Nintendo Switch Gets Internal Trinket Hardmod

July 1, 2018 by Tom Nardi 51 Comments

If you haven’t been following the Nintendo Switch hacking scene, the short version of the story is that a vulnerability was discovered that allows executing code on all versions of the Switch hardware and operating system. In fact, it’s believed that the only way to stop this vulnerability from being exploited is for Nintendo to release a new revision of the hardware. Presumably there are a lot of sad faces in the House of Mario right about now, but it’s good news for us peons who dream of actually controlling the devices we purchase.

To run your own code on Nintendo’s latest and greatest, you must first put it into recovery mode by shorting out two pins in the controller connector, and then use either a computer or a microcontroller connected to the system’s USB port to preform the exploit and execute the binary payload. It’s relatively easy, but something you need to do every time you shut the system down. But if you’re willing to install an Adafruit Trinket M0 inside your Nintendo Switch, you can make things a little easier.

Stemming from work done by [atlas44] and [noemu], the final iteration of this mod was created by [Quantum-cross]. The general idea is to strip down the Trinket M0 board to as small as possible by removing the USB port and a few capacitors, and then install it inside the Switch’s case. By wiring it up to power, the back of the USB-C connector, and the controller connector, the Trinket can interact with all the key components involved in the exploit.

You can even use the Switch’s USB port to update the firmware on the Trinket to load different payloads, though in his walkthrough video after the break, [xboxexpert] mentions eventually this won’t really be necessary as the homebrew software environment on the Switch matures. Indeed, there will almost certainly come a time when performing this exploit on every boot of the system will be made unnecessary, rendering this modification obsolete. But until then, this is a pretty slick way of getting your feet wet in the world of Switch hacking.

It was only six months or so back that we were reading about the first steps towards running arbitrary code on the Nintendo Switch, and just a few months prior to that we saw people experimenting with controlling the system with a microcontroller.

Continue reading “Nintendo Switch Gets Internal Trinket Hardmod” →

This Year, Badges Get Blockchains

June 28, 2018 by Brian Benchoff 11 Comments

This year’s hottest new advance in electronics comes through wearable badges. You can’t have failed to notice another technology that’s getting really hot. It’s the blockchain. What is a blockchain? It’s a linked list where every item in the list contains a cryptographic hash of the previous item in the list. What is a blockchain in English? It’s the most revolutionary technology that’s going to solve every problem on the planet, somehow. It’s the basis for crypto (no not that one, the other one). The blockchain is how you add more Lamborghinis to your Lamborghini account. Even though we’re still trying to figure out how it solves a single problem, one thing is certain: blockchains solve every problem. We were born too late to explore the Earth, born too early to explore the Universe, but just in time for blockchain.

Independent badges are always looking at the latest technology, and perhaps this was inevitable. It’s a badge built on the blockchain. It’s a wearable sneakernet of mining. It’s a game with collaborative proof of work.

The blockchain badge from [Mr Blinky Bling] is an independent badge for this year’s Defcon, and like most independent badges it’s loaded up with RGB LEDs, microcontrollers, and exquisitely crafted FR4. What makes this badge different is the add-ons, or ‘blocks’ that attach to the main badge through 1/8″ phono jacks. These blocks form the basis of the social game, where two badge holders trade blocks for a while, allow their badges to perform a proof of work on each block, and finally, each block is hashed and the score increased. Yes, this is a blockchain, but it’s more of a block-tree, and it runs on sneakernet instead of the Internet.

Yes, this does indeed all sound like a joke. Make no mistake, though: this is real. This is a hardware game built on blockchain technology, that some lucky badge holders will be playing at this year’s Defcon. It’s filled with blinky and blockchain. It’s awesome.

[Mr. Blinky Bling] has already started a project for this badge over on hackaday.io, and right now they’re running a Kickstarter campaign for this badge with delivery at Defcon. This is one of the more interesting badges that will be floating around the con this year, and it has blockchain. This really isn’t one to miss.

ESP8266 Home Computer Hides Unexpected Gems

June 27, 2018 by Kerry Scharfglass 71 Comments

With a BASIC interpreter and free run throughout their hardware, home computers like the ZX Spectrum and Commodore 64 used to be a pervasive way to light that hacker fire. With the advent of cheap single board computers like the Raspberry Pi, devices purpose built to emulate these classic systems have become fairly commonplace. [uli] built a device in this vein called the BASIC Engine which is driven by a microcontroller and a handful of hardware peripherals. Like other examples it can be attached to a keyboard, programmed in a BASIC, play video and sound, etc. But digging into the BASIC Engine reveals that it’s similarity to other devices is only skin deep.

The current version of the BASIC Engine (“rev2”) lives in a Raspberry Pi 3 case for convenience. It has RCA connectors for NTSC or PAL video output and mono audio, plus a bank of headers to tap into GPIOs, connectors for a keyboard, and more. [uli] wanted to aim for extreme low cost so a relatively beefy board like a Raspberry Pi didn’t fit the bill, and we expect it was an enjoyable challenge. Instead its interpreter runs atop an ESP8266 but with the networking stack removed. [uli] was disheartened by how bloated even a “Hello world” program was and ripped it out, discovering that hidden beneath was a very powerful and disproportionately inexpensive general purpose microcontroller. The video is driven by a VS23S010, sold as a 1 Mbit parallel SRAM with a neat trick; it also includes a composite video controller!

