Over The Air Updates For Your Arduino

An Arduino and a data radio can make a great remote sensor node. Often in such situations, the hardware ends up installed somewhere hard to get to – be it in a light fitting, behind a wall, or secreted somewhere outdoors. Not places that you’d want to squeeze a cable repeatedly into while debugging.

[2BitOrNot2Bit] decided this simply wouldn’t do, and decided to program the Arduinos over the air instead.

Using the NRF24L01 chip with the Arduino is a popular choice to add wireless communications to a small project. By installing one of these radios on both the remote hardware and a local Arduino connected to the programming computer, it’s possible to remotely flash the Arduino without any physical contact whatsoever using Optiboot.

The writeup is comprehensive and covers both the required hardware setup for both ends of the operation as well as how to install the relevant bootloaders. If you’re already using the NRF24L01 in your projects, this could be the ideal solution to your programming woes. Perhaps you’re using a different platform though – like an Arduino on WiFi? Don’t worry – you can do OTA updates that way, too.

Write Your Own x86 Bootloader

What if you want to make a very lean machine and do without any operating system? Or maybe you want to try to write your own OS, even just for the challenge or fun? Maybe you were reading up on a cool OS architecture and thought to yourself, “I can write that!”. Well, before diving into your code, you’d first have to write something called a bootloader.

A bootloader is code that runs early on in a PC’s, Mac’s, Raspberry Pi’s or microcontroller’s boot sequence, before anything like an operating system is up. Often its job is to set up minimal hardware, such as RAM, and then load the OS or your embedded code.

[Alex Parker] has written a three-part series of clear blog posts that make writing the bootloader part easy, at least for x86 machines. And the nice thing is that you don’t need an x86 to get started. He does it on a Mac using the QEMU processor emulator, though he also talks about doing it under Windows and Linux.

In the first part of the series, the bootloader leaves you in the x86’s real mode, with 16-bit instructions and access to one megabyte of memory — think pre-80286 days, or 1982 for those of us who were computing back then. To prove it works, he uses BIOS calls to display “Hello world!”. This also shows that through the BIOS, you have a set of peripherals you can work with.

In the second part, he shows how to set up 32-bit protected mode and a Global Descriptor Table, making access to a large amount of memory easier.

In the first two parts, the code is written in assembly, so in the third part he finishes the series by showing how to load C++ code into memory and execute it. That C++ code would of course be your application, which we’ll leave to your imagination.

It’s reasonably rare to write bootloader code for a desktop computer — much less so for microcontrollers. For instance, [Dmitry Grinberg] wrote his own bootloader so that he could have encrypted ROM images for his AVR on USB. And we’ve talked about [Lady Ada]’s guide to burning Arduino bootloaders. But if you want to get down to the bare metal on your x86, the bootloader is the place to start. And it’s not so bad.

Doing It With Fewer Bytes Than Bill Gates

The MITS Altair 8800 occupies a unique place in computing history as the first commercially succesful microcomputer for personal rather than business use. It is famous as the platform upon which the first Microsoft product ran, their first BASIC interpreter.

[Josh Bensadon] has an Altair 8800, and became intrigued by its bootloader. The simplest method of programming the machine is through binary using a set of switches on the front panel, and he remarks that there should be a warning in the manual: “fingers will get sore after repeated use of the small switches on the ALTAIR”.

In the Altair manual there are two listings, one 21 byte, and another in 20 bytes. Bill Gates is on record as saying that their first effort was 46 bytes long, but with more work he managed to create one in 17 bytes. Now [Josh] has beaten that, he’s created an Altair 8800 bootloader in only 14 bytes.

His write-up goes into great detail about how those bytes are shaved off, and provides us with a fascinating insight into the 8800’s architecture. Even if your 8-bit assembler is a little rusty, it’s a fascinating read.

We’ve featured Altair-inspired projects many times here at Hackaday, but rarely the real thing. This Altair PC case with the ability to emulate the original was rather a nice idea, as was this Altair front panel project. If you want the joy without the heartache though, there is an online emulator.

How To Add More Games to the NES Classic

The hype around the NES Classic in 2016 was huge, and as expected, units are already selling for excessively high prices on eBay. The console shipped with 30 games pre-installed, primarily first-party releases from Nintendo. But worry not — there’s now a way to add more games to your NES Classic!

Like many a good hack, this one spawned from a forum community. [madmonkey] posted on GBX.ru about their attempts to load extra games into the console. The first step is using the FEL subroutine of the Allwinner SOC’s boot ROM to dump the unit’s flash memory. From there, it’s a matter of using custom tools to inject extra game ROMs before reburning the modified image to the console. The original tool used, named hakchi, requires a Super Mario savegame placed into a particular slot to work properly, though new versions have already surfaced eliminating this requirement.

