firmware

143 Articles

Close To The Metal

October 14, 2023 by 81 Comments

Firmware is caught between hardware and software. What do I mean? Microcontroller designers compete on how many interesting and useful hardware peripherals they can add to the chips, and they are all different on purpose. Meanwhile, software designers want to abstract away from the intricacies and idiosyncrasies of the hardware peripherals, because code wants to be generic and portable. Software and hardware designers are Montagues and Capulets, and we’re caught in the crossfire.

I’m in the middle of a design that takes advantage of perhaps one of the most idiosyncratic microcontroller peripherals out there – the RP2040’s PIOs. Combining these with the chip’s direct memory access (DMA) controllers allows some fairly high-bandwidth processing, without bogging down the CPUs. But because I want this code to be usable and extensible by a wide audience, I’m also trying to write it in MicroPython. And configuring DMA controllers is just too idiosyncratic for MicroPython.

But there’s an escape hatch. In my case, it’s courtesy of the machine.mem32 function, which lets you read and write directly into the chip’s memory, including all of the memory-mapped configuration registers. Sure, it’s absurdly low-level, but it means that anything you read about in the chip’s datasheet, you can do right away, and from within the relative comfort of a Micropython program. Other languages have their PEEK and POKE equivalents as well, or allow inline assembler, or otherwise furnish you the tools to get closer to the metal without having to write all the rest of your code low level.

I’m honestly usually a straight-C or even Forth programmer, but this experience of using a higher-level language and simultaneously being able to dive down to the lowest levels of bit-twiddling at the same time has been a revelation. If you’re just using Micropython, open up your chip’s datasheet and see what it can offer you. Or if you’re programming at the configure-this-register level, check out the extra benefits you can get from a higher-level language. You can have your cake and eat it too!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Improving A Kodak Film Digitizer

August 23, 2023 by 10 Comments

Despite the near-complete collapse of its ecosystem in the face of portable videocassette camcorders in the 1980s, somehow the 8 mm format, smallest of the movie films, has survived the decades. There’s a special aura around an 8 mm image which electronic recordings don’t replicate, plus for film makers there’s an attraction to working with real film. Unsurprisingly almost all of the devices used with 8 mm film have ceased to be manufactured, but a few items escaped the cut. It’s still possible to buy an 8 mm digitizer for example, and it’s one of these with a Kodak brand that [Mac84] has. Unsatisfied with its image quality, he’s set about tinkering with its firmware to give it some video adjustment possibilities and remove its artifact-prone artificial sharpening.

Helped by the device having a handy EEPROM from which to extract the code, he was able to recover the firmware intact. From here on he was in luck, because the digitizer’s Novatek CPU is shared with some dash cams and this had spawned a hacker scene. From there he was able to find the relevant area and adjust those settings, and after a few false starts, re-flash it to the device.

The results can be seen in the video below the break, and perhaps reveal much about what we expect from an image in the digital age. The sharpened images look good, until we see untampered versions which are closer to the original.

If you don’t have a Kodak scanner you can always build one yourself, and meanwhile like many people we are still wondering what happened to that new Super 8 camera they announced in 2018 but never released.

Continue reading “Improving A Kodak Film Digitizer”

Open-Source Firmware For Soldering Irons

August 2, 2023 by 23 Comments

For most of us, the first soldering iron we pick up to start working on electronics has essentially no features at all. Being little more than resistive heaters plugged straight into the wall with perhaps a changeable tip, there’s not really even a need for a power switch. But doing anything more specialized than through-hole PCB construction often requires a soldering iron with a little more finesse, though. Plenty of “smart” soldering irons are available for specialized soldering needs now, and some are supported by the open-source IronOS as well.

The project, formerly known as TS100, is a versatile soldering iron control firmware that started as an alternative firmware for only the TS100 soldering iron. It has since expanded to have compatibility with several other soldering irons and hosts a rich set of features, including temperature control, motion activation, and the ability to temporarily increase the temperature when using the iron. The firmware is also capable of working with irons that use batteries as well as irons that use USB power delivery.

For anyone with a modern smart soldering iron, like the Pinecil or various Miniware iron offerings, this firmware is a great way of being able to gain fine control over the behavior of one’s own soldering iron, potentially above and beyond what the OEM firmware can do. If you’re still using nothing more than a 30W soldering iron that just has a wall plug, take a look at a review we did for the TS100 iron a few years ago to see what you’re missing out on.

Photo via Wikimedia Commons

A Deep Dive On Battery Life

July 28, 2023 by 12 Comments

There are all kinds of old wives’ tales surrounding proper battery use floating around in the popular culture. Things like needing to fully discharge a battery every so often, unplugging devices when they’re fully charged, or keeping batteries in the fridge are all examples that have some kernel of truth to them but often are improperly applied. If you really want to know the truth about a specific battery, its behavior, and its features, it helps to dig in and actually take some measurements directly like [Tyler] has done with a vast array of embedded batteries in IoT devices.

[Tyler] is a firmware engineer by trade, so he is deeply familiar with this type of small battery. Battery performance can change dramatically under all kinds of scenarios, most important among them being temperature. But even the same type of battery can behave differently to others that are otherwise identical, which is why it’s important to have metrics for the batteries themselves and be able to measure them to identify behaviors and possible problems. [Tyler] has a system of best practices in place for monitoring battery performance, especially after things like firmware upgrades since small software changes can often have a decent impact on battery performance.

While working with huge fleets of devices, [Tyler] outlines plenty of methods for working with batteries, deploying them, and making sure they’re working well for customers. A lot of it is extremely useful for other engineers looking to develop large-scale products like this but it’s also good knowledge to have for those of us rolling out our own one-off projects that will operate under battery power. After all, not caring for one’s lithium batteries can have disastrous consequences.

Remote Code Execution On An Oscilloscope

July 17, 2023 by 10 Comments

There are a huge number of products available in the modern world that come with network connectivity now, when perhaps they might be better off with out it. Kitchen appliances like refrigerators are the classic example, but things like lightbulbs, toys, thermostats, and door locks can all be found with some sort of Internet connectivity. Perhaps for the worse, too, if the security of these devices isn’t taken seriously, as they can all be vectors for attacks. Even things like this Rigol oscilloscope and its companion web app can be targets.

The vulnerability for this oscilloscope starts with an analysis of the firmware, which includes the web control application. To prevent potentially bricking a real oscilloscope, this firmware was emulated using QEMU. The vulnerability exists in the part of the code which involves changing the password, where an attacker can bypass authentication by injecting commands into the password fields. In the end, the only thing that needs to be done to gain arbitrary code execution on the oscilloscope is to issue a curl command directed at the oscilloscope.

In the end, [Maunel] suggests not connecting this oscilloscope to the Internet at all. He has informed the producer about it but as of this writing there has not been a resolution. It does, however, demonstrate the vulnerabilities that can be present in network-connected devices where the developers of the software haven’t gone to the lengths required to properly secure them for use with the modern Internet. Even things not connected to a traditional Internet connection can be targets for attacks.

Inexpensive Ham Radio Gets Upgrades Thanks To A Trojan

July 6, 2023 by 21 Comments

Love them or hate them, the crop of cheap hand-held amateur radio transceivers is here to stay. They’re generally horrible radios, often smearing spurious emissions across the spectrum, but they’re cheap enough to throw in a glove box for emergencies, and they invite experimentation — for instance, modifying the firmware to add functionality the OEM didn’t think to offer.

The new hotness in this class of radios is the Quansheng UV-K5, a two-band transceiver you can pick up for about $40, and we suspect it’ll get hotter still with this firmware trojan by [Piotr (SQ9P)]. We’ve already seen a firmware hack for these radios, one that aimed at unlocking the full frequency range of the RF chip at the heart of the radio. Honestly, we’re not huge fans of these mods, which potentially interfere with other allocations across multiple bands. But [Piotr]’s hacks seem a bit more innocuous, focusing mainly on modifying the radio’s display and adding useful features, such as a calibrated received signal strength bar graph and a numerical RSSI display. The really neat new feature, though, is the spectrum display, which shows activity across a 2-MHz slice of spectrum centered on the currently set frequency. And just because he could, [Piotr] put in a game of Pong.

[Piotr]’s description of the mod as a trojan seems apt since his new programs run in parallel to the OEM firmware by wrapping its vector table. We’d imagine other mods are possible, and we’re keen to see what people come up with for these hackable little units. Just make sure you’re staying within the law, especially in the United States — the FCC does not play games (third item).

Easy Modifications For Inexpensive Radios

June 23, 2023 by 65 Comments

Over the past decade or so, amateur radio operators have benefited from an influx of inexpensive radios based around a much simpler design than what was typically commercially available, bringing the price of handheld dual-band or GMRS radios to around $20. This makes the hobby much more accessible, but they have generated some controversy as they tend to not perform as well and can generate spurious emissions and other RF interference that a higher quality radio might not create. But one major benefit besides cost is that they’re great for tinkering around, as their simplified design is excellent for modifying. This experimental firmware upgrade changes a lot about this Quansheng model.

With the obligatory warning out of the way that modifying a radio may violate various laws or regulations of some localities, it looks like this modified firmware really expands the capabilities of the radio. The chip that is the basis of the radio, the BK4819, has a frequency range of 18-660 MHz and 840-1300 MHz but not all of these frequencies will be allowed with a standard firmware in order to comply with various regulations. However, there’s typically no technical reason that a radio can’t operate on any arbitrary frequency within this range, so opening up the firmware can add a lot of functionality to a radio that might not otherwise be capable.

Some of the other capabilities this modified firmware opens up is the ability to receive in various other modes, such as FM and AM within the range of allowable frequencies. To take a more deep dive on what this firmware allows be sure to check out the original GitHub project page as well, and if you’re curious as to why these inexpensive radios often run afoul of radio purists and regulators alike, take a look at some of the problems others have had in Europe.