Remoticon 2021 // Colin O’Flynn Zaps Chips (And They Talk)

One of the many fascinating fields that’s covered by Hackaday’s remit lies in the world of hardware security, working with physical electronic hardware to reveal inner secrets concealed in its firmware. Colin O’Flynn is the originator of the ChipWhisperer open-source analysis and fault injection board, and he is a master of the art of glitching chips. We were lucky enough to be able to welcome him to speak at last year’s Remoticon on-line conference, and now you can watch the video of his talk below the break. If you need to learn how to break RSA encryption with something like a disposable camera flash, this is the talk for you.

This talk is an introduction to signal sniffing and fault injection techniques. It’s well-presented and not presented as some unattainable wizardry, and as his power analysis demo shows a clearly different trace on the correct first letter of a password attack the viewer is left with an understanding of what’s going on rather than hoping for inspiration in a stream of the incomprehensible. The learning potential of being in full control of both instrument and target is evident, and continues as the talk moves onto fault injection with an introduction to power supply glitching as a technique to influence code execution.

Schematic of an EM injector built from a camera flash.
Schematic of an EM injector built from a camera flash.

Continue reading “Remoticon 2021 // Colin O’Flynn Zaps Chips (And They Talk)”

Remoticon 2021 // Voja Antonic Makes You A Digital Designer

[Voja Antonic] has been building digital computers since before many of us were born. He designed with the Z80 when it was new, and has decades of freelance embedded experience, so when he takes the time to present a talk for us, it’s worth paying attention.

For his Remoticon 2022 presentation, he will attempt to teach us how to become a hardware expert in under forty minutes. Well, mostly the digital stuff, but that’s enough for one session if you ask us. [Voja] takes us from the very basics of logic gates, through combinatorial circuits, sequential circuits, finally culminating in the description of a general-purpose microprocessor.

A 4-bit ripple-carry adder with additional CPU flag outputs

As he demonstrates, complex digital electronics systems really are just built up in a series of steps of increasing complexity. starting with individual active elements (transistors operating as switches) forming logic elements capable of performing simple operations.

From there, higher level functions such as adders can be formed, and from those an ALU and so on. Conceptually, memory elements can be formed from logic gates, but it’s not the most efficient way to do it, and those tend to be made with a smaller and faster circuit. But anyway, that model is fine for descriptive purposes.

Once you have combinatorial logic circuits and memory elements, you have all you need to make the necessary decoders, sequencers and memory circuits to build processors and other kinds of higher complexity circuits.

Obviously forty minutes isn’t anywhere nearly enough time time to learn all of the intricacies of building a real microprocessor like the pesky details of interfacing with it and programming it, but for getting up the learning curve from just a knowledge of binary numbers to an understanding of how a CPU is built, it’s a pretty good starting point.

Now, If you can only tear your eyes away from his slick game-of-life wall mounted LED display, you might pick up a thing or two.

Continue reading “Remoticon 2021 // Voja Antonic Makes You A Digital Designer”

The SHA2017 Badge Just Keeps On Giving, This Time It’s A Solar Monitor

Regular readers will know that we have covered the world of electronic badges for many years, and nothing pleases us more than seeing an event badge having a life afterwards rather than becoming a piece of e-waste. Thus we were especially pleased to see [Angus Gratton]’s use of a SHA2017 badge as a solar output monitor, over four years after the event.

The SHA badge used an ESP32 as its processor, and paired it with a touch keypad and an e-ink screen. Its then novel approach of having a firmware that could load MicroPython apps laid the groundwork for the successful open source badge.team firmware project, meaning that it remains versatile and useful to this day.

The solar monitor simply grabs time-series information from the database used by his web graphing system and displays it on the e-ink screen in graph form, but the interest apart from the use of the badge in his treatise on MicroPython coding. He makes the point that many of us probably follow unconsciously, writing for full-fat Python and then fixing the parts which either don’t work or use too many resources on its slimmer cousin. Finally he powers the device from an old phone charger, and shares some tips on controlling its tendency to reboot on power spikes.

It’s almost a year ago that we showed you a SHA badge being used as an environmental sensor.

Thanks [Sebastius] for the tip.

