cons

1372 Articles

Modules described in the article (two copies of the challenge shown, so, two lines of modules)

Spaceship Repair CTF Covers Hardware Hacker Essentials

March 3, 2022 by 15 Comments

At even vaguely infosec-related conferences, CTFs are a staple. For KernelCon 2021, [Tyler Rosonke] resolved to create a challenge breaking the traditions, entertaining and teaching people in a different way, while satisfying the constraints of that year’s remote participation plans. His imagination went wild in all the right places, and a beautifully executed multi-step hardware challenge was built – only in two copies!

Story behind the challenge? Your broken spaceship has to be repaired so that you can escape the planet you’re stuck on. The idea was to get a skilled, seasoned hacker solving challenges for our learning and amusement – and that turned out to be none other than [Joe “Kingpin” Grand]!

The modules themselves are what caught our attention. Designed to cover a wide array of hardware hacker skills, they cover soldering, signal sniffing, logic gates, EEPROM dumping and more – and you have to apply all of these successfully for liftoff. If you thought “there’s gotta be a 555 involved”, you weren’t wrong, either, there’s a module where you have to reconfigure a circuit with one!

KernelCon is a volunteer-driven infosec conference in Omaha, and its 2022 installment starts in a month – we can’t wait to see what it brings! Anyone doing hardware CTFs will have something to learn from their stories, it seems. The hacking session, from start to finish, was recorded for our viewing pleasure; linked below as an hour and a half video, it should be a great background for your own evening of reverse-engineering for leisure!

This isn’t the first time we’ve covered [Tyler]’s handiwork, either. In 2020, he programmed a batch of KernelCon badges while employing clothespins as ISP clips. Security conferences have most certainly learned just how much fun you can have with hardware, and if you ever need a case study for that, our review of 2019 CypherCon won’t leave you hanging.

Continue reading “Spaceship Repair CTF Covers Hardware Hacker Essentials”

Remoticon 2021 // Joey Castillo Teaches Old LCDs New Tricks

February 24, 2022 by 6 Comments

Segmented liquid crystal displays are considered quite an old and archaic display technology these days. They’re perhaps most familiar to us from their use in calculators and watches, where they still find regular application. [Joey Castillo] decided that he could get more out of these displays with a little tinkering, and rocked up to Remoticon 2021 to share his findings.

[Joey’s] talk is a great way to learn the skills needed to reverse engineer a typical segment LCD.
[Joey] got his start hacking on these displays via his Sensor Watch project –  a board swap for the venerable Casio F-91W wristwatch, with the project now available on CrowdSupply. It kits out the 33-year-old watch design with a modern, low-power ARM Cortex M0+ microcontroller running at 32 MHz that completely revolutionizes what the watch can do. Most importantly, however, it repurposes the watches original segmented monochrome LCD.

Segment LCDs are usually small monochrome devices made out of glass, that have the benefit of using very little power in their operation. They come with a fixed layout, which cannot be changed – so they’re often designed specifically for a given purpose. A calculator will have segments laid out to display numbers, often in the usual 7-segment fashion, while a watch may add dedicated segments for displaying things like “AM,” “PM,” or “ALARM.” Continue reading “Remoticon 2021 // Joey Castillo Teaches Old LCDs New Tricks”

Remoticon 2021 // Matt Venn Helps You Make ASICS

February 17, 2022 by 12 Comments

What would you make if you were given about ten square millimeters of space on a silicon wafer on a 130 nm process? That’s the exact question that the Open MPW program asks, and that [Matt Venn] has stepped up to answer. [Matt] came to Remoticon in 2020 to talk about his journey from nothing to his own ASIC, and he came back in 2021 to talk about what has happened in a year.

image of the metal layers of an IC
[maxiborga] has been making beautiful renders of his and others’ chip designs
We expected great designs, but the variety of exciting and wonderful designs that have been submitted we think exceeded our expectations. [Matt] goes through quite a few of them, such as an analog neuron, a RISC-V Arduino-compatible microprocessor, and a satellite transceiver. Perhaps an unexpected side effect has been the artwork. Since the designs are not under an NDA, anyone can take the design and transform it into something gorgeous.

