PROTOTYPE: Bus Pirate/Logic Analyzer with Ice40 FPGA

Bus Pirate “Ultra” taps an iCE40 FPGA to power a combined Bus Pirate interface and logic analyzer that is infinity hackable. Previous Bus Pirates relied on the hardware peripherals available in a microcontroller, which vary in features and have the occasional bug. With an FPGA we can implement practically any peripheral with all the fixes and hacks we want! SPI, I2C, UART, CAN? Yes! Master or slave? Both! Complex frequency generator? Yup! Full featured JTAG debugger? Don’t see why not!

A big STM32F103ZE (1) microcontroller connects to an iCE40HX4K FPGA (2) through a 16bit bus that can move a ton of data. The fully buffered interface (3) is capable of high-speed signaling from 1.2volt to 5volts. 128Mbit of RAM (4) powers a logic analyzer with a potential maximum speed over 200MSPS. A 32Mbit flash chip (5) stores up to 30 bitstreams with different features that can be loaded into the FPGA by the microcontroller.

This post covers our most recent hacks to the Bus Pirate, created with these goals in mind:

  • Peripherals that work and can be hacked
  • Direct interfacing at all common voltage levels
  • Real-speed bus activity
  • Built-in logic analyzer
  • Plenty of space for updates

Continue below to read about the design, or jump to the forum to see the bleeding edge.

The Bus Pirate is a tool that talks to microchips in various protocols such as I2C and SPI. Get to know a chip first, then dive into the code. It’s been ten years since Seeed Studio did the original Bus Pirate production, and now we’re hacking new hardware for the next decade.

The Bus Pirate v3.x PCB is extremely simple due to a feature in PIC24FJ microcontrollers called Peripheral Pin Select. PPS allows most major peripherals (UART, SPI, PWM, counters, etc) to be assigned to almost any IO pin. Five PIC pins provide all the functionality for all the supported protocols.

Last year Sjaak did a deep dive on an STM32 ARM-based Bus Pirate. Unlike the PIC24FJ, all the hardware peripherals are fixed to certain pins that have to be tied together. All the interconnections make a rat nest of traces.

Once we got familiar with the STM32 it was obvious that the optimizations for low-power and DMA were going to be a real pain to work around. Take for example the I2C peripheral: you need to tell it when the transfer is ending at least one byte in advance. This is great if you’re setting up repetitive transfers using DMA in low-power modes, but the Bus Pirate is for hacking and “human scale” interactions. We faced two bad options: send a ghost byte when we can’t infer the end of a transfer, or use software I2C libraries. There’s really no point in having this much chip and then resorting to bit-banging!

Bus Pirate Ultra

We shelved the project to lick our wounds and come up with some new design goals:

  1. Peripherals that work and can be hacked
  2. Direct interfacing at all common voltage levels
  3. Real-speed bus activity
  4. Built-in logic analyzer
  5. Plenty of space for updates

Peripherals
that work and can be hacked

The bottom line is we need hackable peripherals. From the I2C hardware bug in the B2 revision of the 24FJ64GA002, to the tricky implementation of peripherals in modern ARM chips, fixed silicon peripherals are a huge limitation. An FPGA is one answer.

In this design we use a Lattice ICE40 FPGA to implement bus protocol peripherals. Bugs can be squashed and features can be added with a simple bitstream update.

Source: ST app note AN2784 page 6.

The FPGA is connected to the STM32 static memory controller (FSMC) using a 16bit SRAM-like bus with 6 address bits. That’s a lot of bandwidth to push and pull data, and will eventually drastically speed up binary operations like dumping the contents of flash chips with FLASHROM.

An FPGA has always been the next logical step for the Bus Pirate, but bloated “Webpacks” and vendor tools under restrictive licenses are not hacker friendly. Fortunately, IceStorm gives us a free, open, and fast tool chain for the ICE40 FPGA.

Direct interfacing from 1.2 to 5volts

Previous Bus Pirates could interface with chips directly at 3.3volts, and from ~2volts to 5volts using pull-up resistors and open drain pin outputs. This works well for slow experimentation, but an open drain bus has real speed limitations. We want to interface directly at any common voltage.

Source: Nexperia 74LVC1T45 datasheet page 1.

