Rolling Robot With Two Motors, But None Are On the Wheels

This unusual 3D printed Rolling Robot by [ebaera] uses two tiny hobby servos for locomotion in an unexpected way. The motors drive the front wheel only indirectly, by moving two articulated arms in a reach-and-retract motion similar to a breaststroke. The arms are joined together at the front, where a ratcheting wheel rests underneath. When the arms extend, the wheel rolls forward freely. When the arms retract, the wheel’s ratchet locks and the rest of the body is pulled forward. It looks as though extending one arm more than the other provides for rudimentary steering.

The parts are all 3D printed but some of them look as though they might be a challenge to print well due to the number of small pieces and overhangs. A short video (embedded below) demonstrates how it all works together; the action starts about 25 seconds in.

Continue reading “Rolling Robot With Two Motors, But None Are On the Wheels”

Mbed Labs Chock Full of Arm Goodies

One of the things we like about ARM processors is that there are a variety of options for library support. You can write your own code at the bare metal, of course, but you can also use many different abstraction libraries to make things easier. At the other end of the spectrum, there is Mbed, similar to the sort of libraries that Arduino supplies. Easy to use, although not always the best possible performance. Mbed now has an Mbed Labs site with a lot of extra goodies that go with the Mbed ecosystem, and it has quite a few interesting things.

You’ve always been able to write Mbed code in your browser — some people love that and some hate it and use locally-hosted tools like However, with the Mbed Lab, you can build and most importantly simulate your code in the browser (something we covered last year). There’s also a Javascript interpreter that runs on your chip, a small implementation of TensorFlow for deep learning, and a few other projects on the page.

Continue reading “Mbed Labs Chock Full of Arm Goodies”

Learning ARM assembly with visUAL

Learning assembly is very important if you want to get a grasp of how a computer truly works under the hood. VisUAL is a very capable ARM emulator for those interested in learning the ARM assembly.

The GUI: A simply program to ADD two numbers

In addition to supporting a large subset of ARM instructions, the CPU is emulated via a series of elaborate and instructive animations that help visualise the flow of data to/from registers, any changes made to flags, and any branches taken. It also packs very useful animations to help grasp some of the more tricky instruction such as shifts and stack manipulations.

As it is was designed specifically to be used as teaching tool at Imperial College London, the GUI is very friendly, all the syntax errors are highlighted, and an example of the correct syntax is also shown.

Branch visualisation, credits: VisUAL homepage

You can also do the usual things you would expect from any emulator, such as single step through execution, set breakpoints, and view data in different bases. It even warns you of any possible infinite loops!

That being said, lugging such an extravagant GUI comes at a price; programs that consume a few hundred thousand cycles hog far too much RAM should be run in the supported headless mode.


34C3: Hacking into a CPU’s Microcode

Inside every modern CPU since the Intel Pentium fdiv bug, assembly instructions aren’t a one-to-one mapping to what the CPU actually does. Inside the CPU, there is a decoder that turns assembly into even more primitive instructions that are fed into the CPU’s internal scheduler and pipeline. The code that drives the decoder is the CPU’s microcode, and it lives in ROM that’s normally inaccessible. But microcode patches have been deployed in the past to fix up CPU hardware bugs, so it’s certainly writeable. That’s practically an invitation, right? At least a group from the Ruhr University Bochum took it as such, and started hacking on the microcode in the AMD K8 and K10 processors.

The hurdles to playing around in the microcode are daunting. It turns assembly language into something, but the instruction set that the inner CPU, ALU, et al use was completely unknown. [Philip] walked us through their first line of attack, which was essentially guessing in the dark. First they mapped out where each x86 assembly codes went in microcode ROM. Using this information, and the ability to update the microcode, they could load and execute arbitrary microcode. They still didn’t know anything about the microcode, but they knew how to run it.

So they started uploading random microcode to see what it did. This random microcode crashed almost every time. The rest of the time, there was no difference between the input and output states. But then, after a week of running, a breakthrough: the microcode XOR’ed. From this, they found out the syntax of the command and began to discover more commands through trial and error. Quite late in the game, they went on to take the chip apart and read out the ROM contents with a microscope and OCR software, at least well enough to verify that some of the microcode operations were burned in ROM.

The result was 29 microcode operations including logic, arithmetic, load, and store commands — enough to start writing microcode code. The first microcode programs written helped with further discovery, naturally. But before long, they wrote microcode backdoors that triggered when a given calculation was performed, and stealthy trojans that exfiltrate data encrypted or “undetectably” through introducing faults programmatically into calculations. This means nearly undetectable malware that’s resident inside the CPU. (And you think the Intel Management Engine hacks made you paranoid!)

