Here’s How The Precursor Protects Your Privacy

August 6, 2022 by Arya Voronova 14 Comments

At some point, you will find yourself asking – is my device actually running the code I expect it to? [bunnie] aka [Andrew Huang] is passionate about making devices you can fundamentally, deeply trust, and his latest passion project is the Precursor communicator.

At the heart of it is an FPGA, and Precursor’s CPU is created out of the gates of that FPGA. This and a myriad of other design decisions make the Precursor fundamentally hard to backdoor, and you don’t have to take [bunnie]’s word for it — he’s made an entire video going through the architecture, boot protections and guarantees of the Precursor, teaching us what goes into a secure device that’s also practical to use.

If you can’t understand how your device works, your trust in it might be misplaced. In the hour long video, [bunnie] explains the entire stack, from the lower levels of hardware to root keys used to sign and verify the integrity of your OS, along the way demonstrating how you can verify that things haven’t gone wrong.

He makes sure to point out aspects you’d want to be cautious of, from physical security limitations to toolchain nuances. If you’re not up for a video, you can always check out the Precursor wiki, which has a treasure trove of information on the device’s security model.

As you might’ve already learned, it’s not enough for hardware to be open-source in order to be trustworthy. While open-source silicon designs are undoubtedly the future, their security guarantees only go so far.

Whether it’s esoteric hard drive firmware backdoors, weekend projects turning your WiFi card into a keylogger, or rootkits you can get on store-bought Lenovo laptops, hell, even our latest This Week In Security installment has two fun malware examples – there’s never a shortage of parties interested in collecting as much data as possible.

Bunnie’s Betrusted Makes First Appearance As Mobile, FPGA-Based SoC Development Kit

September 29, 2020 by Maya Posch 18 Comments

Recently, [Bunnie Huang] announced his Precursor project: a spiffy-looking case housing a PCB with two FPGAs, a display, battery and integrated keyboard. For those who have seen [bunnie]’s talk at 36C3 last year, the photos may look very familiar, as it is essentially the same hardware as the ‘Betrusted’ project is intended to use. This also explains the name, with this development kit being a ‘precursor’ to the Betrusted product.

In short, it’s a maximally open, verifiable, and trustworthy device. Even the processor is instantiated on an FPGA so you know what’s going on inside the silicon.

He has set up a Crowd Supply page for the Precursor project, which provides more details. The board features a Xilinx Spartan 7 (XC7S50) and Lattice iCE40UP5K FPGA, 16 MB SRAM, 128 MB Flash, integrated WiFi (Silicon Labs WF200-based), a physical keyboard and 1100 mAh Lio-Ion battery. The display is a 200 ppi monochrome 336 x 536 px unit, with both the display and keyboard backlit.

At this point [bunnie] is still looking at how much interest there will be for Precursor if a campaign goes live. Regardless of whether one has any interest in the anti-tamper and security features, depending on the price it might be a nice, integrated platform to tinker with.

Busting GPS Exercise Data Out Of Its Garmin-controlled IoT Prison

July 28, 2020 by Mike Szczys 21 Comments

If you take to the outdoors for your exercise, rather than walking the Sisyphusian stair machine, it’s nice to grab some GPS-packed electronics to quantify your workout. [Bunnie Huang] enjoys paddling the outrigger canoe through the Singapore Strait and recently figured out how to unpack and visualize GPS data from his own Garmin watch.

By now you’ve likely heard that Garmin’s systems were down due to a ransomware attack last Thursday, July 23rd. On the one hand, it’s a minor inconvenience to not be able to see your workout visualized because of the system outage. On the other hand, the services have a lot of your personal data: dates, locations, and biometrics like heart rate. [Bunnie] looked around to see if he could unpack the data stored on his Garmin watch without pledging his privacy to computers in the sky.

Obviously this isn’t [Bunnie’s] first rodeo, but in the end you don’t need to be a 1337 haxor to pull this one off. An Open Source program called GPSBabel lets you convert proprietary data formats from a hundred or so different GPS receivers into .GPX files that are then easy to work with. From there he whipped up less than 200 lines of Python to plot the GPS data on a map and display it as a webpage. The key libraries at work here are Folium which provides the pretty browsable map data, and Matplotlib to plot the data.

