Tokyo Mechanical Keyboard Meetup Knocks Our Clacks Off

Just a few days ago, on the other side of the planet from this author, there was a mechanical keyboard meetup in Tokyo. Fortunately through the magic of the Internet we can all enjoy the impressive collection of devices people brought, and boy were there some interesting specimens. There were certainly the inevitable collections of strange artisan keycaps, unusual handmade switches, and keycap sets only available in one group buy five years ago in Nicaragua. But among the bright colors were some truly unique custom designs the likes of which we haven’t see before. A single source is hard to credit, you could check the hashtag #tokyomk6 on Twitter, or [obra]’s thread of photos, or this great blog post (video walkthroughs and photos included) from [romly].

Speaking of [romly], one of their designs stands out as particularly unusual. There are a few things to note here. One is the very conspicuous surface profile of the (clearly totally custom) keycaps themselves. Instead of flat or cylindrical or spherical, these are round. Round like the outside of a log. If we didn’t know better it might look like the entire thing was sculpted or extruded as a single unit. And just below the deck are the perpendicular thumb clusters. Frankly we aren’t sure how to refer to this design feature. The switches are mounted at right angles facing inward so the user places a thumb inside it in a style reminiscent of the DataHand. It’s quite interesting, and we’d be love to know more about what specific functionality it provides.

Another interesting entrant is this keyboard with unusually staggered switches and hexagonal caps (check out the individual markings!). Very broadly there are two typical keyboard layout styles; the diagonal columns of QWERTY (derived from a typewriter in the 1800’s) or the non slanted columns of an “ortholinear” or matrix style layout. By those metrics this is something like an ortholinear keyboard in that its switches overlap their neighbors by half, but the edge to edge close packed caps imply that it might be something else.  We’d be very interested to know how typing on this beast would be!

There were so many more awesome designs present at the meetup that this would never end if we tried to document them all. Take a look through the posts and call out anything else too excellent to go unnoticed!

Thanks [obra] for Tweeting about this so we could discover it.

What Happened With Supermicro?

Back in October 2018, a bombshell rocked the tech industry when Bloomberg reported that some motherboards made by Supermicro had malicious components on them that were used to spy or interfere with the operation of the board, and that these motherboards were found on servers used by Amazon and Apple. We covered the event, looking at how it could work if it were true. Now seven months have passed, and it’s time to look at how things shook out.

Continue reading “What Happened With Supermicro?”

From Software To Tindie Hack Chat With Brian Lough

Join us Wednesday at noon Pacific time for the From Software to Tindie Hack Chat!

Brian Lough has followed a roundabout but probably not unusual route to the hardware hacking scene. Educated in Electronic and Computer Engineering, Brian is a software developer by trade who became enamored of Arduino development when the ESP8266 hit the market. He realized the microcontrollers such as these offered incredible capabilities on the cheap, and the bug bit him.

Since then, Brian has fully embraced the hardware hacking way, going so far as to live stream complete builds in a sort of collaborative “hack-along” with his viewers. He’s also turned a few of his builds into legitimate products, selling them on his Tindie store and even going so far as to automate testing before shipping to catch errors and improve quality.

Please join us for this Hack Chat, where we’ll discuss:

  • How software hacking leads to hardware hacking;
  • The creative process and how live streaming helps or hinders it;
  • The implications of going from project to product; and
  • What sorts of new projects might we see soon?

Continue reading “From Software To Tindie Hack Chat With Brian Lough”

Years Don’t Dim The Shine Of These Curious Gadgets

[Maarten Tromp] recently took the time to document some of the unusual and creative electronic projects he received as gifts over the years. These gadgets were created in the early 2000’s and still work flawlessly today. Two of our favorites are shown here: Hardware Tetris Unit (shown in the image above) and Heap of Electronic Parts.

The “Heap of Electronic Parts” makes sounds when in sunlight.

