At first, Web browsers displayed HTML pages. But then people wanted those pages to do something. So we got — among other things — JavaScript. Then people wanted to do super complicated and compute-intensive things. So now we have WebAssembly. If you want to learn it, [diekmann] has a 4-part series that covers everything from getting started to porting Doom into your browser.
Paradoxically, instead of using a browser, he uses the wasm binary toolkit to run code more like a standard assembler. And wasm — what most people call WebAssembly — isn’t like most assemblers you know. Instead of labels, there are blocks that work much more like high-level language constructs such as while loops in C.
Who doesn’t know the struggle? Buying an interesting piece of hardware for a song and a dance, and then finding that the device’s firmware and/or configuration file is locked down with various encryption or obfuscation methods. This was the experience [Ali Raheem] had when he got a TP-Link TL-MR3020 V3 for a mere 18 British Pounds, intending to use this 4G-capable router to increase internet reliability.
Naturally this can all be done when staying inside the vendor-provided marked lines, which in this case meant ignoring the encrypted configuration files. As the owner of the hardware, this was of course unacceptable and thus [Ali] got a firmware image from the TP-Link site to see what could be gleaned from it in terms of encryption keys and other hints.
After obtaining the TP-Link-provided BIN file, the application of binwalk helpfully extracted the files embedded in it, followed by John the ripper decrypting the passwords in the /etc/passwd.bak file, and ultimately finding the encrypted /etc/default_config.xml file. Searching for this filename string in the rest of the extracted files led to /lib/libcmm.so.
Dropping this shared library file into Ghidra to disassemble its code, [Ali] found a function suspiciously called decryptFile. Inside was a reference to the global key string, which when tossed into OpenSSL and after some fiddling turned out to decrypt the XML configuration file in des-ecdb mode. From this point dropping in one’s own configuration files should be no problem after encrypting them to make the firmware happy. Nice work!
Got an nRF52 or nRF51 device you need to flash? Got an ESP32 laying around collecting dust? If so, then firmware hacking extraordinaire [Aaron Christophel] has the open source code you need. His new project allows the affordable WiFi-enabled microcontroller to read and write to the internal flash of Nordic nRF52 series chips via their SWD interface. As long as you’ve got some jumper wires and a web browser, you’re good to go.
In the first video below [Aaron] demonstrates the technique with the PineTime smartwatch, but the process will be more or less the same regardless of what your target device is. Just connect the CLK and DIO lines to pins GPIO 21 and GPIO 19 of the ESP32, point your web browser to its address on the local network, and you’ll be presented with a straightforward user interface for reading and writing the chip’s flash.
As demonstrated in the second video, with a few more wires and a MOSFET, the ESP32 firmware is also able to perform a power glitch exploit on the chip that will allow you to read the contents of its flash even if the APPROTECT feature has been enabled. [Aaron] isn’t taking any credit for this technique though, pointing instead to the research performed by [LimitedResults] to explain the nuts and bolts of the attack.
Ever since the SMART Response XE was brought to our attention back in 2018, we’ve been keeping a close lookout for projects that make use of the Arduino-compatible educational gadget. Admittedly it’s taken a bit longer than we’d expected for the community to really start digging into the capabilities of the QWERTY handheld, but occasionally we see an effort like this port of BASIC to the SMART Response XE by [Dan Geiger] that reminds us of why we were so excited by this device to begin with.
This project combines the SMART Response XE support library by [Larry Bank] with Tiny BASIC Plus, which itself is an update of the Arduino BASIC port by [Michael Field]. The end result is a fun little BASIC handheld that has all the features and capabilities you’d expect, plus several device-specific commands that [Dan] has added such as BATT to check the battery voltage and MSAVE/MLOAD which will save and load BASIC programs to EEPROM.
To install the BASIC interpreter to your own SMART Response XE, [Dan] goes over the process of flashing it to the hardware using an AVR ISP MkII and a few pogo pins soldered to a bit of perboard. There are holes under the battery door of the device that exposes the programming pads on the PCB, so you don’t even need to crack open the case. Although if you are willing to crack open the case, you might as well add in a CC1101 transceiver so the handy little device can double as a spectrum analyzer.