74LVC1T45 is a bi-directional buffer used in cheap ARM programmer clones sold on Taobao. This buffer is a bulldozer, capable of 420Mbps at 5volts to 60Mbps at 1.5volts. It has a partial power-down feature that disables the outputs when no power supply is present to prevent backflow current into the FPGA or the device under test. TI, Nexperia and Diodes INC all manufacture a version of the 74LVC1T45. The Nexperia version works from 1.2volts to 5.0volts, while the others have a 1.65volt minimum.

74LVC1T45 has two control pins: direction and input/output. In a fixed direction bus like SPI or asynchronous serial this buffer can be put in front of any common microcontroller peripheral. However, it’s a dead end for a bidirectional bus like I2C or 1Wire because the peripheral would need to somehow manage the direction pin on a bit by bit basis. Direction handling is not a feature we’ve ever encountered on a microcontroller peripheral. The key here is to implement our own peripherals in the FPGA, and use the FPGA to manage the direction pin.

Source: Nexperia 74LVC1G07 datasheet page 1.

A 74LVC1G07 open drain output buffer is paired with each 74LVC1T45. It is also 5volt tolerant and has partial power down protection. Open drain output could be done by switching the direction pin of the 74LVC1T45, however it requires attention to timing to avoid bus contention. It’s so much easier to add a dedicated open drain driver chip.

Real-speed bus activity

At our very first New York Maker Fair (RIP) we had the chance to meet one of our maker heroes at an after party. We introduced ourselves and Maker Hero replied “The Bus Pirate is too slow” and walked away. It was crushing, but it is accurate. The Bus Pirate is slow in several ways:

  1. It is slow in terms of maximum bus speeds from the PIC running at 16MIPS
  2. It is slow in terms of time between each bus action. For each read/write/whatever the Bus Pirate sits and spits out text to the serial terminal. On a logic analyzer, as shown above, there is a very obvious delay between each command
  3. USB CDC (virtual serial port) is super easy to use, but it is slow and antiquated

Bus speeds can be increased substantially with a fast-clocked FPGA. We used the FPGA block RAM to create a bidirectional FIFO command queue. The STM32 MCU fills the command queue, then the FPGA drives the bus signaling without any delays to handle the terminal text. The MCU reads from the FPGA output queue and spits out text from a low priority background process. The fast, continuous bus activity from the FPGA is more in line with what really happens in implemented circuits.

libopencm3, the open source peripheral library we’re using with the STM32, supports multiple USB endpoints. We’ll add a USB bulk transfer endpoint that should drastically speed up binary operations like chip programming, flash read and writes, and display interfacing.

Built-in logic analyzer

A built-in logic analyzer is a top wish list item and has appeared in various prototypes in the past. While the Bus Pirate and a datasheet are enough to get a lot of chips going, there’s a decent chance we haul out the logic analyzer to get a good look at whats happening on the wires. A built-in logic analyzer that captures each command in real time makes debugging a dream.

A simple serial SRAM logic analyzer like the Logic Shrimp and Logic Pirate are quite cheap and easy to implement with PIC18/24/30 timers. Our attempt to do the same with the STM32 was less successful, but now we can drive it from the FPGA.

To ensure that the logic analyzer is reading the actual pin states, it gets a dedicated 74LVC573 input buffer that attaches to the IO header after the signal buffers.

Bus Terminal is a little Qt hack for debugging the logic analyzer and uploading FPGA bitstreams. Eventually we’ll target sigrok with a USB bulk transfer interface and driver.

Plenty of space for updates

The biggest issue we faced with Bus Pirate v3 was the lack of space. Endlessly optimizing strings to eek out a few more bytes is annoying. Eventually we had to split the firmware into multiple parts with different features, a nightmare for users.

We want to hack and hack and hack for years in the future without running into space limitations. The huge STM32 chip has a generous amount of flash that should be sufficient for years of development.

The FPGA is another possible space crunch. Instead of the FPGA loading it’s own bitstream like the Logic Sniffer design, we used a big 32Mbit (or 64Mbit) flash chip to store multiple bitstreams in a simple file system. The STM32 loads the correct bitstream into the FPGA for each bus protocol. Bitstreams for the ICE40 4HK chip are about 135K max, so 32Mbit of flash should hold around 30 bitstreams with different features.