Heap of Electronic Parts was a kind of hardware puzzle and certainly lives up to its name. It’s a bunch of parts soldered in a mystifying way to the backs of four old EPROMs — the chips with the little window through which UV is used to erase the contents. Assured that the unit really did have a function, [Maarten] eventually figured out that when placed in sunlight, the device ticks, buzzes, and squeals. [Jeroen] had figured out that the EPROMs could act like tiny solar cells when placed in sunlight, and together the four generate just enough power to drive an oscillator connected to a piezo speaker. It still chirps happily away, even today.

Hardware Tetris plays in a terminal window.

Hardware Tetris Unit was a black box intended to be plugged into a serial port. With a terminal opened using the correct serial port settings, a fully-functional Tetris game using ASCII-art graphics could be played. It was even self-powered from the serial port pins.

Inside Hardware Tetris is an AVR microcontroller with some level shifters, and the source code and schematics are available for download. 14 years later, computers no longer have hardware serial ports but [Maarten] says a USB-to-serial converter worked just fine and the device still functions perfectly.

There are a couple more devices documented on [Maarten]’s gifts page, including a Zork-inspired mini text adventure and a hardware board that does some trippy demos on an old Nokia color LCD.  [Maarten]’s friend [Jeroen Domburg] (aka Sprite_tm) had a hand in creating most of the gadgets, and he’s someone whose brilliant work we have had the good fortune to feature many times in the past.

Being An SPI Slave Can Be Trickier Than It Appears

Interfacing with the outside world is a fairly common microcontroller task. Outside of certain use cases microcontrollers are arguably primarily useful because of how easily they can interface with other devices. If we just wanted to read and write some data we wouldn’t have gotten that Arduino! But some tasks are more common than others; for instance we’re used to being on the master side of the interface equation, not the slave side. (That’s the job for the TI engineer who designed the temperature sensor, right?) As [Pat] discovered when mocking out a missing SPI GPIO extender, sometimes playing the other role can contain unexpected difficulties.

The simple case for a SPI slave is exactly that: simple. SPI can be wonderful in its apparent simplicity. Unlike I2C there are no weird addressing schemes, read/write bits, stop and start clock conditions. You toggle a clock line and a bit of data comes out, as long as you have the right polarity schemes of course. As a slave device the basic algorithm is of commensurate complexity. Setup an interrupt on the clock pin, wait for your chip select to be asserted, and on each clock edge shift out the next bit of the current word. Check out [Pat]’s eminently readable code to see how simple it can be.

But that last little bit is where the complexity lies. When you’re the master it’s like being the apex predator, the king of the jungle, the head program manager. You dictate the tempo and everyone on the bus dances to the beat of your clock edge. Sure the datasheet for that SRAM says it can’t run faster than 8 MHz but do you really believe it? Not until you try driving that clock a little quicker to see if there’s not a speedier transfer to be had! When you’re the slave you have to have a bit ready every clock edge. Period. Missing even a single bit due to, say, an errant print statement will trash the rest of transaction in ways which are hard to detect and recover from. And your slave code needs to be able to detect those problems in order to reset for the next transaction. Getting stuck waiting to send the 8th bit of a transaction that has ended won’t do.

Check out [Pat]’s very friendly post for a nice refresher on SPI and their discoveries working through the problems of building a SPI slave. There are some helpful tips about how to keep things responsive in a device performing other tasks.

Malicious Component Found On Server Motherboards Supplied To Numerous Companies

This morning Bloomberg is reporting a bombshell for hardware security. Companies like Amazon and Apple have found a malicious chip on their server motherboards. These are not counterfeit chips. They are not part of the motherboard design. These were added by the factory at the time of manufacture. The chip was placed among other signal conditioning components and is incredibly hard to spot as the nature of these motherboards includes hundreds of minuscule components.

Though Amazon and Apple have denied it, according to Bloomberg, a private security contractor in Canada found the hidden chip on server motherboards. Elemental Technologies, acquired by Amazon in 2015 for its video and graphics processing hardware, subcontracted Supermicro (Super Micro Computer, Inc.) to manufacture their server motherboards in China. It is unknown how many of the company’s products have this type of malicious hardware in them, equipment from Elemental Technologies has been supplied to the likes of government contractors as well as major banks and even reportedly used in the CIA’s drone operations.

