A Xilinx Zynq Linux FPGA Board For Under $20? The Windfall Of Decommissioned Crypto Mining

One of the exciting trends in hardware availability is the inexorable move of FPGA boards and modules towards affordability. What was once an eye-watering price is now merely an expensive one, and no doubt in years to come will become a commodity. There’s still an affordability gap at the bottom of the market though, so spotting sub-$20 Xilinx Zynq boards on AliExpress that combine a Linux-capable ARM core and an FPGA on the same silicon is definitely something of great interest. A hackerspace community friend of mine ordered one, and yesterday it arrived in the usual anonymous package from China.

There’s a Catch, But It’s Only A Small One

The heftier of the two boards, in all its glory.
The heftier of the two boards, in all its glory.

There are two boards to be found for sale, one featuring the Zynq 7000 and the other the 7010, which the Xilinx product selector tells us both have the same ARM Cortex A9 cores and Artix-7 FPGA tech on board. The 7000 includes a single core with 23k logic cells, and there’s a dual-core with 28k on the 7010. It was the latter that my friend had ordered.

So there’s the good news, but there has to be a catch, right? True, but it’s not an insurmountable one. These aren’t new products, instead they’re the controller boards for an older generation of AntMiner cryptocurrency mining rigs. The components have 2017 date codes, so they’ve spent the last three years hooked up to a brace of ASIC or GPU boards in a mining data centre somewhere. The ever-changing pace of cryptocurrency tech means that they’re now redundant, and we’re the lucky beneficiaries via the surplus market.

Continue reading “A Xilinx Zynq Linux FPGA Board For Under $20? The Windfall Of Decommissioned Crypto Mining”

Hacking The FPGA Control Board From A Bitcoin Miner

For anyone serious about mining cryptocurrency such as Bitcoin, we’re well past the point where a standard desktop computer is of much use. While an array of high-end GPUs is still viable for some currencies, the real heavy hitters are using custom mining hardware that makes use of application-specific integrated circuits (ASICs) to crunch the numbers. But eventually even the most powerful mining farm will start to show its age, and many end up selling on the second hand market for pennies on the dollar.

Naturally, hackers are hard at work trying to find alternate uses for these computational powerhouses. While it won’t teach an old ASIC a new trick, [xjtuecho] has documented some very interesting details on the FPGA control board of the Ebit E9+ Bitcoin miner. Known as the EBAZ4205, this board can be purchased for around $20 USD from online importers and even less if you can find one used. Since it’s just the controller it won’t help you build a budget super computer, but there’s always interest in cheap FPGA development boards.

The Zynq SoC combines an FPGA and ARM CPU.

According to [xjtuecho], it takes a little bit of work to get the EBAZ4205 ready for experimentation. For one thing, you may have to solder on your own micro SD slot depending on where you got the board from. You’ll also need to add a couple diodes to configure which storage device to boot from and to select where the board pulls power from.

Once you’re done, you’ll have a dual core Cortex A9 Linux board with 256 MB DDR3 and a Artix-7 FPGA featuring 28K logic elements to play with. Where you go from there is up to you.

This isn’t the first time we’ve seen FPGA boards hit the surplus market at rock bottom prices. When IT departments started dumping their stock of Pano Logic thin clients back in 2013, a whole community of dedicated FPGA hackers sprouted up around it. We’re not sure the if the EBAZ4205 will enjoy the same kind of popularity in its second life, but the price is certainly right.

[Thanks to Rog77 for the tip.]

Cluster Deck Packs Four Pis Into One Portable Package

Parallel computing is a fair complex subject, and something many of us only have limited hands-on experience with. But breaking up tasks into smaller chunks and shuffling them around between different processors, or even entirely different computers, is arguably the future of software development. Looking to get ahead of the game, many people put together their own affordable home clusters to help them learn the ropes.

As part of his work with decentralized cryptocurrency, [Jay Doscher] recently found himself in need of a small research cluster. He determined that the Raspberry Pi 4 would give him the best bang for his buck, so he started work on a small self-contained cluster that could handle four of the single board computers. As we’ve come to expect given his existing body of work, the final result is compact, elegant, and well documented for anyone wishing to follow in his footsteps.

The core unit would make a great desktop cluster.

