side by side, showing hardware experiments with capacitor gating through FETs, an initial revision of the modchip board with some fixes, and a newer, final, clean revision.

A Modchip To Root Starlink User Terminals Through Voltage Glitching

November 28, 2022 by Arya Voronova 37 Comments

A modchip is a small PCB that mounts directly on a larger board, tapping into points on that board to make it do something it wasn’t meant to do. We’ve typically seen modchips used with gaming consoles of yore, bypassing DRM protections in a way that a software hacks couldn’t quite do. As software complexity and therefore attack surface increased on newer consoles, software hacks have taken the stage. However, on more integrated pieces of hardware, we’ll still want to return to the old methods – and that’s what this modchip-based hack of a Starlink terminal brings us.

[Lennert Wouters]’ team has been poking and prodding at the Starlink User Terminal, trying to get root access, and needed to bypass the ARM Trusted Firmware boot-time integrity checks. The terminal’s PCB is satellite-dish-sized, so things like laser fault injection are hard to set up – hence, they went the voltage injection route. Much poking and prodding later, they developed a way to reliably glitch the CPU into verifying a faulty firmware, and got to a root shell – the journey described in a BlackHat talk embedded below. Continue reading “A Modchip To Root Starlink User Terminals Through Voltage Glitching” →

100% display from filter screen and the responsible mod chip

Clearing The Air About Proprietary Consumables With A Xiaomi Filter DRM Resetter

August 28, 2021 by Brian McEvoy 16 Comments

The “razor and blades model” probably set a lot of young hackers on their current trajectory. If we buy a widget, we want to pick our widget refills instead of going back to the manufacturer for their name-brand option. [Flamingo-Tech] was having none of it when they needed a new filter for their Xiaomi air purifier so they set out to fool it into thinking there was a genuine replacement fresh from the box. Unlike a razor handle, the air purifier can refuse to work if it is not happy, so the best option was to make a “mod-chip.”

The manufacturer’s filters have a Near-Field Communication (NFC) chip and antenna which talk to the base station. The controller receives the filter data via I₂C, but the mod-chip replaces that transmitter and reassures the controller that everything is peachy in filter town. On top of the obvious hack here, [Flamingo-Tech] shows us how to extend filter life with inexpensive wraps, so that’s a twofer. You can create your own mod-chip from the open-source files or grab one from [Flamingo-Tech’s] Tindie store.

We usually hear about mod-chips in relation to games, but we are happy to extend that honor to 3D printers. Have you ever fooled a “razor?”

Continue reading “Clearing The Air About Proprietary Consumables With A Xiaomi Filter DRM Resetter” →

FreeBOOT Gives The Xbox 360 JTAG Hack New Life

October 20, 2009 by Mike Szczys 39 Comments

xbox360-freeBOOT-exploit

There has been another development in the never-ending battle that is Microsoft trying to keep its gaming system closed to unauthorized use. Xbox-scene reports that a new hack called freeBOOT v0.01 allows the Xbox 360 to upgrade to the newer kernels, but allows the option of rebooting to an older kernel in order use the JTAG exploit and gain access to the hardware.

In case you missed it, the JTAG hack is a way to run homebrew code on an Xbox 360. Exploiting this hack makes it possible to boot a Linux kernel in about five seconds. We’ve long been fans of the homebrew work done with XBMC on the original Xbox and hope that advances like this will lead to that end. We want this because the older hardware cannot handle high definition content at full resolution but the Xbox 360 certainly can.

This exploit is still far from perfect. It currently requires that the Cygnos360 mod chip be installed on the system. A resistor also needs to be removed from the board to prevent accidental kernel updating. That being said, this is still progress. If you’re interested in step-by-step details, take a look at the text file instructions provided.

[Thanks wdfowty]

No More Updates To Wii Backup Loader

September 19, 2008 by Caleb Kraft 20 Comments

[youtube=http://www.youtube.com/watch?v=9yBTsNwOO1I]

You can now play backups on your Wii without a mod chip. A beta version of the bootloader made by [Waninkoko] has been leaked onto the net. Keep in mind that it is unfinished, so your results may vary. All you need is the bootloader and a legal copy of Zelda. After a few patches and some installing, you’re ready to play backups, no mod chip necessary. We covered this before, but there is a twist this time. Unfortunately, [Waninkoko] states that this project has been officially abandoned, probably due to the leak. Apparently crackers get hurt by leaks too.

[via Gizmodo]