There’s a school of thought that says that to fully understand something, you need to build it yourself. OK, we’re not sure it’s really a school of thought, but that describes a heck of a lot of projects around these parts.
[Tim] aka [mitxela] wrote kiloboot partly because he wanted an Ethernet-capable Trivial File Transfer Protocol (TFTP) bootloader for an ATMega-powered project, and partly because he wanted to understand the Internet. See, if you’re writing a bootloader, you’ve got a limited amount of space and no device drivers or libraries of any kind to fall back on, so you’re going to learn your topic of choice the hard way.
[Tim]’s writeup of the odyssey of cramming so much into 1,000 bytes of code is fantastic. While explaining the Internet takes significantly more space than the Ethernet-capable bootloader itself, we’d wager that you’ll enjoy the compressed overview of UDP, IP, TFTP, and AVR bootloader wizardry as much as we did. And yes, at the end of the day, you’ve also got an Internet-flashable Arduino, which is just what the doctor ordered if you’re building a simple wired IoT device and you get tired of running down to the basement to upload new firmware.
Oh, and in case you hadn’t noticed, cramming an Ethernet bootloader into 1 kB is amazing.
Speaking of bootloaders, if you’re building an I2C slave device out of an ATtiny85¸ you’ll want to check out this bootloader that runs on the tiny chip.
A few weeks ago, we saw codebender, an online replacement for the Arduino IDE that allowed you to upload a sketch to your board from a web browser. Over on the codebender blog [Vasilis] and his team are rolling out a way to remotely upload code to an Arduino over Ethernet. Now you don’t even need a serial connection to program an Arduino; it can be done over the Internet to a board in the next room, or on another continent.
The star of this hack is the Ariadne bootloader, an implementation of TFTP that allows any Ethernet-enabled Arduino to receive updates over the Internet. There is still one small problem with the Ariadne bootloader: uploading code over Ethernet requires someone to press the reset button on the Arduino, completely negating the benefits of programming an Arduino over Ethernet.
This problem has been solved before for earlier Arduino boards, so we’re sure [Vasilis] and his team will be able to fix the reset issue in very short order. If you’d like to check out the remote TFTP bootloader and play around with codebender, you can grab Ariadne over on GitHub.
Imagine how surprised we were to discover that by accidentally bricking our router we were executing a brand new attack: Phlashing Denial Of Service (PDOS). This week at EUSecWest, researcher [Rich Smith] will present the theoretical PDOS attack. Instead of taking over control of an embedded system, the attacker turns it into a nonfunctioning brick by flashing it with a broken firmware. Anyone who has flashed a device knows the danger of interrupting the procedure.
Continue reading “Phlashing denial of service attack, the new hype”