stm32

213 Articles

A Straightforward Guide To Unlocking The Nintendo Game And Watch

December 2, 2020 by 15 Comments

Nintendo’s reborn tiny handheld game has certainly attracted the attention of hardware hackers, and we’ve been treated to a succession of exploits as its secrets have been one by one unlocked. With relatively straightforward hardware it conceals potential far beyond a simple Mario game or two, and it’s now at the stage of having a path to dumping both its SPI Flash and internal Flash, unlocking its processor, and running arbitrary code. The process of unlocking it is now atraightforward enough to warrant a HOWTO video, to which [stacksmashing] has treated us. It’s early days and this is still touted as for developers rather than gamers, but it serves to show where work on this console is going.

The console’s STM32 architecture means that programming hardware is straightforward enough to find, though we’re cautioned against using the cheap AliExpress type we might use with a Blue Pill or similar. Instead the snap-off programmer that comes with an STM Nucleo board is a safer choice that many people are likely to have already.

The relative simplicity of the process as seen in the video below must conceal an immense amount of work from multiple people. It’s a succession of scripts to sequentially unlock and back up the various firmwares with STM payloads for each step. Finally the STM32 itself is unlocked, and the backed-up Nintendo firmware can be returned to the device or instead a custom firmware can be created. Aside from the DOOM we’ve already seen there are work-in-progress NES and Game Boy emulators, and fascinatingly also work on bare-metal games.

Given the lack of custom chips in this console it is easily possible that its hardware could be directly cloned and that Nintendo might have unintentionally created a new general purpose hacker’s handheld gaming platform. There are a few hardware works-in-progress such as increasing the SPI Flash size and finding the unconnected USB pins, so we look forward to more exciting news from this quarter.

Continue reading “A Straightforward Guide To Unlocking The Nintendo Game And Watch”

DOOM Running On The Nintendo Game & Watch

November 22, 2020 by 14 Comments

Today the newly-released Nintendo Game & Watch can play DOOM. Sure, there are caveats…this is a watered down version due to the restraints of the hardware itself. But the important thing is that this shows the hardware has been fully owned. This is code written to replace the firmware that ships on the STM32 within, and that makes this a gorgeous little hardware platform that is completely open to homebrew hacking.

Honestly, you had to assume this was going to happen pretty quickly considering the effort being thrown into it. We first reported on Tuesday that the EEPROM memory which stores the ROMs on the Game and Watch had been decoded. Shortly after that was published, [stacksmashing] and [Konrad Beckmann] were showing test patterns on the display and mentioning the audio was working as well. Turns out they were able to dump the stock firmware despite the chip being security locked.

We’ll have to wait for more details on exactly how to dump firmware, but [stacksmashing] drops enough of a mention in the video below to confirm the obvious. A common approach to dumping code from a locked microcontroller is to find a vulnerability that grants execution of custom code. Being able to run just a few lines of your own code is enough set up something as simple as looping through all internal flash memory addresses and dumping them over a few GPIO pins. In this case our two heroes discovered some ARM code was being loaded from the EEPROM onto the STM32, and managed to inject their own directives to perform the dump. They have promised full details soon.

What we have today is a pretty tricky hack not just to load code, but to get DOOM to run on meager hardware specs. Notably, 128 k of SRAM and 1.3 MB of external RAM. There’s also a bottleneck with the 1.1 MB of FLASH for storing game files. The textures were stripped down, and memory allocation was rewritten, but the proof of concept is there and the game runs. Homebrew, here we come!

Continue reading “DOOM Running On The Nintendo Game & Watch”

Blue Pill As A Nerdy Swiss Army Knife

November 22, 2020 by 15 Comments

Not everyone can afford an oscilloscope, and some of us can’t find a USB logic analyzer half the time. But we can usually get our hands on a microcontroller kit, which can be turned into a makeshift instrument if given the appropriate code. A perfect example is buck50 developed by [Mark Rubin], an open source firmware to turn a STM32 “Blue Pill” into a multi-purpose test and measurement instrument.

buck50 comes with a plethora of functionality built in which includes an oscilloscope, logic analyzer, and bus monitor. The device is a two way street and also comes with GPIO control as well as PWM output. There’s really a remarkable amount of functionality crammed into the project. [Mark] provides a Python application that exposes a text based UI for configuring and using the device though commands and lots of commands which makes this really nerdy. There are a number of options to visualize the data captured which includes gnuplot, gtk wave and PulseView to name a few.