Hardware, firmware, software, HDL

  • Firmware – We’ve been compiling and debugging with EmBitz
  • Hardware – Eagle files
  • HDL – Verilog for FPGA
  • Bus Terminal – Qt/C++ app to test logic analyzer and upload bitstreams

Taking it further

The v1a board shown here was a good proof of concept, and several major potential improvements became obvious after the build. Next week we’ll post about our updates to the on-board power supplies, voltage/ADC probe and the pull-up resistors. We’re also working on a pinout label using a high-resolution IPS LCD.

Check out the forum if you’d like to skip ahead and see our latest revisions.

California: Tell Governor Newsom to Stop Face Surveillance on Police Body Cams

Communities called for police officers to carry or wear cameras, with the hope that doing so would improve police accountability, not further mass surveillance. But today, we stand at a crossroads: face recognition technology is now capable of being interfaced with body-worn cameras in real-time—a development that has grave implications for privacy and free speech.

If California Governor Gavin Newsom signs A.B. 1215 before October 13, he affirms California should take the opportunity to hit the brakes on police use of this troubling technology in the state. This gives legislators and citizens time to evaluate the dangers of face surveillance, and it prevents the threat of mass biometric surveillance from becoming the new normal.

Take Action

No Face Recognition on Body-Worn Cameras

EFF joined a coalition of civil rights and civil liberties organizations to support A.B. 1215, authored by California Assemlymember Phil Ting. This bill would prohibit the use of face recognition, or other forms of biometric technology, on a camera worn or carried by a police officer for three years.

This technology has harmful effects on our communities today. For example, face recognition technology has disproportionately high error rates for women and people of color. Making matters worse, law enforcement agencies conducting face surveillance often rely on images pulled from mugshot databases, which include a disproportionate number of people of color due to racial discrimination in our criminal justice system.

Ting’s bill, by targeting a particularly pernicious and harmful application of face surveillance, is crucial not only to curbing mass surveillance, but also to facilitating better relationships between police officers and the communities they serve. As EFF activist Nathan Sheard told the California Assembly, using face recognition technology “in connection with police body cameras would force Californians to decide between actively avoiding interaction and cooperation with law enforcement, or having their images collected, analyzed, and stored as perpetual candidates for suspicion.”

A.B. 1215 clearly taps into widespread concern over face surveillance. The Assembly passed an earlier version of the bill with a 45-17 vote on May 9; the Senate in September sent it to the governor with a 22-15 vote. Lawmakers and community members across the country are advancing their own prohibitions and moratoriums on their local government’s use of face surveillance, including the San Francisco Board of Supervisors’ historic May ban on government use of face recognition. Meanwhile, law enforcement use of face recognition has come under heavy criticism at the federal level by the House Oversight Committee and the Government Accountability Office.

We encourage people across the country to support bans in their own communities.

Tell Governor Newsom: Sign A.B. 1215 and listen to the growing number of voices that oppose government use of face surveillance.

Spicy Plum Chutney

Jars of chutney

I’ve been using my Plum Chutney recipe for years and enjoying every batch. Our own plum tree is now mature and producing lots of wonderful fruit each year, so I have had many opportunities to reproduce and refine my recipe. Here’s my new spicier recipe, with notes below on ingredient changes and other tips I’ve learned over the years.

Ingredients:

  • 8 cups cut up pieces of plums, pits removed, skins left on, fresh or frozen
  • 3 lemons, (optionally peeled) cut into small pieces, seeds removed
  • juice from 3 more lemons
  • 1/4 cup fresh ginger, peeled and grated (a microplane works great) or cut into matchsticks
  • 2 Tbsp cumin seeds
  • 2 sticks of cinnamon
  • 1 tsp cayenne pepper
  • 1 tsp garam masala
  • 1/4 tsp salt
  • 4 cups sugar (granulated or brown)

Throw everything except the sugar in a sauce pot and cook, stirring occasionally, until the fruit starts to soften. Add sugar and cook, stirring regularly, until it thickens to a consistency you like. You can test the consistency by putting a spoonful in a cold dish in the fridge for a few minutes. Remove cinnamon sticks after cooking. You can also follow your favorite canning procedure for longer term storage. Makes about 3-4 pints.

