$anfractuosity's test setup showing the Pi under test and a few pieces of equipment used to perform the attack$

Cold Boot Attack You Can Do With A Pi

April 1, 2024 by Arya Voronova 2 Comments

A cold boot attack is a way to extract RAM contents from a running system by power cycling it and reading out RAM immediately after loading your own OS. How easy is it for you to perform such an attack? As [anfractuosity] shows, you can perform a cold boot attack with a Raspberry Pi, with a reasonably simple hardware setup and a hefty chunk of bare-metal code.

[anfractuosity]’s setup is simple enough. The Pi 4 under attack is set up to boot from USB drive, and a relay board has it switch between two possible USB drives to boot from: one with a program that fills RAM with , and another with a program that extracts RAM out through UART. The process is controlled by another Pi controlling the relays through GPIOs, that also monitors the target Pi’s UART and uses it as a channel to extract memory.

The outcomes are pretty impressive. After 0.75s of power-down, most of the image could be extracted. That’s without any cooling, so abusing a can of electronics duster is likely to improve these results dramatically. Want to play with cold boot attacks? [anfractuosity]’s code is great for getting your feet wet. Furthermore, the code examples provided serve as a wonderful playground for general memory attack research.

Raspberry Pi not fun enough for you anymore? Well then, you can always start playing with Android phones!

Vastly Improved Servo Control, Now Without Motor Surgery

March 21, 2024 by Donald Papp 13 Comments

Hobby servos are great, but they’re in many ways not ideal for robotic applications. The good news is that [Adam] brings the latest version of his ServoProject, providing off-the-shelf servos with industrial-type motion control to allow for much, much tighter motion tracking than one would otherwise be limited to.

Modifying a servo no longer requires opening the DC motor within.

The PID control system in a typical hobby servo is very good at two things: moving to a new position quickly, and holding that position. This system is not very good at smooth motion, which is desirable in robotics along with more precise motion tracking.

[Adam] has been working on replacing the PID control with a more capable cascade-based control scheme, which can even compensate for gearbox backlash by virtue of monitoring the output shaft and motor position separately. What’s really new in this latest version is that there is no longer any need to perform surgery on the DC motor when retrofitting a servo; the necessary sensing is now done externally. Check out the build instructions for details.

The video (embedded just below) briefly shows how a modified servo can perform compared to a stock one, and gives a good look at the modifications involved. There’s still careful assembly needed, but unlike the previous version there is no longer any need to actually open up and modify the DC motor, which is a great step forward.

Continue reading “Vastly Improved Servo Control, Now Without Motor Surgery” →

Lithium-Ion Batteries Power Your Devboards Easily

March 14, 2024 by Arya Voronova 26 Comments

Last summer, I was hanging out with a friend from Netherlands for a week, and in the middle of that week, we decided to go on a 20 km bike trip to a nearby beach. Problem? We wanted to chat throughout the trip, but the wind noise was loud, and screaming at each other while cycling wouldn’t have been fun. I had some walkie-talkie software in mind, but only a single battery-powered Pi in my possession. So, I went into my workshop room, and half an hour later, walked out with a Pi Zero wrapped in a few cables.

I wish I could tell you that it worked out wonders. The Zero didn’t have enough CPU power, I only had single-core ones spare, and the software I had in mind would start to badly stutter every time we tried to run it in bidirectional mode. But the battery power solution was fantastic. If you need your hack to go mobile, read on.

Continue reading “Lithium-Ion Batteries Power Your Devboards Easily” →

Lift Those Pins With Ease

February 15, 2024 by Jenny List 17 Comments

Reworking is one of the regular tasks of anyone who is involved in an electronic design process, because try as we might, it’s rare to get a design perfectly right the first time. Some reworking tasks are more difficult than others though, and we have to admit that lifting an IC pin doesn’t always result in success. But with this video from [Mr. SolderFix] there’s hope for conquering the technique, as he takes us through the best pin-raising technique on a variety of packages.

The trick it seems is to lift the pin first without attempting to disengage it from the molten solder, then returning to it with some copper braid to remove the solder and leave it raised. Once the secret is revealed it’s so easy, something a Hackaday scribe should be able to do. He does sound a note of caution though, as some packages are prone to disintegrating when stressed. A broken SOT-23 is not something anyone likes to see through their magnifier.

His channel is full of such no-nonsense soldering advice, and should be a fascinating browse for many readers. Meanwhile we’ve covered quite a bit of rework technique ourselves, such as last year when we looked at BGA work.

Continue reading “Lift Those Pins With Ease” →

Ethernet For Hackers: The Very Basics

February 12, 2024 by Arya Voronova 92 Comments

Ethernet is ubiquitous, fast, and simple. You only need two diffpairs (four wires) to establish a 100Mbit link, the hardware is everywhere, you can do Ethernet over long distances easily, and tons of the microcontrollers and SoCs support it, too. Overall, it’s a technology you will be glad to know about, and there’s hundreds of scenarios where you could use it.

