Hack everything: re-purposing everyday devices - Matt Evans

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Uploaded on Jan 19, 2012

Arduino is everywhere, but so is electronic junk. Got a project in mind? Take something you already have and repurpose it instead. Make it into something more interesting, for free! Learn how it works, see what it's really capable of and save it from landfill.

In this talk, we'll journey through some examples of common electronic devices to find out: - Why things are hackable, which useful interfaces they may have and how to use them.

👍︎︎ 7 👤︎︎ u/TryHardDieHard 📅︎︎ Apr 07 2015 🗫︎ replies

Funny and informational! Though maybe I'd be a bit in over my head if I try this all by myself. Repurposing things doesn't mean taking them apart though, old coputers can be made into lots of things, especially if canibalizing some PCI cards from other comps: ethernet ports, RAID arrays, SATA expansion, for instance.

👍︎︎ 1 👤︎︎ u/Cyberneticube 📅︎︎ Apr 07 2015 🗫︎ replies

Captions

I used to love as a kids particularly bits in the 18 they get captured by the bad guys they'd get locked in a toolshed it'd be a combine harvester welding equipment they come out with a tank and shooting watermelons or something they'd be crazy stuff going on so at university when I started to get into digital design and I started to hack stuff move forward taught me to move for it okay well I have a microphone it's all in the right place got some feedback on it okay I looked source right as well shout that's not gonna go great while this is gonna start feeding back from home okay okay all right where was I I was at University so the 18 was the big influence I started to reuse stuff I was a poor student I didn't have the money to keep buying all these parts of stuff so I start taking things apart and I started salvaging parts from them it's then salvaging the devices themselves this philosophy stuck with me I'd like to talk a bit about it today I think it's a lot of fun to reuse devices and save them from the trash more fun in some ways than buying new things now there's a bit of contentious thing I'll come to that in a bit so I start with some philosophy of why I think it's a noble thing to do and then we'll move on to some more technical stuff after that so I want to inspire more people to take things apart and to look inside devices that already exist we seem to have a lot of people that are very interested in Arduino and electronics and this is great these are things that you will buy and then make something out of and I want to inspire people to then take existing stuff and take that apart as well so hacking something you're making an object to do something that you wanted to do it's often contrary to its original design you will often be making something into something that's not what it was originally meant to be non technically this could be moving a buttonhole this could be fitting putting a BMW spoiler on your Ford Escort there's all sorts of examples of this a lot of the things I think people create fall into some of these categories so there's often there's a need for an invention a fix there's sometimes reuse by choice if you're lucky and sometimes we used because that's all you've got around or all you can afford and sometimes it's just to create something thought-provoking it's for art it's for fun it's to make something beautiful there are a lot of examples in the news there's the the Thailand floods I love this stuff there's their pictures the cats and dogs with empty water bottles strapped to them people salvaging stuff to try and save all of their stuff though the rebels in Libya making makeshift guns and weapons out of what they could salvage so they had the need and they had to reuse stuff they didn't have the supplies here's a great one from the Philippines bringing light to the inside of people's houses during the day can be very dark using just a water bottle stuck in the roof so every culture has got old term for clutching or hacking stuff in looking into this a Brazilians here will correct my pronunciation this may be wrong gamba era is the art of hacking stuff it's the art of the collage the improvised fix but there always seems to be a twist on the art side of it so a lot of the gambia logical hacks will solve a problem they'll maybe just for art but all of them involve we're using stuff reusing parts and objects other hacks retro appeal is a big one where people are preserving an original design reusing it for something cool vintage hardware using it just because it's cool here's a heck by my friend Angus over here from our local hackerspace it's in a Swiss piece of lab equipment it's something that shows when our hacker space is open and tweets it's an Internet connected device but it's reusing an awesome case kind of dr. Strangelove sort of feel to it by his inspiration I made this out of an old slide projector this is a digital slide projector with an old Nokia display and an AVR wired up to it so it's kind of like a crappy 1950s sort of digital projector but again you're giving new life to these things which would otherwise just be unused or be maybe on a mantelpiece somewhere reusing them and you're appreciating the design and making it your own so here's another example I thought I'd do a little demo on lines a little bit simpler from the previous demos but um simple means reliable as well I'd like to introduce mega duck now I brought this along as an anti heckling device so it's kind of a force field coming out of here we had 110 decibels like corn lying around the office there's actually under someone's chair so that when he sat on it and we had a little squeaking duck thing so a bit of Errol diet wiring the sound output from the duck chip into the amplifier of the hall and we've got this beauty so this covers all three of those areas aren't design obviously it's the pinnacle there there's a need and it's reusing something but electronics is really what I want to talk about so I'm a bit worried that as a society we're going from 1940s radio and TV owners who would know how the devices worked if they broke they would take the lid off and tinker with them to mostly passive consumers obviously though it was a slightly different crowd and we're interested in electronics and Arduino and building things ourselves but as a society I really want to promote this idea of taking stuff apart and looking inside because a lot of things that's the only way you learn them it's a very accessible way of learning things as well I want people to start tinkering this stuff so I'm worried these skills will fade so this is my motivation for giving this talk I want people to either yourselves take stuff apart and learn things or crucially teach other people to do these things as well and does this look familiar to anyone this was a small part of my junk shelf I've got I think it counted three other boxes