Microcontrollers

2217 Articles

All The Attacks On The RP2350

January 15, 2025 by 29 Comments

Raspberry Pi’s new microcontroller, the RP2350, has a small section of memory that is meant for storing secrets. It’s protected by anti-glitching and other countermeasures, and the Raspberries wanted to test it. So this summer, they gave them out, pre-programmed with a secret string, as part of the badge for DEFCON attendees. The results of the cracking efforts are in, and it’s fair to say that the hackers have won.

First place went to [Aedan Cullen], who also gave a great talk about how he did it at 38C3. One of the coolest features of the RP2350, from a hacker perspective, is that it has dual ARM and dual RISC-V cores onboard, and they can be swapped out by multiplexers. The security module has a critical register that has disable bits for both of these processors, but it turns out that the ARM disable bits have priority. When [Aedan] glitched the security module just right, it disabled the ARM cores but left the RISC-V cores running in the secure context, with full debug(!), and the game was over. As of yet, there is no mitigation for this one, because it’s baked into the secure boot module’s silicon.

[Marius Muench] managed to pre-load malicious code into RAM and glitch a reboot-out-of-secure-mode on the USB module. This one is possibly fixable by checking other reboot flags. [Kévin Courdesses] has a sweet laser fault-injection rig that’s based on the 3D-printable OpenFlexure Delta Stage, which we’ve seen used for microscopy purposes, but here he’s bypassing the anti-glitching circuitry by exposing the die and hitting it hard with photons.

Finally, [Andrew Zonenberg] and a team from IOActive went at the RP2350 with a focused ion beam and just read the memory, or at least the pairwise-OR of neighboring bits. Pulling this attack off isn’t cheap, and it’s a more general property of all anti-fuse memory cells that they can be read out this way. Chalk this up as a mostly-win for the offense in this case.

If you want to read up on voltage glitching attacks yourself, and we promise we won’t judge, [Matthew Alt] has a great writeup on the topic. And ironically enough, one of his tools of choice is [Colin O’Flynn]’s RP2040-based Chip Shouter EMP glitcher, which he showed us how to make and use in this 2021 Remoticon talk.

Homebrew Retro Console Runs On PIC32

January 13, 2025 by 9 Comments

[Chad Burrow] decided to take on a noble task—building a “retro” style computer and video game console. Only, this one is built using somewhat modern hardware—relying on the grunt of the PIC32MZ2048EFH144 to get the job done. Meet the Acolyte Hand PIC’d 32.

It’s name might be a mouthful, but that chip can pull off some great feats! With a clock speed of 200 MHz, it’s not  short on processing power, though RAM and flash storage are somewhat limited at just 512 KB and 2MB respectively. [Chad] was able to leverage those constraints to get a VGA output working at a resolutions up to 800 x 600, with up to 65,000 colors—though 256 colors is more practical due to memory concerns. The Acolyte Hand also rocks two 8-bit audio channels. It has a pair of Genesis-compatible controller ports as well as PS/2 and USB for keyboards and mice, along with more modern Xbox 360 controllers.

[Chad] cooked up some software to put it through its paces, too. It’s got a Tetris clone on board, and can also run Game Boy games at full speed via the Peanut-GB emulator. That provides for a pretty rich game library, though [Chad] notes he plans to develop more native video games for his system to demo at his local college. Design files are on Github for the curious.

This project is a great example of just how powerful modern microcontrollers have become. Once upon a time, just driving a simple black-and-white graphical LCD might have taken some real effort, but today, there are pixels and clock cycles to spare in projects like these. Truly a wonderous world we live in!

Tactility; The ESP32 Gets Another OS

January 11, 2025 by 11 Comments

Doing the rounds this week is a new operating system for ESP32 microcontrollers, it’s called Tactility, and it comes from [Ken Van Hoeylandt]. It provides a basic operating system level with the ability to run apps from an SD card, and it has the choice of a headless version or an LVGL-based touch UI.

Supported devices so far are some Lillygo and M5Stack boards, with intriguingly, support in the works for the Cheap Yellow Display board that’s caught some attention recently. The term “ESP32” is now a wide one encompassing Tensilica and RISC-V cores and a range of capabilities, so time will tell how flexible it is for all branches of the family.

We find this OS to be interesting, both in its own right and because it joins at least two others trying to do the same thing. There’s [Sprite_TM]’s PocketSprite mini console, and the operating system used by the series of Netherlands hacker camp badges,  We’ll be trying to get a device running it, in order to give you a look at whether it’s suitable for your projects. If it runs well on the cheaper hardware, it could be a winner!

