Audio, Not Video Over The LKV373 HDMI Extender

August 2, 2023 by Matthew Carlson 11 Comments

[eta] found herself in a flat with several LKV373 HDMI extenders. Find the corresponding transmitter, plug it into your device, and you’ve got a connection to the TV/sound system, no fussing with wires behind the TV. However, [eta] wanted to get rid of the need to plug in a laptop and start sending packets directly to play music. As her flatmate [dan] had already reverse-engineered the receiver, she tested her prototype against their virtualized receiver, de-ip-hmdi.

The actual sending of images was surprisingly straightforward — just a JPEG sliced into 1024 bytes chunks and sent over. However, early testing showed nothing on the receiver. The end of a frame needed marking by setting the most-significant bit of the chunk number to one. Now de-ip-hdmi showed the image, but the actual hardware would not. With something missing, [eta] returned to Wireshark to scan packets. Noticing some strange packets on port 2067, she analyzed the pattern to reveal it sent another packet just before a new frame and included the frame number. With this tweak, it was still not enough. Ultimately, heartbeat packets sent every second synchronize things, but compared to the noise of the video packets, they were easy to miss. Now [eta] had some functioning video streaming rust code.

In theory, audio for the LKV373 followed the same thought process as video. Two channels of 32-bit big Endian integers at 44,100 hz chunked into 992-byte sections and sent as a packet formed the audio stream. With only 992 bytes, two streams, and 4 bytes per sample, each packet only held 2.812 milliseconds of sound. The first tests resulted in no audio output or distorted crunchy sound. Of course, this was every audio engineer’s worst nightmare: jitter. With a spin loop and an efficient ring buffer, the audio packets were soon slinging across the network reliably.

The code is available on a hosted version of GitLab. It’s a beautiful journey through reverse engineering some obscure but relatively cheap hardware. Along the way, there is nicely annotated Rust code, which makes it all the better.

DisplayPort: A Better Video Interface

July 11, 2023 by Arya Voronova 75 Comments

Over the years, we’ve seen a good number of interfaces used for computer monitors, TVs, LCD panels and other all-things-display purposes. We’ve lived through VGA and the large variety of analog interfaces that preceded it, then DVI, HDMI, and at some point, we’ve started getting devices with DisplayPort support. So you might think it’s more of the same. However, I’d like to tell you that you probably should pay more attention to DisplayPort – it’s an interface powerful in a way that we haven’t seen before.

The DisplayPort (shortened as DP) interface was explicitly designed to be a successor to VGA and DVI, originating from the VESA group – an organization created by multiple computer-display-related players in technology space, which has previously brought us a number of smaller-scale computer display standards like EDID, DDC and the well-known VESA mount. Nevertheless, despite the smaller scale of previous standards, DisplayPort has since become a hit in computer display space for a number of reasons, and is more ubiquitous than you might realize.

You could put it this way: DisplayPort has all the capabilities of interfaces like HDMI, but implemented in a better way, without legacy cruft, and with a number of features that take advantage of the DisplayPort’s sturdier architecture. As a result of this, DisplayPort isn’t just in external monitors, but also laptop internal displays, USB-C port display support, docking stations, and Thunderbolt of all flavors. If you own a display-capable docking station for your laptop, be it classic style multi-pin dock or USB-C, DisplayPort is highly likely to be involved, and even your smartphone might just support DisplayPort over USB-C these days. Continue reading “DisplayPort: A Better Video Interface” →

Could 1080p Video Output From The RP2040 Be Possible?

March 31, 2023 by Lewin Day 13 Comments

Modern microcontrollers often have specs comparable with or exceeding early gaming consoles. However, where they tend to fall short is in the video department, due to their lack of dedicated graphics hardware. With some nifty coding, though, great things can be achieved — as demonstrated by [TEC_IST]’s project that gets the RP2040 outputting 1080p video over HDMI.

The project builds on earlier work that saw the RP2040 outputting digital video over DVI. [TEC_IST] realized that earlier methods already used up 30% of the chip’s processing power just to reach 320×240 output. To get to 1080p resolution would require a different tack. The idea involved using the 32-bit architecture of the RP2040 to output a greater data rate to suit the higher resolution. The RP2040 can do a 32-bit move instruction in a single clock cycle, which, with 30 GPIO pins, would be capable of a data rate of 3.99 Gbits/second at the normal 133 MHz clock speed. That’s more than enough for 1080p at 60 Hz with a 24-bit color depth.

Due to the limitations of the chip, though, some extra hardware would be required. [TEC_IST] has drawn up a design that uses external RAM as a framebuffer, while using shift registers and other supporting logic to handle dumping out signals over HDMI. This would just leave the RP2040 to handle drawing new content, without having to redraw existing content every frame.

