Give a software-defined radio (SDR) platform to a few thousand geeks, and it’s pretty predictable what will happen: hackers gotta hack. We’re only surprised that it’s happening so soon. Spectrum Painter is one of the first cool hacks to come out of the rad1o badge given out at the CCCamp 2015. It makes it dead-simple to send images in Hellschreiber mode on a few different SDR hardware platforms.
What we especially like about the project is its simplicity. Don’t get us wrong, we’re tremendous fans of GNURadio and the GNURadio Companion software radio hacking environment. But if you just want to do something simple, like send a picture of a smiley-face, the all-capable GNURadio suite is overkill.
HackRF, the rad10 badge, and bladeRF all have software that enables you to directly load up and play out a file over the radio interface; it’s like a WAV file, only at radio frequency. This makes a hack like Spectrum Painter pretty straightforward. Simply convert the image file into the corresponding radio waveform data, and send it along. No GUI, no dragging, no dropping.
If all of this SDR action has your interest piqued, there’s a lot you can do even just receiving with an el cheapo RTL-SDR USB stick. It’s the gateway drug into SDR, so if you’re not addicted yet and you’ve got a free weekend, give it a shot.
We’re going to build an electronic Hackaday Badge, and by “we”, I mean Hackaday community members who are passionate about the project.
I’ll be leading the charge. I had a great learning experience the last time I helped design the e-paper badge for the 2013 Open Hardware Summit, and hope to learn a lot along the way this time too. Since then, Badges have come a long way – at cons like DEFCON, LayerONE, Shmoocon, The Next Hope, Open Hardware Summit, The EMF, SAINTCON, SXSW Create, The Last Hope, TROOPERS11, ZaCon V and of course the rad1o from this year’s CCCamp. Word is that this year’s Open Hardware Summit badge is going to be pretty kickass too. So, we have some very big shoes to fill. But this doesn’t have to be about “my badge is better than yours”. And this badge isn’t meant to be specific to any single con or event. So what does the Badge do, then? “It’s a physical extension of the hackaday.io community, made specifically for hacker gatherings of all types and sizes.”
Regulars who have been following our blog will recall the Mooltipass project which kick-started the “Developed on Hackaday” series. The idea is to bring together a team of interested developers and Hackaday staff to build a project created by and for the community. Along the way, we’ll document it on hackaday.io so everyone else can keep track of the project as we progress. Building hardware using a distributed team is difficult, but it’s getting easier by the day. All of the design development already happens on computers, but geographic issues like team members in different time zones and getting prototypes built, assembled, and distributed for alpha and beta testing needs to be taken into consideration on distributed engineering projects. Our goal is to document all of these hurdles and other issues to help others who want to take on their own engineering projects.
So we’re now kicking off a second project in the series. We haven’t fleshed out the details yet. It will be tied in to the user’s hackaday.io account, have a radio module and IR Tx/Rx, LED array and/or graphic display of some kind, some buttons, a buzzer and other stuff most badges have. We’ll need some nifty firmware and a web interface to round it up. Think of it as a physical extension of your hackaday.io avatar. We’d also like to have two flavors – a vanilla “user” badge and a superuser “sudo” badge to rule the other badges. Of course, we promise not to be evil and abuse the SU privilege. This Badge project was proposed by [Brian Benchoff], and he’s jotted down some of his initial thoughts in this project log.
What’s next? Follow the project and request an invite to the team. Let us know if you would like to contribute towards hardware, firmware code or website front end. We’ll be using Group Messaging to discuss the project. Let’s get crackin’!
HDMI is implemented on just about every piece of sufficiently advanced consumer electronics. You can find it in low-end cellphones, and a single board Linux computer without HDMI is considered crippled. There’s some interesting stuff lurking around in the HDMI spec, and at DEF CON, [Joshua Smith] laid the Consumer Electronics Control (CEC) part of HDMI out on the line, and exposed a few vulnerabilities in this protocol that’s in everything with an HDMI port.
