reverse engineering

411 Articles

Bus Pirate 5 Now Shipping

January 25, 2024 by 34 Comments

It’s happened to all of us at one time or another. There’s some component sitting on the bench, say an I2C sensor, a new display, or maybe a flash chip, and you want to poke around with it. So you get out the breadboard, wire it to a microcontroller, write some code, flash it…you get the idea. Frankly, it’s all kind of a hassle. Which is why [Ian Lesnet] created the Bus Pirate: a USB multi-tool designed to get you up and running with a new piece of hardware as quickly as possible.

Now, after years of development, the Bus Pirate 5 is available for purchase. Completely redesigned to take advantage of the impressive I/O capabilities of the RP2040, the new Bus Pirate also features a 240 x 320 IPS LCD that can show real-time voltage data and pin assignments. But despite the new display, and the bevy of RGB LEDs lurking under the injection molded enclosure, the primary interface for the device remains the VT100 terminal interface — now with the addition of a color status bar running along the bottom.

Continue reading “Bus Pirate 5 Now Shipping”

UEVR Project Converts Games To VR, Whether They Like It Or Not

January 14, 2024 by 18 Comments

UEVR, or the Universal Unreal Engine VR Mod by [praydog] is made possible by some pretty neat software tricks. Reverse engineering concepts and advanced techniques used in game hacking are leveraged to add VR support, including motion controls, to applicable Unreal Engine games.

The UEVR project is a real-world application of various ideas and concepts, and the results are impressive. One can easily not only make a game render in VR, but it also handles managing the player’s perspective (there are options for attaching the camera view to game objects, for example) and also sensibly maps inputs from VR controllers to whatever the game is expecting. This isn’t the first piece of software that attempts to convert flatscreen software to VR, but it’s by far the most impressive.

There is an in-depth discussion of the techniques used to sensibly and effectively locate and manipulate game elements, not for nefarious purposes, but to enable impressive on-demand VR mods in a semi-automated manner. (Although naturally, some anti-cheat software considers this to be nefarious.)

Many of the most interesting innovations in VR rely on some form of modding, from magic in Skyrim that depends on your actual state of mind to adding DIY eye tracking to headsets in a surprisingly effective, modular, and low-cost way. As usual, to find cutting-edge experimentation, look to the modding community.

Reverse Engineering Smart Meters, Now With More Fuming Nitric Acid

January 13, 2024 by 14 Comments

If you’re lucky, reverse engineering can be a messy business. Sure, there’s something to be said for attacking and characterizing an unknown system and leaving no trace of having been there, but there’s something viscerally satisfying about destroying something to understand it. Especially when homemade fuming nitric acid is involved.

The recipient of such physical and chemical rough love in the video below is a residential electric smart meter, a topic that seems to be endlessly fascinating to [Hash]; this is far from the first time we’ve seen him take a deep dive into these devices. His efforts are usually a little less destructive, though, and his write-ups tend to concentrate more on snooping into the radio signals these meters are using to talk back to the utility company.

This time around, [Hash] has decided to share some of his methods for getting at these secrets, including decapping the ICs inside. His method for making fuming nitric acid from stump remover and battery acid is pretty interesting; although the laboratory glassware needed to condense the FNA approaches the cost of just buying the stuff outright, it’s always nice to have the knowledge and the tools to make your own. Just make sure to be careful about it — the fumes are incredibly toxic. Also detailed is a 3D-printable micropositioner, used for examining and photographing acid-decapped ICs under the microscope, which we’d bet would be handy for plenty of other microscopy jobs.

In addition to the decapping stuff, and a little gratuitous destruction with nitric acid, [Hash] takes a look at the comparative anatomy of smart meters. The tamper-proofing features are particularly interesting; who knew these meters have what amounts to the same thing as a pinball machine’s tilt switch onboard?

Continue reading “Reverse Engineering Smart Meters, Now With More Fuming Nitric Acid”

37C3: When Apple Ditches Lightning, Hack USB-C

December 30, 2023 by 11 Comments

[Thomas Roth], aka [Ghidraninja], and author of the [Stacksmashing] YouTube channel, investigated Apple’s Lightning port and created a cool debugging tool that allowed one to get JTAG on the device. Then, Apple went to USB-C for their new phones, and all his work went to waste. Oh well, start again — and take a look at USB-C.