and there's a couple in the cupboard cobwebs haven't been near in a long time we will collect all this stuff upgrade our phones and I'm as much a gadget freak is anyone else who geeks love their technology and these days it's designed to be old six months ago you know it's things going obsolete so quickly we've got a lot of this stuff lying around and this is also another motivator there's all this raw material things that can be used for stuff so one of the reasons is to save resources part of this slide was also sort of trying to motivate people to not be as much in sort of the consumer cycle buying stuff and consuming and consuming and buying stuff and I want to point out to the free Tronics guys as well because it sounds like I'm about to go don't ever buy Arduino and don't and this is not not the point I'm just I want to highlight people that obviously we work in a very resource intensive industry so the computer industry's resource intensive for making chips and that sort of stuff so it's a balance as everything so the reality is always somewhere between these things and I'm just in alternate view reusing stuff is one answered so something to think about but even recycling is is is not great so if you have a device you don't want it anymore obviously putting it in the bin is going to add your heavy metals and your chemicals from your device to the ground recycling electronics is not a very clean art and we've seen photos of all this stuff going on in third-world countries and people boiling things down and it leaching into the rivers it's a it's a dirty thing so reusing stuff is much better than recycling it as well I mentioned as a student I didn't have any money so I started out doing this sort of stuff to save money but it's also a bit of a cruel challenge I think in some ways what's that what's the best thing that you can make for free or for a dollar or something Arduinos yes you sound I'm trying not to sound down on the Arduino I think it's a very very cool project platform it's it's not that expensive and that will be people's argument ok well it's easy to use and so my slide here try and do it for free all right sign your $30 and we've all got them for free in our in our bags I think they are quite expensive if you start using them as a raw material they're 30 bucks each then you build it into something then you need another one to develop your next project so you buy another one so this is cool for some things and please do support the companies that are building nice bits of open hardware but think about whether you can also reuse stuff as well and it's a judgement call for you all the education side of taking things apart I covered a bit before but it it's this is a really big deal you'll learn some really good design techniques I always have a look at circuit boards and like now why are those two traces closer together or why are those curved and those not and there are all sorts of questions that you can ask yourself from looking at these things and learning by example building stuff teaches you stuff taking these apart teaches you stuff taking things apart and building stuff from that will be the best of both worlds and teach you some more the other thing is taking stuff apart and learning how they work is very important for the robot apocalypse which is I'm sorry to say coming very soon the Terminator he was taken apart he was reprogrammed to go back and find John Connon protect him how do you think they got those skills this was taking stuff apart examining it's very very important so this is a big deal big motivator for me difficult stuff is fun this is the intellectual challenge this is the hacker ethic we like getting started with stuff that has the directions and documentation is a wonderful thing one of the real strengths of the Arduino and the things that makes it very valuable is that there are lots of tutorials it's a great thing to buy to start getting into electronics to get into microcontrollers lots of tutorials and lots of documentation once you get to that point it might be starting more interesting and I'm not hoping this there will be a lot of people at this point where they've they've done the basic tutorials and those sorts of things to make things hard for yourself on purpose make things more difficult for fun so this is an end in itself for me I've done a lot of projects that are not very straightforward and very secure tiss to actually build a blur widget but that's not the point of them the end is not the point of those particular products projects but stupid stuffs fun as well so bear that in mind it doesn't all have to be crazy reverse engineering and stuff I'll demonstrate it again does anyone want to be in the blown out of this Hey but we've got a lot of stuff around right so it's six months ago all of our things that we bought then are now obsolete and we upgrade and we like our gadgets and everything is getting smarter as well so our TVs our printers our scanners all of these things are now computer-based that makes them easier to hack in a lot of ways they will run code and software it's a lot easier to examine and tinker with so I'd like to as I said in inspire people to just have the go at this it's it's not maybe as hard as it looks and to give stuff a go is the first step I work for a big multinational corporation so I should probably say I'm trying to make it clear I don't want people to go out and break copyrights and start ripping off bits of people's firmware and reverse engineer things ethically and legally and please don't break the law so I have to get that thing in there some devices are easy to access on some or not and it's and it's a judgement call basically choosing which is which your Playstations or your iphones are on one ends there quite heavily locked down be in this category there is a lot of effort gone into making these things unhackable now there's a lot of smart people working on running code on your Playstation on your iPhone or your cryptographic bootloader breaking and things so I'm not going to talk too much about this stuff other categories sometimes it's difficult to hack stuff just because of the way it's made very very cheap manufacturing methods are one example it's just out of obscurity they haven't put any effort into hiding this chip it's just that this is the cheapest way to mount a chip you buy the bare die you glue it down and you stick something on top of it but you can't see what the chip is and you can't get it it's connections there are they're quite mundane legal reasons people don't want to document stuff because they fear I will have to hire an IP lawyer and all that sort of stuff and these are other ways that a lot of hints are hidden from us the hacker the saving money and developing stuff very cheaply sometimes makes things easier to hack corners are cut and things are rushed to market and the time part crucially