CEC is designed to control multiple devices over an HDMI connection; it allows your TV to be controlled from your set top box, your DVD player from your TV, and passing text from one device to another for an On Screen Display. It’s a 1-wire bidirectional bus with 500bits/second of bandwidth. There are a few open source implementations like libCEC, Android HDMI-CEC, and even an Arduino implementation. The circuit to interface a microcontroller with the single CEC pin is very simple – just a handful of jellybean parts.
[Joshua]’s work is based off a talk by [Andy Davis] from Blackhat 2012 (PDF), but greatly expands on this work. After looking at a ton of devices, [Joshua] was able to find some very cool vulnerabilities in a specific Panasonic TV and a Samsung Blu-ray player.
A certain CEC command directed towards the Panasonic TV sent a command to upload new firmware from an SD card. This is somewhat odd, as you would think firmware would be automagically downloaded from an SD card, just like thousands of other consumer electronics devices. For the Samsung Blu-Ray player, a few memcpy() calls were found to be accessed by CEC commands, but they’re not easily exploitable yet.
As far as vulnerabilities go, [Joshua] has a few ideas. Game consoles and BluRay players are ubiquitous, and the holy grail – setting up a network connection over HDMI Ethernet Channel (HEC) – are the keys to the castle in a device no one would ever think of taking a close look at.
Future work includes a refactor of the current code, and digging into more devices. There are millions of CEC-capable devices out on the market right now, and the CEC commands themselves are not standardized. The only way for HDMI CEC to be a reliable tool is to figure out commands for these devices. It’s a lot of work, but makes for a great call to action to get more people investigating this very interesting and versatile protocol.
Although the BeagleBone Green was announced at the Bay Area Maker Faire last May, there hasn’t been much said about it on the usual forums and IRC channels. Now, it’s finally out and I got my hands on one of them. Through a cooperation between the BeagleBoard foundation and Seeed Studios, the best small Linux board for doing real work with small Linux boards is now cheaper, a little more modern, and green.
The BeagleBone Green is an update to the venerable BeagleBone Black, the dev board based on a TI ARM Cortex-A8. It’s an extremely capable machine with a few interesting features that make it the perfect device for embedded applications. With the BeagleBone Green, the BB Black gets a small hardware refresh and a drastic reduction in price. If you want to do real work on a Linux board, this is the one to get. Check out the review below for everything that’s been updated, everything that’s the same, and why this is one of the most interesting developments in small Linux boards in recent memory.
The Differences From The BeagleBone Black
The BeagleBone Black has been around for more than two years now, but it’s still an extremely capable machine. The BeagleBone Green borrows heavily from the Black, with a few changes to satisfy the cost-reduction goal, and to make the BB Green slightly more accessible.
By far the largest change is the removal of the microHDMI connector. This is accompanied by a large bare spot on the board where the NXP HDMI Framer chip once was on the BB Black. When I talked to [Jason Kridner] his justification for the removal of the HDMI capability of the Green was that ‘nobody used it.’ This is fair and true; if you want a media server, you get a Raspberry Pi, and if you want a tiny Linux box to toggle pins very quickly, you get a BeagleBone. The removal of HDMI plays to the BeagleBone’s strengths, and makes it a less expensive board. You can’t argue with that.
Also on the list of changes are the addition of two Grove connectors. These connectors are part of a modular system of electronics that put a UART or I2C bus on a single connector. With these connectors and a few modules from the Grove System, building simple projects is a snap. The addition of two Grove connectors – one UART, one I2C – is Seeed’s largest contribution to the BeagleBone Green, and with a large catalog of parts ranging from simple logic gates to OLED displays and GPS modules, it’s pretty handy.
Aside from those changes, the BeagleBone Green is pretty much exactly the same as the BeagleBone Black. It has the same amount of RAM, the same processor, the same amount of eMMC Flash, and the same pinout as the BB Black. The Green moves to a USB micro connector for the power and serial connection. This had been USB mini on the BeagleBone Black. That’s a welcome change that’s long overdue. The barrel jack for power has been removed from the BeagleBone Green, and the larger USB port has been moved right next to the Ethernet socket.