Remoticon 2021 // Hash Salehi Outsmarts His Smart Meter

Smart meters form mesh networks among themselves and transmit your usage data all around. Some of them even allow the power company to turn off your power remotely, through the mesh. You might want to know if any of this information is sensitive, or if the power shutdown system has got glaring security flaws and random people could just turn your house off. Hash Salehi has set out to get inside these meters, and luckily for the rest of us, he was kind enough to share his findings during Remoticon 2021. It’s a journey filled with wonderful tidbits about GNU Radio, embedded devices, and running your own power company inside a Faraday cage.

The smart meter in question is deployed by a power company known as Oncor in the Dallas, Texas, area. These particular meters form an extensive mesh network using a ZigBee module onboard that allows them to to pass messages amongst themselves that eventually make their way to a collector or aggregator to be uploaded to a more central location. Hash obtained his parts via everyone’s favorite online auction house and was surprised to see how many parts were available. Then, with parts in hand, he began all the usual reverse engineering tricks: SDR, Faraday cages, flash chip readers, and recreating the schematic. Continue reading “Remoticon 2021 // Hash Salehi Outsmarts His Smart Meter”

Remoticon 2021: Unbinare Brings A Reverse-Engineering Toolkit Into Recycling

Unbinare is a small Belgian company at the forefront of hacking e-waste into something useful, collaborating with recycling and refurbishing companies. Reverse-engineering is a novel way to approach recycling, but it’s arguably one of the most promising ways that we are not trying at scale yet. At Hackaday Remoticon 2021, Maurits Fennis talked about Unbinare’s efforts in the field and presented us with a toolkit he has recently released as a part of his work, as well as described how his background as an artist has given him insights used to formulate foundational principles of Unbinare.

Image showing an Unbinare OISTER boardUnbinare’s tools are designed to work in harmony with each other, a requirement for any productive reverse-engineering effort. OI!STER is a general-purpose salvaged MCU research board, with sockets to adapt to different TQFP chip sizes. This board is Maurits’s experience in reverse-engineering condensed into a universal tool, including a myriad of connectors for different programming/debugging interfaces. We don’t know the board’s full scope, but the pictures show an STM32 chip inside the TQFP socket, abundant everywhere except your online retailer of choice. Apart from all the ways to break out the pins, OI!STER has sockets for power and clock glitching, letting you target these two omnipresent Achilles’ heels with a tool like ChipWhisperer.

Continue reading “Remoticon 2021: Unbinare Brings A Reverse-Engineering Toolkit Into Recycling”

Remoticon 2021: Uri Shaked Reverses The ESP32 WiFi

You know how when you’re working on a project, other side quests pop up left and right? You can choose to handle them briefly and summarily, or you can dive into them as projects in their own right. Well, Uri Shaked is the author of Wokwi, an online Arduino simulator that allows you to test our your code on emulated hardware. (It’s very, very cool.) Back in the day, Arduino meant AVR, and he put in some awesome effort on reverse engineering that chip in order to emulate it successfully. But then “Arduino” means so much more than just AVR these days, so Uri had to tackle the STM32 ARM chips and even the recent RP2040.

Arduino runs on the ESP32, too, so Uri put on his reverse engineering hat (literally) and took aim at that chip as well. But the ESP32 is a ton more complicated than any of these other microcontrollers, being based not only on the slightly niche Xtensa chip, but also having onboard WiFi and its associated binary firmware. Reverse engineering the ESP32’s WiFi is the side-quest that Uri embarks on, totally crushes, and documents for us in this standout Remoticon 2021 talk. Continue reading “Remoticon 2021: Uri Shaked Reverses The ESP32 WiFi”

RC3 2021: Now Here, Nowhere

The annual meeting of the Chaos Computer Club, Germany’s giant hacker group, is online again this year. While those of us here are sad that we don’t get to see our hacker friends in person, our loss is your gain — the whole thing is online for the entire world to enjoy.

This year’s Congress has gone entirely decentralized, with many local clubs hosting their own video streams and “stages”. Instead of four tracks, there are now six or seven tracks of talks going on simultaneously, so prepare to be overwhelmed by choice. You can find the overall schedule here, so if you see anything you’d like to watch, you’ll know when to tune in.

Like last year, there is also a parallel 2D simulation world, like Zelda with videoconferencing, but for which you’ll need a ticket, and they’re sold out. (Check out the demo video if you want to see what that’s about.) And what would a conference be without t-shirts, armbands, and even a sticker exchange? Or course, it all has to be done by mail, but you do what you can.

We’ll be keeping our eyes on the talks, and let you know if we see anything good. If you do the same, let us know in the comments!