It seems the ongoing trend for laptops is to integrate and hide as much as possible from the user. We’re all used to minimalistic crappy BIOS setups with two or three configuration options. However, things go way too far when OEMs remove options related to features that the hardware is capable of but which are disabled by default. This happens with Intel VT on many laptops – even if the CPU supports it, you may not be able to find the BIOS setup option to turn it on.
I certainly wanted to use a feature that I paid for, so I started investigating the BIOS and here’s what I found out. Read the rest of this entry »
With the new OS version, Apple totally changed up the database format. Now it’s based on a whole bunch of SQLite files and there are also a few files in a format similar to the old proprietary one. There are more than likely still hashes in the critical files, and there’s also a suspicious pair of files that appear to be entirely encrypted. The SQLite format is open and certainly better than the old one, but someone still needs to interface a media player to it.
The upshot of this is that a whole new support library will need to be written or large changes in libgpod need to happen to support the new SQLite format. The DBVersion hack also isn’t going to work – either someone needs to reverse engineer the complete hashing algorithm (and maybe that encrypted file stuff), or the MusicLibrary binary on the phone needs to be patched. So, if you’re currently syncing music with free software, you’ll want to hold off on upgrading to 3.0.
Patching the check out of MusicLibrary looks trivial enough, so although it’s not as easy as the DBVersion hack, it isn’t a real showstopper. The hash algorithm looks the same as the old one, or at least quite similar (and just as badly obfuscated). Those encrypted files do scare me a bit though.
After a few days of reading very, very weird disassembled code and poking registers, the odd 2D hardware finally works (for the most part). It can draw lines, so I threw in a software 3D transform. Here’s the Stanford Bunny in a glorious 448 vertices and 1416 lines of jaggy wireframe awesomeness.
The chip has hardware line styling (stippling), and you can see 4 different settings (solid, “10″ dashed, “100″ dashed, “1000″ dashed) in sequence. At the higher setting it starts to look more like a point cloud with many more points than it has real vertices.
Also of note: I’m working inside a framework that drives operation of the SPMP from the PC. While the entire bunny transformation and rendering is happening inside the SPMP, the PC sends it the rotation matrix and tells it to go each frame (and also when to switch stippling and whatnot). So it’s slower than it would be in pure standalone hardware, because there’s still at least two serial port ping-pong commands each frame (one memory download for the matrix and one command to tell it to render the bunny with it).
You can grab the (ugly as hell) code in the Git repo.
Fun stuff: the projection is orthographic, so there’s no depth information rendered. This makes the rotation ambiguous. Do you see it rotating clockwise or anticlockwise (looking at it from above)? Can you make your brain switch between them?
I’ve joined a bunch of friends in a quest to reverse engineer and write custom software for Sunplus SPMP305x chips. These chips are inside all sorts of chinese media players, particularly the fairly powerful kind with a camera, video playback, etc. The chip is based around an ARM926EJ-S core, but the peripherals around it are completely custom – check out the marketing blurb. Most current work is on reverse engineering the hardware interface so we can completely replace the default firmware.
If you’re interested and you have one of these or don’t mind spending $33 to get an interesting ARM machine, check out the wiki, Google Code project for the Prex port and other stuff, and my Git repository with a port of MINI and a bunch of client utilities for reverse engineering and testing the hardware stuff. Most importantly, however, come visit us at #spmpdev on the EFNet network! Most of the work and chitchat happens in the IRC channel.
I’ll eventually write a longer post about how different bits and pieces of this laptop’s hardware fare under Linux. For now, I’ve managed to strike one of the more annoying issues: proper audio. Scroll down if you’re impatient and want the code; read on if you want the full story.
This laptop is peculiar because it has built-in “5.1″ audio. Yes, it does really have 6 speakers, though you’d be hard pressed to get much spatial separation out of them (and they aren’t even placed around symmetrically). However, the speakers do end up making a very decent multiway audio system, by laptop standards: the “rear” pair (which is actually between the keyboard and the screen; the mind boggles) is good with the high end, the “front” and center speakers (front edge of the laptop) are your average mediocre speakers that can handle mid-end, and the “Tuba” not-so-”sub” woofer fills in enough low-end to equal a decent overall speaker, although of course with zero stereo/spatial separation since there’s only one of it (actual subwoofers can pull off mono because the human ear can’t really hear spatial position at low frequencies, but the Tuba is more like the only non-sucky speaker in the entire laptop).
What this boils down to is that you really want good audio support for all 6 speakers if you want to take advantage of the audio capabilities at all. Most importantly, stereo needs to be upmixed and a good portion of the normal audio needs to be routed to the Tuba. ALSA’s asound.conf makes this easy, assuming the actual hardware works fine. Of course, that’s not the case. Read the rest of this entry »
If you’ve ever worked with other people on some piece of code or program, particularly over IRC or IM or some other form of real-time or fast text communication, chances are you’ve used one of the many “paste” sites available (my personal favorite is pastie). These sites offer a convenient way of sending small to medium chunks of text to other people quickly, by simply copyng and pasting the text into a web form. This is a lot better than the old way of having to send an e-mail attachment, spam an IRC channel, or upload the text to some web host, but as I used pastie more and more often I started to realize that it could be made even faster.
