There are a lot of things you can do with today’s powerful microcontrollers, but sometimes you really need a full embedded Linux setup. [Dylan Brophy] wanted to make it easier to add Linux to his own projects and designed the BeagleStamp.
Squeezed onto a 1″ square, the BeagleStamp puts the power of a PocketBeagle into an easy to solder module you can add to a project without all that tedious mucking about with individually soldering all the components of a tiny Linux computer every time. As a bonus, the 4 layer connections are constrained to the stamp as well, so you can use lower layer count boards in your project and have your Linux too.
The first run of boards was delivered with many of the pins unplated, but [Brophy] plans to work around it for the time being so he can spot any other bugs before the next board revision. Might we suggest a future version using RISC-V?
[greenluigi1] bought a Hyundai Ioniq car, and then, to our astonishment, absolutely demolished the Linux-based head unit firmware. By that, we mean that he bypassed all of the firmware update authentication mechanisms, reverse-engineered the firmware updates, and created subversive update files that gave him a root shell on his own unit. Then, he reverse-engineered the app framework running the dash and created his own app. Not just for show – after hooking into the APIs available to the dash and accessible through header files, he was able to monitor car state from his app, and even lock/unlock doors. In the end, the dash got completely conquered – and he even wrote a tutorial showing how anyone can compile their own apps for the Hyundai Ionic D-Audio 2V dash.
In this series of write-ups [greenluigi1] put together for us, he walks us through the entire hacking process — and they’re a real treat to read. He covers a wide variety of things: breaking encryption of .zip files, reprogramming efused MAC addresses on USB-Ethernet dongles, locating keys for encrypted firmware files, carefully placing backdoors into a Linux system, fighting cryptic C++ compilation errors and flag combinations while cross-compiling the software for the head unit, making plugins for proprietary undocumented frameworks; and many other reverse-engineering aspects that we will encounter when domesticating consumer hardware.
This marks a hacker’s victory over yet another computer in our life that we aren’t meant to modify, and a meticulously documented victory at that — helping each one of us fight back against “unmodifiable” gadgets like these. After reading these tutorials, you’ll leave with a good few new techniques under your belt. We’ve covered head units hacks like these before, for instance, for Subaru and Nissan, and each time it was a journey to behold.
It is a sign of the times that one of [Dmitry’s] design criteria for his new Linux on a business card is to use parts you can actually find during the current component shortage. The resulting board uses a ATSAMD21 chip and emulates a MIPS machine in order to boot Linux.
We like that in addition to the build details, [Dmitry] outlines a lot of the reasons for his decisions. There’s also a a fair amount of detail about how the whole system actually works. For example, by using a 0.8 mm PCB, the board can accept a USB-C cable with no additional connector. There is also a great explanation of the MIPS MMU and don’t forget that MIPS begat RISC-V, so many of the MIPS core details will apply to RISC-V as well (but not the MMU). You’ll also find some critiques of the ATSAMD21’s DMA system. It seems to save chip real estate, the DMA system stores configuration data in user memory which it has to load and unload every time you switch channels.
By the end of the post you get the feeling this may be [Dimitry]’s last ATSAMD21 project. But we have to admit, it seems to have come out great. This isn’t the first business card Linux build we’ve seen. This one sure reminded us of a MIDI controller card we once saw.
Ever wanted to run Linux in an exceptionally small footprint? Then [Reimu NotMoe] from [SudoMaker] has something for you! She’s found an unbelievably small Linux-able chip in BGA, and designed a self-contained tiny SoM (System on Module) breakout with power management and castellated pads. This breakout contains everything you need to have Linux in a 16x16x2mm footprint. For the reference, a 16mm square is the size of the CPU on a Raspberry Pi.
This board isn’t just tiny, it’s also well-thought-out, helping you put the BGA-packaged Ingenic X1501 anywhere with minimal effort. With castellated pads, it’s easy to hand-solder this SoM for development and reflow for production. An onboard switching regulator works from 6V down to as low as 3V, making this a viable battery-powered Linux option. It can even give you up to 3.3V/1A for all your external devices.
The coolest part yet – the X1501 is surprisingly friendly and NDA-free. The datasheets are up for grabs, there are no “CONFIDENTIAL” watermarks – you get a proper 730-page PDF. Thanks to this openness, the X1501 can run mainline Linux with minimal changes, with most of the peripherals already supported. Plus, there’s Efuse-based Secure Boot if your software needs to be protected from cloning.
We remember when getting Linux on your average desktop computer was a tricky enough endeavor that only those with the most luxurious of graybeards would even attempt it. A “Linux box” in those heady days was more than likely an outdated machine salvaged from the dumpster, side panel forever removed, cranking away in a basement or garage. Fast forward today, and Linux is literally everywhere: from smartphones and luxury cars, to TVs and refrigerators. Ironically it’s still not on most desktop computers, but that’s a discussion for another time.
So when [Michael Nothhard] sent in the fascinating account of how he hacked his Linux-powered Bluesound Powernode N150 amplifier to unlock more inputs, the least surprising element was that there was a “smart amplifier” out there running the free and open source operating system. What piqued our interest was that he was able to bust his way in with relative ease and enable some impressive new capabilities that the manufacturer would probably have rather been kept under wraps.
Configuring the CM6206’s audio settings.
