The nRF51 Series SoCs is a family of low power Bluetooth chips from Nordic Semiconductor that is based on ARM Cortex cores. The nRF51822 has the Cortex M0 core and is used in a lot of products. [Loren] has written a blog post in which he claims to be able to circumvent read back protection on the chip, thus giving access to the ROM, RAM and registers as well as allow for interactive debugging sessions.
The hack stems from the fact that the Serial Wire Debug or SWD interface cannot be completely disabled on these chips even if the Memory Protection Unit prevents access to any memory regions directly. The second key piece is the fact that CPU can fetch stuff from the code memory. Combined with the SWD super powers to make changes to the registers themselves, this can be a powerful tool.
Continue reading “Instruction Set Hack For Protected Memory Access”
There’s a sinking feeling when a firmware upgrade to a piece of equipment goes wrong. We’ve all likely had this happen and bricked a device or two. If we are lucky we can simply reapply the upgrade or revert to a previous version, and if we’re unlucky we have to dive into a serial debug port to save the device from the junk pile. But what happens when both those routes fail? If you are [Arko], you reverse-engineer the device and write your own bootloader for it.
The offending bricked object was a Monoprice MP Mini Delta 3D printer to which he was foolhardy enough to apply new firmware after seeing a friend’s machine taking it without issue. Finding the relevant debug interface on its main PCB he applied the firmware upgrade again, only to realise that in doing so he had overwritten its bootloader. The machine seemed doomed, but he wasn’t ready to give up.
What follows in his write-up is a detailed examination of the boot mechanism and memory map of an ARM Cortex M0 processor as found in the Monoprice’s STM32F070CB. We learn about vector tables for mapping important addresses of interrupts and execution points, and the mechanics of a bootloader in setting up the application it launches. This section is well worth a read on its own, even for those with no interest in bricked 3D printers.
In the end he had a working bootloader to which he appended the application firmware, but sadly when he powered up the printer there was still no joy. The problem was traced to the serial connection between the ARM doing the printer’s business and the ESP8266 running its display. After a brainstorm suggestion with a friend, a piece of code was found which would set the relevant registers to allow it to run at the correct speed.
So after a lot of work that resulted in this fascinating write-up, there was a working 3D printer. He suggests that mere mortals try asking Monoprice for a replacement model if it happens to their printers, but we’re extremely glad he persevered. Without it we would never have had this fascinating write-up, and would be the poorer without the learning experience.
This isn’t the first time we’ve brought you 3D printer bootloader trickery.
As the LoRa low-bandwidth networking technology in license-free spectrum has gained traction on the wave of IoT frenzy, LoRa networks have started to appear in all sorts of unexpected places. Sometimes they are open networks such as The Things Network, other times they are commercially available networks, and then, of course, there are entirely private LoRa installations.
If you are interested in using LoRa on a particular site, it’s an interesting exercise to find out what LoRa traffic already exists, and to that end [Joe Broxson] has put together a useful little device. Hardware wise it’s an Adafruit Cortex M0 Feather with onboard LoRa module, paired with a TFT FeatherWing for display, and software wise it scans a set of available frequencies and posts any packets it finds to the scrolling display. It also has the neat feature of logging packets in detail to an SD card for later analysis. The whole is enclosed in a 3D printed case from an Adafruit design and makes for a very attractive self-contained unit.
We’ve featured quite a few LoRa projects here, including this one with a Raspberry Pi Compute module in a remote display. Of more relevance in a LoRa testing sense though is this look at LoRa range testing.
The future of tiny electronics is wearables, it seems, with companies coming out with tiny devices that are able to check your pulse, blood pressure, and temperature while relaying this data back to your phone over a Bluetooth connection. Intel has the Curie module, a small System on Chip (SoC) meant for wearables, and the STM32 inside the Fitbit is one of the smallest ARM microcontrollers you’ll ever find. Now there’s a new part available that’s smaller than anything else and has an integrated Bluetooth radio; just what you need when you need an Internet of Motes of Dust.
