Cynthion board enables USB Hacking through Lattice ECP5 FPGA (Crowdfunding)

LUNA USB Hacking board

Update 16/02/2023: The LUNA board has been renamed to Cynthion, but the gateware framework continues to be called LUNA. Several USB hacking/debugging boards were launched in 2020 either based on microcontrollers or FPGA with the likes of Tigard (FTDI FT2232HQ), Ollie (STM32F042), Glasgow Interface explorer (Lattice Semiconductor iCE40), or Protocol Droid (STM32). All those were launched on Crowd Supply, and there’s now another one with LUNA “multi-tool for building, analyzing, and hacking USB devices” based on a  Lattice Semiconductor LFE5U-12F ECP5 FPGA that raised over $100,000 in a few days. Cynthion hardware specifications: FPGA- Lattice Semiconductor LFE5U-12F ECP5 FPGA with 12K LUTs System Memory – 64 Mbit (8 MiB) RAM for buffering USB traffic or for user applications Storage – 32 Mbit (4 MiB) SPI  flash for PC-less FPGA configuration USB – 3x High-Speed USB interfaces, each connected to a USB3343 PHY capable of operating at up to 480 Mbps. […]

Reverse engineering the SDK for BL602 RISC-V WiFi & BLE microcontroller

BL602 decompiled C code

Bouffalo Lab BL602, and its big brother BL604 with extra GPIOs, are RISC-V microcontrollers with WiFi and Bluetooth LE that offer an alternative to Espressif Systems ESP32 Xtensa based WiSoC, although Espressif has also designed its own RISC-V solution: ESP32-C3. Soon after the “announcement” in October 2020, we found out the SDK and a relatively cheap BL602 board, but the SDK has many closed-source binaries. Soon after Sipeed and Pine64 expressed their interest in developing an open-source toolchain and even an open-source WiFi (and BLE) stack. Time has passed and even got a Pinecone board in January, but did not do anything with it, especially seeing the status of the software. The same cannot be said for Lup Yuen Lee (aka MrTechBlog) who spent a lot of time doing interesting with Pine64 BL602 module and board including playing and thoroughly documenting his work with Tensorflow Lite, connecting the board to […]

Allwinner V831 NPU (Neural Processor Unit) reverse-engineered

V831 NPU open-source toolchain

When Sipeed introduced MAIX-II Dock AIoT vision development kit, they asked help from the community to help reverse-engineer Allwinner V831‘s NPU in order to make an open-source AI toolchain based on NCNN. Sipeed already had decoded the NPU registers, and Jasbir offered help for the next step and received a free sample board to try it out. Good progress has been made and it’s now possible to detect objects like a boat using cifar10 object recognition sample. Allwinner V831’s NPU is based on a customized implementation of NVIDIA Deep Learning Accelerator (NVDLA) open-source architecture, something that Allwinner (through Sipeed) asked us to remove from the initial announcement, and after reverse-engineering work, Jasbir determined the following key finding: The NPU clock defaults to 400 MHz, but can be set between 100 and 1200 MHz NPU is implemented with nv_small configuration (NV Small Model),  and relies on shared system memory for all […]

GR-LoRa is a Reverse-Engineered Open Source Implementation of LoRa PHY

LPWAN standards such as LoRa or Sigfox allow you to transmit data over long distance, at ultra low power (up to 10 years on a AA battery), and for free if your use your own network (P2P or gateway), or a few dollars per years if you go through a network provider. The low cost is possible since those standards rely on 900 MHz ISM bands, meaning nobody has to pay millions of dollars to the government to obtain a license fee. Matt Knight looked at LoRa, and while Level 2 and 3 of the protocol (LoRaWan) has public documentation, Level 1 (LoRa PHY) is proprietary and the standard is proprietary. So he decided to reverse-engineer LoRa PHY using Microchip RN2903 based LoRa Technology Mote and Ettus B210 USB software defined radio, and software packages and tools such as Python and GNU Radio to successfully deliver GR-LoRa open source “GNU Radio […]

Fernvale Open Source Hardware IoT Board Based on Mediatek MT6260 SoC with GSM Connectivity

Andrew Huang (Bunnie), an hardware engineer, known for hacking the original XBOX, and more recently for Novena open source laptop, has decided it could be interesting to reverse-engineer Mediatek MT6260 processor, as in China, it’s difficult to get documentation, SDK, and tools if you don’t commit to purchase X chips, where X is a rather large number. He and others also checked whether their work could be open sourced legally, and assert their “fair use” rights to reverse-engineer hardware and firmware. And so Fernvale project was born both as a technical challenge and to make a point. MT6260 is a $3 ARM7EJ-S processor clocked at 364 MHz with 8MB built-in RAM, interfaces such as I2C, SPI, PWM, UART, as well as LCD and touchscheen controller, and audio codec, battery charger, USB,  Bluetooth, and GSM support, which make the $6 Atmel MCU used in Arduino board look expensive. The main differences […]

EmbeddedTS embedded systems design