If you need to establish a high-bandwidth connection between two Linux boards in your project, or maybe a Linux board and a powerful MCU, maybe make a network between microcontrollers, Ethernet’s your friend. It also scales wonderfully – there’s so much tech around Ethernet, that finding cables, connectors or ICs tends to be dead easy. Plus, the world of Ethernet is huge beyond belief. Ethernet as most of us know it is actually just the consumer-facing versions of Ethernet, and there’s a quite a few fascinating industrial and automotive Ethernet standards that flip many of our Ethernet assumptions upside down.

Now, you might be missing out on some benefits of Ethernet, or perhaps misunderstanding how Ethernet works at all. What does it mean when a microcontroller datasheet says “has Ethernet interface”? If you see five pins on an SBC and the manufacturer refers to them as “Ethernet”, what do you even do with them? Why does the Raspberry Pi 4 SoC support Ethernet but still requires an extra chip, and what even is GMII? Continue reading “Ethernet For Hackers: The Very Basics” →

Friendly Flexible Circuits: The Cables

February 7, 2024 by Arya Voronova 18 Comments

Flexible cables and flex PCBs are wonderful. You could choose to carefully make a cable bundle out of ten wires and try to squish them to have a thin footprint – or you could put an FFC connector onto your board and save yourself a world of trouble. If you want to have a lot of components within a cramped non-flat area, you could carefully design a multitude of stuff FR4 boards and connect them together – or you could make an FPC.

Flexible cables in particular can be pretty wonderful for all sorts of moving parts. They transfer power and data to the scanner head in your flat-bed scanner, for instance. But they’re in fixed parts too. If you have a laptop or a widescreen TV, chances are, there’s an flexible cable connecting the motherboard with one or multiple daughterboards – or even a custom-made flexible PCB. Remember all the cool keypad and phones we used to have, the ones that would have the keyboard fold out or slide out, or even folding Nokia phones that had two screens and did cool things with those? All thanks to flexible circuits! Let’s learn a little more about what we’re working with here.

FFC and FPC, how are these two different? FFC (Flexible Flat Cable) is a pre-made cable. You’ve typically seen them as white plastic cables with blue pieces on both ends, they’re found in a large number of devices that you could disassemble, and many things use them, like the Raspberry Pi Camera. They are pretty simple to produce – all in all, they’re just flat straight conductors packaged nicely into a very thin cable, and that’s why you can buy them pre-made in tons of different pin pitches and sizes. If you need one board to interface with another board, putting an FFC connector on your board is a pretty good idea.

Continue reading “Friendly Flexible Circuits: The Cables” →

Human-Interfacing Devices: Packing For The Descriptor Heist

February 6, 2024 by Arya Voronova 4 Comments

We started with figuring out HID descriptors a week ago, and I’ve shown you how to send raw HID packets using a MicroPython fork. We do still have the task in front of us – making a touchscreen device. For that, let’s give you the tools to capture an existing descriptor from a touchscreen, then show you how to tweak it and how it turns out in the end.

Packing For The Heist

When it comes to this kind of adventure, we can’t go without tools and weapons – it could be dangerous! Without them, you could even abandon your project halfway! Here’s enough high-precision tools and ammunition to last you through whatever obstacles you might encounter. Except for the web-based tools, these tools are for Linux, but please remember that you can always use a virtual machine or a Raspberry Pi. Nobody would use Windows for a heist anyway, what’s with all the telemetry and such.

The first tool is for reading descriptors – we need one to learn from, it’s just like a keycard you can flash to a security guard and scan at the vault entry. Of course, with RFID, you want to have enough examples, compare bits between a few cards and all. For now, HID descriptors don’t have authenticity checks, but it looks like that might just change in the future. Leave it to Apple and Microsoft to add them, as usual. On Linux, seeing descriptors is simple – as root, go into /sys/bus/usb/devices/, find your device by its lsusb device tree path, then follow the directory with the VID/PID in it. That directory will contain a report_descriptor file – hexdump it. The entire command could look like this:

sudo hexdump -v -e '/1 "%02X "' /sys/bus/usb/devices/3-6.2/3-6.2\:1.1/0003\:0C40\:8000.0022/report_descriptor

Again, you might need root to even find this path, so use sudo -i if you must. The format string in the hexdump command gives you parser-friendly output. Specifically, for parsing, I use this webpage – it’s wonderful, even adding tabs that delineate different sections of the descriptor, making its output all that more readable! You can also save this webpage locally, it’s a very neat tool. Other than that, you can try other local tools like this one!

Continue reading “Human-Interfacing Devices: Packing For The Descriptor Heist” →