There was a time when a new version of Windows was a really big deal, such the launch of Windows 95 for which the tones of the Rolling Stones’ Start me up could be heard across all manner of media outlets. Gradually over years this excitement has petered out, finally leaving us with Windows 10 that would, we were told, be the last ever version of the popular operating system and thence only receive continuous updates
The electric power grid, as it exists today, was designed about a century ago to accommodate large, dispersed power plants owned and controlled by the utilities themselves. At the time this seemed like a great idea, but as technology and society have progressed the power grid remains stubbornly rooted in this past. Efforts to modify it to accommodate solar and wind farms, electric cars, and other modern technology need to take great effort to work with the ancient grid setup, often requiring intricate modeling like this visual power grid emulator.
The model is known as LEGOS, the Lite Emulator of Grid Operations, and comes from researchers at RWTH Aachen University. Its goal is to simulate a modern power grid with various generation sources and loads such as homes, offices, or hospitals. It uses a DC circuit to simulate power flow, which is visualized with LEDs. The entire model is modular, so components can be added or subtracted easily to quickly show how the power flow changes as a result of modifications to the grid. There is also a robust automation layer to the entire project, allowing real-time data acquisition of the model to be gathered and analyzed using an open source cloud service called FIWARE.
In order to modernize the grid, simulations like these are needed to make sure there are no knock-on effects of adding or changing such a complex system in ways it was never intended to be changed. Researchers in Europe like the ones developing LEGOS are ahead of the curve, as smart grid technology continues to filter in to all areas of the modern electrical infrastructure. It could also find uses for modeling power grids in areas where changes to the grid can happen rapidly as a result of natural disasters.
If you’re looking for a reminder of how powerful the tiny microcontrollers that run our everyday gadgets have become, check out the work impressive work [Audun Wilhelmsen] has done to get DOOM running on the Nordic Semiconductor nRF5340. This is the sort of Bluetooth SoC you’d expect to find in a headset or wireless keyboard, and yet it’s packing a 128 MHz processor that can go head to head with the Intel 486 that the iconic first person shooter recommended you have in your old beige box PC.
That said, porting the open source shooter over to the nRF5340 wasn’t exactly easy. The challenge was getting the game, which recommended your PC have 8 MB back in 1993, to run on a microcontroller with a paltry 512 KB of memory. Luckily, a lot of the data the game loads into RAM is static. While that might have been necessary when the game was running from a pokey IDE hard drive, the nearly instantaneous access times of solid state storage and the nRF5340’s execute in place (XIP) capability meant [Audun] could move all of that over to an SPI-connected 8 MB flash chip with some tweaks to the code.
nRF53 Development board with I2S DAC
In general, [Audun] explains that many of the design decisions made for the original DOOM engine were made with the assumption that the limiting factor would be CPU power rather than RAM. So that lead to things often getting pre-calculated and stored in memory for instant access. But with the extra horsepower of the nRF5340, it was often helpful to flip this dynamic over and reverse the optimizations made by the original developers.
On the hardware side, things are relatively straightforward. The 4.3″ 800×480 LCD display is connected over SPI, and an I2S DAC handles the sound. Bluetooth would have been the logical choice for the controls, but to keep things simple, [Audun] ended up using a BBC micro:bit that could communicate with the nRF5340 via Nordic’s own proprietary protocol. Though he does note that Bluetooth mouse and keyboard support is something he’d like to implement eventually.
If some of the software tricks employed by this hack sounded familiar, it’s because a very similar technique was used to get DOOM running on an IKEA TRÅDFRI light bulb a week or so back. Unfortunately it must have ruffled some feathers, as it was pulled from the Internet in short order. It sounds like [Audun] got the OK from his bosses at Nordic Semiconductor to go public with this project, so hopefully this one will stick around for awhile.
