-
As 1,763,954 other makers have done, I decided to do a 'retro-radio -> internet-radio' build. My wife enjoys listening to UK radio channels so my plan was to build her a radio she could use in the house to listen to the channels she enjoys (we don't live …
-
In light of the recent excellent research work around DRAM memory integrity attacks (aka Rowhammer and the recently published paper on Intel-memory-mapping reversing and covert channels), I thought I'd write a post to try to clearly explain how what we term 'physical' addresses in the software world actually map to …
-
As part of my work on the IBM X-Force Application Security Team, a few months ago I wanted to see if I could reproduce a Rowhammer-exploit-type memory corruption via an externally-generated electromagnetic pulse (EMP). The idea here was to target primary memory (usually [S]DRAM) to perform a bit-flip via …
-
So it has been a while since my last CUPC/8 (formerly known as CUPCake) update. Over the past few months I have spent a significant amount of time working fleshing out the instruction set, implementing support in the assembler and simulator and coding the Kernel (the status of which …
-
I recently came across a blog post by Brett Berry on Why 5 x 3 = 5 + 5 + 5 Was Marked Wrong. Twitter-discussion of how children should be taught aside, the post imho is an interesting read; the TL;DR of which is that while 5 x 3 = 15 and therefore …
-
So the (Python3) simulator is slllooowwwww (Kernel running at ~400KHz) and I decided to see whether there was some easy way to rectify the situation. Ultimately I'm simulating a very simple 8-bit RISC-based machine - albeit SPI-transaction-heavy for the display - and 400KHz on my 3GHz Haswell i5 is simply …
-
I have made quite a bit of progress this weekend. Firstly I'm nearing finalizing the ISA (Instruction Set Architecture) which I've started documenting. Currently most instructions are supported by the hardware itself bar the register-offset addressing. As the defined ISA has overtaken hardware support, I decided that it's probably best …
-
My Farnell order arrived with the XMEGA MCUs and I picked up a couple of USBASP programmers off eBay. I needed two; one to use a a hacked-up PDI programmer (instructions here and 3V3 conversion here if necessary) and the other to flash the PDI-supporting firmware to the first programmer. …
-
The memory board PCBs arrived a few days ago. I got them from OSHPark + they look fantastic. Populated sans ROM To test the board I'm using MicroPython, a nice board with a built-in Python interpreter. I picked it up off their Kickstarter a while back and I've been looking for …
-
So, it turns out that the first memory board is totally insufficient. Well, I guess it's a good SRAM board, but what about ROM?! The second attempt on the board uses a single Alliance AS6C1008 which is a 128kx8 chip. As CUPCake is 16-bit, we'd need bank switching to make …
-
I, together with Roee Hay from my team (IBM Security Research) discovered a set of vulnerabilities in the Cordova Framework for Android. The vulnerabilities are pretty severe - allowing for a remote drive-by download attack against certain applicaitons making use of the framework; basically an attacker can potentially steal your …
-
UPDATE: I have reworked the board due to major issues with the connectors and pin holes (17 September 2014) The CUPCake CPU has a 16-bit address bus and therefore a maximum addressable memory of 64KB (without bank switching, etc.). The 64KB is provided by 2x 256Kbit SRAM chips (CY62256). Which …
-
I’ve been out of the maker game for a while but it seems that life is affording me some minute amount of time once again to do one of the things I love best – making useless stuff for no good reason but to have fun and just because I …
-
A neat trick I picked up somewhere on the Internet (sorry for not referencing, I simply don't remember which site I stole it from :)). In embedded work, one often has headless access to a target device off which one wants to sniff network packets. As Wireshark is so nice to …
-
I finally got around to working on a project that I've been wanting to do for quite a while. Introducing the GlitchMeister 1.0.... It's basically a Simple, Stupid FPGA-based glitcher (something along the lines of the PS3 Glitch Finder with a few notable differences) but I wanted to do …
-
I was poking around in the What's App Android DEX this evening. One notices immediately that they are using various obfuscations, once of which is a string obfuscation (this is NOT DexGuard, maybe Zelix KlassMaster?). It took me a little while to learn some Dalvik bytecode, but it seems the …
-
This is where the decompiler becomes slightly less useful and we need to start getting our hands dirty with the disassembly. So here we are @ 0x10406c5. Lets take a look 2 instructions down in loc104070e: "cmp dword ptr [ebp+0DE80F35h], 0". If 0x103ff49 0, then we jump to loc1040729. I …
-
Ok, so after the decryption is seems that we now have 3 additional functions: Let's start with the first one, sub1357005 (sub1357000 really) as it's what's going to be executed next. Cleaning up what Hex-Rays spews out leaves us with the following: int __usercall sub_1357005(int a1, int a2, …
-
I recently got a binary from a friend who wanted me to help him hack some game or other. Now, the game aspect interests me less, but one I started working on this I started to get drawn in by the challenge of unpacking the binary itself so I thought …
-
I've written a basic kernel driver for the Razer Naga gaming mouse (can be extended for other Razer HIDs). Basically it allows for mapping of the 12 keys to any other (single) keys from userspace. The module is a bit dirty (and probably buggy), please feel free to improve it! …
-
[From the ARM Architecture Reference Manual by David Seal] A good way to branch to any location in the address space: add lr, pc, #4 ldr pc, [pc, #-4] dcd …
-
And the (almost) finished machine running Namco Museum's Ms. Pacman... (Sorry for the grainy 3.2MP mobile-phone pic) …
-
Ok, so I constructed the unit over the past two evenings. I stupidly didn't take photos during the construction and seriously messed up the paint job. But anyway this is what it currently looks like without the electronics: You can see the scale of it (that thing on the right …
-
After being inactive for a long while on my fullsize Mame cabinet project (put on hold indefinitely until I get some perspex/stop being lazy), I was inspired by Victor Coleiro's "Worlds Smallest Space Invaders" project to do something similar myself. After contacting Victor for some pointers (he's extremely helpful) …