avrdude: safemode: lfuse reads as 5E
avrdude: safemode: hfuse reads as D9
avrdude: safemode: efuse reads as F4
avrdude: safemode: lfuse changed! Was de, and is now 5e
Would you like this fuse to be changed back? [y/n] n
Erasing the controller with avrdudes’s -e option fixed the problem:
$ avrdude -c jtag2isp -p usb162 -P usb -v -e
$ avrdude -c jtag2isp -p usb162 -P usb -v -t
>>> write lfuse 0 0xde
avrdude: safemode: lfuse reads as DE
avrdude: safemode: hfuse reads as D9
avrdude: safemode: efuse reads as F4
avrdude: safemode: Fuses OK
Last year we worked on reverse engineering the Sigma logic analyzer to provide a decent Linux experience. The project stalled somewhat, but a few weeks ago, we we’re contacted by Bert Vermeulen from the Sigrok open source logic analyzer software. They wanted a driver for the Sigma, and asked if we could provide it. After some more work looking at the protocol, we were able to understand how to program the analyzer.
Because of potential copyright issues with regard to distributing the firmware, we contacted the vendor. They turned out to be very supportive of the project, and agreed to put the firmware under a license that allows redistribution. In addition, they provided detailed documentation of the protocol, which allow us to understand all the gritty details of the communication dialog.
It is therefore with great pleasure that I announce initial support for the Sigma in the Sigrok logic analyzer software. The driver is far from complete, as it only supports 200 MHz capture, and with only using software triggers. However, with the detailed specifications provided to us by Asix, and the continued dialog with their developers, we will bring full support for the Sigma to the Sigrok project.
The Asix Sigma is a nice piece of hardware with 16 channels and up to 200 MHz sample rate, available for € 298.- at ASIX’s homepage and from third party resellers.
Ubuntu decided to move /proc/bus/usb to /dev/bus/usb recently, and this caused some problems with our ASIX SIGMA Logic analyzer. The proprietary library libftd2xx used by the wine wrapper has this path hard coded and will bail out without any warning. It is not possible to symlink from /proc/bus, but libftd2xx also provides an alternative location for usbfs: /dev/usb.
After being a member of PING for a while I got more and more interested in electronics and microcontroller programming. As I didn’t own a standalone digital clock, I decided to make one myself. We had all the necessary components: Seven-segment displays, a microcontroller and appropriate resistors.
Multiplexing the displays
I connected every segment on all the displays to pins on the controller, and the ground pin of each display to their own pins on the controller, as seen here:
To give the illusion that all the displays are on, I quickly connect the ground pin of the first display to GND, and the active segment pins to VCC, disconnect the ground pin of the first display, and then repeat the procedure for each display forever.
where SEG_? corresponds to these physical segments:
* 5 7
* 3 1
* 2 0
Timers, buttons and interrupts
Putting the digits on the displays is well enough, but this is a clock, so we want to update the time as well. Enter the timer. I enable the internal timer on the Atmega16, and make it trigger an interrupt every second:
A few weeks ago I discovered a cheap wireless power control set from Clas Ohlson. At first I intended to use it with my universal remote, but this turned out to be impossible because the universal remote was infrared (IR) only, and the power unit was RF (433 MHz). So I would have to shell out $400 for a more fancy remote… or, I could hack the light controller!
I wanted to add an IR receiver to the RF remote control, and use it as a transceiver / repeater, so I could use my universal remote to control the RF light switches.
Opening the remote
I brought the gear to PING, where Håvard and I disassembled it. The remote control contains two PCBs:
Frontend with 6 buttons, an LED, a channel selector, a 12V battery, and a signal encoder chip
Backend with RF unit
The two PCBs were connected with GND, SIG (+5v) and VCC (+12v).
Decoding the protocol
We hooked up our logic analyzer between the two units, and recorded the signal.