is what makes things easier so I call this open buy cheapness so you'll not design your own chips you're your biases associated on chips from some manufacturer they'll probably document them if you're lucky they won't use custom Asics which take a long time to develop also if you make five designs of something five devices that are all similar you will actually probably make one design one per circuit board and then mount different components for different variations of the product so this means you'll have lots of components paces or footprints that are empty that you can wire stuff onto or unused portions I'd which might be useful sometimes software does this as well you might have a single a line of products with a single operating system that's common to all of them so your particular product might have features that are easily unlockable or use a common code base because it takes more time to develop five different Forks of things and another reason is that you'll have reference designs but the system on chip manufacturer will say here's a development board if you want to develop stuff with our chips and please do you can borrow the design you can license it from us or you can have it so a lot of devices will be actually very similar to the reference design the development board which you might be able to download the schematics off and some products are well documented on purpose they're open they're designed to be hacked thinking of the open microphone there's a couple of toys that the Robosapien springs to mind they documented a lot of cool bits inside that you could solder stuff onto the chumby I'm going to mention later on I don't if anyone's heard of that okay cool little Internet device touchscreen sort of stuff I'll talk about that a bit later things to look for so reference design similarities sometimes debug code is even left in when you've got your common code base people don't sometimes take the time to trim things down and do a proper release build it takes time to do that and you can get things to the market maybe a month sooner or something if you do that we've covered the unused test points but the factory test ports are a very useful thing as well so you have a device that's made in the factory a test machine will usually come down and see if it's dead before you send it out the door and that test machine needs to talk to the system on chip the system on chip will normally be running its own test code run through its itself exercise routines so the test machine needs to be able to connect to this to drive all these things and exist what to do this is usually the serial port it's very very cheap still it's two pins it doesn't need any particular connectors it's not high speed sort of things so you don't need a special circuit board design this interface is also used by technicians when things go back to the factory excuse me and everywhere so my CD player has one got one in the back of a LCD monitor back of a set-top box this is on a pci SAS card it's got an arm microcontroller and some flash and some RAM and a see report at the top on a PCI card it's just a princess someone brought in to work I've got broken printed you want it okay see what we can reuse out of it so five minutes later I have the lid off and there's a space here so as good hackers we should be suspicious of anything that's not used in the final product especially also this project is kind of poor but there are two resistors mounted here resistors cost money so no one's would put these resistors on there if it's genuinely unused in this product so something has at one point probably plugged on to this and it's test port so three or four pins have a look out for these things grounds send receive and sometimes power you'd be surprised what's listening on them so I connect up for a serial cable to this on this printer just took the lid off and plug it on and it's running VxWorks and it's got a little shell on there and it's got all sorts of debug stuff and little flags that you can tweak so if you don't already have a USB as a serial to TTL or logic level cable some of the people in the audrey know mini con 4 think got them five volt ones then get one of these they're really useful be careful of the voltages when you connect things up sometimes or sending five volts in or five volts and three-point-three the common ones but make sure things will won't go up and smoke when you connect them in I had a USB to serial cable and in keeping with the reuse theme I just have one of these lying around so usb-to-serial and then serial to rs-232 to lose the voltages so you can cut that chip out and solder on some wires and make one of these so I saved what three or four dollars and I reused something just as a useful thing to have around so WJ tech just takes a whole other situation altogether that I could talk about that for a while but it's you can use it PCB tests you can use it to debug CPU cores in your SOC it's another thing can be very useful if you've got the facilities in the software in system programming ports there's one of these on the Arduino there's one of these in the coffee machine in our office this is how when you build a thing you'll sit down blank chips and often just stick the firmware in on the assembly line instead of programming the chip separate so so that one example households random digital device a head lying around it was a lovely digital picture frame I'm not well into these sorts of things like actual physical prints but I had this lying around and it was an upmarket one for the time it had a high red screen USB and does video playback and all that sort of thing I thought well not bad for free what's inside it the first thing we noticed on this very very dark thing that we probably can't see it's got three chips and there's a one in the middle system-on-chip this is your processor that's got your controllers for your RAM and flash it's got USB and video and all that sort of stuff on it first problem which you almost definitely run into if you take for a random thing is you goggle the chip number and there are hundred thousand results and they're all to buy or sell it and none of them are here the interesting register definitions there's no programming information for this I searched for quite a while and couldn't find any so I found a marketing leaflet and that was all the information I could find it's a very cheap system on chip designed for digital cameras and media players and that sort of thing it's an embedded processor one hundred megahertz MIPS so it's 32 bit machine it's not too bad it could be something useful that we could do with it it's also got the 32 Meg's of RAM and that's enough to do something interesting with as well mpeg-4 hardware and that sort of exotic stuff so I kind of want to run code on it but but how so here's the picture of the back again some unpopulated pads I think this is derived