Shmoocon 2017: On Not Reverse Engineering Through Emulation

January 14, 2017 by Brian Benchoff 12 Comments

Right now, I’m at Shmoocon, and it’s living up to all expectations. That’s a tall order — last year, the breakout talk was from [Travis Goodspeed] on his efforts to reverse engineer the firmware for a cheap Chinese radio. Four people in the room for that talk last year bought the radio on Amazon, and now there’s a legitimate open source project dedicated to building firmware and tools to support this radio.

Now that [Travis] has a few compatriots working on firmware for this radio, he has the same challenges as any other team. The project needs unit tests, and this isn’t easy to do when all the code is locked up inside a radio. Instead of setting up an entire development platform based around a cheap radio, [Travis] came up with a toolchain that’s unlike anything I’ve ever seen. Instead of reverse engineering the firmware for this radio, he’s simply emulating the ARM firmware on the desktop. Development is quick and easy, and he has the live demos to prove it.

The heart of the Tytera radio in question is an STM32F405. This is a pretty common part, and thanks to [Travis]’ work last year, he has all the firmware that ships on this radio. This doesn’t mean he has access to all the radio’s capabilities, though; there’s a black box in the code somewhere that translates .wav files to radio packets and back again. Open sourcing this would usually mean reverse engineering, but [Travis] had a better idea.

Instead of reverse engineering the entire radio, [Travis] is using QEMU to emulate an ARM microcontroller on his desktop, run the relevant code, and completely ignore any actual reverse engineering. Since this radio is already jailbroken and the community has a pretty good idea of where all the functions and subroutines are in the firmware, the most difficult part of pulling this trick off is setting up QEMU.

As a proof of concept, [Travis] downloaded raw AMBE packets from the radio to his laptop. These were then sent through the emulated radio, producing raw audio that was then converted into a .wav file. Effectively, a black box in this radio was emulated, which means [Travis] doesn’t need to know how the black box works.

All the code for this weird emulation / unit test, as well as everything the community has released for this radio is available on the GitHub. A lot of work has gone into the jailbreaking, reverse engineering, and emulation efforts here, making this radio somewhat ironically one of the most open radios you can buy.

Sophi Kravitz: State Of The IO

January 12, 2017 by Mike Szczys 17 Comments

At the Hackaday SuperConference in November, Sophi Kravitz had the chance to look back on the past year of Hackaday.io, and what a great year it has been. Hackaday.io now has over 178k members who have published 12.6k projects with about 10% of those being collaborative team projects. But the numbers tell just a small story of the vibrant community Hackaday has.

Continue reading “Sophi Kravitz: State Of The IO” →

Bring Your Palm VII To ShmooCon This Weekend

January 12, 2017 by Brian Benchoff 29 Comments

We’re not even halfway through January, and already the conference season is upon us. This weekend, Hackaday will be attending Shmoocon at the Hilton in Washington, DC. I’ll be there getting the full report on Russian hackers, reverse engineering, and what the beltway looks like with an ice storm during morning rush hour.

What’s in store for Shmoocon attendees? The schedule looks really cool with talks on something like inline assembly in Python, tools for RF reverse engineering, manufacturing and selling a U2F token, emulating ARM firmware, and so much more. Want to attend Shmoocon? Too bad! Tickets sold out in less than 10 seconds, and we’re totally not going to talk about the BOTS Act at all. If you’re clever you can still pick up a barcode on Craigslist for $300-400, but I wouldn’t recommend that.

As we did last year, Hackaday is going to have a lobbycon with Dunkin Saturday morning at 08:30, although which lobby is still up in the air. Check out the Hackaday Twitter for a few real-time updates. This is a bring-a-hack event, and I’ll be showing off how to add 18dBi of gain to a standard ESP8266 module. Show off what you’re working on and get a donut.

What Makes The Perfect Hardware Badge

January 10, 2017 by Mike Szczys 10 Comments

There are only a handful of people who can say they’ve built several successful electronic badges for conferences. Voja Antonic is not just on that list, he’s among the leaders in the field. There are a lot of pressures in this type of design challenge: aesthetics, functionality, and of course manufacturability. If you want to know how to make an exposed-PCB product that will be loved by the user, you need to study Voja’s work on the 2016 Hackaday SuperConference Badge. The badge is completely open, with all the design files, firmware, and a manual on the badge project page.

Between travelling from Belgrade to Pasadena and guiding production of 300 badges across the finish line before the conference deadline Voja took ill. He made it to the conference but without a voice he asked me to give his badge design talk for him. You can check that talk out below but let’s touch briefly on why Voja’s design is so spectacular.

Continue reading “What Makes The Perfect Hardware Badge” →

The 3D Printers Of CES

January 10, 2017 by Brian Benchoff 30 Comments

CES is over, and now we can take a step back, distance ourselves from the trade show booths, and figure out where 3D printing will be going over the next year.

The Hype Cycle is a great way to explain trends in fads and technological advances. VR and autonomous cars are very early on the Hype Cycle right now. Smartphones are on the plateau of productivity. 3D printing is head-down in the trough of disillusionment.

For this year’s CES, 3D printing is not even a product category. In fact, the official documentation I found at Prusa’s booth listed their company in the ‘Assistive Technologies’ category. These are dark days for the public perception of 3D printing. The source of this perception can be brilliantly presented in a pair of graphs:

The perception of 3D printing has been tied inexorably to Makerbot. Makerbot presented the only 3D printer on The Colbert Report. Only Makerbot had their 3D printing storefronts featured on CNN. It’s been like this for half a decade, and hopefully things will get better.

This doesn’t mean 3D printing isn’t improving. In fact, it’s the best it’s ever been. CES had the most innovative printers I’ve seen in years. I caught a glimpse of this year’s top-selling printer (and it launches in April). Resin machines are going to be very popular soon. What did CES have to offer? Check it out below.

Continue reading “The 3D Printers Of CES” →

CES2017: Which Internet Of Thing Is Best Internet Of Thing?

January 9, 2017 by Brian Benchoff 17 Comments

CES 2017 is finally over, but one question has yet to be answered: which Internet of Thing is Best Internet of Thing?

Continue reading “CES2017: Which Internet Of Thing Is Best Internet Of Thing?” →

David Krum: The Revolution In Virtual Reality

January 9, 2017 by Elliot Williams 18 Comments

[David Krum] is associate lab director at the Mixed Reality Lab at the Institute for Creative Technologies at USC. That puts him at the intersection of science and engineering: building cool virtual reality (VR) devices, and using science to figure out what works and what doesn’t. He’s been doing VR since 1998, so he’s seen many cool ideas come and go. His lab was at the center of the modern virtual reality explosion. Come watch his talk and see why!