Data retention is a funny thing. Atmel will gladly tell you that the flash memory in an ATmega32A will retain its data for 100 years at room temperature. Microchip says its EEPROMs will retain data for over 200 years. And yet, humanity has barely had a good grasp on electricity for that long. Heck, the silicon chip itself was only invented in 1958. EEPROMs and flash storage are altogether younger themselves.
How can these manufacturers make such wild claims when there’s no way they could have tested their parts for such long periods of time? Are they just betting on the fact you won’t be around to chastise them in 2216 when your project suddenly fails due to bit rot.
Well, actually, there’s a very scientific answer. Enter the practice of accelerated wear testing.
Sometimes reverse engineering embedded systems can be a right old faff, with you needing to resort to all kinds of tricks such as power glitching in order to poke a tiny hole in the armour, giving you an way in. And, sometimes the door is just plain wide open. This detailed exploration of an off-the-shelf retro arcade machine, is definitely in that second camp, for an unknown reason. [Matthew Alt] of VoidStar Security, took a detailed look into how this unit works, which reads as a great introduction to how embedded Linux is constructed on these minimal systems.
Could this debug serial port be more obvious?
The hardware is the usual bartop cabinet, with dual controls and an LCD display, with just enough inside a metal enclosure to drive the show. Inside this, the main PCB has the expected minimal ARM-based application processor with its supporting circuit. The processor is the Rockchip RK3128, sporting a quad-core ARM Neon and a Mali400 GPU, but the main selling point is the excellent Linux support. You’ll likely see this chip or its relatives powering cheap Android TV boxes, and it’s the core of this nice looking ‘mini PC’ platform from firefly. Maybe something to consider seeing as though Raspberry Pis are currently so hard to come by?
Anyway, we digress a little, [Matthew] breaks it down for us in a very methodical way, first by identifying the main ICs and downloading the appropriate datasheets. Next he moves on to connectors, locating an internal non-user-facing USB micro port, which is definitely going to be of interest. Finally, the rather obvious un-populated 3-pin header is clearly identified as a serial port. This was captured using a Saleae clone, to verify it indeed was a UART interface and measure the baud rate. After doing that, he hooked it into a Raspberry Pi UART and by attaching the standard screen utility to the serial device, lo-and-behold, a boot log and a root prompt! This thing really is barn-door wide-open.
Is that a root prompt you have for me? Oh why yes it is!
Simply by plugging in a USB stick, the entire flash memory was copied over, partitions and all, giving a full backup in case subsequent hacking messed things up. Being based on U-Boot, it was a trivial matter of just keying in ‘Ctrl-C’ at boot time, and he was dropped straight into the U-Boot command line, and all configuration could be easily read out. By using U-Boot to low-level dump the SPI flash to an external USB device, via a RAM copy, he proved he could do the reverse and write the same image back to flash without breaking something, so it was now possible to reverse engineer the software, make changes and write it back. Automation of the process was done using Depthcharge on the Raspberry Pi, which was also good to read about. We will keep an eye on the blog for what he does with it next!
While many would argue that the original iPod is the most iconic entry in the long and diverse line of digital audio players that Apple released over the years, there must certainly be some consideration for the third generation (3G) iPod Nano. It’s a device that was ahead of its time in many ways, and is still perfectly usable today, although [Tucker Osman] does think it could stand to have its maximum flash storage doubled to 16 GB.
Now, we’d like to tell you that he’s already succeeded in this task. After all, in theory, it should be pretty straightforward: just remove the 8 GB flash chip and replace it with a pin-compatible 16 GB version. But of course, this is Apple we’re talking about. Nothing is ever quite that easy, and it seems that at every turn both the hardware and software in the thirteen-year-old iPod are fighting the change.
It took several attempts before the original flash chip could be swapped out, but eventually [Tucker] and his friend [Wesley] got one to survive the operation. Unfortunately, all they had to show for their effort was an unhelpful error screen.
From here on out the assumption was that they were dealing with a software problem. Luckily the Rockbox bootloader had previously been ported to the 3G Nano, which helped get the ball rolling. The next step would be to patch the Nano’s firmware to accept the ID of the new flash chip, but after a year of work, it’s turned out to be a bit more complicated than that.
