Monotron Gets All The Mods

June 9, 2018 by Adam Fabio 3 Comments

[Harry Axten] turned the diminutive Korg Monotron into a playable analog synthesizer, complete with a full-sized keyboard spanning two octaves and a MIDI interface.

Korg Introduced the Monotron analog mini-synthesizer back in 2010. They also dropped the schematics for the synth. Hackers wasted no time modifying and improving the Monotron. [Harry] incorporated several of these changes into his build. The Low-Frequency Oscillator (LFO) has been changed over to an envelope generator. The ribbon controller is gone, replaced with a CV/gate interface to sound notes.

The CV/gate interface, in turn, is connected to an ATMega328P which converts it to MIDI. MIDI data comes from one of two sources: A two-octave full-sized keyboard pulled from a scrapped MIDI controller or a MIDI connector at the back.

The user interface doesn’t stop with the keyboard. The low-cost pots on the original Monotron have been replaced with much higher quality parts on the front panel. The tuning pot is a 10-turn device, which allows for precision tuning. All the mods are mounted on a single board, which is connected to the original Monotron board.

The fruit of all hard work is an instrument that is a heck of a lot of fun to play. Check it out in the video below. Want more? You can read all about hacking about the Monotron’s bigger brother, the Monotribe.

Continue reading “Monotron Gets All The Mods” →

Repairs You Can Print: Fixing Pegboard Clips That Break Too Easily

February 14, 2018 by Brian Benchoff 8 Comments

Right now, we’re running the Repairs You Can Print Contest, where one lucky student and one lucky organization will win the fancy-schmancy Prusa i3 MK3, with the neato multi-extrusion upgrade. [Budiul] is a student, so he figured he would repair something with a 3D printer. Lucky for him, the pegboard in his workshop was completely terrible, or at least the pegboard hooks were. These hooks were made out of PVC, and after time, more and more hooks broke. The solution? Print his own, and make them stronger in the process.

[Budiul] started his fix by taking the remaining, unbroken hooks on his pegboard wall organizer and measuring the relevant dimensions. These were modeled in Creo 4.0, printed out, and tested to fit. After many errors and failed models, he finally got a 3D printable version of his plastic pegboard hooks.

Of course, replacing PVC pegboard hooks with ABS hooks really isn’t that great of a solution. To fix this problem of plastic pegboard hooks for good, he printed the hooks in halves, with a channel running down the middle. This channel was filled with some steel wire and acetone welded together. The result is a fantastically strong pegboard hook that will hold up to the rigors of holding up some tools.

While printing out pegboard hooks might not seem like the greatest use of time, there are a few things going for this hack. Firstly, these aren’t the pegboard hooks made out of steel rod we all know and love; this is some sort of weird proprietary system that uses plastic molded hooks. If they’re made out of plastic anyway, you might as well print them. Secondly, being able to print your own pegboard hooks is a severely underrated capability. If you’ve ever tried to organize a workbench, you’ll know that you’ll never be able to find the right hook for the right spot. There is, apparently, a mystical superposition of pegboard hooks somewhere in the universe.

This is a great hack, and a great entry for the Repairs You Can Print contest. You can check out a video of the hack below.

Continue reading “Repairs You Can Print: Fixing Pegboard Clips That Break Too Easily” →

34C3: Hacking Into A CPU’s Microcode

December 28, 2017 by Elliot Williams 67 Comments

Inside every modern CPU since the Intel Pentium fdiv bug, assembly instructions aren’t a one-to-one mapping to what the CPU actually does. Inside the CPU, there is a decoder that turns assembly into even more primitive instructions that are fed into the CPU’s internal scheduler and pipeline. The code that drives the decoder is the CPU’s microcode, and it lives in ROM that’s normally inaccessible. But microcode patches have been deployed in the past to fix up CPU hardware bugs, so it’s certainly writeable. That’s practically an invitation, right? At least a group from the Ruhr University Bochum took it as such, and started hacking on the microcode in the AMD K8 and K10 processors.

The hurdles to playing around in the microcode are daunting. It turns assembly language into something, but the instruction set that the inner CPU, ALU, et al use was completely unknown. [Philip] walked us through their first line of attack, which was essentially guessing in the dark. First they mapped out where each x86 assembly codes went in microcode ROM. Using this information, and the ability to update the microcode, they could load and execute arbitrary microcode. They still didn’t know anything about the microcode, but they knew how to run it.

So they started uploading random microcode to see what it did. This random microcode crashed almost every time. The rest of the time, there was no difference between the input and output states. But then, after a week of running, a breakthrough: the microcode XOR’ed. From this, they found out the syntax of the command and began to discover more commands through trial and error. Quite late in the game, they went on to take the chip apart and read out the ROM contents with a microscope and OCR software, at least well enough to verify that some of the microcode operations were burned in ROM.

The result was 29 microcode operations including logic, arithmetic, load, and store commands — enough to start writing microcode code. The first microcode programs written helped with further discovery, naturally. But before long, they wrote microcode backdoors that triggered when a given calculation was performed, and stealthy trojans that exfiltrate data encrypted or “undetectably” through introducing faults programmatically into calculations. This means nearly undetectable malware that’s resident inside the CPU. (And you think the Intel Management Engine hacks made you paranoid!)

[Benjamin] then bravely stepped us through the browser-based attack live, first in a debugger where we could verify that their custom microcode was being triggered, and then outside of the debugger where suddenly xcalc popped up. What launched the program? Calculating a particular number on a website from inside an unmodified browser.

He also demonstrated the introduction of a simple mathematical error into the microcode that made an encryption routine fail when another particular multiplication was done. While this may not sound like much, if you paid attention in the talk on revealing keys based on a single infrequent bit error, you’d see that this is essentially a few million times more powerful because the error occurs every time.