These IoT devices are by all accounts amazing, listening for satellite pings to show us how far and how fast we’ve gone on web-based interfaces that are sharable, searchable, and any number of other good things ending in “able”. But the flip side is that you may not be the only person seeing the data. Two years ago Strava exposed military locations because of an opt-out policy for public data sharing of exercise trackers. Now Garmin says they don’t have any indications that data was stolen in the ransomware attack, but it’s not a stretch to think there was a potential there for such a data breach. It’s nice to see there are Open Source options for those who want access to exercise analytics and visualizations without being required to first hand over the data.

Form 3 SLA Printer Teardown, Bunnie Style

January 21, 2020 by Donald Papp 15 Comments

[Bunnie Huang] has shared with all of us his utterly detailed teardown on the Form 3 SLA printer from Formlabs (on the left in the image above) and in it he says one of the first things he noticed when he opened it to look inside was a big empty space where he expected to see mirrors and optics. [Bunnie] had avoided any spoilers about the printer design and how it worked, so he was definitely intrigued.

Not only does the teardown reveal the kind of thoughtful design and construction that [Bunnie] has come to expect of Formlabs, but it reveals that the Form 3 has gone in an entirely new direction with how it works. Instead of a pair of galvanometers steering a laser beam across a build surface (as seen in the Form 1 and Form 2 printers) the new machine is now built around what Formlabs calls an LPU, or Light Processing Unit, which works in conjunction with a new build tank and flexible build surface. In short, the laser and optics are now housed in a skinny, enviromentally-sealed unit that slides left and right within the printer. A single galvo within steers the laser vertically, as the LPU itself moves horizontally. Payoffs from this method include things such as better laser resolution, the fact that the entire optical system is no longer required to sit directly underneath a vat of liquid resin, and that build sizes can be bigger. In addition, any peeling forces that a model is subjected to are lower thanks to the way the LPU works.

Details about exactly how the Form 3 works are available on Formlabs’ site and you can also see it in action from a practical perspective on Adam Savage’s Tested (video link), but the real joy here is the deeply interesting look at the components and assembly through the eyes of someone with [Bunnie]’s engineering experience. He offers insights from the perspective of function, supply, manufacture, and even points out a bit of NASA humor to be found inside the guts of the LPU.

[Bunnie] knows his hardware and he’s certainly no stranger to Formlabs’ work. His earlier Form 2 teardown was equally detailed as was his Form 1 teardown before that. His takeaway is that the Form 3 and how it works represents an evolutionary change from the earlier designs, one he admits he certainly didn’t see coming.

Hackaday Podcast 048: Truly Trustworthy Hardware, Glowing Uranium Marbles, Bitstreaming The USB, Chaos Of Congress

January 3, 2020 by Mike Szczys 7 Comments

Hackaday editors Elliot Williams and Mike Szczys kick off the first podcast of the new year. Elliot just got home from Chaos Communications Congress (36c3) with a ton of great stories, and he showed off his electric cargo carrier build while he was there. We recount some of the most interesting hacks of the past few weeks, such as 3D-printed molds for making your own paper-pulp objects, a rudimentary digital camera sensor built by hand, a tattoo-removal laser turned welder, and desktop-artillery that’s delivered in greeting-card format.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 048: Truly Trustworthy Hardware, Glowing Uranium Marbles, Bitstreaming The USB, Chaos Of Congress” →

Bunnie Huang Talks Manufacturing And Component Choices During Hackaday Prize Mentoring Session

June 21, 2019 by Jenny List 4 Comments

Andrew “Bunnie” Huang’s mentor session for the Hackaday Prize shows off the kind of experience and knowledge hard to come by unless you have been through the hardware development gauntlet countless times. These master-classes match up experts in product development with Prize entrants working to turn their projects into products. We’ve been recording them so that all may benefit from the advice and guidance shared in each session.

The appealing little FunKey pocket gaming platform.

Bunnie is someone who is already familiar to most Hackaday readers. His notoriety in our community began nearly two decades ago with his work reverse engineering the original Microsoft X-box, and he quickly went on to design (and hack) the Chumby Internet appliance, he created the Novena open-source laptop, and through his writing and teaching, he provides insight into sourcing electronic manufacture in Shenzhen. He’s the mentor you want to have in your corner for a Hackaday Prize entry, and that’s just what a lucky group had in the video we’ve placed below the break.

While this session with Bunnie is in the bag it’s worth reminding you all that we are still running mentor sessions for Hackaday Prize entrants, so sign up your entry for a chance to get some great feedback about your project.

The first team to meet with Bunnie are FunKey, whose keychain Nintendo-like handheld gaming platform was inspired by a Sprite_tm project featuring a converted novelty toy. The FunKey team have produced a really well-thought-out design that is ready to be a product, but like so many of us who have reached that point they face the impossible hurdle of turning it into a product. Their session focuses on advice for finding a manufacturing partner and scaling up to production.