Embedded Linux devices are everywhere these days, and sooner or later, you’re going to want to poke around in one of them. But how? That’s where posts like this one from [Felipe Astroza] come in. While his work is focused on the Foscam C1 security camera, the techniques and tools he outlines here will work on all sorts of gadgets that have a tiny penguin at their core.
Rather than trying to go in through the front door, [Felipe] starts his assault with the nuclear option: removing the SPI MX25L12835F flash chip from the camera’s PCB and dumping its contents with a Raspberry Pi. From there he walks through the use of different tools to determine the partition scheme of the chip and eventually extract passwords and other interesting bits of information from the various file systems within.
Getting ready to remove the flash chip.
That alone would be worth the read, but things really get interesting once [Felipe] discovers the FirmwareUpgrade program. Since the Foscam’s software updates are encrypted, he reasons that reverse engineering this binary would uncover the key and allow for the creation of custom firmware images that can be flashed through the stock interface.
Further investigation with Ghidra and friends identifies an interesting shared library linked to the executable in question, which is then disassembled in an effort to figure out how the key is being obfuscated. We won’t ruin the surprise, but [Felipe] eventually gets what he’s after.
Traditionally, a forum full of technical users trying integrate their own hardware into a game system for the purposes of gaining unfettered access to its entire software library was the kind of thing that would keep engineers at Sony and Nintendo up at night. The development and proliferation of so called “mod chips” were an existential threat to companies that made their money selling video games, and as such, sniffing out these console hackers and keeping their findings from going public for as long as possible was a top priority.
But the Arduboy is no traditional game system. Its games are distributed for free, so a chip that allows users to cram hundreds of them onto the handheld at once isn’t some shady attempt to pull a fast one on the developers, it’s a substantial usability improvement over the stock hardware. So when Arduboy creator Kevin Bates found out about the grassroots effort to expand the system’s internal storage on the official forums, he didn’t try to put a stop to it. Instead, he asked how he could help make it a reality for as many Arduboy owners as possible.
Now, a little less than three years after forum member Mr.Blinky posted his initial concept for hanging an external SPI flash chip on the system’s test pads, the official Arduboy FX Mod-Chip has arrived. Whether you go the DIY route and build your own version or buy the ready-to-go module, one thing is for sure: it’s a must-have upgrade for the Arduboy that will completely change how you use the diminutive handheld.
It’s a problem familiar to anyone who’s spent a decent amount of time playing with a Raspberry Pi – over time, the flash in the SD card reaches its write cycle limits, and causes a cavalcade of confusing errors before failing entirely. While flash storage is fast, compact, and mechanically reliable, it has always had a writeable lifespan much shorter than magnetic technologies.
Flash storage failures in the computer behind Tesla’s famous touch screen are causing headaches for drivers.
Of course, with proper wear levelling techniques and careful use, these issues can be mitigated successfully. The surprising thing is when a major automaker fails to implement such basic features, as was the case with several Tesla models. Due to the car’s Linux operating system logging excessively to its 8 GB eMMC storage, the flash modules have been wearing out. This leads to widespread failures in the car, typically putting it into limp mode and disabling many features controlled via the touchscreen.
With the issue affecting important subsystems such as the heater, defroster, and warning systems, the NHTSA wrote to the automaker in January requesting a recall. Tesla’s response acquiesced to this request with some consternation, downplaying the severity of the issue. Now they are claiming that the eMMC chip, ball-grid soldered to the motherboard, inaccessible without disassembling the dash, and not specifically mentioned in the owner’s manual, should be considered a “wear item”, and thus should not be subject to such scrutiny. Continue reading “Tesla Recalls Cars With EMMC Failures, Calls Part A ‘Wear Item’”→
It should probably go without saying that the main reason most people buy an electric vehicle (EV) is because they want to reduce or eliminate their usage of gasoline. Even if you aren’t terribly concerned about your ecological footprint, the fact of the matter is that electricity prices are so low in many places that an electric vehicle is cheaper to operate than one which burns gas at $2.50+ USD a gallon.
Another advantage, at least in theory, is reduced overal maintenance cost. While a modern EV will of course be packed with sensors and complex onboard computer systems, the same could be said for nearly any internal combustion engine (ICE) car that rolled off the lot in the last decade as well. But mechanically, there’s a lot less that can go wrong on an EV. For the owner of an electric car, the days of oil changes, fouled spark plugs, and the looming threat of a blown head gasket are all in the rear-view mirror.