Turns out, though, that the iPhone 15 uses the vendor-defined messages (VDM) capability of USB-PD to get all sorts of fun features out. Others had explored the VDM capabilities on Mac notebooks, and it turns out that the VDM messages on the phone are the same. Some more fiddling, and he got a serial port and JTAG up and running. But JTAG is locked down in the production devices, so that will have to wait for an iPhone 15 jailbreak. So he went poking around elsewhere.

He found some other funny signals that turned out to be System Power Management Interface (SPMI), one of the horribly closed and NDA-documented dialects owned by the MIPI Alliance. Digging around on the Interwebs, he found enough documentation to build an open-source SPMI plugin that he said should be out on his GitHub soon.

The end result? He reworked his old Lightning hardware tool for USB-C and poked around enough in the various available protocols to get a foothold on serial, JTAG, and SPMI. This is just the beginning, but if you’re interested in playing with the new iPhone, this talk is a great place to start. Want to know all about USB-C? We’ve got plenty of reading for you.

Hackaday Podcast Episode 250: Trains, RC Planes, And EEPROMS In Flames

December 29, 2023 by 1 Comment

This week in the Podcast, Elliot Williams is off at Chaos Communication Congress, hearing tales of incredible reverse engineering that got locomotives back up and running, while Al Williams is thinking over what happened in 2023. There’s a lot of “how things work” in this show, from data buoys to sewing machines to the simulated aging of ICs.

Whether you’re into stacking bricks, stacking Pi Picos, or stacking your 3D prints to make better use of precious bed space, this episode is for you. Enjoy.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

This is your last chance to download a new podcast this year. Take it!

Continue reading “Hackaday Podcast Episode 250: Trains, RC Planes, And EEPROMS In Flames”

Unbricking Trains, Uncovering Shady Behavior

December 28, 2023 by 48 Comments

The first clue was that a number of locomotives started malfunctioning with exactly 1,000,000 km on the odometer. And when the company with the contract for servicing them couldn’t figure out why, they typed “Polish hackers” into a search engine, and found our heroes [Redford], [q3k], and [MrTick]. What follows is a story of industrial skullduggery, CAN bus sniffing, obscure reverse engineering, and heavy rolling stock, and a fantastically entertaining talk.

Cutting straight to the punchline, the manufacturer of the engines in question apparently also makes a lot of money on the service contracts, and included logic bombs in the firmware that would ensure that revenue stream while thwarting independent repair shops. They also included “cheat codes” that simply unlocked the conditions, which the Polish hackers uncovered as well. Perhaps the most blatant evidence of malfeasance, though, was that there were actually checks in some versions of the firmware that geofenced out the competitors’ repair shops.

We shouldn’t spoil too much more of the talk, and there’s active investigation and legal action pending, but the smoking guns are incredibly smoky. The theme of this year’s Chaos Communication Congress is “Unlocked”, and you couldn’t ask for a better demonstration of why it’s absolutely in the public interest that hackers gotta hack. Of course, [Daniel Lange] and [Felix Domke]’s reverse engineering of the VW Dieselgate ECU shenanigans, another all-time favorite, also comes to mind.

Polish Train Manufacturer Threatens Hackers Who Unbricked Their Trains

December 14, 2023 by 63 Comments

A week ago we covered the story of a Polish train manufacturer who was caught using software to brick their products after they had been repaired by in independent railway workshop. Now 404 Media has a follow-up story with more information, including the news that the hackers responsible for the discovery are now being threatened by the manufacturer.

The more we learn about this story the more interesting it becomes, as the Newag trains in question began failing after service as far back as 2021. In desperation after services were affected by the number of non-functional units, an employee searched online for Polish hackers and found a group called Dragon Sector. The group was able to find the issue, and are now being threatened with legal action by the manufacturer, who are citing possible safety issues.

It’s clear from where we are standing that Newag have been caught red-handed in some extremely dubious practices, and seem to have little sense of how their actions might not be the best in terms of protecting their reputation. We are guessing that the European regulators will become very interested in this case, and that meanwhile the order books of a company which puts DRM in its trains will start to look very empty indeed. You can catch our original coverage as the story broke, here.

Thanks [JohnU] for the tip.