Fruit and spices in pot

We’ve tended toward more flavor intensity in our cooking over time, and I’ve settled on a version with twice as much spice as before. Sometimes I’ll cut the some or all of the ginger into matchsticks instead of grating it, which results in little bursts of ginger flavor when you’re eating the chutney. If you like that, by all means, use matchsticks! For a more even flavor or consistency, stick to using the microplane. I added a small amount of salt, which makes all of the flavors shine just a little bit more.

I’ve stopped adding water to my preserves. It cooks a little faster without as much liquid, and there’s enough liquid in the lemon juice to get it started cooking even if the fruit isn’t covered. I’ve also started removing the lemon peel for most of the preserves I make other than marmalade. The peel gives it a stronger lemon flavor, and keeps the pectin in the pith from gelling from as well. If you want a thicker consistency, you can leave the peel out. If you want zingier lemon flavor, leave it on.

Using potato masher to crush fruit pieces

One other consistency related tip: if I want a less chunky consistency, I use a potato masher to crush the fruit pieces early in the cooking. During fruit season, I try to preserve as much as I can by making jams and chutneys, but I usually run out of time and end up cutting up the last of the crop and freezing it. Using frozen fruit for jams seems to work just as well as fresh. The other thing I usually run out of is sugar, because I often forget how much it takes to make preserves, so I started using brown and granulated interchangeably in the chutney. I even used palm sugar once! Which sugar you use doesn’t seem to affect the flavor significantly, so use whichever you have on hand.

Mechpen drawbot

l-7175-600

Alexander Weber has a nice build log on his drawbot called Mechpen, that is available on GitHub:

This is Mechpen, my newest drawbot.
The idea was to have a robot arm that could sketch on a rather large surface.
It is a SCARA (Selective Compliance Assembly Robot Arm) robot arm, meaning the robot has a shoulder and an elbow joint and a hand. Mechpen has a reach of 140 cm which means it could sketch up to A0 format.

You can see the full build on Weber’s Tinkerlog site.

Check out the video after the break.

The FISA Oversight Hearing Confirmed That Things Need to Change

Section 215, the controversial law at the heart of the NSA’s massive telephone records surveillance program, is set to expire in December. Last week the House Committee on the Judiciary held an oversight hearing to investigate how the NSA, FBI, and the rest of the intelligence community are using and interpreting 215 and other expiring national security authorities. 

Congress last looked at these laws in 2015 when it passed the USA FREEDOM Act, which sought to end bulk surveillance and to bring much-needed transparency to intelligence agency activities. However, NSA itself has revealed that it has been unable to stay within the limits USA FREEDOM put on Section 215’s “Call Detail Records” (CDR) authority. In response to these revelations, we’ve been calling for an end to the Call Details Records program, as well as additional transparency into the government’s use of Section 215. If last week’s hearing made anything clear, it’s this: there is no good reason for Congress to renew the CDR authority.

The Call Detail Records Program Needs to End

 Chairman Nadler began the hearing by asking Susan Morgan of the NSA if she could point to any specific instance where the CDR program helped to avert any kind of an attack on American soil. Morgan pushed back on the question, telling Chairman Nadler that the value of an intelligence program should not be measured on whether or not it stopped a terrorist attack, and that as an intelligence professional, she wants to make sure the NSA has every tool in the tool box available. 

However, the NSA previously reported it had deleted all the information it received from the 215 program since 2015. Morgan confirmed that part of the reason the NSA chose to mass delete all the records was because not all the information was accurate or allowed under the law. 

 In other words, the NSA wants Congress to renew its authority to run a program that violates privacy protections and collects inaccurate information without providing any way to measure if the program was at all useful. The agency’s best argument for why it wants to renew the legal authorization to use the CDR provision is because it might be useful one day.

 Rep. Steve Cohen asked the panel if they could reassure his “liberal friends” that there have been meaningful reforms to the program. The witnesses cited some of the reforms from USA FREEDOM, passed in 2015, as evidence of post-Snowden reforms and safeguards.

However, their answer did not meaningfully address recent incidents where the NSA discovered that it had improperly collected information. Documents obtained by the ACLU include an assessment by the NSA itself that the overcollection had a “significant impact on civil liberties and privacy,” which is putting it mildly.