A prototype HotorNot Coffee Stirrer, showing their problem of having to maintain food-safe components.

HotorNot Coffee Stirrer is trying to overcome a problem unique to their food-related project. A hot drink sensor that has to go in the drink itself needs to be food safe, as well as easy enough to clean between uses. A variety of components are discussed including a thermopile on a chip that has the advantage of not requiring contact with the liquid, but sometimes the simplest ideas can be the most effective as Bunnie reminds us that a cheap medical thermometer teardown can tell us a lot about appropriate parts for this application.

The idea behing PhalangePad is an attractive one, but making those sensors reliable is no trivial eercise.

It’s another component choice problem that vexes PhalangePad, an input device that relies on the user tapping the inside of their fingers with their thumb. It’s a great idea, but how should these “keypresses” be detected? Would you use a capacitive or magnetic sensor, a force sensitive resistors, or maybe even machine vision? Here Bunnie’s encyclopaedic knowledge of component supply comes to the fore, and the result is a fascinating insight into the available technologies.

We all amass a huge repository of knowledge as we pass through life, some of the most valuable of which is difficult to pass on in a structured form and instead comes out as incidental insights. An engineer with exceptional experience such as Bunnie can write the book on manufacturing electronics in China but still those mere pages can only scratch the surface of what he knows about the subject. There lies the value of these mentor sessions, because among them the gems of knowledge slip out almost accidentally, and if you’re not watching, you’ll miss them.

This is the second in our series of Hackaday Prize mentoring sessions this year, but we have more already in the can and further sessions to record. We’re constantly looking for more participants though, so make sure if you haven’t already that you put your entry in for Hackaday Prize and check out the list of mentors who are here to share their knowledge and experience. Continue reading “Bunnie Huang Talks Manufacturing And Component Choices During Hackaday Prize Mentoring Session” →

Your Masterclass In Product Design: Hackaday Prize Mentor Sessions

May 14, 2019 by Mike Szczys 3 Comments

New to this year’s Hackaday Prize is a set of live mentor sessions and you’re invited! Being at the center of a successful product design project means having an intuitive sense in many, many areas; from industrial design and product packaging, to manufacturing and marketing. This is your chance to learn from those experts who have already been there and want to make your experience better and easier.

We want you to get involved by entering your own project into the Hackaday Prize; now is the time to tell us you’re ready to demo your project with a mentor. Hackaday Prize Mentor Sessions are happening every two weeks throughout the summer. In these video chats we’re inviting some promising Hackaday Prize entries to start off with a “demo day” type of presentation, followed by an interactive session with the mentor hosting each event.

It’s also important that this incredible resource be available to all, so these videos will be published once the mentor session wraps up. This is a master class format where the advice and shared experience have a beneficial effect far beyond the groups sharing their projects.

The 2019 Hackaday Prize focuses on product development. Show your path from an idea to a product design ready for manufacturing and you’ll be on target to share in more than $200,000 in cash prizes!

Meet Some of Our Mentors:

Below you will find just a taste of the mentor sessions in the works. These are the first three mentor session videos that will be published, but make sure you browse the full set of incredible mentors and get excited for what is to come!

Bunnie Huang

Co-founder, Chibitronics

Bunnie is best known for his work hacking the Microsoft Xbox, as well as
his efforts in designing and manufacturing open source hardware. His past projects include the chumby (app-playing alarm clock), Chibitronics (peel-and-stick electronics for crafting), and the Novena (DIY laptop). He currently lives in Singapore where he runs a private product design studio, Kosagi, and actively mentors several startups and students of the MIT Media Lab.

Mattias Gunneras & Andrew Zolty

Co-founders, BREAKFAST NY

Zolty and Mattias founded BREAKFAST in 2009. This studio of multidisciplinary artists and engineers conceives, designs, and fabricates high-tech contemporary art installations and sculptures. BREAKFAST has over 15 large-scale pieces that can be found in various museums, arenas, and lobby spaces throughout the world.

Giovanni Salinas

Product Development Engineer, DesignLab

Giovanni is the Product Development Engineer at Supplyframe DesignLab. He has designed and developed hundreds of products, including consumer electronics, kitchenware, and urban furniture for the North American, European, Chinese and Latin American markets. Through his experience he has honed his expertise in rapid prototyping and DFM in plastics, wood, and metals.