Peering Into A Running Brain: SDRAM Refresh Analyzed From Userspace

December 28, 2018 by Ted Yapo 7 Comments

Over on the Cloudflare blog, [Marek] found himself wondering about computer memory, as we all sometimes do. Specifically, he pondered if he could detect the refresh of his SDRAM from within a running program. We’re probably not ruining the surprise by telling you that the answer is yes — with a little more than 100 lines of C and help from our old friend the Fast Fourier Transform (FFT), [Marek] was able to detect SDRAM refresh cycles every 7818.6 ns, lining right up with the expected result.

The “D” in SDRAM stands for dynamic, meaning that unless periodically refreshed by reading and writing, data in the memory will decay. In this kind of memory, each bit is stored as a charge on a tiny capacitor. Given enough time (which varies with ambient temperature), this charge can leak away to neighboring silicon, turning all the 1s to 0s, and destroying the data. To combat this process, the memory controller periodically issues a refresh command which reads the data before it decays, then writes the data back to fully charge the capacitors again. Done often enough, this will preserve the memory contents indefinitely. SDRAM is relatively inexpensive and available in large capacity compared to the alternatives, but the drawback is that the CPU can’t access the portion of memory being refreshed, so execution gets delayed a little whenever a memory access and refresh cycle collide.

Chasing the Correct Hiccup

[Marek] figured that he could detect this “hiccup,” as he calls it, by running some memory accesses and recording the current time in a tight loop. Of course, the cache on modern CPUs would mean that for a small amount of data, the SDRAM would never be accessed, so he flushes the cache each time. The source code, which is available on GitHub, outputs the time taken by each iteration of the inner loop. In his case, the loop typically takes around 140 ns.

Hurray! The first frequency spike is indeed what we were looking for, and indeed does correlate with the refresh times.

The other spikes at 256kHz, 384kHz, 512kHz and so on, are multiplies of our base frequency of 128kHz called harmonics. These are a side effect of performing FFT on something like a square wave and totally expected.

As [Marek] notes, the raw data doesn’t reveal too much. After all, there are a lot of things that can cause little delays in a modern multitasking operating system, resulting in very noisy data. Even thresholding and resampling the data doesn’t bring refresh hiccups to the fore. To detect the SDRAM refresh cycles, he turned to the FFT, an efficient algorithm for computing the discrete Fourier transform, which excels at revealing periodicity. A few lines of python produced the desired result: a plot of the frequency spectrum of the lengthened loop iterations. Zooming in, he found the first frequency spike at 127.9 kHz, corresponding to the SDRAMs refresh period of 7.81 us, along with a number of other spikes representing harmonics of this fundamental frequency. To facilitate others’ experiments, [Marek] has created a command line version of the tool you can run on your own machine.

If this technique seems familiar, it may be because it’s similar the the Rowhammer attack we covered back in 2015, which can actually change data in SDRAM on vulnerable machines by rapidly accessing adjacent rows. As [Marek] points out, the fact that you can make these kinds of measurements from a userspace program can have profound security implications, as we saw with the meltdown and spectre attacks. We have to wonder what other vulnerabilities are lying inside our machines waiting to be discovered.

Thanks to [anfractuosity] for the tip!

Vintage Toys Live On Through 3D Printing

December 24, 2018 by Tom Nardi 5 Comments

We all have fond memories of a toy from our younger days. Most of which are still easy enough to get your hands on thanks to eBay or modern reproductions, but what if your childhood fancies weren’t quite as mainstream? What if some of your fondest memories involved playing with 1960’s educational games which are now so rare that they command hundreds of dollars on the second-hand market?

That’s the situation [Mike Gardi] found himself in recently. Seeing that the educational games which helped put him on a long and rewarding career in software development are now nearly unobtainable, he decided to try his hand at recreating them on his 3D printer. With his keen eye for detail and personal love of these incredible toys, he’s preserved them in digital form for future generations to enjoy.