[Michael] explains that the N150 has a USB port on the back side of it, and that officially, it only works with mass storage devices and a handful of approved peripherals such as a Bluetooth dongle. But as he was hoping to connect some more devices to the input-limited amplifier, he wondered if he could get a USB audio adapter recognized by the OS. After using a known exploit to get root access, he started poking around at the underlying Linux system to see what kind of trickery the developers had done.
Based on a fairly common C-Media CM6206 chipset, the StarTech 7.1 USB audio adapter was picked up by the kernel without an issue. But to actually get it working with the amplifier’s stock software, he then needed to add a new <capture> entry to the system’s sovi_info.xml configuration file and make some changes to its default ALSA settings. With the appropriate files modified, the new USB audio input device popped up under the official Bluesound smartphone application.
At the end of the write-up [Michael] notes that you’ll need to jump through a few additional hoops to make sure that an upstream firmware update doesn’t wipe all your hard work. Luckily it sounds like backing up the configuration and returning it to the newly flashed Powernode is easy enough. We’ve certainly seen more elaborate methods of gaining control of one’s sound system over the years.
Sometimes reverse engineering embedded systems can be a right old faff, with you needing to resort to all kinds of tricks such as power glitching in order to poke a tiny hole in the armour, giving you an way in. And, sometimes the door is just plain wide open. This detailed exploration of an off-the-shelf retro arcade machine, is definitely in that second camp, for an unknown reason. [Matthew Alt] of VoidStar Security, took a detailed look into how this unit works, which reads as a great introduction to how embedded Linux is constructed on these minimal systems.
Could this debug serial port be more obvious?
The hardware is the usual bartop cabinet, with dual controls and an LCD display, with just enough inside a metal enclosure to drive the show. Inside this, the main PCB has the expected minimal ARM-based application processor with its supporting circuit. The processor is the Rockchip RK3128, sporting a quad-core ARM Neon and a Mali400 GPU, but the main selling point is the excellent Linux support. You’ll likely see this chip or its relatives powering cheap Android TV boxes, and it’s the core of this nice looking ‘mini PC’ platform from firefly. Maybe something to consider seeing as though Raspberry Pis are currently so hard to come by?
Anyway, we digress a little, [Matthew] breaks it down for us in a very methodical way, first by identifying the main ICs and downloading the appropriate datasheets. Next he moves on to connectors, locating an internal non-user-facing USB micro port, which is definitely going to be of interest. Finally, the rather obvious un-populated 3-pin header is clearly identified as a serial port. This was captured using a Saleae clone, to verify it indeed was a UART interface and measure the baud rate. After doing that, he hooked it into a Raspberry Pi UART and by attaching the standard screen utility to the serial device, lo-and-behold, a boot log and a root prompt! This thing really is barn-door wide-open.
Is that a root prompt you have for me? Oh why yes it is!
Simply by plugging in a USB stick, the entire flash memory was copied over, partitions and all, giving a full backup in case subsequent hacking messed things up. Being based on U-Boot, it was a trivial matter of just keying in ‘Ctrl-C’ at boot time, and he was dropped straight into the U-Boot command line, and all configuration could be easily read out. By using U-Boot to low-level dump the SPI flash to an external USB device, via a RAM copy, he proved he could do the reverse and write the same image back to flash without breaking something, so it was now possible to reverse engineer the software, make changes and write it back. Automation of the process was done using Depthcharge on the Raspberry Pi, which was also good to read about. We will keep an eye on the blog for what he does with it next!
We’ve been eagerly following the development of the WiFiWart for some time now, as a quad-core Cortex-A7 USB phone charger with dual WiFi interfaces that runs OpenWrt sounds exactly like the sort of thing we need in our lives. Unfortunately, we’ve just heard from [Walker] that progress on the project has been slowed down indefinitely by crippling chip shortages.
At this point, we’ve all heard how the chip shortage is impacting the big players out there. It makes sense that automakers are feeling the pressure, since they are buying literally millions of components at a clip. But stories like this are a reminder that even an individual’s hobby project can be sidelined by parts that are suddenly 40 times as expensive as they were when you first put them in your bill of materials.
The new miniature compute board.
In this particular case, [Walker] explains that a power management chip you could get on DigiKey for $1.20 USD a few months ago is now in such short supply that the best offer he’s found so far is $49.70 a pop from an electronics broker in Shenzhen. It sounds like he’s going to bite the bullet and buy the four of them (ouch) that he needs to build a working prototype, but obviously it’s a no go for production.
Luckily, it’s not all bad news. [Walker] has made some good progress on the power supply board, which will eventually join the diminutive computer inside the USB charger enclosure. Part of the trick is that the device is still supposed to be a functional USB charger, so in addition to 5 VDC for the output port, the power supply also needs to produce 1.1 V, 1.35 V, 2.5 V, 3.0 V, and 3.3 V for the computer. We’re glad to see he’s taking the high road with his mains circuitry, making sure to use UL listed components and maintaining proper isolation.
When we last checked in on the WiFiWart back in July, [Walker] had already managed to boot Linux on his over-sized prototype board. Now he’s got PCBs in hand that look far closer to the final size and shape necessary to tuck them into a phone charger. It’s a shame that the parts shortage is slowing down progress, but we’re confident we’ll at least get to see a one-off version of the WiFiWart powered up before the year is out.
Squeezed onto a 1″ square, the BeagleStamp puts the power of a PocketBeagle into an easy to solder module you can add to a project without all that tedious mucking about with individually soldering all the components of a tiny Linux computer every time. As a bonus, the 4 layer connections are constrained to the stamp as well, so you can use lower layer count boards in your project and have your Linux too.