The physical layer protocol was easy to reverse by looking at the trace, two patterns was clearly visible: 1000 and 1110. It looks like each data bit is represented by four bits in the physical layer; a start bit (high), the data bit repeated twice, and then a stop bit (low).
0 = 1000
1 = 1110
Data link/application layer
We then tried to analyze the higher level protocol, first we decoded channel A, lamp 1, button “On” and “Off”:
We have recently discovered that possibly all screensavers with lock capabilities are prone to a cleaning lady attack. By issuing Alt+SysRq+f you (or a malicious cleaning lady) can make the OOM killer kill your screensaver process and give you access to the screen. This works with xscreensaver, xlock and gnome-screensaver (Debian Bug). As a hotfix, you can write
Not completely true; Right now, Sampi is only a frequency counter, but our aim is to create a logic analyzer that is far more advanced than any tool we know of. The project started after we bought a ASIX Sigma software based logic analyzer. Great hardware, but the supplied software was useless. As a result, we started developing open source logic analyzer software.
Some of the design goals are:
Fast user interface that can be fully controlled using the keyboard
Multiple modes of plotting input data
Python scripting support. This can be used to write decoders on-the-fly, and the verify that protocols behave correctly.
A library of protocol specifications which can be used to simply debugging (e.g. SD/MMC card protocol)
Sampi is written in C++, licensed under GPL and is vendor independent. This means that all software logic analyzers can be used with a driver.
The SIGMA used during development contains an FPGA, but requires that the configuration (firmware) is uploaded by USB on every boot. To grab the firmware, we simply intercepted the USB traffic with a LD_PRELOAD wrapper. This worked well, but a more reliable method was desired. The firmware resides in a obfuscated format in the windows binaries provided free of charge by the vendor, and after a little trickery, we were able to extract it. A tool to extract the firmware to use SIGMA in open source software is available in our git repository.
Since PING expanded to more than a handful active members, we have had several generations of door locking solutions. The first solution involved a long IDE-cable, a CD-ROM and a computer which issued the eject command in order to control the lock. The 2009 revision of the door lock is the most advanced and stable so far, and has the following features:
A strong mechanical lock
Username/password authentication in a graphical UI
The design consists of five modules:
The locking mechanism (industry standard electric door lock)
The lock controller board (Atmel ATTiny 461 SMD) with locking, USB and RFID firmware
RDM630 RFID reader connected to the lock controller by UART
Computer controlling the graphical user interface (placed outside the room), connected by ethernet
Main control computer (connected to the GUI through ethernet, and lock controller through USB)
It will probably not score any points for looks, but it provides ease of use and some safety to our premises.
The circuit was designed in Kicad and routed using FreeRouting. Source code and circuit is of course available in our git repository with GPL license.
The lock has three magnetic sensors onboard to detect bolt position and if the door is open or closed. The sensors, a button and the RFID chip is monitored by an ATTINY 461 connected by USB to the host computer. We use the V-USB implementation by obdev, which enables us to have a low-speed USB interface to the AVR with very few extra components.
The motor which engages the bolt requires a 12 V power supply, and USB only delivers 5V. This was solved by using a DC BOOST converter (LT1373) providing enough power over the USB line. To control the motor we designed an H-bridge using BJT transistors.
The RFID chip sends tags (14 byte hex) by 9600,8,N,1 UART as soon as a tag is sensed. The ATTINY does not have an UART, so our firmware emulates this by synchronizing to the bitstream.
The host computer runs a simple program that validates RFID tags and provides an interface for openening the door. It also monitors Bluetooth connections. Users entering username or password to unlock the door do so on a dedicated computer located outside our office. This computer and the host computer communicates by a secure TLS connection.
As a result of this project, members of PING are now able to unlock the office door by using their username and password, by presenting their RFID proximity card, or by having Bluetooth enabled on their mobile phone.
Software, Hardware, Electronics, Whisky, and Other Hazardous Materials