His replica of “The Amazing Dr. Nim” needed to get scaled-down a bit in order to fit on your average desktop 3D printer bed, but otherwise is a faithful reproduction of the original injection molded plastic computer. The biggest difference is that his smaller version uses 10 mm (3/8 inch) steel ball bearings instead of marbles to actuate the three flip-flops and play the ancient game of Nim.

[Mike] has also created a replica of “Think-a-Dot”, another game which makes use of mechanical flip-flops to change the color of eight dots on the front panel. By dropping marbles in the three holes along the top of the game, the player is able to change the color of the dots to create various patterns. The aim of the game is to find the fewest number of marbles required to recreate specific patterns as detailed in the manual.

Speaking of which, [Mike] has included scans of the manuals for both games, and says he personally took them to a local shop to have them professionally printed and bound as they would have been when the games were originally sold. As such, the experience of owning one of these classic “computer” games has now been fully digitized and is ready to be called into corporeal form on demand.

This is really a fascinating way of preserving physical objects, and we’re interested to see if it catches on with other toys and games which otherwise might be lost to time. As storage capacities get higher and our ability to digitize the world around us improve, we suspect more and more of our physical world will get “backed up” onto the Internet.

Behold The WT-220: A ‘Clever’ VT-220 Terminal

December 20, 2018 by Donald Papp 27 Comments

[John Whittington] failed to win a bid for an old VT-220 serial terminal on eBay, so he decided to make his own version and improve it along the way. The result is the Whitterm-220 (or WT-220) which has at its core a Raspberry Pi and is therefore capable of more than just acting as a ‘dumb’ serial terminal.

Rear of the WT-220 with paint-filled laser engraving and all necessary connectors.

The enclosure is made from stacked panels of laser-cut plywood with an acrylic plate on the back for labels and connectors, where [John] worked paint into the label engravings before peeling off the acrylic’s protective film. By applying paint after laser-engraving but before peeling off the film, it acts as a fill and really makes the text pop.

Near the front, one layer of clear acrylic among the plywood layers acts as a light guide and serves as a power indicator, also doing double duty as TX/RX activity lights. When power is on, that layer glows, serving as an attractive indicator that doesn’t interfere with looking at the screen. When data is sent or received, a simple buffer circuit tied to the serial lines lights up LEDs to show TX or RX activity, with the ability to enable or disable this functionality by toggling a GPIO pin. A video overview is embedded below, where you can see the unit in action.

Continue reading “Behold The WT-220: A ‘Clever’ VT-220 Terminal” →

This 6502 Made From 74-Series Logic Can Run At 20 MHz

December 15, 2018 by Jenny List 26 Comments

If you always wished you could get closer to the hardware with the 6502 in your classic microcomputer you’re in luck, because [Drass] has created a beautiful implementation of a 6502 using TTL logic chips. What makes it special is that it sits on a very neat set of PCBs, and due to its use of 74AC series logic it can run at much higher speeds than the original. A 20 MHz 6502 would have been revolutionary in the mid-1970s.

Neat reworking of what looks to be a reversed bus.

Through a flying ribbon cable, it can plug directly into the 6502 socket on classic microcomputers, and the website shows it running a variety of software on a Commodore VIC20. There is also a custom SBC as part of the suite, so no need for a classic micro if you want to put the CPU through its paces. The boards are not quite perfect, the website has a picture of some very neat reworking where it appears that a bus has been applied to a chip in reverse, but it certainly has the feel of a professional design about it.

This is a very tidy 6502, but it’s not the first we’ve seen and neither is it the most dis-integrated. There is a fascinating world of 74 logic CPUs to be explored, so it’s difficult to pick only one other to show you.

Thanks [Jeff] for the tip.

RISC-V Will Stop Hackers Dead From Getting Into Your Computer

December 13, 2018 by Brian Benchoff 35 Comments

The greatest hardware hacks of all time were simply the result of finding software keys in memory. The AACS encryption debacle — the 09 F9 key that allowed us to decrypt HD DVDs — was the result of encryption keys just sitting in main memory, where it could be read by any other program. DeCSS, the hack that gave us all access to DVDs was again the result of encryption keys sitting out in the open.

