Completely Owning the Dreamcast Add-on You Never Had

If you’ve got a SEGA Dreamcast kicking around in a closet somewhere, and you still have the underutilized add-on Visual Memory Unit (VMU), you’re in for a treat today. If not, but you enjoy incredibly detailed hacks into the depths of slightly aged silicon, you’ll be even more excited. Because [Dmitry Grinberg] has a VMU hack that will awe you with its completeness. With all the bits in place, the hacking tally is a new MAME emulator, an IDA plugin, a never-before ROM dump, and an emulator for an ARM chip that doesn’t exist, running Flappy Bird. All in a month’s work!

The VMU was a Dreamcast add-on that primarily stored game data in its flash memory, but it also had a small LCD display, a D-pad, and inter-VMU communications functions. It also had room for a standalone game which could interact with the main Dreamcast games in limited ways. [Dmitry] wanted to see what else he could do with it. Basically everything.

We can’t do this hack justice in a short write-up, but the outline is that he starts out with the datasheet for the VMU’s CPU, and goes looking for interesting instructions. Then he started reverse engineering the ROM that comes with the SDK, which was only trivially obfuscated. Along the way, he wrote his own IDA plugin for the chip. Discovery of two ROP gadgets allowed him to dump the ROM to flash, where it could be easily read out. Those of you in the VMU community will appreciate the first-ever ROM dump.

On to doing something useful with the device! [Dmitry]’s definition of useful is to have it emulate a modern CPU so that it’s a lot easier to program for. Of course, nobody writes an emulator for modern hardware directly on obsolete hardware — you emulate the obsolete hardware on your laptop to get a debug environment first. So [Dmitry] ported the emulator for the VMU’s CPU that he found in MAME from C++ to C (for reasons that we understand) and customized it for the VMU’s hardware.

Within the emulated VMU, [Dmitry] then wrote the ARM Cortex emulator that it would soon run. But what ARM Cortex to emulate? The Cortex-M0 would have been good enough, but it lacked some instructions that [Dmitry] liked, so he ended up writing an emulator of the not-available-in-silicon Cortex-M23, which had the features he wanted. Load up the Cortex emulator in the VMU, and you can write games for it in C. [Dmitry] provides two demos, naturally: a Mandlebrot set grapher, and Flappy Bird.

Amazed? Yeah, we were as well. But then this is the same guy emulated an ARM chip on the AVR architecture, just to run Linux on an ATMega1284p.

Make Some Noise with the Typewriter Keyboard

Are you an angry programmer? Do you get the frequent urge to smash the return key or space bar after finishing every single line of code? Well then [Konstantin Schauwecker]’s typewriter keyboard is just the thing for you. In his project, [Konstantin] hacked a German Olympia Monica typewriter into a USB keyboard.

The project uses no less than 50 photo interrupters mounted on a custom PCB that mounts directly under the typewriter itself. The circuit board is so designed that the hammer arms take a position in obstructing the opto-interrupters. Every time a key is pressed, the corresponding device sends a signal to an Arduino.

In order to enable the wiring of 50 signals to an Arduino Leonardo, multiplexers and decoders are employed. CD4515, 4×16 line decoders work to activate the optical signals and the CD4067, 16×4 multiplexers are used to return the scans. This forms the traditional scanning keyboard matrix and the whole thing is managed in the Arduino code (available as a zip file).

This project can be a great starting point for anyone who wants to hack their grandpa’s old typewriter or make one in order to annoy the guy sitting next to them. Check out the video below for a demo and teardown and if you prefer Raspberry Pis then check out this mechanical typewriter hack.

Hacking Into…. A Wind Farm?

Pick a lock, plug in a WiFi-enabled Raspberry Pi and that’s nearly all there is to it.

There’s more than that of course, but the wind farms that [Jason Staggs] and his fellow researchers at the University of Tulsa had permission to access were — alarmingly — devoid of security measures beyond a padlock or tumbler lock on the turbines’ server closet. Being that wind farms are generally  in open fields away from watchful eyes, there is little indeed to deter a would-be attacker.

[Staggs] notes that a savvy intruder has the potential to shut down or cause considerable — and expensive — damage to entire farms without alerting their operators, usually needing access to only one turbine to do so. Once they’d entered the turbine’s innards, the team made good on their penetration test by plugging their Pi into the turbine’s programmable automation controller and circumventing the modest network security.

The team are presenting their findings from the five farms they accessed at the Black Hat security conference — manufacturers, company names, locations and etc. withheld for obvious reasons. One hopes that security measures are stepped up in the near future if wind power is to become an integral part of the power grid.