The real treat here is [uli]’s history writeup of how the BASIC Engine came to be. We’d recommend brewing a cup of coffee and sitting down for a full read-through. The first version was inspired by the PlayPower project, which was repurposing clones of Nintendo’s Famicom (NES to Americans) game console to make low cost home computers, complete with keyboard and gamepad input. [uli] started out by building a custom cartridge for a particular Famicom clone that ran a BASIC interpreter but after showing it to disinterested adults the project was left fallow. Years later, [uli] was encouraged to pick up the project again, leading down a twisted rabbit hole to where we are today.

If you want to build a BASIC Engine for yourself, Gerbers and build instructions are available on the pages linked above.

Thanks for the tip [antibyte]!

Ken Shirriff Found Butterflies In His Op-Amp

June 27, 2018 by Steven Dufresne 8 Comments

In 1976, Texas Instruments came out with the TL084, a four JFET op-amp IC each with similar circuitry to Fairchild’s very popular single op-amp 741. But even though the 741 has been covered in detailed, when [Ken Shirriff] focused his microscope on a TL084, he found some very interesting things.

To avoid using acid to get at the die, he instead found a ceramic packaged TL084 and pried off the cover. The first things he saw were four stabilizing capacitors, by far the largest structures on the die and visible to the naked eye.

When he peered into his microscope he next saw butterfly shapes which turned out to be pairs of input JFETs. The wide strips are the gates and the narrower strip surrounded by each gate is the source. The drain is the narrow strip surrounding each gate. Why arrange four JFETs like this? It’s possible to have temperature gradients in the IC, one side being hotter than the other. These gradients can affect the JFET’s characteristics, unbalancing the inputs. Look closely at the way the JFETs are connected and you’ll see that the top-left one is connected to the bottom-right one, and similarly for the other two. This diagonal cross-connecting cancels out any negative effects.

[Ken’s] analysis in his article doesn’t stop there though. Not only does he talk more about these JFETs but he goes over the rest of the die too. It’s well worth the read, as is his write-up about the 741 which we’ve also covered.

Roll Your Own Trackball Mouse

June 23, 2018 by Kristina Panos 7 Comments

What do you do when you’re into trackball mice, but nothing out there is affordable or meets all your murine needs? You build one, of course. And if you’re like [Dangerously Explosive], who has a bunch of old optical mice squeaking around the shop, you can mix and match them to build the perfect one.

The mouse, which looks frozen mid-transformation into a rodential assassin, is a customized work of utilitarian art. Despite the excellent results, this project was not without its traps. [Dangerously] got really far into the build before discovering the USB interface chip was dead. Then he tried to sculpt a base out of Plasticine and discovered he’d bought the one kind of clay that can’t be baked. After trying his hand at making homemade salt dough, he painstakingly whittled a base from scrap pine using a drill and a hacksaw.

Every bit of this mouse is made from recycled bits, which, if you pair that with the paint job and the chosen shade of blinkenlights, makes this a green mouse on three levels. One of the two parts of this mouse that isn’t literally green, the cord, is still ecologically sound. [Dangerously] wanted a really long tail, so he scavenged a charger cable built for fruity hardware and threaded it through a hollowed-out piece of purple paracord.

We love the thumb-adjacent scroll wheel and the trackball itself, which is a ping pong ball painted black. The cool part is the guide it rolls around in. [Dangerously] spent a long time hand-whittling the perfect size hole in a particularly wide mouse palm rest. All that plastic shaving paid off, because the action is smooth as Velveeta.

[Dangerously] certainly designed this mouse to fit his preferences, and ergonomics seem a bit secondary. For a truly custom fit, try using whatever passes for Floam these days.

Beats An Extension Cord

June 22, 2018 by Brian McEvoy 18 Comments

What does your benchtop power supply have that [Pete Marchetto]’s does not? Answer: an extension cord draped across the floor. How often have you said to yourself, “I just need to energize this doodad for a couple seconds,” then you start daisy chaining every battery in the junk drawer to reach the necessary voltage? It is not uncommon to see battery packs with a single voltage output, but [Pete] could not find an adjustable one, so he built his own and put it on Tindie.

Presumably, the internals are not going to surprise anyone: an 18650 battery, charging circuit, a voltage converter, display, adjustment knob, and a dedicated USB charging port. The complexity is not what intrigues us, it is the fact that we do not see more of them and still wind up taping nine-volt batteries together. [Editor’s note: we use one made from an old laptop battery.]

This should not replace your benchtop power supply, it does not have the bells and whistles, like current regulation, but a mobile source of arbitrary voltage does most of the job most of the time. And it’s what this build hasn’t got (a cord) that makes it most useful.

This Is The Year Conference Badges Get Their Own Badges

June 21, 2018 by Brian Benchoff 17 Comments

Over the last few years, the art and artistry of printed circuit boards has moved from business cards to the most desirable of all disposable electronics. I speak, of course, of badgelife. This is the community built on creating and distributing independent electronic conference badges at the various tech and security conferences around the globe.

Until now, badgelife has been a loose confederation of badgemakers and distributors outdoing themselves each year with ever more impressive boards, techniques, and always more blinky bling. The field is advancing so fast there is no comparison to what was being done in years past; where a simple PCB and blinking LED would have sufficed a decade ago, now we have customized microcontrollers direct from the factory, fancy new chips, and the greatest art you’ve ever seen.

Now we have reached a threshold. The badgelife community has gotten so big, the badges are getting their own badges. This is the year of the badge add-on. We’re all building tiny trinkets for our badges, and this time, they’ll all work together. We’re exactly one year away from a sweet Voltron robot made of badges.

Continue reading “This Is The Year Conference Badges Get Their Own Badges” →