from a reference design this is an example of one of those products there's a little strip connector up there which i think is designed for a camera sensor and I think this is derived from a development board for this chip which is designed for digital cameras and they basically left in some of those things one of the things that is in see on the side we've got a lovely gold pin header and again especially lovely gold ones these things cost money this isn't going to be fitted if it's genuinely unused even though it's hidden inside there it's not an end user port so I think this is a factory test port so what's on it maybe there's a serial port maybe look a bit closer so there's a bunch of pins we want to find two of them there will be our serial port the easiest thing to do is perhaps as a guess if you reboot the device it spits out something like the D message when it comes out when it boots so if you've got an oscilloscope it's quite easy you can basically reboot the device over and over and have a look and see if you get a serial pattern coming out if you don't have one then you can even trial and error it you can connect ground and you can connect the inputs of your serial cable try all the pins all at once keep resetting it actually before I had an oscilloscope that's what I did on this exact device and it does have a serial port I'll show you in a second the input here's a little trick you can sometimes differentiate an additional output and the digital inputs by the voltage so just what output will be driven by fits up say so it's pulled up and in this case and it will be very close to your 3.3 rail so 3.29 volts your input will be quite weakly pulled up and sometimes you can actually detect that you can guess that it's an input because it might be 2.9 3.97 volts it might be a few millivolts less and sometimes you can test this the other way if you're trying to find a serial port input once you've found the output you can connect again trial and error your serial cable around you can stick a resistor in series so if you try to drive an output you're not going to blow anything up and then you can hit enter a few times or see if you get a response that's how I found the input on this one and it comes out with all sorts of debug it's this is pages and pages of the stuff when it starts up it thinks it's on an evaluation board so okay that's my guess of the the circuit board being a derivative of an evaluation board it's meant for a digital camera it's got all sorts of code in it for for taking pictures and that sort of things movies it's even got a command-line interface with help so there's you can read and write the flash card you can display video you can display images you can dump memory you can poke stuff into memory see the do command up there you give that an address and it jumps to it so that's how we can execute code on it so it's got a useful command line with interesting things that you can play about with hidden inside this seems a bit weird why would you put this in why would you bother well you know it's not an effort to put it in its they didn't make the effort to take it out this is debug code there are all sorts of assert flying pass there's all sorts of oh I'm in printf dot C and this thing went wrong is rushed to market it's a common code base from a camera system they didn't bother to take any of that out or to hone it down just for this picture flame and the debug code is also left in so this could be really helpful so I started disassembling the ROM of this as a form egg ROM and that's a puzzle inside a puzzle so we recurse here we pop push and there are all sorts of statements like this which made disassembling it a little bit easier the first thing I wanted to do was find the serial board get some debug out find the memory map figure out where the GPR the where the mm i/o registers were so that I could actually program the peripherals on this thing so start early and I found a message in the ROM that I saw was printed out when it first started up that's going to be their equivalent of the early debug printf sort of thing referencing that so find that function that starts playing with some mm i/o registers and sure enough that's the UART so I've got my debug output there and by doing that over and over and by having a few interesting hours doing this you can build up a profile of where all of the peripherals are and how to use them one of the other things that is a good clue is that system on chips are very rarely completely new they're very rarely completely redesigned and sure enough this chip has a slightly better documented earlier sibling it's very very old it's in the 8-bit chip but it's still got the some of the same peripherals so they haven't reinvented the interrupt controller and they haven't reinvented the UART and it turned out that the SD controller once I got some information on how this is working matched quite closely to what I was seeing in the disassembly so now I have some information on how to draw their support so the other peripherals are that same sort of thing I'll jump in Emacs and painful stuff so this is of I'll answer this after it but that's a very good question and I'll come back to that remind me um okay so this anyway this is just an example of something that's it's like the design for cheap saves the day it loss of information is left in and also lots of develop orts and things like that so it can make it a bit easier so I just made an artful thing I've got my sort of hello world thing there and currently all it's doing is doing a rotten nineties demo effect sort of thing on the screen I figured out how to mess around with the TFT controller the interesting is frame buffers actually it's not an RGB frame buffer it's a y UV frame buffer which sort of fits if you think about the digital camera a JPEG display element of it so all this stuff's going on on the the luminance channel and then there's a separate chrominance channel which is adding the blue tinge there it's not very useful it sits there in twelves and looks pretty and there other things that could be could be done with it like it could be a display device for an S or user imagination but doesn't drop off whatever one thing something more useful and less arty I had a need to - for a bit of bench equipment mention JTAG earlier I had a Susan had a board that I wanted to to program using jtag and and I didn't have the equipment to do it so I built it one of the things that I used was these are some of my favorite class of devices it's the trusty ADSL modem and Wi-Fi box and these things are great they're plentiful they're crappy all the the firmware is always terrible so people always upgrade them and throw them out so there's lots of these around while I was writing these slides over Christmas my hosts said I've got these liner and they only use to you so these are the two here and they both run