32C3: Dieselgate — Inside The VW’s ECU

[Daniel Lange] and [Felix Domke] gave a great talk about the Volkswagen emissions scandal at this year’s Chaos Communication Congress (32C3). [Lange] previously worked as Chief architect of process chain electronics for BMW, so he certainly knows the car industry, and [Domke] did a superb job reverse-engineering his own VW car. Combining these two in one talk definitely helps clear some of the smog around the VW affair.

[Lange]’s portion of the talk basically concerns the competitive and regulatory environments that could have influenced the decisions behind the folks at VW who made the wrong choices. [Lange] demonstrates how “cheating” Europe’s lax testing regime is fairly widespread, mostly because the tests don’t mimic real driving conditions. But we’re not sure who’s to blame here. If the tests better reflected reality, gaming the tests would be the same as improving emissions in the real world.

As interesting as the politics is, we’re here for the technical details, and the reverse-engineering portion of the talk begins around 40 minutes in but you’ll definitely want to hear [Lange]’s summary of the engine control unit (ECU) starting around the 38 minute mark.

[Domke] starts off with a recurring theme in our lives, and the 32C3 talks: when you want to reverse-engineer some hardware, you don’t just pull the ECU out of your own car — you go buy another one for cheap online! [Domke] then plugged the ECU up to a 12V power supply on his bench, hooked it up, presumably to JTAG, and found a bug in the firmware that enabled him to dump the entire 2MB of flash ROM into a disassembler. Respect! His discussion of how the ECU works is a must. (Did you know that the ECU reports a constant 780 RPM on the tacho when the engine’s idling, regardless of the actual engine speed? [Domke] has proof in the reverse-engineered code!)

The ECU basically takes in data from all of the car’s sensors, and based on a number of fixed data parameters that physically model the engine, decides on outputs for all of the car’s controls. Different car manufacturers don’t have to re-write the ECU code, but simply change the engine model. So [Domke] took off digging through the engine model’s data.

Long story short, the driving parameters that trigger an emissions reduction exactly match those that result from the EU’s standardized driving schedule that they use during testing — they’re gaming the emissions tests something fierce. You’ve really got to watch the presentation, though. It’s great, and we just scratched the surface.

And if you’re interested in our other coverage of the Congress, we have quite a collection going already.

32C3: Inside Glorious Leader’s Operating System

North Korea is a surveillance state propped up by a totalitarian government infamous for human rights abuses and a huge military that serves the elite while the poor are left to fight over scraps. Coincidently, that’s exactly what North Korea says about the United States.

There is one significant difference between the two countries: North Korea has developed its own operating system for its citizens, called Red Star OS. It’s an operating system based on Linux, but that has a few interesting features that allow Glorious Leader to take care of his citizens. A deep teardown of what has gone into the development of Red Star OS hasn’t been available until now, with [Florian Grunow] and [Niklaus Schiess]’s talk at the Chaos Communication Congress this week.

Kim Jong-Un with an iMac
Kim Jong-Un with an iMac

The first question anyone must ask when confronted with an operating system built by a country that doesn’t have much electricity is, “why?” This question can only be answered philosophically; the late Kim Jong-Il stressed the importance of North Korea developing “their own style” of programming, and not relying on western operating systems. Nearly everything in Red Star has been modified, with a custom browser called Naenara, a crypto tool, a clone of Open Office, a software manager, and a custom music composition tool. Red Star also had to have the look and feel of OS X; that is, after all, what Glorious Leader uses.

Red Star goes much deeper than custom browsers and a desktop theme. There are other, subtler components inside the OS. There is a program that verifies the integrity of the system by checking signatures of the custom files against a database. If a file has been tampered with, the system reboots. Since this tamper check runs on bootup, Red Star makes it nearly impossible to modify files for study. This is one of the big features designed into Red Star – system integrity is paramount.

There are other custom bits of software that hide files from the user even if they have root, and a ‘virus scanner’ that is anything but. This virus scanner checks documents for patterns that, when put through Google Translate, are strange, weird, and somewhat understandable. Phrases like, “punishment”, “hungry”, and “strike with fists” are detected in all documents, and depending on what the developers decide, these documents can be deleted on a whim.

While scanning a system for documents that contain non-approved speech is abhorrent enough, there’s another feature that would make any privacy advocate weep. Media files including DOCX, JPG, PNG, and AVI files are watermarked by every computer that opened the files. This allows anyone to track the origin of a file, with the obvious consequences to free speech that entails.

While most people in the US consider North Korea to be a technological backwater and oppressive regime, the features that make Red Star OS useful to the DPRK are impressive. The developers touched nearly everything in Red Star, and the features inside it are rather clever and make their style of surveillance very useful. They’re also doing this without any apparent backdoors or other spycraft; they’re putting all their surveillance out in the open for all to see, which is, perhaps, the best way to go about it.

Messages From Hell: Human Signal Processing

Despite the title, there’s no religious content in this post. The Hell in question is the German inventor [Rudolph Hell]. Although he had an impressive career, what most people remember him for is the Hellschreiber–a device I often mention when I’m trying to illustrate engineering elegance. What’s a Hellschreiber? And why is it elegant?

The first question is easy to answer: the Hellschreiber is almost like a teletype machine. It sends printed messages over the radio, but it works differently than conventional teletype. That’s where the elegance comes into play. To understand how, though, you need a little background.