Outwardly the cluster looks quite a bit like the Mil-Plastic that he developed a few months back, complete with the same ten inch Pimoroni IPS LCD. But the internal design of the 3D printed case has been adjusted to fit four Pis with a unique staggered mounting arrangement that makes a unit considerably more compact than others we’ve seen in the past. In fact, even if you didn’t want to build the whole Cluster Deck as [Jay] calls it, just printing out the “core” itself would be a great way to put together a tidy Pi cluster for your own experimentation.

Thanks to the Power over Ethernet HAT, [Jay] only needed to run a short Ethernet cable between each Pi and the TP-Link five port switch. This largely eliminates the tangle of wires we usually associate with these little Pi clusters, which not only looks a lot cleaner, but makes it easier for the dual Noctua 80 mm to get cool air circulated inside the enclosure. Ultimately, the final product doesn’t really look like a cluster of Raspberry Pis at all. But then, we imagine that was sort of the point.

Of course, a couple of Pis and a network switch is all you really need to play around with parallel computing on everyone’s favorite Linux board. How far you take the concept after that is entirely up to you.

All Your Passwords Are Belong To FPGA

When used for cracking passwords, a modern high-end graphics card will absolutely chew through “classic” hashing algorithms like SHA-1 and SHA-2. When a single desktop machine can run through 50+ billion password combinations per second, even decent passwords can be guessed in a worryingly short amount of time. Luckily, advanced password hashing functions such as bcrypt are designed specifically to make these sort of brute-force attacks impractically slow.

Cracking bcrypt on desktop hardware might be out of the question, but the folks over at [Scattered Secrets] had a hunch that an array of FPGAs might be up to the task. While the clock speed on these programmable chips might seem low compared to a modern CPUs and GPUs, they don’t have all that burdensome overhead to contend with. This makes the dedicated circuitry in the FPGA many times more efficient at performing the same task. Using a decade-old FPGA board intended for mining cryptocurrency, the team was able to demonstrate a four-fold performance improvement over the latest generation of GPUs.

An earlier version of the FPGA cracker

After seeing what a single quad FPGA board was capable of, the [Scattered Secrets] team started scaling the concept up. The first version of the hardware crammed a dozen of the ZTEX FPGA boards and a master control computer computer into a standard 4U server case. For the second version, they bumped that up to 18 boards for a total of 72 FPGAs, and made incremental improvements to the power and connectivity systems.

Each 4U FPGA cracker is capable of 2.1 million bcrypt hashes per second, while consuming just 585 watts. To put that into perspective, [Scattered Secrets] says you’d need at least 75 Nvidia RTX-2080Ti graphics cards to match that performance. Such an array would not only take up a whole server rack, but would burn through a staggering 25 kilowatts. Now might be a good time to change your password to something longer, or finally get onboard with 2FA.

We’ve covered attempts to reverse engineer hardware designed for cryptocurrency mining, but those were based around application-specific integrated circuits (ASICs) which by definition are very difficult to repurpose. On the other hand, disused FPGA-based miners offer tantalizing possibilities; once you wrap your mind around how they work, anyway.

[Thanks to Piejoe for the tip.]

Divvy Out The Crypto With This Physical Bitcoin Faucet

For those unfamiliar with the term, a “Bitcoin Faucet” is usually used as an incentive in software that wants your attention. Complete a captcha or look at and advertisement and you get one millionth of a BTC, that sort of thing. You’re never going to get rich off of one of them, but most people aren’t going to turn down free money either. The latest project from [TJ Bruno] follows that same concept and brings it into the physical world. But you still aren’t going to get rich off of it.

The hardware used for this corporeal Bitcoin Faucet is pretty simple. All you need is a Raspberry Pi, a camera module, and a 2.8″ touch LCD. Naturally you could use a larger screen if you wanted, but then it wouldn’t fit inside of the very slick 3D printed stand that [TJ] developed. We might consider upgrading to a slightly speedier Pi though, in the demonstration video it looks like the Zero is struggling pretty hard to handle the GUI.

Using the Faucet is straightforward enough. You tap the screen and place a QR code representing your Bitcoin wallet on the device’s tray, where it’s scanned by the camera. In a few seconds the Faucet shows a QR code on its own screen that will point your phone’s browser to the transaction details so you can verify your digital coinage is on the way.

You might be wondering why you’d want to have a device that sits there waiting to pay out fractions of a BTC to anyone who’s willing to flash their wallet at it. We’re not entirely sure, though it might make for an interesting way to raise awareness about cryptocurrency. In this particular case though, [TJ] says he was just looking for a project that would give him an excuse to hone his Python skills. Nothing wrong with that around these parts.