While this is only a software modification, it does come with several risks. In addition to bricking your console, virus scanners are reporting the tools as potentially dangerous. There is confusion in the community as to whether these are false positives or not. As with anything you find lurking on a forum, your mileage may vary. But if you just have to beat Battletoads for the umpteenth time, load up a VM for the install process and have at it. This Reddit thread (an expansion from the original pastebin instructions) acts as a good starting point for the brave.

Only months after release, the NES Classic is already a fertile breeding ground for hacks — last year we reported on this controller mod and how to install Linux. Video of this ROM injection hack after the break.

Continue reading “How To Add More Games to the NES Classic”

Reverse Engineering An ST-Link Programmer

We’re not sure why [lujji] would want to hack ST’s ST-Link programmer firmware, but it’s definitely cool that he did, and his writeup is a great primer in hacking embedded devices in two parts: first he unpacks and decrypts the factory firmware and verifies that he can then upload his own encrypted firmware through the bootloader, and then he dumps the bootloader, figures out where it’s locking the firmware image, and sidesteps the protection.

[lujji]’s project was greatly helped out by having the firmware’s encryption keys from previous work by [Taylor Killian]. Once able to run his own code on an intact device, [lujji] wrote a quick routine that dumped the entire flash ROM contents out over the serial port. This gave him the bootloader binary, the missing piece in the two-part puzzle.

If you’ve ever broken copy protection of the mid-1990’s, you won’t be surprised what happened next. [lujji] located the routine where the bootloader adds in the read protection, and NOPped it out. After uploading firmware with this altered bootloader, [lujji] found that it wasn’t read-protected anymore. Game over!

We glossed over a couple useful tips and tricks along the way, so if you’re into reversing firmware, give [lujji]’s blog a look. If you just want a nice ARM programmer with UART capabilities, however, there’s no reason to go to these extremes. The Black Magic Probe project gives you equal functionality and it’s open source. Or given that the official ST-Link programmers are given away nearly free with every Nucleo board, just buying one is clearly the path of least resistance. But a nice hack like this is its own reward for those who want to take that path. Thanks, [lujji] for writing it up.

Dual-boot Your Arduino

There was a time, not so long ago, when all the cool kids were dual-booting their computers: one side running Linux for hacking and another running Windows for gaming. We know, we were there. But why the heck would you ever want to dual-boot an Arduino? We’re still scratching our heads about the application, but we know a cool hack when we see one; [Vinod] soldered the tiny surface-mount EEPROM on top of the already small AVR chip! (Check the video below.)

aAside from tiny-soldering skills, [Vinod] wrote his own custom bootloader for the AVR-based Arduino. With just enough memory to back up the AVR’s flash, the bootloader can shuffle the existing program out to the EEPROM while flashing the new program in. For more details, read the source.

While you might think that writing a bootloader is deep juju (it can be), [Vinod]’s simple bootloader application is written in C, using a style that should be familiar to anyone who has done work with an Arduino. It could certainly be optimized for size, but probably not for readability (and tweakability).

Why would you ever want to dual boot an Arduino? Maybe to be able to run testing and stable code on the same device? You could do the same thing over WiFi with an ESP8266. But maybe you don’t have WiFi available? Whatever, we like the hack and ‘because you can’ is a good enough excuse for us. If you do have a use in mind, post up in the comments!

Continue reading “Dual-boot Your Arduino”

Encrypted USB Bootloader for AVRs

It probably doesn’t matter much for the hacker who sleeps with a bag of various microcontroller flash programmers under the pillow, but for an end-user to apply a firmware upgrade, convenience is king. These days that means using USB, and there are a few good AVR USB bootloaders out there.

But [Dmitry Grinberg] wanted more: the ability to encrypt the ROM images and verify that they haven’t been tampered with or otherwise messed up in transit. Combined with the USB requirement, that meant writing his own bootloader and PC-side tools. His bootloader will take unencrypted uploads if it doesn’t have a password, but if it’s compiled with a key, it will only accept (correctly) encrypted hex files.

Since the bootloader, including the USB firmware, is on the hefty side at 3.3 kB, [Dmitry] included hooks to re-use the bootloader’s USB code from within the target application. So if you were going to use V-USB in your program anyway, it doesn’t actually take up that much extra space. It’s a cute trick, but it ties the bootloader and user program together in a way that gives us the willies, without specifically knowing why. Perhaps we can debate this in the comments.

If you need an AVR USB bootloader, but you don’t need the encryption, we like Micronucleus. But if you need to deliver updates to users without them being able to modify (or screw up) the code in the middle, give [Dmitry]’s setup a try.