As is the case with the BeagleBone Black, the Green comes with the Cloud 9 IDE already installed on the Linux image on the eMMC. This is a cloud-based IDE, but is hosted on the BeagleBone. For a device that really isn’t meant to be a desktop computer, this is the easiest way to get code up and running on a tiny Linux box. Combine this with a serial terminal, and it’s really all you need.
Why It’s Great
Although the BeagleBone Black has been around for a while now, and the BeagleBoard even longer, the Beagles have been playing second fiddle to the Raspberry Pi forever. This is a shame. The Raspberry Pi is not the ideal tool if you want real-time control of a lot of pins, and the GPIO expansion on the Pi is more of a kludge than something it was designed for.
The removal of the HDMI port in the BeagleBone Green doesn’t make this board any less capable. Like I mentioned above, nobody used it anyway. Add to that the fact you can buy an LCD cape for the BBG – and have it work with the 3D accelerator – and you’re really not losing any capability, just shaving sixteen bucks off the price. The BBG will launch with a $39 price tag, or about the same price as a Raspberry Pi. While it won’t impress many people that want a cheap Linux box for retro video game emulation, it is a great board for anyone who wants to get real work done.
Auto site [Jalopnik] got some hands-on (or rather feet-on) time with the Lexus hoverboard that was built for an advert for the luxury car brand, and their video reveals a few secrets about how this interesting device works. It is definitely real: the Jalopnik writer got to ride it himself, and described it as “Unbelievably difficult yet at the same time unbelievably cool, both because you’re levitating and because the board is filled with magnets more than 300 degrees below zero“. But a look behind the scenes reveals that it is another tease.
The device looks like it is a real hoverboard, floating several inches above the surface and even traveling over water, a feat that Marty McFly couldn’t do. But, as usual, there is a little more going on than meets the eye. The device is built around superconducting magnets cooled by liquid nitrogen, so it only works for about 10 minutes. After that, you have to refill the device with liquid nitrogen. The surface that the board is floating over also has what the Jalopnik writer describes as having “several hundred thousand dollars worth of magnets built in“. Try this on a non-magnetic surface and you’ll come to a grinding halt. If you watch the video of the hoverboard serenely gliding over the water from another angle, you can see a magnetic track just under the surface. If you run off this track, you’ll end up with wet feet.
Is it a neat hack? Yes. Is it cool? Yes. Is it the future of transportation? No: it is a cool hack put together for a car advert with a big budget. Kudos to Lexus for spending the cash to do it properly, but once again, our dreams of hoverboards are dashed in the cold, hard light of reality. Darn.
CMOS opened the door for many if not most of the properties needed for today’s highly integrated circuits and low power portable and mobile devices. This really couldn’t happen until the speeds and current drive capabilities of CMOS caught up to the other technologies, but catch up they did.
Nowadays CMOS Small Scale Integration (SSI) logic families, I.E. the gates used in external logic, offer very fast speeds and high current drive capability as well as supporting the low voltages found in modern designs. Likewise the Very Large Scale Integration (VLSI) designs, or Very Very Large Scale if you like counting the letter V when talking, are possible due to low power dissipation as well as other factors.
How CMOS is Designed
CMOS, which means Complementary Metal Oxide Semiconductor, is based on combining two polarities of MOSFETS; Metal Oxide Semiconductor Field Effect Transistors.
Regular transistors, known as Bipolar Junction Transistors (BJT) meaning that they are made from junctions that have a positive and a negative (PN) junction utilize current as the input and create gain by controlling output current. As all of these current flows add up it means that at the end of the day there is a lot of current flowing which results in power being dissipated which ultimately results in heat.
The Junction Field Effect Transistor (JFET) utilizes voltage instead of current on its Gate input, somewhat like the Base on a Bipolar Transistor, to control the output voltage. Since the Gate is not insulated from the other terminals, known as the Source and Drain, there is a leakage current in JFETs that would not be present if the Gate was insulated from the Source and Drain.
Enter the Insulated Gate FET (IGFET) which is the basis for most of the transistor devices found on large scale integrated chips today. Looking at the diagram, the MOSFETs all show a distinct space between the Gate and the rest of the structure. The other two pins are the Source and the Drain.