Fortunately, the committee did not appear to be convinced by this line of reasoning. As Rep. Sylvia Garcia told Morgan, “If I have a broken hammer in my toolbox, I don’t need to keep it.”

We agree. No surveillance authority should exist purely because it might someday come in handy, particularly one that has already been used for illegal mass surveillance

Other Transparency Issues

In addition to the CDR program, Section 215 also allows the government to collect “business records” or other “tangible things” related to a specific order. Despite the innocuous name, the business records provision allows intelligence agencies to collect a vast range of documents. But we don’t have a sense of just what kinds of sensitive information are collected, and on what scale.

Rep. Pramila Japayal pressed the witnesses on whether Section 215 allows the collection of sensitive information such as medical records, driver’s license photographs, or tax records. Reading from the current law, Brad Wiegmann, Deputy Assistant Attorney General, responded that while the statute does contemplate getting these records, it also recognizes the sensitive nature of those records and requires the requests to be elevated for senior review. 

In other words, the DOJ, FBI and NSA confirmed that under the right circumstances, they believe that the current authority in Section 215 allows the government to collect sensitive records on a showing that they are “relevant” to a national security investigation. Plus, as more and more of our home devices collect information on our daily lives, all the witnesses said they could easily envision circumstances where they would want footage from Amazon’s Ring, which EFF has already argued is a privacy nightmare

In addition, Rep. Hank Johnson and Rep. Andy Biggs pressed the witnesses on whether the government collects geolocation information under Section 215, and if there has been guidance on the impact of the Supreme Court’s landmark Carpenter decision on these activities. Wiegmann acknowledged that while there may be some Fourth Amendment issues, the committee would need to have a classified session to fully answer that question. 

Additionally, when asked about information sharing with other federal agencies, none of the witnesses were able to deny that information collected under Section 215 could be used for immigration enforcement purposes. 

Both of these revelations are concerning. Carpenter brought on a sea change in privacy law and it should be highly concerning to the public and to overseers in Congress that the intelligence community does not appear to be seriously consider its effect on national security surveillance.

As it considers whether or not to renew any of the authorities in Section 215, Congress must also considering what meaningful privacy and civil liberties safeguards to include. Relying on the NSA to delete millions of inaccurate records collected over many years is simply insufficient. 

Secret Laws in Secret Court

In 2015, in the wake of Edward Snowden’s revelations about the NSA mass spying on Americans, Congress passed USA FREEDOM to modify and reform the existing statute. One of the provisions of that bill specifically requires government officials to “conduct a declassification review of each decision, order, or opinion issued” by the FISC “that includes a significant construction or interpretation of any provision of law.”

Both the text of the bill and statements from members of Congress who authored and supported it make clear that the law places new, affirmative obligations on the government to go back, review decades of secret orders and opinions, and make the significant ones public. 

However, the DOJ has argued in litigation with EFF that this language is not retroactive and therefore only requires the government to declassify significant opinions issued after June 2015. 

It also remains unclear how the government determines which opinions are significant or novel enough to be published, as well as how many opinions remain completely secret.

Allowing the Foreign Intelligence Surveillance Court (FISC) to interpret the impact of that decision on Section 215 programs in secret means that the public won’t know if their civil liberties are being violated. 

Releasing all significant FISC opinions, starting from 1978, will not only comply with what Congress required under USA FREEDOM in 2015, it will also help us better understand exactly what the FISC has secretly decided about our civil liberties. Adding a new provision that requires the FISC to detail to Congress how it determines which opinions are significant and how many opinions remain entirely secret would provide additional and clearly needed transparency to the process of administering secret law.

Conclusion 

Despite repeated requests from the members of the panel to describe some way of measuring how effective these surveillance laws are, none of the witnesses could provide a framework. Congress must be able to determine whether any of the programs have real value and if the agencies are respecting the foundational rights to privacy and civil liberties that protect Americans from government overreach. 

Back in March, EFF, along with the ACLU, New America’s Open Technology Institute, EPIC and others, sent a letter to the U.S. House Committee on the Judiciary, detailing what additional measures are needed to protect individuals’ rights from abuses under the Patriot Act and other surveillance authorities. Hearing members of the Intelligence Community speak before the Judiciary Committee reconfirmed just how essential it is that these new protections and reforms be enacted.

