Agilent LCR Meter Teardown

Since 1999, one of the more popular manufacturers of test equipment has been Agilent, the spun-off former instrument division of Hewlett-Packard. From simple multimeters to fully-equipped oscilloscopes, they have been covering every corner of this particular market. And, with the help of [Kerry Wong] and his teardown of an Agilent LCR meter, we can also see that they’ve been making consistent upgrades to their equipment as well.

The particular meter that [Kerry] took apart was an Agilent U1731B, a capable LCR (inductance, capacitance, resistance) meter. He had needed one for himself and noted that while they’re expensive when new, they can be found at a bargain used, but that means dealing with older versions of hardware. For example, his meter uses an 8-bit ADC while the more recent U1733 series uses a 24-bit ADC. The other quality of this meter that [Kerry] made special note of was how densely populated the circuit board is, presumably to save on the design of a VLSI circuit.

While we don’t claim to stump for Agilent in any way, it’s good to know that newer releases of their equipment actually have improved hardware and aren’t just rebadged or firmware-upgraded versions of old hardware with a bigger price tag attached. Also, there wasn’t really any goal that [Kerry] had in mind besides sheer curiosity and a willingness to dive deep into electronics details, as those familiar with his other projects know already.

Pull Passwords Out Of Silicon

[q3k] got tipped off to a very cool problem in the ongoing Pwn2Win capture-the-flag, and he blew it out of the water by decoding the metal interconnect layers that encode a password in a VLSI IC. And not one to rent someone else’s netlist extraction code, he did it by writing his own.

The problem in the Pwn2Win CTF came in the form of the design files for a hypothetical rocket launch code. The custom IC takes an ASCII string as input, and flips a pin high if it matches. Probably the simplest way to do this in logic is to implement a shift register that’s long enough for the code string’s bits, and then hard-wire some combinatorial logic that only reads true when all of the individual bits are correct.

(No, you don’t want to implement a password-checker this way — it means that you could simply brute-force the password far too easily — but such implementations have been seen in the wild.)

Anyway, back to our story. After reversing the netlist, [q3k] located 320 flip-flops in a chain, suggesting a 40-byte ASCII code string. Working backward in the circuit from the “unlocked” pin to the flip-flops, he found a network of NOR and NAND gates, which were converted into a logic notation and then tossed into Z3 to solve. Some cycles later, he had pulled the password straight out of the silicon!

This looks like a really fun challenge if you’re into logic design or hardware reverse engineering. You don’t have to write your own tools to do this, of course, but [q3k] would say that it was worth it.

Thanks [Victor] for the great tip!
Featured image by David Carron, via Wikipedia.

New Part Day: SPI RAM And A Video Controller

Generating video signals with a microcontroller or old CPU is hard if you haven’t noticed. If you’re driving even a simple NTSC or PAL display at one bit per pixel, you’re looking at a minimum of around 64kB of RAM being used as a frame buffer. Most microcontrollers don’t have this much RAM on the chip, and the AVR video builds we’ve seen either have terrible color or relatively low resolution.

Here’s something interesting that solves the memory problem and also generates analog video signals. Yes, such a chip exists, and apparently this has been in the works for a very long time. It’s the VLSI VS23s010C-L, and it has 131,072 bytes of SRAM and a video display controller that supports NTSC and PAL output.

There are two chips in the family, one being an LQFP48 package, the other a tiny SMD 8-pin package. From what I can tell from the datasheets, the 8-pin version is only an SPI-based SRAM chip. The larger LQFP package is where the action is, with parallel and SPI interfaces to the memory, an input for the colorburst crystal, and composite video and sync out.

After looking at the datasheet (PDF), it looks like generating video with this chip is simply a matter of connecting an RCA jack, throwing a few commands to the chip over SPI, and pushing bits into the SRAM. That’s it. You’re not getting hardware acceleration, you’re going to have to draw everything pixel by pixel, but this looks like the easiest way to generate relatively high-resolution video with a single part.

Thanks [antibyte] for the tip on this one.

Behind the C128 Home Computer

Guest Post: The Real Story Of Hacking Together The Commodore C128

The most popular computer ever sold to-date, the Commodore C-64, sold 27 Million units total back in the 1980’s.  Little is left to show of those times, the 8-bit “retro” years when a young long-haired self-taught engineer could, through sheer chance and a fair amount of determination, sit down and design a computer from scratch using a mechanical pencil, a pile of data books, and a lot of paper.

Before Apple there was Commodore
Behind the C-128 from a 1985 Ad

My name is Bil Herd and I was that long-haired, self-educated kid who lived and dreamed electronics and, with the passion of youth, found himself designing the Commodore C-128, the last of the 8-bit computers which somehow was able to include many firsts for home computing. The team I worked with had an opportunity to slam out one last 8 bit computer, providing we accepted the fact that whatever we did had to be completed in 5 months… in time for the 1985 Consumer Electronics Show (CES) in Las Vegas.

We (Commodore) could do what no other computer company of the day could easily do; we made our own Integrated Circuits (ICs) and we owned the two powerhouse ICs of the day; the 6502 microprocessor and the VIC Video Display IC.  This strength would result in a powerful computer but at a cost; the custom IC’s for the C-128 would not be ready for at least 3 of the 5 months, and in the case of one IC, it would actually be tricked into working in spite of itself.

Continue reading “Guest Post: The Real Story Of Hacking Together The Commodore C128”