Linux there's a lot of people know a lot of these things run Linux from the factory there's also open wrt and dd-wrt replacement firmwares for these a lot of the projects i've seen with without in wrt a lot of people seem to use them for configuring their firewall better or running BitTorrent clients on on the Reuters routers in Australia the words pronounced different once a rude word one isn't and but these are all software things so a lot of the the open wrt things are software based and there's more to them than that there's this hardware as well so they're often MIPS pace that Texas Instruments um Broadcom and so forth a few common chipsets that run these and I love fwot I use it for a whole bunch of projects and it's very very cool for those that haven't used open wrt it's a bit like build routes which is a project to build your cross compilers and a kernel and do you see Linux sorry you see lipsi busybox and a root filesystem for a device it's also got something which looks a bit like the the port's tree in in bsd so a whole load of make files for all sorts of software it'll go off and download and patch make your packages for these things so these devices are great because they're they're fairly capable they're 150 or 300 megahertz that sort of end of things 8 or 16 Meg's of RAM 32 if you're lucky it doesn't sound like a lot eight Meg's of RAM for a Linux system if you haven't used you see Lib C it's tiny busybox very very small you end up with a lot of memory and you can actually write some cool code in that space but the coolest thing about these things is it they run Linux they are very familiar dev environment you can run Perl on them you can write stuff in Python C Erlang well I'm not sure Ella actually eight makes I don't know that's this you might be dreaming okay you can use lure you can use Ruby if you're a deviant there's there's also separately there they've got they're great they will have USB host sometimes PCI sometimes GPIO pins that you can blink on and off for a bit of RAM if you think about that so that the eight Meg's you might have six makes free compared to microcontroller an AVR that's tons Wi-Fi Ethernet and so forth so it's cool stuff you can do them in going Google some of these things I think I've got a link for the espresso machine thing at the end someone's made a pip controller for the heater of their espresso machine and it will add no tweak how strong your coffee is or something that there's all sorts of other things as streaming music systems they've used the USB host of one of these things to do some USB audio they've used the GPIO pins to have buttons or Drive LEM LCDs and put them in a nice case and that sort of thing my favorite is this radio-controlled car thing they'll get an old Wi-Fi box I've seen a few people do this you have a camera on top for the USB host you're streaming JPEGs back to your laptop then the control system back out you've got GPIO pins to drive stuff around it's good fun I have this on my list of things to do so I mentioned the JTAG need I don't need to make something I had one of these lying around it has eight legs around hundred and 50 MiG's megahertz processor so it's well quick enough to run my software and what I did was hex my old parallel port JTAG lead into the GPIO pins of the sparks I didn't have a parallel port on my PC anymore got rid of my last PC with a parallel port a few years ago so I had all the software ready all the software does is on the parallel port it looks like an i/o port so it bangs the JTAG stuff through the parallel port I did the same with the GPIO pin so all I needed to do was take this apart and find some GPIO pins to use and get the software running on it the kernel was a little bit broken on this one they're also very common chipsets often any random box will have a chipset that's supported in another configuration so even if it doesn't work out of the box and there's a little bit broken it's usually a tiny bit of configuration to get it going these chips have got two Ethernet ports for example and they've swapped around on the one port on this so that's we can figure that so inside there's the board I don't if you can see at the top there's some some LEDs for the front panel there also some empty spaces there this is an example of designing stuff cheaply by making you can see the label down the side six products with one board for the different products you'll differentiate them by fitting different features so the space is for the LEDs at the top there just for other more insanely cool products that this one isn't so the other thing I could tell from the kernel source which is available thankfully although it's a bit of an uphill battle with some of the vendors but the pins sorry the LEDs at the top they're driven using the GPIO framework in the kernel so I know their GPIO pins there they're blinked on and off in software for Network heartbeat that sort of thing so it stands to reason that the empty spaces are also GPIO pins so cool I can use those I just need to know which is which so we need to map them out my plan was to set the input register there's a single 32 bit register for 32 bit IO pins set them all to an input hack the kernel so it doesn't mess around with them while I'm looking and then keep reading that the input register over and over while poke about on board just to try to beat them out I use this amazing piece of technology here this is a clip with a resistor on the end so you can clip the ground or clip to power and you can pull up or pull down random pins while it's running watching the input register you see which bits change and you can go around and do that but you don't even need to write a kernel driver to do this although these are obviously privileged registers and these are in your physical address space somewhere that userland can't get to them you can just now before you look at this this is not a good way to code I'm not suggesting making embedded things like this but you can open dev mem you can then map it you can present a page of physical address space in your user process the page that has the GPIO pins in it you can poke that and you can set the direction and then you can just read it over and over so do this go around there are lots and lots of empty spaces on this board as I showed before and I made a mapping up and I found 12 of the i/o pins by doing this is very quick to do this and I found 12 so I needed five for my project and you know you can drive serial LCDs or you can put SD cards on or there's all sorts of other cool things that you can do with these and then ultimately my project was that buffer chip some spaghetti wiring and soldered onto some of the pins that are pictured in the previous slide so this hat cost 50 cents for that chip and now I have a useful thing for my bench I do have a note here to just over emphasize please don't plug things around in Devon M for