[Mark] does a fantastic job not only with the firmware but also with the documentation, and we really think this makes the project stand out. Commands are well documented and everything is available on [GitHub] for your hacking pleasure. And if you are about to order a Blue Pill online, you might want to check out the nitty-gritty of the clones that are floating around.

Thanks [JohnU] for the tip!

Bare-Metal STM32: From Power-Up To Hello World

November 17, 2020 by 59 Comments

Some may ask why you’d want to program a Cortex-M microcontroller like the STM32 series using nothing but the ARM toolchain and the ST Microelectronics-provided datasheet and reference manual. If your first response to that question wasn’t a panicked dive towards the nearest emergency exit, then it might be that that question has piqued your interest. Why, indeed?

Definitely, one could use any of the existing frameworks to program an STM32 MCU, whether the ST HAL framework, plain CMSIS, or even something more Arduino-flavored. Yet where is the fun in that, when at the end of the day one is still fully dependent on that framework’s documentation and its developers? More succinctly, if the contents of the STM32 reference manuals still look like so much gibberish, does one really understand the platform?

Let’s take a look at how bare-metal STM32 programming works, and make the most basic example run, shall we? Continue reading “Bare-Metal STM32: From Power-Up To Hello World”

STM32 Gets Up Close And Personal With Mandelbrot

October 25, 2020 by 12 Comments

The Mandelbrot set is a curious mathematical oddity that, while interesting in its own right, is also a useful tool for benchmarking various types of computers. Its constant computing requirement when zooming in and out on the function, combined with the fact that it can be zoomed indefinitely, means that it takes some quality hardware and software to display it properly. [Thanassis] has made this a pet project of his, running Mandelbrot set visualizations in different ways on many different hardware platforms.

This particular one is based on an STM32 board called the Blue Pill, which [Thanassis] chose because he hadn’t yet done a continuous Mandelbrot zoom on a microcontroller yet. The display is handled by a tiny 16K IPS color screen, and some clever memory tricks had to come into play in order to get smooth video output since the STM has only 20 kB available. The integer multiplication is also tricky on a platform this small while keeping the continuous zoom function, so it’s limited to fixed point multiplication.

Even with the limitations of the platform, he is still able to achieve nearly double-digit FPS rates with this one. If you want to play around with graphics like this on an STM platform, [Thanassis] has released all of the source code on his GitHub page, but if you’d like to see more Mandelbrot manipulation you can check out one of his older projects where he built a similar project on an FPGA.

Continue reading “STM32 Gets Up Close And Personal With Mandelbrot”

STM32 Clones: The Good, The Bad And The Ugly

October 22, 2020 by 90 Comments

Whenever a product becomes popular, it’s only a matter of time before other companies start feeling the urge to hitch a ride on this popularity. This phenomenon is the primary reason why so many terrible toys and video games have been produced over the years. Yet it also drives the world of electronics. Hence it should come as no surprise that ST’s highly successful ARM-based series of microcontrollers (MCUs) has seen its share of imitations, clones and outright fakes.

The fakes are probably the most problematic, as those chips pretend to be genuine STM32 parts down to the markings on the IC package, while compatibility with the part they are pretending to be can differ wildly. For the imitations and clones that carry their own markings, things are a bit more fuzzy, as one could reasonably pretend that those companies just so happened to have designed MCUs that purely by coincidence happen to be fully pin- and register compatible with those highly popular competing MCU designs. That would be the sincerest form of flattery.

Let’s take a look at which fakes and imitations are around, and what it means if you end up with one. Continue reading “STM32 Clones: The Good, The Bad And The Ugly”

Pause Your Tunes When It Is Time To Listen Up!

September 2, 2020 by 9 Comments

“Sorry. I had music playing. Would you say that again?” If we had a money-unit every time someone tried talking to us while we were wearing headphones, we could afford a super-nice pair. For an Embedded C class, [extremerockets] built Listen Up!, a cutoff switch that pauses your music when someone wants your attention.

The idea was born while sheltering in place with his daughter, who likes loud music, but he does not want to holler to get her attention. Rather than deny her some auditory privacy, Listen Up! samples the ambient noise level, listens for a sustained rise in amplitude, like speech, and sends a pause signal to the phone. Someday, there may be an option to route the microphone’s audio into the headphones, but for now there is a text-to-speech module for verbalizing character strings. It might be a bit jarring to hear a call to dinner in the middle of a guitar riff, but we don’t like missing dinner either, so we’re with [extremerockets] on this one.

We don’t really need lots of money to get fun headphones, and we are not afraid of making our own.

The HackadayPrize2020 is Sponsored by:
Supplyframe
Digi-Key
Microchip
Arm