JTAG & SWD Debugging On The Pi Pico

January 18, 2025 by Tom Nardi 19 Comments

[Surya Chilukuri] writes in to share JTAGprobe — a fork of the official Raspberry Pi debugprobe firmware that lets you use the low-cost microcontroller development board for JTAG and SWD debugging just by flashing the provided firmware image.

We’ve seen similar projects in the past, but they’ve required some additional code running on the computer to bridge the gap between the Pico and your debugging software of choice. But [Surya] says this project works out of the box with common tools such as OpenOCD and pyOCD.

As we’ve cautioned previously, remember that the Pi Pico is only a 3.3 V device. JTAG and SWD don’t have set voltages, so in the wild you could run into logic levels from 1.2 V all the way to 5.5 V. While being able to use a bare Pico as a debugger is a neat trick, adding in a level shifter would be a wise precaution.

Looking to get even more use out of those Pi Picos you’ve got in the parts bin? How about using it to sniff USB?

All The Attacks On The RP2350

January 15, 2025 by Elliot Williams 29 Comments

Raspberry Pi’s new microcontroller, the RP2350, has a small section of memory that is meant for storing secrets. It’s protected by anti-glitching and other countermeasures, and the Raspberries wanted to test it. So this summer, they gave them out, pre-programmed with a secret string, as part of the badge for DEFCON attendees. The results of the cracking efforts are in, and it’s fair to say that the hackers have won.

First place went to [Aedan Cullen], who also gave a great talk about how he did it at 38C3. One of the coolest features of the RP2350, from a hacker perspective, is that it has dual ARM and dual RISC-V cores onboard, and they can be swapped out by multiplexers. The security module has a critical register that has disable bits for both of these processors, but it turns out that the ARM disable bits have priority. When [Aedan] glitched the security module just right, it disabled the ARM cores but left the RISC-V cores running in the secure context, with full debug(!), and the game was over. As of yet, there is no mitigation for this one, because it’s baked into the secure boot module’s silicon.

[Marius Muench] managed to pre-load malicious code into RAM and glitch a reboot-out-of-secure-mode on the USB module. This one is possibly fixable by checking other reboot flags. [Kévin Courdesses] has a sweet laser fault-injection rig that’s based on the 3D-printable OpenFlexure Delta Stage, which we’ve seen used for microscopy purposes, but here he’s bypassing the anti-glitching circuitry by exposing the die and hitting it hard with photons.

Finally, [Andrew Zonenberg] and a team from IOActive went at the RP2350 with a focused ion beam and just read the memory, or at least the pairwise-OR of neighboring bits. Pulling this attack off isn’t cheap, and it’s a more general property of all anti-fuse memory cells that they can be read out this way. Chalk this up as a mostly-win for the offense in this case.

If you want to read up on voltage glitching attacks yourself, and we promise we won’t judge, [Matthew Alt] has a great writeup on the topic. And ironically enough, one of his tools of choice is [Colin O’Flynn]’s RP2040-based Chip Shouter EMP glitcher, which he showed us how to make and use in this 2021 Remoticon talk.

Logging Baby’s Day In Linux

January 7, 2025 by Tom Nardi 37 Comments

There’s plenty of surprises to be had when you become a parent, and one of the first is that it’s suddenly your job to record the frequency of your infant’s various bodily functions in exacting detail. How many times did the little tyke eat, how long did they sleep, and perhaps most critically, how many times did they poop. The pediatrician will expect you to know these things, so you better start keeping notes.

Or, if you’re [Triceratops Labs], you build a physical button panel that will keep tabs on the info for you. At the press of each button, a log entry is made on the connected Raspberry Pi Zero W, which eventually makes its way to a web interface that you can view to see all of Junior’s statistics.

In terms of hardware, this one is quite simple — it’s really just an array of arcade-style push buttons wired directly into the Pi’s GPIO header. Where it shines is in the software. This project could have been just a Python script and a text file, but instead it uses a MariaDB database on the back-end, with Apache and PHP serving up the web page, and a custom Systemd service to tie it all together. In other words, it’s what happens when you let a Linux admin play with a soldering iron.

It probably won’t come as much surprise to find that hackers often come up with elaborate monitoring systems for their newborn children, after all, it’s a great excuse for a new project. This machine learning crib camera comes to mind.

The added 3.3v rail on the Raspberry Pi 500 PCB. (Credit: Samuel Hedrick)

Enabling NVMe On The Raspberry Pi 500 With A Handful Of Parts

December 18, 2024 by Maya Posch 69 Comments

With the recent teardown of the Raspberry Pi 500, there were immediately questions raised about the unpopulated M.2 pad and related traces hiding inside. As it turns out, with the right parts and a steady hand it only takes a bit of work before an NVMe drive can be used with the RP500, as [Jeff Geerling] obtained proof of. This contrasts with [Jeff]’s own attempt involving the soldering on of an M.2 slot, which saw the NVMe drive not getting any power.