RISC-V Microcontroller Lights Up Synth With LED Level Meter

January 10, 2025 by 8 Comments

The LM3914 LED bar graph driver was an amazing chip back in the day. Along with the LM3915, its logarithmic cousin, these chips gave a modern look to projects, allowing dancing LEDs to stand in for a moving coil meter. But time wore on and the chips got harder to find and even harder to fit into modern projects, what with their giant DIP-18 footprint. What’s to be done when a project cries out for bouncing LEDs? Simple — get a RISC-V microcontroller and roll your own LED audio level meter.

In fairness, “simple” isn’t exactly what comes to mind while reading [svofski]’s write-up of this project. It’s part of a larger build, a wavetable synth called “Pétomane Ringard” which just screams out for lots of blinky LEDs. [svofski] managed to squeeze 20 small SMD LEDs onto the board along with a CH32V003 microcontroller. The LEDs are charlieplexed, using five of the RISC-V chip’s six available GPIO lines, leaving one for the ADC input. That caused a bit of trouble with programming, since one of those pins is needed to connect to the programmer. This actually bricked the chip, thankfully only temporarily since there’s a way to glitch the chip back to life, but only after pulling it out of the circuit. [svofski] recommends adding a five-second delay loop to the initialization routine to allow time to recover if the microcontroller gets into an unprogrammable state. Good tip.

As for results, we think the level meter looks fantastic. [svofski] went for automated assembly of the 0402 LEDs, so the strip is straight and evenly spaced. The meter seems to be quite responsive, and the peak hold feature is a nice touch. It’s nice to know there’s a reasonable substitute for the LM391x chips, especially now that all the hard work has been done.
Continue reading “RISC-V Microcontroller Lights Up Synth With LED Level Meter”

A Low Effort, Low Energy Doorbell

January 10, 2025 by 19 Comments

Bluetooth is a good way to connect devices that are near each other. However, it can drain batteries which is one reason Bluetooth Low Energy — BLE — exists. [Drmph] shows how easy it is to deploy BLE to make, in this case, a doorbell. He even shows how you can refit an existing doorbell to use the newer technology.

Like many projects, this one started out of necessity. The existing wireless doorbell failed, but it was difficult to find a new unit with good review. Cheap doorbells tend to ring spuriously due to interference. BLE, of course, doesn’t have that problem. Common BLE modules make up the bulk of the project. It is easy enough to add your own style to the doorbell like a voice announcement or musical playback. The transmitter is little more than a switch, the module, a coin cell, and an LED.

It is, of course, possible to have a single receiver read multiple doorbells. For example, a front door and back door with different tones. The post shows how to make a remote monitor, too, if you need the bell to ring beyond the range of BLE.

A fun, simple, and useful project. Of course, the cool doorbells now have video. Just be careful not to get carried away.

More Things To Do With Your Cheap Yellow Display

January 7, 2025 by 11 Comments

The Cheap Yellow Display (CYD) is an ESP32 development board that’s been making the rounds for a while now, thanks to its value and versatility. For around $10 USD, you get a nicely integrated package that’s perfect for a wide array of projects and applications. Toss a couple in on your next AliExpress order, and all you need to do is come up with an idea. [Craig Lindley] had two ideas, and maybe they will help get those gears turning in your head. Even if you don’t need a network-connected MP3 player or GPS information display, we bet browsing the source code would be useful.

Continue reading “More Things To Do With Your Cheap Yellow Display”

Button Debouncing With Smart Interrupts

January 4, 2025 by 55 Comments

Debouncing button or switch inputs on microcontrollers can be a challenging problem for those first starting to program these devices. Part of the reason for this difficulty is that real-world buttons don’t behave like the idealized textbook components we first learn about, and therefore need special consideration to operate like one would expect. There are simple ways to debounce inputs like adding a delay after a button is pressed, but for more efficient use of computer resources as well as adding some other capabilities to inputs you might want to look at this interrupt service routine (ISR) method from [Lee] aka [stockvu].

The strategy with this debounce method is not simply to use a single ISR for the button input, but to activate a second timer-based ISR at that time that runs at a certain interval which timestamps any button press and checks the amount of time the button has been active. If it’s under a certain threshold the ISR assumes it’s caused by bounce and blocks the bounce. If the timestamp ages past another longer threshold it knows the button has been released. This method allows on-the-fly adaptation between long button presses and rapid button presses and is capable of debouncing both types.

For those wanting to try this out, [stockyu] has included some example Arduino code for others to use. It’s an interesting take on a solution for a common problem, and puts very little load on the microcontroller. There are about as many ways to debounce inputs as there are microcontroller platforms, though, and you can even use a 555 timer to get this job done which frees up 100% of the microcontroller’s CPU.