jumps that are no different from the instructions at 70-7F because of decoding. There is no reason to document both identical instruction ranges.

The plot thickens when you go to two-byte instructions. You’ll find plenty of instructions of dubious value. You don’t hear much about undocumented instructions anymore. Why? Because modern CPUs have enough circuitry to dedicate some to detecting illegal instructions and halting the CPU. But the 8086 was squeezed too tight to allow for such a luxury. Good thing for people like us who enjoy solving puzzles.

You can still get a modern CPU to tell you more about instructions even if it won’t run them. Even the 80286 had some secret opcodes.

DIY Laser For Ablating Metal

July 17, 2023 by Bryan Cockfield 51 Comments

For those who wish to go beyond through-hole construction on perfboard for their circuit boards, a printed circuit board is usually the next step up. Allowing for things like surface-mount components, multi-layer boards, and a wider array of parts, they are much more versatile but do have a slight downside in that they are a little bit harder to make. There are lots of methods for producing them at home or makerspace, though, and although we’ve seen plenty of methods for their production like toner transfer, photoresist, and CNC milling, it’s also possible to make them using laser ablation, although you do need a special laser to get this job done.

The problem with cutting copper is that it reflects infra-red, so a higher-wavelength ~~blue~~ green laser is used instead. And because you want to ablate the copper, but not melt the surrounding areas or cut straight through the board, extremely short, high-power pulses are the way to go. Here, the [Munich Fab Lab] is using 9 kW pulses of around 30 microseconds each. With these specifications the copper is ablated from the surface of the board allowing for fine details in the range of about 20 µm, which is fine enough for just about any circuit board. The design of the laser head itself is worth a look.

Aside from the laser, the rest is standard CNC machine fodder, but with an emphasis on safety that’s appropriate for a tool in a shared workspace, and the whole project is published under an open license and offers an affordable solution for larger-scale PCB production with extremely fine resolution and without the need for any amounts of chemicals for the more common PCB production methods. There is a lot more information available on the project’s webpage and its GitHub page as well.

Of course, there are other methods of producing PCBs by laser if you happen to have a 20 W fiber laser just kicking around.

Illumos Gets A New C Compiler

July 16, 2023 by Al Williams 15 Comments

Illumos is an OpenSolaris-derived Unix system, and no Unix is complete without a C compiler or two. And with a name like Portable C Compiler (PCC), you would think that would be a great bet to get up and running on Illumos. That’s probably what [Brian Callahan] thought, too, but found out otherwise.

PCC already generates x86 code, so that wasn’t the problem. It was a matter of reconfiguring the compiler for the environment, ironic since PCC probably started on true Unix but now won’t work with 64-bit Solaris-like operating system. According to the post:

It looks like some time ago someone added configuration for 32-bit x86 and SPARC64 support for the Solaris family. But no one ever tried to support 64-bit x86. So first we had to teach the configure script for both pcc and pcc-libs that 64-bit x86 Solaris

Continue reading “Illumos Gets A New C Compiler” →

Improving Ocean Power With Static Electricity

July 16, 2023 by Al Williams 19 Comments

Water is heavy, so if you think about it, a moving ocean wave has quite a bit of energy. Scientists have a new way to use triboelectric generators to harvest that power for oceangoing systems. (PDF) Triboelectric nanogenerators (TENGs) are nothing new, but this new approach allows for operation where the waves have lower amplitude and frequency, making traditional systems useless.

The new approach uses a rotor and a stator, along with some aluminum, magnets, and — no kidding — rabbit fur. The stator is 3D printed in resin. The idea is to mechanically accumulate and amplify small low-frequency waves into high-frequency motion suitable for triboelectric generation.

Continue reading “Improving Ocean Power With Static Electricity” →

Hackaday Links: July 16, 2023

July 16, 2023 by Dan Maloney 26 Comments

Last week, we noted an attempt to fix a hardware problem with software, which backfired pretty dramatically for Ford when they tried to counter the tendency for driveshafts to fall out of certain of their cars by automatically applying the electric parking brake.

This week, the story is a little different, but still illustrates how software and hardware can interact unpredictably, especially in the automotive space. The story centers on a 2015 Optima recall for a software update for the knock sensor detection system. We can’t find the specifics, but if this recall on a similar Kia model in the same model year range and a class-action lawsuit are any indication, the update looks like it would have made the KSDS more sensitive to worn connecting rod damage, and forced the car into “limp home mode” to limit damage to the engine if knocking is detected.

A clever solution to a mechanical problem? Perhaps, but because the Kia owner in the story claims not to have received the snail-mail recall notice, she got no warning when her bearings started wearing out. Result: a $6,000 bill for a new engine, which she was forced to cover out of pocket. Granted, this software fix isn’t quite as egregious as Ford’s workaround for weak driveshaft mounting bolts, and there may very well have been a lack of maintenance by the car’s owner. But if you’re a Kia mechanical engineer, wouldn’t your first instinct have been to fix the problem causing the rod bearings to wear out, rather than papering over the problem with software?

Continue reading “Hackaday Links: July 16, 2023” →

Halbach Array Makes Magnets Strong, Weak

July 16, 2023 by Al Williams 15 Comments

If you want a strong magnet, the obvious answer is to buy one. However, for a variety of reasons, you might want to combine several smaller magnets. There are a few ways to do this, but the Halbach array, as [wannabemadsci] explains, allows you to make an array of magnets where one side is very strong, and the other side is very weak.

The example uses a 3D-printed housing and five cube magnets. To form a Halbach array, the poles of the magnets are in a specific orientation that effectively rotates ninety degrees for each — in this case — cube.

Continue reading “Halbach Array Makes Magnets Strong, Weak” →

two USBValve devices on a table, both with a USB cable plugged in. The top one with a long narrow OLED display and the bottom one with a 128x64 OLED display.

Sleuth Untrusted USB Communication With USBValve

July 16, 2023 by Abe Connelly 11 Comments

USB devices are now ubiquitous and, from an information security standpoint, this is a terrifying prospect as malicious software can potentially be injected into a system by plugging in a compromised USB stick. To help get some piece of mind, [Cesare Pizzi] created USBValve to help expose suspicious USB activity on the fly.

The idea behind USBValve is to have the onboard microcontroller advertise itself as a storage device, pretending to have a filesystem with some common files available. When an unknown USB device is first inserted into the USB port on the USBValve tool, USBValve displays usage information, via the attached OLED screen, on whether the USB device is accessing files it shouldn’t be or immediately trying to write to the filesystem, which is a clear sign of malicious behavior.

The USBValve hardware is a straight forward composition of a Raspberry Pi Pico, an tiny I2C OLED screen and an optional PCB carrier board with a 3D printed spacer. The software uses Adafruit’s Tiny USB library along with the SSD1306AsciiWire library to drive the OLED display. And it’s all open source, including the code and PCB design files.

There’s a lot of security fun to be had with USB, from DIY dirt cheap Rubber Duckies to open source hardware Rubber Duckies, to discussions on the BadUSB exploits. The simplicity of the USBValve project allows it to be low cost, easy to use and can provide concise, critical information for a variety of real world threats.

After the break, be sure to check out [Cesare Pizzi]’s talk about USBValve at the SCC Insomnihack conference which has a wealth of information on how it fares against some known malware attacks, discussions on some of its shortcomings and potential avenues for improvement.

Thanks to [watchdog] for the tip!

Continue reading “Sleuth Untrusted USB Communication With USBValve” →