Continue reading “Messages From Hell: Human Signal Processing”

FAA Bans Drones For More Than Six Million People

In recent weeks, the FAA has solicited input from hobbyists and companies in the ‘drone’ industry, produced rules and regulations, and set up a registration system for all the quadcopters and flying toys being gifted over the holiday season. Whether or not the FAA is allowed to do this is a question being left to the courts, but for now, the FAA has assuredly killed a hobby for more than six million people. The FAA has introduced an updated Temporary Flight Restriction (TFR) for a 30-mile radius around Washington, DC.

staticmap
The 30-mile TFR area

Previously, there had been a blanket ban on drones, UAS, and model aircraft within a 15-mile radius of a point inside Reagan National Airport. This point covered the District of Columbia proper, and the suburbs of Bethesda, College Park, and Alexandria – basically, everything inside the beltway, and a mile or two beyond. The new flight restriction for drones covers a vastly larger area – all of the DC metro area, Annapolis, half of Baltimore, and all of northern Virginia. This area encompasses a population of more than six million people.

The DC metro area has, since 9/11, become some of the most complex airspace in the entire country. There are several military bases, Aberdeen proving grounds, the US Naval academy, and of course the White House, Capitol building, and the Pentagon. Even commercial airliners are subject to some very interesting regulations. For the same reason general aviation shuts down in southern California every time the president visits LA, you simply can’t fly model aircraft within the beltway; it’s a security measure, and until now, flying clubs in the DC area have dealt with these restrictions.

The new TFR has effectively shuttered more than a dozen flying clubs associated with the Academy of Model Aeronautics. DCRC, a club with a field in the middle of some farmland in Maryland, has closed down until further notice. The Capital Area Soaring Association has also closed because of the TFR.

Although called a Temporary Flight Restriction, this is a rule that will be around for a while. The FAA says this restriction is here for good.

Simone Does Strange Things With Motors And Servos

If DC motors are the “Hello World” of making things move, servo motors are the next logical step. [Simone Giertz] is following this exact path with the Wake-up Machine and her newly released Chopping Machine. [Simone] discovered that the best way to wake up in the morning is to be repeatedly slapped in the face by a robot. The Wake-up Machine was custom designed to do exactly that. Who could sleep through being repeatedly slapped in the face? A beefy gearmotor from ServoCity spins a Halloween prop arm round and round, providing  “refreshing” slaps.

wakeThe system is triggered by an alarm clock. The clock’s alarm output is connected to an Arduino Uno. The Uno then activates a relay, which spins up the motor. [Simone] realizes that she could have skipped the Arduino here, but it was the path of least resistance in for this project. If the slapping hand isn’t enough to get you going, the Wake-up machine does have a secret weapon: It may just grab your hair, turning a video shoot into a painful ordeal.

Simone’s latest project is the Chopping Machine. ServoCity must have liked her first videos, as they’ve sponsored her for this project. The machine consists of two knives that … well, chop. Two high-powered servos are controlled by an Arduino Nano. The servos raise spring-loaded knives, which then drop down, chopping vegetables, fingers, and anything else in their path. The whole machine is built with aluminum channel stock, and a huge wooden cutting board. Of course, just building the machine wasn’t enough. [Simone] filmed a parody infomercial for any perspective Chopping Machine buyers, and to put fear in the heart of anyone named Chad.

Click past the break for a couple of [Simone’s] vlogs describing the machines.

Continue reading “Simone Does Strange Things With Motors And Servos”

Drone Registration Is Just FAA Making You Read Their “EULA”

Over the last few weeks we’ve waded through the debate of Drone restrictions as the FAA announced, solicited comments, and finally put in place a registration system for Unmanned Aerial Systems (UAS). Having now had a week to look at the regulation, and longer to consider the philosophy behind it, I don’t think this is a bad thing. I think the FAA’s move is an early effort to get people to pay attention to what they’re doing.

The broad picture looks to me like a company trying to get users to actually read an End User Licensing Agreement. I’m going to put the blame for this firmly on Apple. They are the poster children for the unreadable EULA. Every time there is an update, you’re asked to read the document on your smartphone. You scroll down a bit and think it’s not that long, until you discover that it’s actually 47 pages. Nobody reads this, and years of indoctrination have made the click-through of accepting an EULA into a pop-culture reference. In fact, this entire paragraph has been moot. I’d bet 99 out of 103 readers knew the reference before I started the explanation.

So, we have a population of tech adopters who have been cultivated to forego reading any kind of rules that go with a product. Then we have technological advancement and business interests that have brought UAS to the feet of the general public both with low costs, wide availability, and pop-culture appeal. What could possibly go wrong? Let’s jump into that, then cover some of the other issues people are concerned about, like the public availability of personal info on the drone registry.

Continue reading “Drone Registration Is Just FAA Making You Read Their “EULA””

Desoldering Doesn’t Necessarily Suck

What’s your favorite way to fix soldering mistakes or get usable components off that board you found in a Dumpster? I’ve always been partial to desoldering braid, though I’ve started to come around on the vacuum pump depending on the situation. [Proto G] sent in an Instructable that outlines nine different ways to desolder components that take varying amounts of time and skill.

He starts with one that is often overlooked if you don’t have a solder pot. [Proto G] recommends this method only when you don’t want to keep the board. Cover the solder joints of the components you want to keep with flux and hold it over the solder pot while pulling out the components with pliers. The flux isn’t critical, but it makes removal faster and easier.

For boards in need of repair, [Proto G] uses a manual pump or copper desoldering braid that comes coated with flux. If you can afford one, a desoldering machine seems like the way to go—it combines the heat of a soldering iron with the vacuum of a manual pump. Desoldering tweezers and hot air rework stations look like great ways to remove surface mount components.

If you enjoyed this, check out [Bil Herd’s] guide on component desoldering. There are also few ways that [Proto G] doesn’t mention, like holding the board over an alcohol flame. Let us know your favorite desoldering method in the comments.

Continue reading “Desoldering Doesn’t Necessarily Suck”