We look forward to working with the US House Committee on the Judiciary to end the authority for the Call Details Records program once and for all and to ensure that there are real transparency mechanisms in the law to protect civil liberties.

Modular Button Base (LEGO Technic Compatible) #3DPrinting #3DThursday

6d8b360bc26562f73dcb5728dff37271 preview featured 1

aguzinski shared this project on Thingiverse!

LEGO Technic compatible modular base for 12mm push buttons. Can be used to with a Raspberry Pi, Arduino, Makey Makey, etc.

3, 4, and 6-button pieces are included, but can combined together. I included two 4-button varieties. The tight fit version works better as a D-pad if you are using as a simple controller.

I printed without supports. This produces a few rough patches in out-of-the-way areas, so if that matters to you, they can be added.

See more!


649-1
Every Thursday is #3dthursday here at Adafruit! The DIY 3D printing community has passion and dedication for making solid objects from digital models. Recently, we have noticed electronics projects integrated with 3D printed enclosures, brackets, and sculptures, so each Thursday we celebrate and highlight these bold pioneers!

Have you considered building a 3D project around an Arduino or other microcontroller? How about printing a bracket to mount your Raspberry Pi to the back of your HD monitor? And don’t forget the countless LED projects that are possible when you are modeling your projects in 3D!

It’s Almost Open Source Hardware Month! Come Celebrate with Us October 1st

We’re kicking off Open Source Hardware Month with a panel of heavy OSHWA hitters from Colorado’s front range. The evening, co-sponsored by SparkFun and OSHWA, will include the panel, followed by a mixer to connect open hardware enthusiasts. We’ll bring the refreshments, you bring a question for the panel or a project to share! The details:

  • What: Open Source Hardware Month kick-off event: open mixer and panel @ SparkFun
  • Date: Tuesday, October 1st
  • Time: 5:30 — 8:00 p.m.
    • 5:30 p.m.: Grab snacks, network, settle in
    • 6:00 — 7:00 p.m.: Panel
    • 7:00 — 8:00-ish: Networking
  • Location: SparkFun Electronics, 6333 Dry Creek Parkway, Niwot, CO 80503
  • Panelists:
    • Alicia Gibb, founder and executive director of the Open Source Hardware Association (OSHWA)
    • Arielle Hein, artist, technologist, educator
    • Harris Kenny, principal at Kenny Consulting Group
    • Toni Klopfenstein, open source supporter and developer advocate at Google
    • Nathan Seidle, founder and engineer at SparkFun Electronics


SparkFun and Open Source

From the beginning, open hardware has been a pillar of SparkFun. Our products and resources carry no patents, so anyone can use, modify and even sell them. Being open source encourages people to share and learn from each other. It also forces us to focus on what we do best and constantly innovate. In short, it makes us better, for you and for the world. Watch our founder, Nathan Seidle, speak on open source hardware.

Open Source Hardware Resources from OSHWA

The Open Source Hardware Association (OSHWA) is a non-profit organization that advocates for open source hardware, and acts as a hub of open source hardware activity of all types. If you are interested in open hardware, you may be interested in some of the resources on the OSHWA web site:

  • Open Source Hardware month across the globe
  • Definition of Open Source Hardware
  • OSHWA Certification process

    alt text

    comments | comment feed

  • Maker Spotlight: Conor Patrick

    This maker spotlight was brought to us through Maker Faire Rome.  You’ll be able to find them and many more creative and exciting makers at Maker Faire Rome: The European Edition on October 18-20. Get your tickets now! personal blog Who are you? Conor Patrick.  I am an engineer that […]

    Read more on MAKE

    The post Maker Spotlight: Conor Patrick appeared first on Make: DIY Projects and Ideas for Makers.

    Maker Spotlight: Manolis Kiagias

    This maker spotlight was brought to us through Maker Faire Rome.  You’ll be able to find them and many more creative and exciting makers at Maker Faire Rome: The European Edition on October 18-20. Get your tickets now! who are you? My name is Manolis Kiagias, I am an electronic […]

    Read more on MAKE

    The post Maker Spotlight: Manolis Kiagias appeared first on Make: DIY Projects and Ideas for Makers.