How the Hack Works

The attacks work with the small chip being implanted onto the motherboard disguised as signal couplers. It is unclear how the chip gains access to the peripherals such as memory (as reported by Bloomberg) but it is possible it has something to do with accessing the bus. The chip controls some data lines on the motherboard that likely provide an attack vector for the baseboard management controller (BMC).

Hackaday spoke with Joe FitzPatrick (a well known hardware security guru who was quoted in the Bloomberg article). He finds this reported attack as a very believable approach to compromising servers. His take on the BMC is that it’s usually an ARM processor running an ancient version of Linux that has control over the major parts of the server. Any known vulnerability in the BMC would be an attack surface for the custom chip.

Data centers house thousands of individual servers that see no physical interaction from humans once installed. The BMC lets administrators control the servers remotely to reboot malfunctioning equipment among other administrative tasks. If this malicious chip can take control of the BMC, then it can provide remote access to whomever installed the chip. Reported investigations have revealed the hack in action with brief check-in communications from these chips though it’s difficult to say if they had already served their purpose or were being saved for a future date.

What Now?

Adding hardware to a design is fundamentally different than software-based hacking: it leaves physical evidence behind. Bloomberg reports on US government efforts to investigate the supply chain attached to these parts. It is worth noting though that the article doesn’t include any named sources while pointing the finger at China’s People’s Liberation Army.

The solution is not a simple one if servers with this malicious chip were already out in the field. Even if you know a motherboard has the additional component, finding it is not easy. Bloomberg also has unconfirmed reports that the next-generation of this attack places the malicious component between layers of the circuit board. If true, an x-ray would be required to spot the additional part.

A true solution for high-security applications will require specialized means of making sure that the resulting product is not altered in any way. This hack takes things to a whole new level and calls into question how we validate hardware that runs our networks.

Update: We changed the penultimate paragraph to include the word if: “…simple one if servers with…” as it has not been independently verified that servers were actually out in the field and companies have denied Bloomberg’s reporting that they were.

[Note: Image is a generic photo and not the actual hardware]

Show That Sega Saturn Save Battery Who’s Boss

Breaking out the Sega Saturn out of the closet for a hit of 90’s nostalgia comes with its own set of compromises: the wired controllers, the composite video, and worst of all that dead CR2032 battery behind the backdoor. Along with the death of that battery went your clock and all those precious hours put into your game save files. While the bulk of us kept feeding the insatiable SRAM, a friendly Canadian engineer named [René] decided to fix the problem for good with FRAM.

The issue with the battery-backed memory in the Saturn stems from the particularly power-hungry factory installed SRAM chip. Normally when the console is plugged-in to a main power source the CR2032 battery is not in use, though after several weeks in storage the battery slowly discharges. [René’s] proposed solution was to use a non-volatile form of RAM chip that would match the pinout of the factory SRAM as close as possible. This would allow for easier install with the minimum number of jumper wires.

Enter the FM1808 FRAM chip complete with a whopping 256 kb of addressable memory. The ferroelectric chip operates at the same voltage as the Saturn’s factory SRAM, and has the added benefit of being able to use a read/write mode similar to that of the Saturn’s original memory chip. Both chips conform to a DIP-28 footprint, and only a single jumper wire on pin 22 was required to hold the FM1808 chip’s output-enable signal active-low as opposed to the active-high enable signal on the Saturn’s factory memory chip. The before and after motherboard photos are below:

After a quick test run of multiple successful read and writes to memory, [René] unplugged his Saturn for a couple days and found that his save files had been maintained. According to the FM1808 datasheet, they should be there for the next 45 years or so. The only downside to the upgrade is that the clock & calendar settings were not maintained upon boot-up and reset to the year 1996. But that’s nothing a bit of button-mashing through couldn’t solve, because after all wasn’t the point of all this to relive a piece of the 90s?

For more Sega Saturn goodness, check out how the Sega Saturn was finally cracked after 20 years.