[TEC_IST] has shared the design for a potential 1080p HDMI output board for the RP2040 on GitHub and is inviting comment from the broader community. They’re yet to be built and tested, so it’s all theoretical at this stage. Obviously, a lot of heavy lifting is being done off-board the microcontroller here, but it’s still fun to think of such a humble chip doing such heavy-duty video output. Continue reading “Could 1080p Video Output From The RP2040 Be Possible?” →

Pulling Data From HDMI RF Leakage

March 7, 2023 by Jenny List 25 Comments

A long-running story in the world of electronic security has been the reconstruction of on-screen data using RF interference from monitors or televisions. From British TV detector vans half a century ago to 1980s scare stories about espionage, it was certainly easy enough to detect an analogue CRT with nothing more than an AM broadcast radio receiver. But can this still be done in the digital age? It’s something [Windytan] has looked into, as she reconstructs images using leakage from HDMI cables.

The tale starts with a mystery RF noise, soon identified as not unlike the scanning frequencies of a video signal. Plotting the noise intensities while treating the supposed scanning frequencies as video synchronization yields a shadowy version of her Raspberry Pi desktop, so she’s on to something. It’s important to note that this isn’t a video signal she’s receiving, but the noise associated with the bit transitions in an uncompressed digital video stream, so she quickly concludes that trying to resolve color would be futile.

It does however leave the tantalizing possibility of using this as a medium to wirelessly export data from a compromised machine, and it’s down this route she goes. She finally arrives on a scheme of encoding data as lines of individual colors that look like interference patterns over a desktop, and from there can send and retrieve files. It works for digital audio streams, and as shown in the video below, even an MJPEG video stream, hidden in the noise from a video signal. That’s impressive work, by any standard!

We covered those BBC detector vans in detail a while back.

Continue reading “Pulling Data From HDMI RF Leakage” →

Digital Video From The Amiga’s DB23 Socket

February 19, 2023 by Jenny List 5 Comments

Back in the days of 16-bit home computers, the one to have if your interests extended to graphics was the Commodore Amiga. It had high resolutions for the time in an impressive number of colours, and thanks to its unique video circuitry, it could produce genlocked broadcast-quality video. Here in 2023 though, it’s all a little analogue. What’s needed is digital video, and in that, [c0pperdragon] has our backs with the latest in a line of Amiga video hacks. This one takes the 12-bit parallel digital colour that would normally go to the Amiga’s DAC, and brings it out into the world through rarely-used pins on the 23-pin video connector.

This follows on from a previous [c0pperdragon] project in which a Raspberry Pi Zero was used to transform the digital video into HDMI. This isn’t a hack for the faint-hearted though, as it involves extensive modification of your treasured Amiga board.

It is of course perfectly possible to generate HDMI from an Amiga by using an external converter box from the analogue video output, of the type which can be bought for a few dollars from online vendors. What this type of hack gives over the cheap approach is low latency, something highly prized by gamers. We’re not sure we’re ready to start hacking apart our Amigas, but we can see the appeal for some enthusiasts.

An Open-Source HDMI Capture Card

October 14, 2022 by Lewin Day 35 Comments

[YuzukiHD] has provided files for anyone that wishes to build their own HDMI capture card at home. The design is known as the Yuzuki Loop Out HDMI Capture Card PRO, or YuzukiLOHCC PRO for short.

The build is based on the MS2130, a HD video and audio capture chip that’s compatible with USB 3.2 Gen 1. We’re pretty sure that’s now called USB 3.2 Gen 1×1, and that standard is capable of transfers at up to 5 Gbps. Thus, the chip can support HDMI at up to 4K resolution at 60 Hz depending on the exact signals being passed down the line. It’s compatible with YUV422 & MJPEG modes and can be used with software like OBS Studio and FFmpeg. The board itself is relatively simple. It features an HDMI In port, an HDMI Out port, and a USB-C port for hooking up to a computer for capture.

HDMI capture cards can be expensive and fussy things, so you may find it pays to roll your own. Plus, being open sourced under the CERN Open Hardware License V2 means that you can make changes to suit your own use case if you so desire.

We’ve seen some other hilarious video capture tricks over the years, such as a convoluted rig that uses a SNES to turn a Game Boy Camera into a usable webcam. If you’ve got any such madcap hacks brewing up in your lab, be sure to let us know!

HDMI Is An Attack Surface, So Here’s An HDMI Firewall

June 22, 2022 by Jenny List 13 Comments

Many years of using televisions, monitors, and projectors have conditioned us into treating them as simple peripherals whose cables carry only video. A VGA cable may have an i2c interface for monitor detection, but otherwise it presents little security risk. An HDMI interface on the other hand can carry an increasing number of far more capable ports, meaning that it has made the leap from merely a signal cable to being a connector stuffed with interesting attack vectors for a miscreant. Is it time for an HDMI firewall? [King Kévin] thinks so, because he’s made one.

It’s a surprisingly simple device, because the non-signal capabilities of HDMI rely on a set of conductors which are simply not connected. This of course also disconnects the on-board EEPROM in the device being connected, so there’s an EEPROM on the firewall board to replace it which must be programmed with the information for the device in question.

The premise of HDMI as an attack surface is a valid one, and we’re sure there will be attacks that can be performed on vulnerable displays which could potentially in turn do naughty things to anything which connects to them. The main value for most readers here probably lies though in the introduction it gives to some of what goes into an HDMI interface, and in accessing the i2c interface therein.

It comes as a surprise to realise that HDMI is nearing 20 years old, so it’s hardly surprising that its hacking has quite a history.