If you are of a certain age, your first exposure to computer programming was probably BASIC. For a few years, there were few cheaper ways to program in BASIC than the Sinclair ZX series of computers. If you long for those days, you might find the 1980-something variant of BASIC a little limiting. Or you could use SpecBasic from [Paul Dunn].
SpecBasic is apparently reasonably compatible with the Spectrum, but lets you use your better hardware. For example, instead of a 256×192 8-color screen, SpecBas accommodates larger screens and up to 256 colors. However, that does lead to certain incompatibilities that you can read about in the project’s README file.
As cars have become more sophisticated electronically, understanding the CAN bus that forms the backbone of automotive digital systems has become more and more important for hacking cars. Inexpensive microcontroller CAN interfaces have made obtaining the raw CAN bus traffic trivial, but interpreting that traffic can be pretty challenging. In order to more easily visualize CAN traffic, [TJ Bruno] has developed CanoPy, a Python tool for visualizing CAN messages in real time.
A basic PC CAN interface simply dumps the bus’s message traffic into the terminal, while more sophisticated tools organize messages by the address of their intended recipients. Both of these approaches digitally lift the hood and let you examine what your car is thinking, but the wall-of-numbers approach makes finding the patterns that hold the keys to reverse engineering difficult. Automatically plotting the data with CanoPy makes finding correlations much easier, after which the text-based tools can be used to focus in on a few specific addresses.
There are two kinds of programmers: those who don’t use Lisp, and those who need new parenthesis keycaps every six months. Lisp is one of those languages you either really love or really hate. If you love it, you may have checked out ulisp, which runs on Arduino boards of the AVR and ARM variety, as well as ESP chips, RISC-V, and others. A recent update allows the language to insert assembler into AVR programs.
We probably don’t need to convince anyone reading Hackaday why adding assembler is a good thing. It seems to integrate well with the environment, too, so you can write assembler macros in Lisp, which opens up many possibilities.
Out of the box, the Yamaha YAS-207 soundbar can be remotely controlled over Bluetooth, but only when using a dedicated application on iOS or Android. Users who want to command their hardware with their computer, or any other Bluetooth device for that matter, are left out in the cold. Or at least they were, before [Wejn] got on the case.
To capture the communication between the soundbar and the application, [Wejn] first installed Android-x86 in a virtual machine on his computer and then enabled the “Bluetooth HCI snoop log” within Developer Settings. From there, a netcat command running on the virtual Android device continually sent the contents of the btsnoop_hci.log file out to Wireshark on his Linux desktop. As he hit buttons in the Yamaha application, he could watch the data come in live. We’ve seen plenty of people use Android’s integrated Bluetooth packet capture in the past, but never quite like this. It’s certainly a tip worth mentally filing away for the future.
The Pi can now control the TOSLINK connected speakers.
From there, things move pretty quickly. [Wejn] is able to determine that the devices are communicating over a virtual serial port, and starts identifying individual command and response packets. It turns out the commands closely mirror the NEC IR codes that he’d previously decoded on a whim, which helped clear things up. Once the checksum was sorted out, writing some code that can talk to the soundbar from his Raspberry Pi media player was the next logical step.
[Wejn] combined this with the Shairport Sync project, which lets the Raspberry Pi turn on the speaker and switch the input over when he wants to stream AirPlay from his phone. But of course, the same technique could be applied to whatever source of digital audio captures your fancy.
This is one of those posts you should really read in its entirety to truly appreciate. While every device is going to be different, the basic principles and workflow that [Wejn] demonstrates in this project will absolutely be useful in your own reverse engineering adventures. If you’re more of a visual learner, we recently covered a series of YouTube tutorials that cover sniffing BLE devices that’s not to be missed as well.
When Nintendo officially ended production of the 3DS in September 2020, it wasn’t exactly a surprise. For one thing, some variation of the handheld system had been on the market since 2011. Which is not to say the product line had become stagnant: the system received a considerable mid-generation refresh, and there was even a more affordable variant introduced that dropped the eponymous stereoscopic 3D effect, but nearly a decade is still a fairly long life in the gaming industry. Of course Nintendo’s focus on the Switch, a hybrid device that blurs the line between console and handheld games, undoubtedly played a part in the decision to retire what could effectively be seen as a competing product.
While putting the 3DS out to pasture might have been the logical business move, a quick check on eBay seems to tell a different story. Whether it’s COVID keeping people indoors and increasing the demand for at-home entertainment, or the incredible library of classic and modern games the system has access to, the fact is that a used 3DS in good condition is worth more today than it was when it was brand new on the shelf this time last year.
I’ve certainly made more expensive mistakes.
In short, this was the worst possible time for me to decide that I finally wanted to buy a 3DS. Then one day I noticed the average price for a Japanese model was far lower than that of its American counterpart. I knew the hardware was identical, but could the firmware be changed?
An evening’s worth of research told me the swap was indeed possible, but inadvisable due to the difficulty and potential for unexpected behavior. Of course, that’s never stopped me before.
So after waiting the better part of a month for my mint condition 3DS to arrive from the land of the rising sun, I set out to explore the wide and wonderful world of Nintendo 3DS hacking.
If you crave experiencing or reliving what computing was like “back then” you have a lot of options. One option, of course, is to load an emulator and pretend like you have the hardware and software you are interested in. Another often expensive option is to actually buy the hardware on the used market. However, [mit-pdos] has a different approach: port the 6th edition of Unix to RISC-V and use a modern CPU to run an old favorite operating system.
It isn’t an exact copy, of course, but Xv6 was developed back in 2006 as a teaching operating system at MIT. You can find resources including links to the original Unix source code, commentary on the source code, and information about the original PDP 11/40 host computer on the project’s main page.
Embedded Linux devices are everywhere these days, and sooner or later, you’re going to want to poke around in one of them. But how? That’s where posts like this one from [Felipe Astroza] come in. While his work is focused on the Foscam C1 security camera, the techniques and tools he outlines here will work on all sorts of gadgets that have a tiny penguin at their core.
Rather than trying to go in through the front door, [Felipe] starts his assault with the nuclear option: removing the SPI MX25L12835F flash chip from the camera’s PCB and dumping its contents with a Raspberry Pi. From there he walks through the use of different tools to determine the partition scheme of the chip and eventually extract passwords and other interesting bits of information from the various file systems within.
Getting ready to remove the flash chip.
That alone would be worth the read, but things really get interesting once [Felipe] discovers the FirmwareUpgrade program. Since the Foscam’s software updates are encrypted, he reasons that reverse engineering this binary would uncover the key and allow for the creation of custom firmware images that can be flashed through the stock interface.
Further investigation with Ghidra and friends identifies an interesting shared library linked to the executable in question, which is then disassembled in an effort to figure out how the key is being obfuscated. We won’t ruin the surprise, but [Felipe] eventually gets what he’s after.