an actual product but for a random random hack it's alright everything I've talked about so far has been a bit of reverse engineering here and there an undocumented system and trying to find out how to use it so compare and contrast this against another project this one is open by design it's and insignia info costs so this is made by chumby or designed by chumby but made by insignia this is available in Best Buy in the States or was when we were over there year and a half ago so it's old it's a popular consumer electronics oriented thing it's got a touchscreen it runs flash applets it's you give you your Twitter stream or you can have streaming audio that sort of thing through chumpies initial version was a smaller touchscreen based thing at a cuddly exterior this design to be hacked it's designed to have things sewn onto it bedazzled painted the insides are also designed to be hacked so it's an open design the PCB the schematics the firmware everything's available there's a wiki on their site there's no trying to find cross compilers they'll give you cross compilers they'll say here at the pins that do this there's even a hack port inside with clearly labeled GPIO pins that you can wire things onto it's very much a consumer product but it's designed to be hacked and I like this combination so I brought one of these a year and half ago and Jen here said to me going on and on and on that I saw hackable it's a wonderful it's great I like this company she said and so why haven't you done anything with it why haven't you hacked it so challenge I thought okay I'll do something so I plan to have it here in demo what I've made is an internet controlled cat feeder I'm actually just going to show I'm just going to show a video because it took me hours to get the cat into the luggage and it was you can tell them it's going to end in tears and it was it just seemed like a bad idea you know so maybe next time but some sort of training thing so I made this with them see if I can actually alt tab to it oh okay and then that way yeah okay there's a lot faulty about him this is awful okay so it's a remote control cat food it's made out of chopsticks in the yogurt pot and a servo motor and I think tin beans know that tin tomatoes so again that moves out and then the cat food will drop out and I'm told also work on toddlers this might be a good idea if you go away for the weekend or so as you can see we're we're controlling it here so there's the the customer they're like is he is he's home I got something's going on back to its original position so okay so it's obviously a pretty crazy piece of technology there and yeah I didn't say it was without drawbacks there are there issues so there is a bit of a close up some clothes pegs - I forgot to mention them so um and this was easy this took about an hour to do including software kernel source was available the schematics are available the PCB layout was available also and trumpery of a good company in this sense as well they chose a socks vendor that actually released the datasheet it's not under NDA so you can download the data sheet and say okay I want to use that pin for this I wanted to use the pwm pin so those avenues servomotors you give it a one to two millisecond pulse every 20 milliseconds and that dictates where it points so a pwn pin is ideal for this because you can program them to give a pulse width pcbs even got labels so okay I'll start looking around here here's the the serial port there's no guessing which pins are which measuring all of that let's labeled there's JTAG there's a hack port a GPIO pins don't have to guess which numbers they are they're actually numbered even says please don't get more than 50 milliamps from here very very friendly for the hacker so tracing this after I try and which one of these pins was my pwm pin and it wasn't there they haven't brought it out to there but because the schematics in the board layer are available it's on this pin it's on this resistor just find this resistor and solder on so that's all the heck is it's three wires and one thing there and it's only this simple because they were very kind and they released all of this information so this is a bit of a contrast and so we love poking around in dev mem I wrote a little utility which takes an address and the thing a little bit of shell script there to set up the registers could have used pearl I suppose isn't Python on there a way so it's not the registers the pin marks is the width of the pass was like the direction of the part of the period of the pulse and the width of the past is just this final register so and this I said was in the shell script so stick these into the CGI script run them on the httpd which comes with the Machine and that's it so little heckler and some other things which I haven't properly I'm not going to probably go through them cuz they're not really finished but other examples of reuse this is very dark isn't it so this is not laptop panel really nice glossy laptop panel from a via and I had it lying around there's a broken machine somewhere I can't see any of this can we this is a bigger board believe it or not nice red thing then there's a little attached board which are made in the kitchen so the bigger board outputs RGB try actually buy this version only outputs DVI the chip itself will output 24-bit parallel data for video so I took the took the DVI chip off wired on a whole load of little wires I think we can sort of see that which will take stuff over get some good optics for this sort of thing and or you know seeing an eye doctor this is it's not good for your eyesight so magnify a 1 so take it off turn it into LVDS which is the standard that the very high speed data standard which is used to transmit data to a lot of flat panel displays and then send it out that's the socket for the laptop panel and and made a little arty useless thing to hang on the wall the software for this is this is just showing a test picture is I've got some basic GL stuff going on it and the bigger boards kind of cool it's got a 3d accelerator and those sorts of things so reusing something that was lying around and I have to admit the bigger board was lying around until I did this as well I got it and then got disinterested like any good geek so I've got something else and got distracted but that resurrected my interest for that and created a little arty sort of thing more than that yeah as you guys find it in dead men somewhere head sir it's around there here's a bit of a horrible example so this really was a I've got some weird stuff in in California which is a great source for surplus parts and X prototypes for things this was a prototype board from Intel I've no idea what it did it some sort of telephony switchy thing it had a chip there and had a chip there and a few other bits so this is sort of how it started out and I bought it for four dollars on a Sunday