Watching the growth of cryptocurrency from our unique vantage point, we can see how the hacker’s interest in Bitcoin as changed over the years. Where we once saw people excited about building custom mining rigs, we now see counters that tick down as the last coins are put into circulation. Looking at projects like this, it seems hackers are happy enough to just give the things away in an interesting way.

Speeding Up IOTA Proof Of Work Using FPGAs

Blockchain has existed as a concept since the early 1990s, but keeping a distributed ledger for IoT transactions wasn’t widely implemented until IOTA developed Tangle. The blockchain company was initially founded as a hardware startup and pivoted to work on transactional settlement for IoT. The Tangle, their distributed ledger architecture based on a directed acyclic graph (DAG) works as a “blockchain without the blocks and the chain”.

As its name implies, the Tangle is a web of transactions that references its past two transactions and a subsection of other transactions. Rather than miners and stakers being responsible for overall consensus, all active participants are involved in the approval of transactions. The transaction process requires the client to sign with their private keys, select two random unconfirmed transactions to be referenced, and perform proof-of-work.

The proof-of-work has an unfortunately high difficulty as you might expect. The process is similar to finding a nonce in Bitcoin mining, although the difficulty is set at a lower threshold due to the transactions running on lower-power nodes. Even so, since IOTA transactions commonly occur on small embedded platforms this can take several minutes to complete, a relatively long time considering these are mere transactions.

Since Curl-P81 hashes should be computed in parallel, they can’t be computed efficiently on general purpose CPUs. The PiDiver 1.3, [Thomas Pototschnig]’s port of the IOTA Reference Implementation (IRI) PearlDiver, performs searches for nonces. Because it runs on FPGAs, it is able to speed up the proof-of-work by a factor of more than 140 when compared to a Raspberry Pi. The FPGA is able to calculate one round of the hash in a single clock cycle, and a complete hash in 85 cycles (as well as testing for a valid nonce). Seven parallel hashes can be calculated at once, giving 15.8MHash/s at a frequency of 188MHz. The proof-of-work takes ~300ms on the FPGA when compared to 90s on a Raspberry Pi, so this is a significant improvement in speed.

Since the project is open source, the core can be used by IRI for creating a modified version of their PearlDiver.  The board can be used as a Raspberry Pi HAT, although it can also be connected via USB to work without the Pi.

While this doesn’t address the security concerns of using IOTA with personal IoT devices, it is certainly a significant improvement on the speed of their proof-of-work process, and the software speedup is incredibly satisfying to watch.

Continue reading “Speeding Up IOTA Proof Of Work Using FPGAs”

Side-Channel Attack Shows Vulnerabilities Of Cryptocurrency Wallets

What’s in your crypto wallet? The simple answer should be fat stacks of Bitcoin or Ethereum and little more. But if you use a hardware cryptocurrency wallet, you may be carrying around a bit fat vulnerability, too.

At the 35C3 conference last year, [Thomas Roth], [Josh Datko], and [Dmitry Nedospasov] presented a side-channel attack on a hardware crypto wallet. The wallet in question is a Ledger Blue, a smartphone-sized device which seems to be discontinued by the manufacturer but is still available in the secondary market. The wallet sports a touch-screen interface for managing your crypto empire, and therein lies the weakness that these researchers exploited.

By using a HackRF SDR and a simple whip antenna, they found that the wallet radiated a distinctive and relatively strong signal at 169 MHz every time a virtual key was pressed to enter a PIN. Each burst started with a distinctive 11-bit data pattern; with the help of a logic analyzer, they determined that each packet contained the location of the key icon on the screen.

Next step: put together a training set. They rigged up a simple automatic button-masher using a servo and some 3D-printed parts, and captured signals from the SDR for 100 presses of each key. The raw data was massaged a bit to prepare it for TensorFlow, and the trained network proved accurate enough to give any hardware wallet user pause – especially since they captured the data from two meters away with relatively simple and concealable gear.

Every lock contains the information needed to defeat it, requiring only a motivated attacker with the right tools and knowledge. We’ve covered other side-channel attacks before; sadly, they’ll probably only get easier as technologies like SDR and machine learning rapidly advance.

[via RTL-SDR.com]