Of course, all of this hardware design isn’t possible without an open toolchain. There is an SRAM generator known as OpenRAM that can generate RAM blocks for your design. Coriolis2 is an RTL to GDS tool that can do placement and routing in VLSI. Finally, FlexCell is a cell library that tries to provide standard functions in a flexible, customizable way that cuts down on the complexity of the layout. There are GitHub actions that can run tests and simulations on PRs to keep the chip’s HDL in a good state.

However, it’s not all roses, and there was an error on the first run (MPW1). Hold time violations were not detected, and the clock tree wasn’t correct. This means that the GPIO cannot be set up, so the designs in the middle could be working, but without the GPIO, it is tricky to determine. With a regular chip, that would be the end, but since [Matt] has access to both the layout and the design, he can identify the problem and come up with a plan. He’s planning on overriding the IO setup shift register with an auxiliary microcontroller. (Ed Note: [tnt] has been making some serious progress lately, summarized in this video.)

It is incredible to see what has come from the project so far, and we’re looking forward to future runs. If this convinces you that you need to get your own ASIC made, you should check out [Matt]’s “Zero to ASIC” course.

Continue reading “Remoticon 2021 // Matt Venn Helps You Make ASICS”

Sergiy Nesterenko giving his Remoticon 2021 talk

Remoticon 2021 // Sergiy Nesterenko Keeps Hardware Running Through Lightning And Cosmic Rays

February 10, 2022 by 1 Comment

Getting to space is hard enough. You have to go up a few hundred miles, then go sideways really fast to enter orbit. But getting something into space is one thing: keeping a delicate instrument working as it travels there is quite another. In his talk at Remoticon 2021, [Sergiy Nesterenko], former Radiation Effects Engineer at SpaceX, walks us through all the things that can destroy your sensitive electronics on the way up.

The trouble already starts way before liftoff. Due to an accident of geography, several launch sites are located in areas prone to severe thunderstorms: not the ideal location to put a 300-foot long metal tube upright and leave it standing for a day. Other hazards near the launch pad include wayward wildlife and salty spray from the ocean.

Those dangers are gone once you’re in space, but then suddenly heat becomes a problem: if your spacecraft is sitting in full sunlight, it will quickly heat up to 135 °C, while the parts in the shade cool off to -150 °C. A simple solution is to spin your craft along its axis to ensure an even heat load on all sides, similar to the way you rotate sausages on your barbecue.

But one of the most challenging problems facing electronics in space is radiation. [Sergiy] explains in detail the various types of radiation that a spacecraft might encounter: charged particles in the Van Allen belts, cosmic rays once you get away from Low Earth orbit, and a variety of ionized junk ejected from the Sun every now and then. The easiest way to reduce the radiation load on your electronics is simply to stay near Earth and take cover within its magnetic field.

For interplanetary spacecraft there’s no escaping the onslaught, and the only to survive is to make your electronics “rad-hard”. Shielding is generally not an option because of weight constraints, so engineers make use of components that have been tested in radiation chambers to ensure they will not suddenly short-circuit. Adding redundant circuits as well as self-monitoring features like watchdog timers also helps to make flight computers more robust.

[Sergiy]’s talk is full of interesting anecdotes that will delight the inner astronaut in all of us. Ever imagined a bat trying to hitch a ride on a Space Shuttle? As it turns out, one aspiring space bat did just that. And while designing space-qualified electronics is not something most of us do every day, [Sergiy]’s experiences provide plenty of tips for more down-to-earth problems. After all, salt and moisture will eat away cables on your bicycle just as they do on a moon rocket.

Be sure to also check out the links embedded in the talk’s slides for lots of great background information.