Because encryption doesn’t work if your keys are just sitting out in the open, system designers have come up with ingenious solutions to prevent evil hackers form accessing these keys. One of the best solutions is the hardware enclave, a tiny bit of silicon that protects keys and other bits of information. Apple has an entire line of chips, Intel has hardware extensions, and all of these are black box solutions. They do work, but we have no idea if there are any vulnerabilities. If you can’t study it, it’s just an article of faith that these hardware enclaves will keep working.

Now, there might be another option. RISC-V researchers are busy creating an Open Source hardware enclave. This is an Open Source project to build secure hardware enclaves to store cryptographic keys and other secret information, and they’re doing it in a way that can be accessed and studied. Trust but verify, yes, and that’s why this is the most innovative hardware development in the last decade.

Continue reading “RISC-V Will Stop Hackers Dead From Getting Into Your Computer” →

The Space Station Has A Supercomputer Stowaway

December 10, 2018 by Tom Nardi 59 Comments

The failed launch of Soyuz MS-10 on October 11th, 2018 was a notable event for a number of reasons: it was the first serious incident on a manned Soyuz rocket in 35 years, it was the first time that particular high-altitude abort had ever been attempted, and most importantly it ended with the rescue of both crew members. To say it was a historic event is something of an understatement. As a counterpoint to the Challenger disaster it will be looked back on for decades as proof that robust launch abort systems and rigorous training for all contingencies can save lives.

But even though the loss of MS-10 went as well as possibly could be expected, there’s still far reaching consequences for a missed flight to the International Space Station. The coming and going of visiting vehicles to the Station is a carefully orchestrated ballet, designed to fully utilize the up and down mass that each flight offers. Not only did the failure of MS-10 deprive the Station of two crew members and the experiments and supplies they were bringing with them, but also of a return trip which was to have brought various materials and hardware back to Earth.

But there’s been at least one positive side effect of the return cargo schedule being pushed back. The “Spaceborne Computer”, developed by Hewlett Packard Enterprise (HPE) and NASA to test high-performance computing hardware in space, is getting an unexpected extension to its time on the Station. Launched in 2017, the diminutive 32 core supercomputer was only meant to perform self-tests and be brought back down for a full examination. But now that its ticket back home has been delayed for the foreseeable future, NASA is opening up the machine for other researchers to utilize, proving there’s no such thing as a free ride on the International Space Station.

Continue reading “The Space Station Has A Supercomputer Stowaway” →

Teensy Liberates The ThinkPad Keyboard

December 4, 2018 by Tom Nardi 39 Comments

[Frank Adams] liked the keyboard on his Lenovo ThinkPad T61 so much that he decided to design an adapter so he could use it over USB with the Teensy microcontroller. He got the Trackpoint working, and along the way managed to add support for a number of other laptop boards as well. Before you know it, he had a full-blown open source project on his hands. Those projects can sneak up on you when you least expect it…

The first step of the process is getting your laptop keyboard of choice connected up to the Teensy, but as you might expect, that’s often easier said than done. They generally use a flexible printed circuit (FPC) “ribbon cable” of some type, but may also be terminated in any number of weirdo connectors. [Frank] goes over the finer points of getting these various keyboards connected to his PCB, from searching the usual suspects such as Aliexpress and Digikey for the proper connector to throwing caution to the wind and cutting off problematic nubs and tabs to make it fit.

You might be on your own for figuring out the best way to connect your liberated keyboard up, but [Frank] has done his part by designing a few PCBs which handle routing the appropriate connections to the Teensy LC or 3.2 microcontroller. He’s such a swell guy he’s even written the firmware for you. As of right now there’s currently a dozen keyboards supported by his software and hardware setup, but he also gives tips on how to get the firmware modified for your own board if you need to.

It should come as no surprise that it was a Thinkpad keyboard that got [Frank] going down this path; as we’ve documented over the years, hackers love their Thinkpads. From fitting them with more modern motherboards to going full on matryoshka and putting a second computer inside of one, it’s truly the laptop that launched a thousand hacks.

Continue reading “Teensy Liberates The ThinkPad Keyboard” →