This is a real gap created by silicon dioxide, the “Oxide” in MOSFET. If that sounds like glass, a really good insulator, I would say well yes it is. If a good insulator sounds like a dielectric, the makings of a capacitor, I would also say that well yes, it is. FET’s come in two major modes of which there are two different types based on polarity. The major modes are Enhancement and Depletion.
An enhancement MOSFET needs a voltage applied to a gate for the device to turn on, it can be thought of as a normally closed switch as opposed to a depletion mode device which needs a gate voltage applied to turn off and can be thought of as a normally open switch.
FET’s come in two different polarities based in part upon the polarity of the Gate signal and how it affects the device: An N-Channel device is activated when a positive voltage is applied to the Gate compared to the Source and a P-Channel activates with a negative voltage.
By combining an N-Channel device and a P-Channel MOSFETs an inverter is implemented. When the Gate is High the N-Channel MOSFET turns on pulling the output Low. Likewise when the Gate is Low, the P-Channel MOSFET is turned on pulling the output High. Note the alternate way to draw the MOSFETs on the right that is a tad more intuitive as the bubble on the P-Channel indicates that a Low on its Gate will turn it on.
Unprotected CMOS Can Be Fragile
The High Impedance on the input, I.E. the lack of a load resistance to a ground, means that a little bit of static charge on something like the human finger, can actually be disastrous for an unprotected CMOS circuit. A simple spark or otherwise invisible charge can ruin a MOS based device by punching holes in the gate insulation. Another problem caused by excessive voltage is what is called “SCR Latchup”, basically an excessive voltage causes the PNPN junctions produced by layout to act as back to back transistors that cascade into full conduction resulting in a short circuit between power rails. The only way to relieve the shorted condition is to remove power from the device which allows all of the energized transistors to turn off. The addition of protection diodes as shown is pretty standard across the board, though sometimes the diode function is really implemented with on board JFETs.
Let’s talk about CMOS logic families. The table below shows the curve between the newest families and obsolescence. Many of the comments on the video on TTL properties mentioned that TTL is for the most part “mature”, old, and/or obsolete. While this may be true in general, the legacy of TTL logic levels lives on in the form of TTL compatible families, usually denoted by a “T” in the family name.
CMOS vs. TTL
The voltage levels of CMOS based logic are somewhat different from TTL, basically instead of the preset levels of Low(.4-.8v) and Hi(2-2.4v) the input logic levels of CMOS are mostly expressed as a ratio of the supple voltage.
The output voltages are usually within a few tenths of volts of each rail and the input thresholds are generally 1/3 and 2/3 of the supply voltage for Low and High respectively. This has the effect of maximizing the noise margin as the near rail-to-rail output swing (from near ground to near the power supply) ensures that the gate has the maximum output voltage swing.
It’s important to note the CMOS works best and uses the least power when the gates are turned all of the way on or all of the way off, it is very important that the voltage be kept out of the area shown in pink on the table.
CMOS outputs can generally connect to TTL inputs providing that the CMOS output can supply enough current. Feeding a CMOS input from a TTL output is a bit more problematic as the TTL output of 2.4V in a 5 volt system is not high enough to guarantee a High is seen by the CMOS part. Generally a pullup resistor can supply the last little bit of voltage but a cleaner approach is to use a “T” type CMOS part such as an HCT instead of HC, or a AHCT instead of AHC.
Low Voltage and High Speed
The chart below shows the migration CMOS has made over the years as it increased speed and ultimately support for the lower voltages; down to 0.8V as shown. The technology trend ends up with older families in the upper right, the newer and more advanced families down in the lower left. During this time other attributes also improved including output current with 24-60ma drive current becoming not uncommon. Low voltage and higher speed do tend to go hand in hand as the voltage has less “distance” to slew. With the new voltages come some other issues such as translating between them which I will cover just a bit in the next post.
In the next video I will show some CMOS logic family capabilities that include supply voltage translation such a 3.3v to 5v and also including down to 0.8v, a bus “hold” function, and will try my hand at showing how to lay out a CMOS gate and what some of the various layers and technologies are that are used in CMOS fabrication.
For your quiz this week, what logic function does the following drawing depict :