The Atmel BTLC1000 is a tiny SoC designed for wearables. The internals aren’t exceptional in and of themselves – it’s an ARM Cortex M0 running at 26 MHz. There’s a Bluetooth 4.1 radio inside this chip, and enough I/O, RAM, and ROM to connect to a few sensors and do a few interesting things. What makes this chip so exceptional is its size – a mere 2.262mm by 2.142mm. It’s a chip that can fit along the thickness of some PCBs.
To provide some perspective: the smallest ATtiny, the ‘tiny4/5/9/10 in an SOT23-6 package, is 2.90mm long. The smallest PICs are similarly sized, and both have a tiny amount of RAM and Flash space. The BTLC1000 is surprisingly capable, with 128kB each of RAM and ROM.
The future of wearable devices is smaller, faster and more capable devices, and with a tiny chip that can fit on the head of a pin, this is certainly an interesting chip for applications where performance can be traded for package size. If you’re ready to dive in with this chip the preliminary datasheets are now available.
There was a time when just about every computer – even laptops – came with a parallel port. That’s 25 pins of bit-banging goodness, accessible from every programming environment, that could control any random pile of electronics sitting on a desk. The days of parallel ports are behind us now, and if you want to blink a pin with a computer, you’re looking at controlling a microcontroller over USB or something.
[ajlitt]’s Tiny Bit Dingus is just that: a microcontroller stuffed into a USB plug with a few pin headers. With the right app, you can control these pin headers over USB. It’s the closest you’re going to get to a parallel port with modern hardware.
This bit dingus isn’t meant to replace the Bus Pirate, an Arduino, or anything else; it’s meant to be a small and simple way to connect random electronics to a computer with as few parts as possible. If you’re looking for a part to add to your electronic tinkerer everyday carry rig, this would be it.
There’s a few bits of interesting hardware inside the Bit Dingus. A while back, [ajltt] ran into the Freescale KL27, a Cortex M0+ that does USB without a crystal, has a USB bootloader, and doesn’t require many additional components at all. It’s the perfect size for the project at 5x5mm, and is unbrickable while still being flashable over USB.
[Vsergeev] tipped us about a neat Cortex-M0 based development board with a total BoM cost under $15. It’s called the ARM Bare Metal Widget (ARM-BMW), focuses on battery power, non-volatile storage and debuggability.
The chosen micro-controller is the 50MHz NXP LPC1114DH28 which provides the user with 32kB of Flash, 8kB of SRAM, a 6 channel ADC and I2C/SPI/UART interfaces among others. The ARM-BMW contains a 2Mbyte SPI flash, an I2C I/O expander, several headers for expansion/debug purposes, 4 LEDs, 2 buttons, 2 DIP switches and finally a JTAG/SWD header for flashing and debugging. As you can see in the picture above you may either populate your own HC49UP crystal or use the internal 12MHz RC oscillator.
The platform can be powered using either a USB cable or a LiPo battery. As you can guess it also includes a much-needed battery charger (the MCP73831T) and a switched capacitor DC/DC converter to supply 3.3V. You may find all the files on the hardware or software repositories.
Homemade reflow ovens are a great inexpensive way to quickly solder multiple prototypes at once. [Andy] may just have built one of the best ones we’ve featured so far on Hackaday. For his project a £25 1300W 12litre halogen oven was chosen because of its low cost and fast heating time, the latter being required to follow typical reflow profile ramp-up stages.
To control the AC power [Andy] first bought a chinese Fotek Solid State Relay (SSR) on ebay, which was quickly replaced by an american one after reading concerning reports on the internet. He then made the same ‘mistake’ by buying the typical MAX6675 thermocouple-to-digital converter from the same website, as he spent much time understanding why the measurements were wrong when the IC was just defective. His final build is based around a 640×360 TFT LCD that he previously reverse engineered, the cortex-M0 STM32F051C8T7, a SPI flash, some power regulators and buttons. The firmware was written in C++ and we’ll let our readers visit [Andy]’s page to see how well his oven performs.