PhatIO Uses File System To Control External Hardware

November 29, 2012 by Mike Szczys 27 Comments

[Andrew Smallbone] wrote in with a link to his latest open source project. This is phatIO, a USB I/O device that uses a mass storage file system for control. The idea is that any operating system can manipulate files on a USB storage device. This enumerates as mass storage, and any alterations you make to its file system will result in pin manipulation on the I/O header.

We’ve long been Linux advocates and enjoy the fact that everything on a *nix system is a file. This simply extends the idea across multiple platforms. [Andrew’s] guide for the hardware gives an overview of how the system is structured. The top ‘io’ directory contains sub-directories called mode, pins, status, and a few others. Inside the directories are files for each pin. Writing to these files has much the same effect as writing to a data direction register, port register, or reading a pin register on a microcontroller.

The board is not yet in production and the github link to his hardware files gives us a 404 error. But there is code available for several software demos. After the break we’ve included video of the phatIO driving a Larson scanner.

Continue reading “PhatIO Uses File System To Control External Hardware” →

Outlet Charging Station Retrofitted With The Guts Of A WiFi Router

November 20, 2012 by Mike Szczys 1 Comment

While wandering around the aisles of his local electronics store this Westinghouse USB charging station caught [James’] eye. He sized it up and realized it would make the perfect enclosure for a small WiFi router. And so began his project to turn a TP-Link TL-WR703N into a DIY Pwn Plug.

The basic idea is to include hidden capabilities in an otherwise normal-looking device. For instance, take a look at this ridiculously overpriced power strip that also happens to spy on your activities. It doesn’t sound like [James] has any black hat activities planned, but just wanted an interesting application for the router.

He removed the original circuit board from the charging station to make room for his own internals. He inserted a cellphone charger to power the router, then desoldered the USB ports and RJ-45 connector for the circuit board to be positioned in the openings of the case. He even included a headphone jack that breaks out the serial port. There’s a lot of new stuff packed into there, but all of the original features of the charging station remain intact.

Extracting Data With Keyboard Emulation

October 30, 2012 by Brian Benchoff 58 Comments

A common challenge for computer security specialists is getting data out of a very locked-down system. Of course all network traffic on these test machines is monitored, and burning a CD or writing to a USB Flash drive is out of the question. Where there’s a will there’s a way, so [András] figured out how to extract data from a computer by emulating a keyboard.

Emulating a USB HID device is nothing new; the newest Arduino can do it, as can any AVR with the help of V-USB. [András]’s build emulates a USB keyboard that can download data from a computer by listening to the NUM, CAPS and SCROLL lock LEDs.

Of course, [András] first needs an app to transmit data through these keyboard status LEDs. To do this, his build carries with it a Windows executable file on the AVR’s Flash memory. After plugging his device into the computer, it writes this program to disk and is then able to send data out through keyboard status LEDs.

It’s not very fast – just over one byte per second – but [András] did manage to extract data from a computer, circumventing just about every anti-leaking solution.

Driving An LCD Character Display Using Custom HID Codes

October 23, 2012 by Mike Szczys 19 Comments

Here’s an external display meant to help you keep track of your computer’s status. It connects via USB and is driven by a PIC microcontroller. It listens for a small set of commands, using those to implement a simple control protocol to drive the screen.

[Andrew Gehringer] designed the device around a PIC 18F2550, which offers native USB control. He’s using Microchip’s USB stack to enumerate the module as an HID device. It listens for commands 0x10 through 0x23. These clear the display, write strings to each of the four lines of the display, and switch the LCD backlight. Of course the project includes a program [Andrew] wrote to feed the display. It has a GUI which let’s him decide what information is displayed and how it is formatted. This helper app hangs out in the system tray for easy access.

SNES Emulator Has It’s Slot Sealed Shut

October 19, 2012 by Mike Szczys 24 Comments

If you look closely you’ll notice there’s nowhere to put the game cartridge on this Super Nintendo system. That’s because this is a Rasberry Pi based SNES emulator that plays ROMs, not cartridges. Since the RPi board is used the only limit to what you can play is the board’s RAM and which ROMs you have on the SD card.

The case has basically been gutted and the unused cartridge slot was sealed with some Bondo before painting. In addition to the Rasberry Pi you’ll find a 7-port powered USB hub and a Teensy microcontroller board. The hub allows for the controllers to be connected via USB. The Teensy is recognized as a USB HID device and is used to connect the reset button to a functions on the emulator program. The power switch still works too. To make this happen [MIDItheKID] spliced a USB connector and a microB USB connector to the power switch. We think this draws power from the hub but we’re not 100% sure.

[MIDItheKID] mentions in the Reddit comments that he’s thinking of grabbing that new RPi that has more memory and doing some similar work on his dead PSX.

Exploiting DFU Mode To Snag A Copy Of Firmware Upgrades

October 9, 2012 by Mike Szczys 11 Comments

[Travis Goodspeed] continues his work at educating the masses on how to reverse engineer closed hardware devices. This time around he’s showing us how to exploit the Device Firmware Updates protocol in order to get your hands on firmware images. It’s a relatively easy technique that uses a man-in-the-middle attack to dump the firmware image directly to a terminal window. This way you can get down to the nitty-gritty of decompiling and hex editing as quickly as possible.

For this hack he used his Facedancer board. We first saw the hardware used to emulate a USB device, allowing the user to send USB commands via software. Now it’s being used to emulate your victim hardware’s DFU mode. This is done by supplying the vendorID and productID of the victim, then pushing the firmware update as supplied by the manufacturer. In most cases this shouldn’t even require you to have the victim hardware on hand.

Bootloader Brings USB, Firmware Updating To The ATtiny85

October 9, 2012 by Brian Benchoff 14 Comments

[Jenna] sent in a very cool bootloader she thought people might like. It’s called Micronucleus and it turns the lowly ATtiny 85 into a chip with a USB interface capable of being upgraded via a ‘viral’ uploader program. Micronucleus weighs in at just over 2 kB, making it one of the smallest USB-compatible bootloaders currently available.

The USB support comes from V-USB, a project that puts a virtual USB port on a suite of AVR microcontrollers. With V-USB, it’s easy to turn a Tiny85 into a keyboard, custom joystick, data logger, or computer-attached LED display.

One very interesting feature of Micronucleus is the ‘viral updater’ feature. This feature takes a new piece of firmware, and writes it to a Tiny85, disabling the current bootloader. If you’re designing a project that should have a means of updating the firmware via USB instead of the usual AVR programmer, this might be the bootloader for you.

Not bad for a bootloader that emphasizes small code size. At just over 2 kB, it’s possible to use this bootloader on the similar, smaller, and somewhat cheaper ATtiny45.