Bad, bad Lero…err, USB…baddest USB in the whole town

USB. We all use it. It is ubiquitous these days. Our phones use it for power and to transfer data to and from the phone to a computer. Our keyboards, mice, mobile devices, external hard disks, cameras, you name it, it probably has a USB port.  Even some of our power outlets in the wall have them.  So, why am I saying something you already know? Well, two gentlemen at SRS Labs have ‘discovered’ something that many of us probably knew, but just didn’t want to admit.

usb-drive-2What’s that, you say?

Well, unless the USB device is a simple power adapter, it contains a tiny little computer.  Yep, the two dollar USB Thumb drive is, in fact, a full fledged little computer. It has a CPU, internal memory, firmware (the OS or software that makes it all work, including the complicated USB protocol itself) and, of course, the gigs of memory that you bought it for. So, what does this mean? 

Well, for the vast majority of things, it means little.  However, there is a significant portion of USB devices-mainly the aforementioned two dollar thumb drive-that contain EEPROM instead ROM.

EEPROM is erasable programmable read only memory. It is a type of ROM that can, with the right combination of hardware and software, have its memory replaced-something standard ROM cannot do.  ROM, or READ ONLY MEMORY, is a write once memory. That is, once you have ‘burned’ or uploaded whatever you want to put in it, it cannot be changed. So, you better get it right the first time.  Which is why, I’m guessing, that some of the lower cost drives use EEPROM instead of ROM.  Perhaps the same chips are used in two or three memory sizes. It is easier to re-burn an EEPROM with different parameters than to purchase unused ROMS, go through the hassle of burning them, etc.   EEPROMS are just convenient.

So, what, exactly does this mean? So what if they used EEPROM, what does that have to do with me?

Simple: YOUR USB device COULD be hacked and its firmware changed to accomplish something more nefarious than just saving your Leonard Nimoy musical collection. 

For example, say that two dollar thumb drive was intercepted at some point before it got to the store. It’s firmware changed so that when you plug it in, it makes a copy of itself on your computer. It plants something in your operating system that allows it to copy itself back to other USB drives. Oh, it also could record your keystrokes. Or, perhaps, it could encrypt your data. Bottom line is that you don’t know what it could do.

One concern is that the device, if compromised, could actually overwrite your computer’s operating system.  Now, the chances of this happening are astronomical. I chuckled when I heard it, but…it is not out of the realm of possibilities.  So, maybe unplug the thumb drive before you shut the computer down, if you do that.

Now, before you go throw them all away, consider this:  there’s been no known exploits.  Most USB devices likely use real ROM-certainly the firmware in that Seagate you bought is in ROM. The chances of your computer actually being able to re-program other USB devices is likely slim. These embedded computers are limited in what they can do.

I, personally, am not too concerned about this, but I will think twice about grabbing that freebie drive or getting them at the Dollar General or Five Below. (Note: those are two fine stores, but some of the merchandise may not be as fine. They cannot control distribution from end to end. Just saying)

The two researchers are presenting their findings at the Black Hat conference this week. I will follow up this post with any additional information they present.

Steven Nichols has a typical story that came out this past week regarding BadUSB. Have a gander here.

Half-Byte Tiny Basic Type In Game: Invader

WP_20140719_003Yep, I use ‘Invader’ a lot. Here’s a version, just for Half-Byte Tiny Basic. It features Wii Nunchuck support, sound and AWESOME graphics! Just awesome!

100 CLS
110 X=0:Y=0:D=1:Z=75
120 LINE 0,38,79,38,1
130 B=9:C=5:U=4:V=0
140 CURSOR 0,7:?”Score:”;
150 GOSUB 800
160 GOSUB 900
170 P=PAD(3)
180 IF P=1 S=1
185 IF P=1 TONE 1024,100
190 IF S=1 GOSUB 700
290 GOTO 150
700 CURSOR B,U:?CHR(142);
710 DELAY Z:CURSOR B,U:?”  “;
720 U=U-1
730 IF U<1 IF B<>X U=4:S=0
740 IF U<1 IF B=X GOSUB 1000
790 RETURN
800 CURSOR B,C:?CHR(151);
890 RETURN
900 CURSOR X,Y:?CHR(152);:DELAY X:CURSOR X,Y:?CHR(153);:DELAY Z:CURSOR X,Y:?”  “;
910 X=X+D:IF X>17 D=-1:X=17
920 CURSOR X,Y:?”  “;
930 IF X<2 D=1:X=2
990 RETURN
1000 CURSOR B,U:?”*”;:DELAY 3*X:CURSOR B,U:?” “;:DELAY 3*Z:?”*”;:DELAY 3*Z:CURSOR B,U:?” “;
1010 S=0:V=V+100
1020 CURSOR 0,7:?”Score:”,V;
1030 U=4
1040 TONE 2,400
1090 RETURN

There’s room let to add code to move your ‘tank’ and, perhaps, have the moon guy shoot back.

It is a simple little, but I found it a bit difficult to shoot the moon guy.  The rules are simple: use the ‘Z’ button on the Wii Nunchuck to fire a missile at the moon guy. You get 100 points for each hit. Play continues until you get bored.  Tinker with the code, add more gameplay and share it with us.

