Hacking conferences often feature a Capture the Flag, or CTF event. Typically, this is a software hacking challenge that involves breaking into targets which have been set up for the event, and capturing them. It’s good, legal, hacking fun.
However, some people are starting to build CTFs that involve hardware hacking as well. [Balda]’s most recent hardware hacking challenge was built for the Insomni’hack 2014 CTF. It uses an MSP430 as the target device, and users are allowed to enter commands to the device over UART via a Bus Pirate. Pull off the exploit, and the wheel rotates to display a flag.
For the first challenge, contestants had to decompile the firmware and find an obfuscated password. The second challenge was a bit more complicated. The password check function used memcpy, which made it vulnerable to a buffer overflow attack. By overwriting the program counter, it was possible to take over control of the program and make the flag turn.
The risk of memcpy reminds us of this set of posters. Only abstaining from memcpy can 100% protect you from overflows and memory disclosures!
There is something to be said about how easy it is to write Arduino code. For those of who you are big fans of the MSP430 and Texas Instrument’s LaunchPad series, an upcoming release of Energia brings Arduino style coding to the two newest member of the LaunchPad family: the TivaC Connected LaunchPad EK-TM4C1294XL and Wolverine FRAM LaunchPad MSP-EXP430FR5969LP.
“Energia is an open-source electronics prototyping platform … with the goal to bring the Wiring and Arduino framework to the Texas Instruments MSP430 based LaunchPad.” The newest release of Energia is exciting for the sole reason that the new TivaC Connected LaunchPad and Wolverine FRAM LaunchPad are supported. The TivaC Connected LaunchPad is a $20 development board for TI’s low-power ARM processors that has Ethernet connectivity. The MSP430 at the heart of the Wolverine FRAM LaunchPad uses up to 250x less power than flash based MCUs at low speeds in addition to many other cool benefits.
Be sure to keep an eye out for the new version of Energia, it should be arriving sometime next week. Now is a better time than ever to try out the Tiva C or the MSP430 MCUs!
[Michael Kohn] sent in a link to the set of projects he’s been working on lately. The Java Grinder is a project that converts Java code for use on microcontrollers. This actually started back in 2009, when he mentioned that the project was worthless because there were already a ton of Java virtual machines out there. But if he had really thought that he’d never learn anything. We’re glad [Michael] picked this back up and made something out of it.
The image above shows the proof of concept. It’s a box bouncing around the Nokia 6100 screen. He wrote the animation in Java, and used his grinder to turn the code into dsPIC assembly, which was then compiled and flashed onto the microcontroller. That’s not all, he’s also coded a Mandelbrot set generator or the same hardware. As it stands he can also produce assembly code for use on MSP430 chips.
This kind of exploration is great for the brain. We see it as a natural extension of the learning you acquire from Nand2Tetris which walks through the essential text The Elements of Computing Systems. If you’re not familiar, that’s a trip from building your first logic gate, which you plunk together with others to build an ALU, then start coding all the way up to a virtual machine to run on your simulated hardware.
Video of the bouncing box and Mandelbrot set is below.
Continue reading “Java Grinder Spits Out dsPIC and MSP430 Assembly Code”
TI’s MSP430 chips are rather interesting – they’re low power, very capable, and available for under a dollar in most cases. Some of these chips, though, don’t have native SPI or I2C interfaces; instead, everything is done through a USI, or Universal Serial Interface module. [Jan] found the stock I2C USI module was a little rough around the edges, so he created his own.
[Jan] found the TI example code for using the USI as an I2C device overly complicated and something that an intern whipped up in a week and was never touched again. In response to this, he created a much, much simpler USI/I2C module that’s actually readable. It’s available over on the GitHub if you want to grab it for yourself.
Compared to the TI code, [Jan]’s library is dead simple. There are only two functions, one for initialization, and another for sending and receiving. Easy, small, and it works. Can’t do much better than that.
A few days ago we featured [Marcus]’ Contiki port to the TI Launchpad, Contiki being an open source operating system dedicated to the Internet of Things created by [Adam Dunkels] at the SICS in Sweden. Part of [Marcus]’ work involved designing a simple radio duty-cycling protocol that achieves 3% idle listening duty cycle while allowing for an average 65ms latency with no prior contact or synchronization.
As a few readers may already know, it takes quite a lot of power for a wireless device to listen/send data. A platform therefore needs to have an algorithm that minimizes power consumption while allowing a (regular) planned data transfer. After creating his protocol named SimpleRDC, [Marcus] first simulated it using the Cooja simulator in order to check that it could perform as desired. He then implemented a real life test and checked the protocol’s performance by sniffing the SPI lines connecting his MSP430 to the wireless module and by monitoring the platform power consumption with his oscilloscope and a shunt resistor.
After having ported Contiki to his TI Launchpad platform, [Marcus] was eager to do something with it. He therefore built a simple clock with a vintage HPDL-1414 “smart four-character 16-segment alphanumeric display” and a msp430g2553.
The result that you can see above is powered over USB, includes a 3.3V LDO linear voltage regulator as well as a button, a LED, a crystal, and several passive components. Fortunately enough, the 5V-powered HPDL-1414 display accepts 3.3V logic at its inputs, avoiding the need for level translators.
The clock program is running on the ported Contiki 2.6 that you can find on his Github repository. [Marcus] is considering using a vibration motor to buzz every 20 minutes during work hours as a reminder for the 20-20-20 rule to battle eye fatigue: every 20 minutes, look at something 20 feet away for 20 seconds. A video of the system in action is embedded after the break.
Continue reading “A Tiny Clock with a Retro Display”
For many years Contiki has been one of the main choices when it came to choosing an IPv6 over Low power Wireless Personal Area Networks stack (aka 6LoWPAN). It is developed by a world-wide team of developers with contributions from Atmel, Cisco, ETH, etc… and is open source. As most platforms to which Contiki has been ported are quite expensive, [Marcus] decided to bring the operating system to the TI Launchpad. For our readers that don’t know, the latter is based on a msp430g2452/2553 microcontroller, which only have 256/512 bytes of RAM and 16kB of ROM. As a side note, Contiki typically requires 10k RAM and 30k ROM.
[Marcus] therefore had to remove several features from Contiki: queue-buffering, energy estimation and regrettably uIP. His test setup (shown above) uses the TI CC2500 radio that can be found for less than $2 on Aliexpress, for which he wrote radio drivers from scratch. He also coded his own radio duty-cicling layer, as the one included in Contiki was too big.