[Benjamin] then bravely stepped us through the browser-based attack live, first in a debugger where we could verify that their custom microcode was being triggered, and then outside of the debugger where suddenly xcalc popped up. What launched the program? Calculating a particular number on a website from inside an unmodified browser.

He also demonstrated the introduction of a simple mathematical error into the microcode that made an encryption routine fail when another particular multiplication was done. While this may not sound like much, if you paid attention in the talk on revealing keys based on a single infrequent bit error, you’d see that this is essentially a few million times more powerful because the error occurs every time.

The team isn’t done with their microcode explorations, and there’s still a lot more of the command set left to discover. So take this as a proof of concept that nearly completely undetectable trojans could exist in the microcode that runs between the compiled code and the CPU on your machine. But, more playfully, it’s also an invitation to start exploring yourself. It’s not every day that an entirely new frontier in computer hacking is bust open.

An Mbed In Your Browser

If you have dabbled in the world of ARM microcontrollers, you might be familiar with the Mbed platform, a software abstraction layer for a range of ARM-based small dev boards. If you don’t have an Mbed board but fancy giving it a go, you might imagine that you’d be out of luck, but [Jan Jongboom] could have an answer to your problem in the form of an Mbed simulation in your browser.

We’re not high-end ARM microcontroller developers here at Hackaday so beyond observing that it brings the Mbed abstraction layer binaries to the browser through the magic of Emscripten it’s best to point the curious at its GitHub repository. But we can see its attraction as a means to take a look at Mbed, and given that [Jan] describes himself as “a developer and evangelist currently working on the Internet of Things for ARM“, it’s safe to say this one comes as they say, from the horse’s mouth.

The Mbed board that is probably most famous is the education-focused micro:bit, but there are plenty of others on the market. Back in 2015 we published a getting started guide, if you are new to the Mbed.

Via Hacker News.

Snitch On Your AC Devices With Stolen Power

Low power devices are always intriguing, as they open up possibilities for applications with the need to operate remotely, or for very long periods without attention. There are all manner of techniques for powering such devices, too, such as using solar panels, super capacitors, or other fancy devices. The Micro Power Snitch is one such device, which can report wirelessly on your AC-powered appliances.

The device is built around a tiny ARM microcontroller and an RFM69 radio module. The entire circuit is run by leeching power from an AC current transformer, wrapped around one of the power lines of an AC appliance. When an appliance draws over the minimum threshold current (500W on 230VAC, 250W on 115VAC), the device sends a packet out, which can be received and logged at the other end.

The best part of this project, however, is the writeup. The project is split into an 8-part series, breaking down the minutiae of the concepts at work to make this possible. It’s a great primer if you’re interested in designing low-power devices.

We’ve seen some of [jcw]’s power research before – such as this guide to the effects of code on power consumption.

[Thanks to Ronald for the tip!]

DS212 Oscilloscope Review: Open Source and Great for Hacking

We’ve seen plenty of oscilloscopes that look like repurposed cell phones. Usually, though, they only have one channel. The DS212, has two channels and a signal generator! [Marco] gives his review and a quick tear down in the video below.

The scope isn’t going to replace a big bench instrument, but for a portable scope with a rechargeable battery, it isn’t bad. The 1 MHz analog bandwidth combines with a 10 megasample per second front end and 8K of sample memory. The signal generator can produce basic waveforms up to 1 MHz. We were somewhat surprised the unit didn’t sport a touch screen, which is why you can see [Marco’s] fingers in the screenshot above. He seems to like the dual rotary encoder system the devices uses for navigation.

Where this really stands out is that it is open source for the the firmware running on the STM32 processor inside. We so rarely see this for commercially available bench tools and it makes this a fine hacking platform. It’s easy to imagine adding features like digital signals out and decoding digital data. It would be interesting to marry it with a WiFi chip and use it as a front end for another device over WiFi. Lots of possibilities. [Marco] shows that even though he’s not familiar with the STM32, he was able to add a custom waveform output to the device easily. This has the potential to be a custom troubleshooting platform for your builds. Lining up all of the sensing and signal generation settings for each specific type of test means you don’t need a guru to walk through the common failure modes of a product.

There are many small inexpensive scopes out there that might not match a big bench instrument but can still be plenty useful. [Jenny List] just reviewed one that comes in at around $21. And last year, we saw a sub-$100 scope that would net you just one channel scope. That’s progress!