The four tiny coupling capacitors on the RP500’s PCIe traces. (Source: Jeff Geerling)

The missing ingredients turned out to be four PCIe coupling capacitors on the top of the board, as well as a source of 3.3 V. In a pinch you can make it work with a bench power supply connected to the pads on the bottom, but using the bottom pads for the intended circuitry would be much neater.

This is what [Samuel Hedrick] pulled off with the same AP3441SHE-7B as is used on the Compute Module 5 IO board. The required BOM for this section which he provides is nothing excessive either, effectively just this one IC and required external parts to make it produce 3.3V.

With the added cost to the BOM being quite minimal, this raises many questions about why this feature (and the PoE+ feature) were left unpopulated on the PCB.

Featured image: The added 3.3 V rail on the Raspberry Pi 500 PCB. (Credit: Samuel Hedrick)

Pico Logic Analyzer Gets New Version

December 12, 2024 by Al Williams 25 Comments

[Happy Little Diodes] built a Pi Pico logic analyzer designed by [El Dr. Gusman] using the original design. But he recently had a chance to test the newest version of the design, which is a big upgrade. You can see his take on the new design in the video below.

The original design could sample 24 channels at 100 MHz and required two different PCBs. The new version uses a single board and can operate up to 400 MHz. There’s also a provision for chaining multiple boards together to get more channels. You can set the level shifters to use 5 V, 3.3 V, or an external voltage. Since [Happy] is working on a ZX Spectrum, the 5 V conversion is a necessity.

The code is on GitHub, although it warns you that version six — the one seen in the video — isn’t stable, so you might have to wait to make one on your own. The software looks impressive and there may be some effort to integrate with Sigrok.

If you missed our coverage of the earlier version, you can still catch up. Dead set on Sigrok support? [Pico-Coder] can help you out.

Continue reading “Pico Logic Analyzer Gets New Version” →

Raspberry Pi 500 And The Case Of The Missing M.2 Slot

December 9, 2024 by Maya Posch 76 Comments

Raspberry Pi just dropped the new Raspberry Pi 500, which like its predecessor puts the similarly named SBC into a keyboard. In a detailed review and teardown video, [Jeff Geerling] goes over all the details, and what there is to like and not like about this new product.

The new Raspberry Pi 500 with the new Raspberry Pi Monitor. (Credit: Jeff Geerling)

Most of the changes relative to the RP400 are as expected, with the change to the same BCM2712 SoC as on the Raspberry Pi 5, while doubling the RAM to 8 GB and of course you get the soft power button. As [Jeff] discovers with the teardown, the odd thing is that the RP500 PCB has the footprints for an M.2 slot, as seen on the above image, but none of the components are populated.

Naturally, [Jeff] ordered up some parts off Digikey to populate these footprints, but without luck. After asking Raspberry Pi, he was told that these footprints as well as those for a PoE feature are there for ‘flexibility to reuse the PCB in other contexts’. Sadly, it seems that these unpopulated parts of the board will have to remain just that, with no M.2 NVMe slot option built-in. With the price bump to $90 from the RP400’s $70 you’ll have to do your own math on whether the better SoC and more RAM is worth it.

In addition to the RP500 itself, [Jeff] also looks at the newly launched Raspberry Pi Monitor, a 15.6″ IPS display for $100. This unit comes with built-in speakers and VESA mount, but as [Jeff] notes in his review, using this VESA mount also means that you’re blocking all the ports, so you have to take the monitor off said VESA mount if you want to plug in or out any cables.

Continue reading “Raspberry Pi 500 And The Case Of The Missing M.2 Slot” →

Front view of blue bicycle with Raspberry Pi webserver

Pedaling Your Mobile Web Server Across The Globe

December 8, 2024 by Heidi Ulrich 11 Comments

We tinkerers often have ideas we know are crazy, and we make them up in the most bizarre places, too. For example, just imagine hosting a website while pedaling across the world—who would (not) want that? Meet [Jelle Reith], a tinkerer on an epic cycling adventure, whose bicycle doubles as a mobile web server. [Jelle]’s project, jelle.bike, will from the 6th of December on showcase what he’s seeing in real time, powered by ingenuity and his hub dynamo. If you read this far, you’ll probably guess: this hack is done by a Dutchman. You couldn’t be more right.

At the heart of [Jelle]’s setup is a Raspberry Pi 4 in a watertight enclosure. The tiny powerhouse runs off energy generated by a Forumslader V3, a clever AC-to-DC converter optimized for bike dynamos. The Pi gets internet access via [Jelle]’s phone hotspot, but hosting a site over cellular networks isn’t as simple as it sounds. With no static IP available, [Jelle] routes web traffic through a VPS using an SSH tunnel. This crafty solution—expanded upon by Jeff Geerling—ensures seamless access to the site, even overcoming IPv6 quirks.

The system’s efficiency and modularity exemplify maker spirit: harnessing everyday tools to achieve the extraordinary. For more details, including a parts list and schematics, check out [Jelle]’s Hackaday.io project page.