morning but it's got an FPGA on it and as was mentioned in some of the previous talks the FPGA Tsar very cool you can reprogram this to do all sorts of things but they're also really good if you've got a board and you don't know the connections to it well they're malleable you can program what the connections are so as long as you find them as inputs and this is what I did with this using the wire in the clip and some JTAG software I set all the pins to inputs and probed around on the board so I found a lot of maybe over 100 pins this way and because they're malleable and you can program them you can do what you want with them as output so you can do fairly high speed things I had an old TFT monitor desktop sort of thing lying around the controller board was all broken except for the two thousand ships out over there in the background and I comment with there's a hacksaw or a circular saw but chopped out that bit of the PCB and kind of wedged it on there and again lots of little fly wires so this is taking the parallel video data in the same way as the BeagleBoard hack and sending it into the LVDS serializers and then off to the panel so it's very nice panels 1280 1024 full-color here's a little Rand chip that I added to it for a frame buffer to store video later and the trusty gameboy advance which again was reused I've played on it for about 10 years at that point so at the moment it's it scales up the video and displays it on a big lids this is just rested that way it's convenient cuz the way the wires are so it's it's actually meant to be that way around but if you rotate the images the lighting goes all funny in your brain hurts and yeah bro this is yeah and now it's a nice backlit screen I've spoiled half the fun of playing with the GBA and trying to tilt it so that's all it does at the moment now one of my plans for this is - I'm making a BBC micro which is little English computer from the 80s and and this is kind of partly partly done so it's not not well enough to demo at the moment but maybe in the future so I'll start wrapping up I'm going to reiterate this again please just give stuff a go take stuff apart see what you can find there's all sorts of stuff hidden away in these machines we've all buy stuff in this kind of part of how of how society is if you do buy a new thing at least think about the thing you've left behind and do something with that as well give it a bit of a new life tell the world about it write it up put it on your blog so I can read it over coffee I like this sort of stuff hacker space is a great place for this there are the tools but there are the people this is the important thing sharing all this knowledge is pretty cool and support the companies that build open software and it's a great way to learn new things so this is my call to arms don't just passively leave these things aside do something with them disassemble them and learn and create from so thank you in questions these are a few fairly random links those are the Brazilian stuff some of my projects and hackaday I like hackaday is a great blog with all sorts of things which are usually reused based five or ten a day that you can read in the morning so I'm done and right where is our first question yeah can you answer the question about what you use for disassembly and so forth um so I've heard that my diploma is very good but it's very expensive so I didn't go down that route and the thing that annoys me about what so obviously I'll jump can disassemble pretty much anything once you know the chip architecture is we can guess and kind of disassemble a few things like that and it's a really painful thing to get a few million lines of disassembly and then in emacs go right over I go and edit it and put labels in and that sort of thing so a project I've half started on about three times when I've been doing this it's getting really annoyed and oh right I'm going to write a proper disassembler that will also be able to reassemble and that sort of thing one of the things I'd like to see would also be start scanning here and go through and actually interpret the code that you're disassembling because then a lot of the constants so for example on MIPS you'll load 32 bits you'll load an upper 39 for 16 and the lower 16 and a lot of the disassemblers will just treat those as separate pennies what I'd like to see is the code actually executed and for it to go our that's B zero zero one one wife that's the UART receive register and actually put those things together so yeah I wonder whether we should see a try and gets in there get something going on that you know that'd be fun I noticed you roll your own serial cable and we shared spare parts do you use a bus part or do you always just roll your own gear when you need it I've only got one serial code when I don't blow it up this that was my solution button and someone's let me a bus pirate and they look really cool I haven't used on yet and butter yeah they look like good little devices okay a father question about the the chips with the blob of stuff on top of it have you found a reliable way of getting that off I haven't personally done that is I've seen things on the net people using nitric acid and hot nitric acid to do that sort of stuff and it's something that I'd like to see someone else do and maybe I'll stay away friending a hole in our sink in the kitchen sir so one of the challenges are in in hacking things is is the that in a number of places that that the cheap manufacturing and and differentiating products by code is is it yeah - my experience makes things more difficult to hack because they're less examinable what and you just said the opposite so I just thought I'm what so would you be wanting to take this differentiated product and turn it into the more expensive version is that is that the sort of hack or do you mean completely reused for something else because um because I agree with you in the first sense they're a lot like in remember in the early 90s us robotics it that with modems they made one modem and had three different versions and yeah you could get you know twice the speed by changing the firmware and so on yeah yeah yeah I haven't looked at a lot into that I can imagine re adding features that are taken out on purpose encoders good it would have to be very difficult unless you can hack down the before and it's just it's just a product differentiation like like strategy from marketing purposes yeah not really that the the you know I wonder if that's done with with products that are now I'm guessing here this is just speculation but I wonder if that's done with fairly expensive products and fairly rigorously designed products from good companies as it were and what I was more talking about for the design by cheapness and the code left in were kind of the very very very very low cost very very you know no-name brands that you give them dealextreme and those