Have fun!

Half-Byte Console, now available

We have kits and an assembled and tested unit for sale on our eBay store.

For information on the Programmer’s Kit, click here.

For information on Half-Byte Tiny Basic, click here.

For sample HB Tiny Basic code, click here.

A Timex-Sinclair 1000 is reborn (using the Half-Byte Console)

zx81adThe Sinclair ZX-81 is one of my favorite computers. I bought the kit version, back in 1981, with some money I got from a tax return. I was in heaven. I bought a COMPUTER, one I can put together. I did it and, with my Dad’s help, it worked. (The resistor on the reset pin of the Z80 chip was missing, luckily, he had tons of them.)  Sure, I already had messed around with computers, for years at that point, and had one of my own that my Dad had built me a few years before (a SC/MP based computer, very cool, even today.) But, this one had GRAPHICS! Glorious black and white graphics. I could make a video game. WOW!

Eventually, I had a couple of ZX-81’s, six or seven Timex Sinclair 1000’s, a TS-1500 and one or two WP_20140708_006of the color versions, TS2068, maybe, not sure.  I loved that whole line of computers. Sadly, though, I don’t have any of them left. I did, however, bid on and win an auction for a TS-1000 (twenty bucks, with shipping.) I don’t know if it works or not, I never even bothered to power it up.

Why didn’t I power it up?

Good question.

Well, I had a different idea for it in mind. I wanted to put my newly minted Half-Byte Console in the case. So, that is what I’ve done.

WP_20140708_018I built up the console, leaving off most of the connectors and headers. This way, I can wire connectors that will be mounted on the case and not the board. I had to improvise with the PS/2 keyboard connector and, in hindsight, I should have used a wired extender cable instead of the board mounted connector, but, I made it work.

The RCA Video and Audio connectors were panel mount and fit nicely. The power adapter connector somewhat fits. I had to do a little trimming, but, it more or less fits.

For the Nunchuck connector, I had to do a little trim work on the back of the TS-1000 case, but it fits nicely. Same with the three pin serial header (so I can communicate with a PC or other device.)photo 1

I used some sticky back pads to secure the board, I didn’t want to cut up the case or drill a lot of holes so I could return it to its original function if I wanted to do so in the future. I may sell this at some point, I don’t know yet.

The one thing I’d really like to do is make the TS-1000 membrane keyboard work with the console. Right now, the information I’ve found requires the use of pins on the 328 that I am using for the video and audio and the Nunchuck. Maybe I’ll use an UNO Pro mini just for the keyboard.  I’ll have to give that some thought. But, that would be cool.  A new retro computer.

While I am no Ben Heckendorn, I am pleased with the way this turned out. I’m not a modder, but I could grow to like it.

photo 2I am going to add the ZX/TS1000 graphics characters to the 4×6 font for TVOut and recompile Half-Byte Tiny Basic to more look like the TS-1000. The Half-Byte Console even has the same RAM-2K. Ah, I love the ‘80s.

For more information on the Half-Byte Console and Half-Byte Tiny Basic, go here and here.  You can also search the blog for posts on both the console and Tiny Basic.

For more information on the Timex Sinclair line, go here.  You can also build your own ZX80/81. Go here to read more.

Burning the bootloader on a ATMega 328p with two Arduino UNO’s

IMG_4386 (3)In my zeal to keep my costs down on the Half-Byte Console project, I mistakenly ordered a bunch of ATMega328p controller chips without any bootloader. Oh well, I thought, they are easy to program. So, armed with Bing and the Goog, I set out find a simple, quick solution that would not require a tremendous amount of work. After all, I did order quite a few of them.

There are a lot of how-to’s out there, some of them really well done.  But, they did require either things I do not have, like a breadboard (I know, I know!) or just took too long.  Eventually, however, I stumbled across this post that pointed the way.

A sketch, called OptiLoader, is the key. Written by Bill Westfield, the loader can work with or without a computer. It requires two Arduino boards (I am using two UNO boards) with one UNO containing a programmed 328 with the OptiLoader sketch uploaded and a second, slave UNO with the unprogrammed (or programmed, if you want to change the bootloader) 328. You need to connect WP_20140708_001the two UNO’s like this:

  1. Pin 10 on master UNO to RESET on the slave UNO
  2. Pin 11 to Pin 11
  3. Pin 12 to Pin 12
  4. Pin 13 to Pin 13

Once the ‘master’ UNO has the sketch uploaded, and you have inserted the unprogrammed 328 into the slave, connect +5 and GND on the master to the slave to give it power (I am assuming the master already has power, if not, give it some.)

Once both are powered up, the master will check the slave to see what it is and then burn the correct bootloader. Once complete, the slave is shut down. Remove power and then remove the chip. At this point, you can program another by placing the new chip in the slave, apply power and then press reset on the master. 

You can watch the progress on your computer if the master is connected. If it is, open a terminal window from the Arduino IDE, select 19200 for the baud rate and press reset on the master. The OpitLoader gives you all kinds of info and even tells you when it is ready to repeat the process.