All this talk of hacking and wind reminds us of our favourite wind-powered wanderer: the Strandbeest!

[via WIRED]

Hacking an Inspection Microscope

Sometimes I need to be able to take photographs of very small things, and the so-called macro mode on my point-and-shoot camera just won’t cut it. And it never hurts to have an inspection scope on hand for tiny soldering jobs, either, though I prefer a simple jeweler’s loupe in one eye for most tasks. So I sent just over $40 off to my close friend Alibaba, and a few weeks later was the proud owner of a halfway usable inspection scope that records stills or video to an SD card.

Unfortunately, it’s only halfway useable because of chintzy interface design and a wobbly mount. So I spent an afternoon, took the microscope apart, and got it under microcontroller control, complete with WiFi and a scripting language. Much better! Now I can make microscope time-lapses, but much more importantly I can take blur-free photos without touching the wiggly rig. It was a fun hack, so I thought I’d share. Read on!

Continue reading “Hacking an Inspection Microscope”

USB Charger Fooled into Variable Voltage Source

USB chargers are everywhere and it is the responsibility of every hacker to use this commonly available device to its peak potential. [Septillion] and [Hugatry] have come up with a hack to manipulate a USB charger into becoming a variable voltage source. Their project QC2Control works with chargers that employ Quick Charge 2.0 technology which includes wall warts as well as power banks.

Qualcomm’s Quick Charge is designed to deliver up to 24 watts over a micro USB connector so as to reduce the charging time of compatible devices. It requires both the charger as well as the end device to have compatible power management chips so that they may negotiate voltage limiting cycles.

In their project, [Septillion] and [Hugatry] use a 3.3 V Arduino Pro Mini to talk to the charger in question through a small circuit consisting of a few resistors and diodes. The QC2.0 device outputs voltages of 5 V, 9 V and 12 V when it sees predefined voltage levels transmitted over the D+ and D- lines, set by Arduino and voltage dividers. The code provides function calls to simplify the control of the power supply. The video below shows the hack in action.

Quick Charge has been around for a while and you can dig into the details of the inner workings as well as the design of a compatible power supply from reference designs for the TPS61088 (PDF). The patent (PDF) for the Quick Charge technology has a lot more detail for the curious.

Similar techniques have been used in the past and will prove useful for someone looking for a configurable power supply on the move. This is one for the MacGyver fans.

Continue reading “USB Charger Fooled into Variable Voltage Source”

How to Build Your Own Google AIY without the Kit

Google’s voice assistant has been around for a while now and when Amazon released its Alexa API and ported the PaaS Cloud code to the Raspberry Pi 2 it was just a matter of time before everyone else jumped on the fast train to maker kingdom. Google just did it in style.

Few know that the Google Assistant API for the Raspberry Pi 3 has been out there for some time now but when they decided to give away a free kit with the May 2017 issues of MagPi magazine, they made an impression on everyone. Unfortunately the world has more makers and hackers and the number of copies of the magazine are limited.

In this writeup, I layout the DIY version of the AIY kit for everyone else who wants to talk to a cardboard box. I take a closer look at the free kit, take it apart, put it together and replace it with DIY magic. To make things more convenient, I also designed an enclosure that you can 3D print to complete the kit. Lets get started.

Continue reading “How to Build Your Own Google AIY without the Kit”

Doomed Thermostat

It is amazing how the game Doom has been ported to so many things. Enter one more port, where the hardware in question is a Honeywell Prestige thermostat.

In his video, [cz7asm] shows us the game running quite nicely on the 480 x 272 LCD with an NES controller plugged into the USB port originally intended for software updates. The thermostat runs on a STM32F429 which is an ARM9 processor that has the juice to pull it off. The Doom engine being used is based on Chocolate Doom, an open source port of the game, and the binaries can be downloaded for Windows and Mac. The source code is also available as a download for your tinkering pleasure. This project by [cz7asm]  is extended from a code on GitHub by [floppes] that was meant for the STM32F429IDISCOVERY evaluation board.

The author shares his code for the STM32F4 on Dropbox as a zip and in order to compile it, the Atmel BSP for GNU GCC is used. The video below demonstrates the hack in action and, though there is no sound yet, the satisfaction that comes from such modifications is its own reward.

What else can you run Doom on? How about a calculator or maybe the Intel Edison or even an ATM machine! If there is a processor with enough muscle power, hackers will find a way to run Doom on it. So have you seen any alien computers lately that you think can be hacked? Continue reading “Doomed Thermostat”