sorts of things which really are you know they're trying to be 50 cents cheaper than their competitor and stuff and I wonder if there is you'd get more out of the you know the the Intel's and yeah the the big companies of the world yeah I might hey I'm just wondering now what kind of JTAG toolchains use and what so open OCD is cool they support a whole bunch of processes I use something called cable server which is a so this was for the Xilinx and system so that I was trying to programmers onyx device so Xilinx what their own window and linux proprietary stuff which bit bangs the stuff through through parallel port one of the other things it can do is talk to one of silences proprietary boxes or a another pc running their own cable server thing and someone's written reverse-engineer the protocol and written an open source Linux based open source application which you can just run on any other Linux box with a parallel port and then point your proprietary zhiling software to two programs so it was that part that I'd I'd have running on the on the ADSL box so what was your most frustrating experience with something you wanted to be able to hack and weren't able to and what was it that's 9 meter how long have we got I have all of it all of it and I'll probably I'll probably toed the party line and saying I'm most frustrated with some of the proprietary products that people unfortunately like me have bought I'm an apple owner and I think this will be my last iPhone I think I don't like the way it's already gone and especially with some of the i/o stuff now I've jailbroken my previous my iPod Touch and I've had a little AVR plugged on to the bottom to do something broadly similar not quite as cool as the USB links but but that's going to get hotter and hotter and eventually they're you know they are going to take it's going to take a lot longer to jailbreak all the more modern things as all the holes get closed so yeah it's a an obvious answer afraid but yeah the proprietary nature of a lot of consumer electronics is is the most annoying thing this that's a sort of interesting point that I've kind of struggled with with the whole reverse engineering thing is that reverse engineering is really fun but at a certain point if you like if you're not sort of adapting for a sort of a current so if you're not adapting for an old product but you're adapting for a current product which is already what you mean adapting well as in like if you want to try and make it work and the way that you want it to so ok standard thing being a screwdriver for someone yes yeah okay the kind of trick tricky thing is that it's fun to do but in fact it encourages the very behavior that we don't want which is it's encouraging people to buy something that doesn't actually you know be open out of the box yeah and do you kind of ever struggle with that as a hey this is really cool I'm doing I'm well I'm finding out how it works but I don't actually want to encourage people to buy it because the company is making it difficult so I don't do a lot of that I don't I've never written a driver for a USB random camera that doesn't work most such things unfortunately and most the stuff that I do is really just literally old crusty stuff that's lying around so it isn't a I'm not making a purchase of something in order to hack it what I have done that like the chumby thing the info cost and but yeah so yeah I can't it's not quite the same thing I think so on I'm trying to just take something already exists so I don't think it will be encouraging the company to do that because they're not getting purchase out of me I'm finding these things from you know people throwing them away and giving them smear stuff so well they say what you did why did buy because you was oh because news I say there's actually encouraging their good behaviors yeah all the way around yeah yeah right as I said before I did also buy an Apple product so it kind of my karma points a way to have the scope could you please maybe talk a little bit more about your big award thing with the LVDS panel and how you win about reverse engineering the pin out on the lbs panel and what sort of hardware you're using to talk to the LVDS because it's certainly very easy and very cheap to get lots of discarded old broken laptops yeah well you've got the OBS panel yep but it tends to be quite hard to actually reverse to hack that into something practical waiting to be over the years okay so the two things so often the manufacturer will use a standard panel or five standard panels but they'll all be you know physically the same have the same connector then the manufacturer will use a completely random cable so the connector on the motherboard is no one knows the panels themselves are often documented so that's actually very simple because you can you know you've got 40 pins in a row and you can just pick them out and figure out what the what the connections are at the other end once you've got your LVDS pairs it's all very standard between between most panels they'll either have three plus clock or four plus clock depending on the 18 bit or 24 bit panels how much data is being sent and then the LVDS serializers also fairly standard once you get the one that's appropriate for your your data width you can sort of plug them on and then just present them with your 24 bits or 18 bits a pixel data and the clock so it's it bears a lot of resemblance to other designs that are made in the same way and you can you know some button source things or open projects that you can look at the backlight was the question will is the backlight hard hard to figure out okay the question was about reverse engineering the back light and how to turn it on and off and dim it and the back light is not as smart as as you see from the software side so all of that set up and I squid see things here and GPIO that that's kind of done on the motherboard it seems so most laptops will have just power and an enabled signal and you PWM the enable signal going in it's not a smart device that you're sending I squid see transactions too so so that's that's fairly easy you've got you know 12 volts ground 5 volts and something that's a square wave all fully on and so that's that's relatively easy but that's another thing yes another thing you have to reverse engineer so okay guys I'm afraid we've run out of time so I'd like to thank men from his talk thank you very much ok and with 10 delicious offenses handed him a memento of the occasion it's nice and hot up the back there I realized we've asked the university to do something about the air conditioning it is broken that's supposed to be fixed but we don't know when

Info

Channel: Linux.conf.au 2012 -- Ballarat, Australia

Views: 444,991

Rating: undefined out of 5

Keywords: lca_2012, MattEvans

Id: VY9SBPo1Oy8

Channel Id: undefined

Length: 50min 38sec (3038 seconds)

Published: Thu Jan 19 2012