The team isn’t done with their microcode explorations, and there’s still a lot more of the command set left to discover. So take this as a proof of concept that nearly completely undetectable trojans could exist in the microcode that runs between the compiled code and the CPU on your machine. But, more playfully, it’s also an invitation to start exploring yourself. It’s not every day that an entirely new frontier in computer hacking is bust open.

Analysing 3D Printer Songs For Hacks

August 20, 2017 by Inderpreet Singh 8 Comments

3D printers have become indispensable in industry sectors such as biomedical and manufacturing, and are deployed as what is termed as a 3D print farm. They help reduce production costs as well as time-to-market. However, a hacker with access to these manufacturing banks can introduce defects such as microfractures and holes that are intended to compromise the quality of the printed component.

Researchers at the Rutgers University-New Brunswick and Georgia Institute of Technology have published a study on cyber physical attacks and their detection techniques. By monitoring the movement of the extruder using sensors, monitored sounds made by the printer via microphones and finally using structural imaging, they were able to audit the printing process.

A lot of studies have popped up in the last year or so including papers discussing remote data exfiltration on Makerbots that talk about the type of defects introduced. In a paper by [Belikovetsky, S. et al] titled ‘dr0wned‘, such an attack was documented which allowed a compromised 3D printed propeller to crash a UAV. In a follow-up paper, they demonstrated Digital Audio Signing to thwart Cyber-physical attacks. Check out the video below.

In this new study, the attack is identified by using not only the sound of the stepper motors but also the movement of the extruder. After the part has been manufactured, a CT scan ensures the integrity of the part thereby completing the audit.

Disconnected printers and private networks may be the way to go however automation requires connectivity and is the foundation for a lot of online 3D printing services. The universe of Skynet and Terminators may not be far-fetched either if you consider ambitious projects such as this 3D printed BLDC motor. For now, learn to listen to your 3D printer’s song. She may be telling you a story you should hear.

Thanks for the tip [Qes] Continue reading “Analysing 3D Printer Songs For Hacks” →

3D Printed Curta Gets Upgrades

August 1, 2017 by Inderpreet Singh 16 Comments

It is amazing how makers can accomplish so much when they put their mind to something. [Marcus Wu] has uploaded a mesmerizing video on how to build a 3D printed Curta Mechanical Calculator. After nine iterations of design, [Marcus] presents a polished design that not only works but looks like a master piece.

For the uninitiated, the Curta is a mechanical calculator designed around the time of World War II. It is still often seen used in time-speed-distance (TSD) rallies to aid in the computation of times to checkpoints, distances off-course and so on. Many of these rallies don’t allow electronic calculators, so the Curta is perfect. The complex inner workings of the contraption were a key feature and point of interest among enthusiasts and the device itself is a highly popular collectible.

As for the 3D printed design, the attention to detail is impeccable. The current version has around 80 parts that need to 3D printed and a requires a few other screws and springs. Some parts like the reversing lever and selector knobs have been painted and digits added to complete the visual detail. The assembly took [Marcus Wu] around 40 minutes to complete and is one of the most satisfying builds we have ever seen.

What is even more amazing is that [Markus Wu], who is a software engineer by profession has shared all the files including the original design files free of cost on Thingiverse. A blog with written instructions is also available along with details of the iterations and original builds. We already did a post on a previous version so check it out for a little more background info.

Thanks for the tip [lonestar] Continue reading “3D Printed Curta Gets Upgrades” →

Backchannel UART Without The UART

July 18, 2017 by Inderpreet Singh 22 Comments

Anyone who has worked with a microcontroller is familiar with using printf as a makeshift debugger. This method is called tracing and it comes with the limitation that it uses up a UART peripheral. Believe it or not, there are 8051 variants out there that come with only one serial block and you are out of luck if your application needs it to communicate with another device.

[Jay Carlson] has a method by which he can piggyback these trace messages over an on-chip debugger. Though the newer ARM Cortex-M software debugger already has this facility but [Jay Carlson]’s hack is designed to work with the SiLabs EFM8 controllers. The idea is to write these debug messages to a predefined location in the RAM which the debugger can access anyway. His application polls a certain area of the memory and when it finds valid information, it reads the data and spits it out into a dedicated window. It’s using the debugger as a makeshift printf!

[Jay Carlson] used slab8051.dll interface and put together a C# program and GUI that works alongside the SiLab’s IDE. The code is available on GitHub for you to check out if you are working the EFM8 and need a helping hand. The idea is quite simple and can be ported to other controllers in a multitude of ways like the MSP430 perhaps. For those of you who like the Teensy, you might want to take a look at adding debugger support to the Teensy 3.5/3.6.

Hacking IBeacons For Automating Routines

July 17, 2017 by Inderpreet Singh 17 Comments

Every self-respecting hacker has an automation hack somewhere in his/her bag of tricks. There are a lot of modern-day technologies that facilitate the functionality like GPS, scripting apps, and even IFTTT. In an interesting hack, [Nick Lee] has combined iBeacons and a reverse engineered Starbucks API to create an automated morning routine.

By creating a mobile app that scans for iBeacons, [Nick Lee] was able to reduce the effort made every morning while heading to his office. When the app encounters a relevant beacon, a NodeJS app sitting in the cloud is triggered. This consequently leads to desired actions like ordering an Uber ride and placing an order for an iced latte.

[Nick Lee] shares the code for the Starbucks application on GitHub for anyone who wants to order their favorite cup of joe automatically. This project can be easily expanded to work with GPS or even RFID tags and if you feel like adding IoT to a coffee machine, you could automate all of your beverage requirements in one go.