OptiLoader is very well done and contains the images for the bootloaders. 

This method takes less than a minute to do and works well. 

 

Links:
OptiLoader from GitHub
Forum Post

Half-Byte Tiny Basic is now available!

101_3346Half-Byte Tiny Basic is now complete. It supports 80×48 graphic resolution, 20 by 8 lines of text using a 4 x 6 bit character set. Audio generation via 16384 tones from a single channel. Graphical support in the form of Line, Box, Set, Reset, Circle and Shift statements and the Get function. 16 bit integer math is supported. Direct hardware access via the DWrite, AWrite statements and ARead and DRead functions. Serial port access via the SPrint and Echo statements as well as the IN function. You have access to all of the I/O pins of the 328p controller chip, the heart of the Arduino UNO and the Half-Byte Console.  The Wii Nunchuck and Classic Controller are supported via the PAD function.  LImited string handling can be accomplished (but there is no native string support.)

WP_20140701_018 (2)Functions include ABS, CHR, RND and INKEY.

Half-Byte Tiny Basic harkens back to the early days of home computing when memory was low and very expensive. Video capability was primitive (as it is, admittedly, here) and mass storage was non-existent. You only have one thousand bytes memory available for your Basic program. Half-Byte Tiny Basic is based on a version of 68000 Tiny Basic written by Mike Field. This version is optimized and specifically developed for on board development using a PS/2 keyboard and the TVOut Arduino library. And it is ideal for teaching the basics of computer programming. It is easy to learn and easy to use.WP_20140701_007

Since the Half-Byte Console is a very simple device, many shortcuts (as in the early days) had to be taken. For instance, memory is at a premium and that is why the resolution is low and the font is cramped. There is no fancy integrated development environment, heck, there isn’t a real editor: you make a mistake on a line, you type it in again. The LIST WP_20140701_027 (2)command is very primitive: LIST will type out the whole program, LIST <line number> begins typing out the program starting at <line number> while LIST <line number>- will type out JUST that line.  You can only SAVE one program as there is currently no mass storage (but, I am working on a better solution, stay tuned!)

Half-Byte Tiny Basic is not perfect, but is works well and is a great tool for teaching. Best of all, you can download it for free.  A short document explaining the commands,statements and functions is included. You get the source code and the documentation all for free.  A nicer book/manual will soon be available for a small cost. The book written so that someone with no experience can pick it up, read and follow it to gain a basic understanding of how to write a program and get it to work. This book will also be part of the Programmer’s kit for the Half-Byte Console.

SAMPLE CODE

Here are a few pieces of sample code:

Kaliedoscope 3

100 CLS
110 X=RND(79)
120 Y=RND(47)
130 P=RND(79)
140 Q=RND(47)
150 SET X,Y
160 SET 79-X,Y
170 SET 79-X,47-Y
180 SET X,47-Y
190 RESET P,Q
200 RESET 79-P,Q
210 RESET 79-P,47-Q
220 RESET P,47-Q
230 Z=RND(100)
240 R=RND(20)
250 IF Z>92 CIRCLE 40,24,R,1
260 IF Z>92 FOR I=1 TO R
270 IF Z>92 CIRCLE 40,24,I,0
280 IF Z>92 NEXT I
290 GOTO 110

Half-Byte Demo

100 CLS
110 FOR K=0 TO 4
120 CURSOR K,3
130 PRINT ” Half-“
140 CURSOR 14-K,3
150 PRINT “Byte “
152 DELAY 1000
160 NEXT K
170 FOR R=1 TO 20
180 CIRCLE 38,21,R,1
184 DELAY 50
186 CIRCLE 38,21,R-1,0
190 NEXT R
195 CIRCLE 38,21,R-1,0
197 DELAY 1000
199 X=7
200 A=67:GOSUB 900
210 A=79:GOSUB 900
220 A=78:GOSUB 900
230 A=83:GOSUB 900
240 A=79:GOSUB 900
250 A=76:GOSUB 900
260 A=69:GOSUB 900
400 GOTO 100
900 FOR Y=0 TO 6
910 CURSOR X,Y
920 PRINT CHR(A);
930 DELAY 250
940 CURSOR X,Y
950 PRINT ” “;
960 NEXT Y
970 CURSOR X,7
980 PRINT CHR(A);
985 X=X+1
990 RETURN

You can download a PDF of the Half-Byte Tiny Basic Guide here.

You can download a ZIP file with the Half-Byte Tiny Basic source, Guide and some example code from here.

You can download the Half-Byte serial terminal for Arduino here.

The serial terminal runs on another Half-Byte Console or Arduino that has the Video and Audio output modifications and runs TVOut. Connect the two devices using TX,RX and GND pins. This allows you to use the serial terminal as an output device, providing a second screen to your console. The terminal provides 128×96 graphics and 22×16 lines of text. The terminal software interprets special code for clear screen, set pixel, reset pixel and box.

PLEASE NOTE:

Half-Byte Tiny Basic Copyright (c) 2014 George Gray

Arduino Tiny Basic Copyright © 2011 Mike Field

TVOut Library Copyright© 2010 Myles Metzer

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be  included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.