Continue reading “Remoticon 2021 // Sergiy Nesterenko Keeps Hardware Running Through Lightning And Cosmic Rays”

Remoticon 2021 // Colin O’Flynn Zaps Chips (And They Talk)

February 3, 2022 by 5 Comments

One of the many fascinating fields that’s covered by Hackaday’s remit lies in the world of hardware security, working with physical electronic hardware to reveal inner secrets concealed in its firmware. Colin O’Flynn is the originator of the ChipWhisperer open-source analysis and fault injection board, and he is a master of the art of glitching chips. We were lucky enough to be able to welcome him to speak at last year’s Remoticon on-line conference, and now you can watch the video of his talk below the break. If you need to learn how to break RSA encryption with something like a disposable camera flash, this is the talk for you.

This talk is an introduction to signal sniffing and fault injection techniques. It’s well-presented and not presented as some unattainable wizardry, and as his power analysis demo shows a clearly different trace on the correct first letter of a password attack the viewer is left with an understanding of what’s going on rather than hoping for inspiration in a stream of the incomprehensible. The learning potential of being in full control of both instrument and target is evident, and continues as the talk moves onto fault injection with an introduction to power supply glitching as a technique to influence code execution.

Schematic of an EM injector built from a camera flash.
Schematic of an EM injector built from a camera flash.

Continue reading “Remoticon 2021 // Colin O’Flynn Zaps Chips (And They Talk)”

Remoticon 2021 // Voja Antonic Makes You A Digital Designer

January 27, 2022 by 10 Comments

[Voja Antonic] has been building digital computers since before many of us were born. He designed with the Z80 when it was new, and has decades of freelance embedded experience, so when he takes the time to present a talk for us, it’s worth paying attention.

For his Remoticon 2022 presentation, he will attempt to teach us how to become a hardware expert in under forty minutes. Well, mostly the digital stuff, but that’s enough for one session if you ask us. [Voja] takes us from the very basics of logic gates, through combinatorial circuits, sequential circuits, finally culminating in the description of a general-purpose microprocessor.

A 4-bit ripple-carry adder with additional CPU flag outputs

As he demonstrates, complex digital electronics systems really are just built up in a series of steps of increasing complexity. starting with individual active elements (transistors operating as switches) forming logic elements capable of performing simple operations.

From there, higher level functions such as adders can be formed, and from those an ALU and so on. Conceptually, memory elements can be formed from logic gates, but it’s not the most efficient way to do it, and those tend to be made with a smaller and faster circuit. But anyway, that model is fine for descriptive purposes.

Once you have combinatorial logic circuits and memory elements, you have all you need to make the necessary decoders, sequencers and memory circuits to build processors and other kinds of higher complexity circuits.

Obviously forty minutes isn’t anywhere nearly enough time time to learn all of the intricacies of building a real microprocessor like the pesky details of interfacing with it and programming it, but for getting up the learning curve from just a knowledge of binary numbers to an understanding of how a CPU is built, it’s a pretty good starting point.

Now, If you can only tear your eyes away from his slick game-of-life wall mounted LED display, you might pick up a thing or two.

Continue reading “Remoticon 2021 // Voja Antonic Makes You A Digital Designer”

The SHA2017 Badge Just Keeps On Giving, This Time It’s A Solar Monitor

January 26, 2022 by 2 Comments

Regular readers will know that we have covered the world of electronic badges for many years, and nothing pleases us more than seeing an event badge having a life afterwards rather than becoming a piece of e-waste. Thus we were especially pleased to see [Angus Gratton]’s use of a SHA2017 badge as a solar output monitor, over four years after the event.

The SHA badge used an ESP32 as its processor, and paired it with a touch keypad and an e-ink screen. Its then novel approach of having a firmware that could load MicroPython apps laid the groundwork for the successful open source badge.team firmware project, meaning that it remains versatile and useful to this day.

The solar monitor simply grabs time-series information from the database used by his web graphing system and displays it on the e-ink screen in graph form, but the interest apart from the use of the badge in his treatise on MicroPython coding. He makes the point that many of us probably follow unconsciously, writing for full-fat Python and then fixing the parts which either don’t work or use too many resources on its slimmer cousin. Finally he powers the device from an old phone charger, and shares some tips on controlling its tendency to reboot on power spikes.

It’s almost a year ago that we showed you a SHA badge being used as an environmental sensor.

Thanks [Sebastius] for the tip.