So I wrote a simple Python script that lets you quickly upload some text or a set of files to Pastie. It can do stdin or a bunch of files, and it also tries to figure out what syntax highlighting to pick from the file extension. You can grab it here. Rename it to ‘pastie’, make it executable, and place it somewhere in your $PATH. There is built-in help available (just call pastie –help), but here are some simple examples:
# this pasties the output of do_something as a public pastie
$ do_something | pastie -p
# this pasties the specified files, using a header for each
# and the correct syntax highlighting setting
$ pastie foo.c bar.py baz.sh
# pastie stdin with author "marcan" as a python script
$ pastie -t python -n marcan
You can also set the DEFAULT_NAME variable at the top of the file to a quoted string to use a certain author name by default for all your pasties.
There’s an extra undocumented feature useful for editor integration: if you pass in a filename to the -t option, it’ll try to figure out the parser from the extension and use that for syntax highlighting (but it’ll take input from stdin unless you use file arguments). This is useful for making an editor plug-in or action that can pastie the current selection from a document and still keep the right syntax highlighting:
A very neat trick is to make a global shortcut to pastie the current clipboard contents. If you’re using KDE with X11, for example, you could bind ctrl+shift+c to the following command:
xsel -o | pastie | xsel -i && play ~/your_favorite_bell.wav
This will pastie the current X11 selection, then write back the URL as the selection, and play a ding of your choice. This means you can select any text, hit ctrl+shit+c, and then middle-click on an IRC or IM session to paste the URL to the text that you just selected. If your ISP’s nameservers are slow like mine are, add pastie.org to your /etc/hosts for a speed boost.
With newer iPods and the iPhone 2.x firmware, Apple decided to implement a new hash scheme for iTunesDB to prevent third-party apps from managing the iPod database. Stupid. They decided to make it part of the FairPlay codebase, including its obfuscation. Very Stupid. But just in case that weren’t enough, then they went ahead and tried to take down the iPodHash project which was attempting to reverse engineer the (annoyingly obfuscated) algorithm. Completely Stupid.
I had previously patched the check out in the MusicLibrary binary, and forgot to write it up. However, I just looked at it again, and it turns out that you can get it to work just by changing a simple XML file. I guess they didn’t really care if jailbroken iPhone users used third-party software.
Here’s how: Edit /System/Library/Lockdown/Checkpoint.xml, find the DBVersion key, and change its value from 4 to 2. Save and reboot. Voila! I haven’t tested this extensively, but it seems to work at least on 2.1 and 2.2. You can then use Amarok or any other libgpod app to transfer data to the device (using the usual sshfs mount trick which is documented elsewhere for 1.x iPhones)
Update: abu from ml_ipod pointed out that DBVersion 3 also works. This version includes the old hash which was already present in older versions. I have tested this to work on version 2.1 of the iPhone software. Update 2: DBVersion 3 works only on some devices, better stick with DBVersion 2.
And most of us are back home! 25C3 has really been a blast and I’m sure most of us will repeat next year.
We had a huge table and still managed to fill it up entirely. Just look:
Console Hacking table at the Hackcenter
Since taking photos of the public without permission is forbidden at the Congress, and I didn’t obtain explicit permission from the people on the left, I’ve blacked them out. Oh yeah, that guy at the back is crediar. I hear he doesn’t mind if I post his photo
The iPhone Dev Team guys also sat with us. We even worked together on several occasions, and it was really cool to have these two teams meet together and learn from each other.
On Day 2 we gave our talk in Saal 2, Console Hacking 2008: Wii Fail.
Throughout most of Day 2 and right until the talk, we worked on trying to get a BootMii demo done. Just before the talk, my monitor finally flashed an image of a text-based I2C waveform dump – this is the very first time we got that to work without involving IOS (it turns out IOS does some video init too). John_K and Erant worked before and during the beginning of the talk to bring us the little System Menu/Homebrew Channel menu which proves (if you believe us anyway) that we finally got video output working in fully custom PPC code running from BootMii. After some roadbumps and my failure to remember to cat /dev/usbgecko on the computer (that’s why we got a black screen the first time), it finally worked at the very last minute.
Oh yeah, and the batteries on the Wiimote weren’t dead. I tried them later and they were fully charged – I think the Wiimote had crashed or something and the battery changed had gotten it to reset.
We also had an insanely fun time with the 25C3 Capture the Flag competition. At first some of us were somewhat reluctant to participate since we were all totally unprepared, but in the end the iPhone Dev guys and the Wii guys joined forces. We worked together really well, and we managed to pull off a first place! Congratulations to the other teams and to the organizers too – it was very fun and we hope we can do this again soon, maybe as a remote team. Next time I promise I won’t run killall5 and bring down our entire server for a while (whoops!)
In an ideal world, in a few hours, a plane will depart from Madrid Barajas International Airport and with destination Berlin-Tegel Airport. Hopefully, I will be inside that plane. This isn’t an ideal world, however, so chances are the flight will be delayed. But one way or another, I hope to find my way to Berlin today (or tomorrow, going by my sleep cycle).
Pack up has been interesting. Behold:
Standards vary, but I think this is somewhere between “reasonable by 25c3 standards” and “completely insane”. This should be fun though. See if you can spot the key components. FYI: My Wii lives in that 56K modem box.
In an attempt to keep this blog from developing a severe case of cobwebs, I’ll try to keep you posted on what goes on at 25c3. Here’s the vital information:
