<azonenberg>
rqou: not if you have a proper jtag setup
<rqou>
yeah, but that's $$$
<rqou>
300khz clock ftdi is cheap :P
<rqou>
also I'm actually a little bit disappointed in this voting machine
<rqou>
(it's one of the ones we saw at defcon btw)
<rqou>
the windows ce one that had an obvious 20-pin "CPU JTAG" header
<azonenberg>
what i meant was
<azonenberg>
using actual in-circuit debug
<azonenberg>
is way faster than doing boundary scan bitbang
<azonenberg>
And 300 kHz is slooow
<rqou>
um, this is in-circuit debug
<azonenberg>
oh, ok so just the fmax is limiting you
<azonenberg>
starshipraider will be able to do jtag up to a couple hundred MHz *hint*
<azonenberg>
Limiting factor will usually be the DUT
<rqou>
you literally just load target/pxa255.cfg and you get jtag
<rqou>
(this is with openocd)
<smkz>
wait jtag can go to hundreds of megahertz? i didnt know that at all
<awygle>
it helps if you have an RCLK
<awygle>
although tbh i'm not sure _why_ it helps exactly..
<rqou>
not this potato
<rqou>
this voting machine is terribly engineered
<azonenberg>
awygle: rclk is just for dynamic clock speed
<azonenberg>
You can go fast without it but you need to have timing information for the target
<azonenberg>
although it might also be used for source synchronous outputs? not sure
<azonenberg>
current gen xilinx parts max out at 66 MHz so that's the ceiling i plan to run it at in the near future
<azonenberg>
smkz: it depends on the chip :)
<rqou>
i thought rclk was somehow related to debugging in sleep states?
<rqou>
also i love how this voting machine only took ~4hrs from acquiring to almost all firmware dumped
<rqou>
only thing missing is the cypress cpld that i don't have the jtag commands for
<azonenberg>
lol nice
<azonenberg>
but do you have vote-stealing firmware written yet?
<rqou>
nope
<rqou>
mostly because i don't know anything about wince
<rqou>
i wonder how difficult it would be to port linux to this thing?
<sorear>
oh, not a PC?
<rqou>
this voting machine is a pxa255 running wince
<sorear>
mm, arm
<rqou>
seriously, anybody ever hack on wince before?
<rqou>
how do i anything?
<smkz>
what does that CPLD do / what is it connected to?
<rqou>
no idea
* smkz
nod
<rqou>
presumably address decode glue
<m_w>
ewe wince
<rqou>
yeah i know
<m_w>
try super secure telnet :)
<rqou>
don't have ethernet
<m_w>
stunted serial COM?
<rqou>
lol don't have com either
<rqou>
i just immediately went for jtag
<m_w>
run for your life
<rqou>
there are hints that it supports an NE2000 via one of the pcmcia slots
<rqou>
but i'm not old enough to have one of those lying around
<rqou>
oh yeah, NE2000
<rqou>
and pcmci
<rqou>
a
<rqou>
this machine isn't very good
<azonenberg>
smkz: anyway, starshipraider is going to be able to run gpio bitbang plus basically all common serial protocols (uart, i2c, spi, jtag, etc) up to 500 Mbps on the FPGA side
<azonenberg>
i2c in particular is unlikely to be usable that fast after going through the io buffer, due to bus capacitance
<azonenberg>
and uart timing probably would be difficult to get right
<rqou>
i2c is limited by spec to 400khz
<azonenberg>
no it can go to 3 MHz in high speed mode
<rqou>
no, overclocking often doesn't work
<rqou>
ah, high speed
<rqou>
i've never used that
<rqou>
iirc it needs special io drivers
<azonenberg>
of course
<m_w>
how about i3c?
<azonenberg>
But again the goal was basically "whatever the heck that board speaks, with the right firmware you can talk to it"
<m_w>
bitbang all things
<azonenberg>
You'd never actually run uart at 500 Mbps, but by having the fpga logic running that fast you're guaranteed, however fast that uart is
<azonenberg>
you can probably talk to it
<smkz>
azonenberg: nice
<azonenberg>
It does mean i might have to patch my uart core to have a >16 bit baud rate divisor thoguh :p
<azonenberg>
smkz: the other fun part is the io buffer
<azonenberg>
i think i know how to do it, my first spin or two were good starts but not far enough
<azonenberg>
i want a single ended, bidirectional io cell that can run from 1.2 to 5V logic levels
<azonenberg>
at up to 500 Mbps
<azonenberg>
With tolerance to +/- 12V in fault conditions (normal operation not implied)
<azonenberg>
It just has to not permanently damage the board
<rqou>
azonenberg are you still bogged down with adult-ing and house stuff?
<azonenberg>
yes
<azonenberg>
we ripped out almost all the living room sheetrock today
<azonenberg>
finishing the rest of the walls tomorrow, fingers crossed, after the asbestos guys leave
<rqou>
is your employer paying you to demo your house? :P
<azonenberg>
then vacuuming, mopping up all of the dust everywhere
<azonenberg>
and hopefully electrical over the weekend
<azonenberg>
I'm doing it off the clock if thats what you mean
<azonenberg>
Just means i'm working ~100 hour weeks :p
<azonenberg>
exhausting but it gets the job done
<smkz>
i connected an ice40 fpga board to an LMS6002D board with enough random wires to get the FPGA modulating the latter's RF output (which i saw with uhd_fft); this is so fun
<smkz>
now i need to figure out how to properly connect the other 23 DAC/ADC lines <_<
<rqou>
argh, i get a pile of single bit errors
<rqou>
eh, whatever
<rqou>
wince hacking is such a huge pain in the ass
mumptai has quit [Remote host closed the connection]
wpwrak has quit [Read error: Connection reset by peer]
wpwrak has joined ##openfpga
wpwrak has quit [Read error: Connection reset by peer]
wpwrak has joined ##openfpga
wpwrak has quit [Read error: Connection reset by peer]
eduardo__ has joined ##openfpga
wpwrak has joined ##openfpga
eduardo_ has quit [Ping timeout: 268 seconds]
<rqou>
wow, openssl key encryption hasn't been very well tuned in JtR
<rqou>
i get "only" about 200k pw/s
<rqou>
aaand 2/3 passwords got cracked
<rqou>
damn voting machines must be very therapeutic for hackers to attack :P
<rqou>
it's soo easy
<rqou>
yup, i got two ballot station client certs now
<rqou>
at least they're both expired?
<gruetzkopf>
hmm, pxa255
<gruetzkopf>
i have a linux 2.4.something build around for that :D
ovf has quit []
ovf has joined ##openfpga
grantsmith has quit [Ping timeout: 240 seconds]
grantsmith has joined ##openfpga
m_t has joined ##openfpga
rohitksingh_wor1 has quit [Read error: Connection reset by peer]
dingbat has quit []
dingbat has joined ##openfpga
m_t has quit [Quit: Leaving]
genii has joined ##openfpga
pointfree has quit []
pointfree has joined ##openfpga
FabM has quit [Quit: ChatZilla 0.9.93 [Firefox 52.5.0/20171114221957]]
mumptai has joined ##openfpga
mumptai has quit [Remote host closed the connection]
jhol has quit [Quit: Coyote finally caught me]
jhol has joined ##openfpga
genii has quit [Remote host closed the connection]
genii has joined ##openfpga
<rqou>
ugh, JtR hasn't cracked the third password yet
user10032 has joined ##openfpga
m_t has joined ##openfpga
digshadow has quit [Ping timeout: 248 seconds]
digshadow has joined ##openfpga
Dolu has quit [Ping timeout: 255 seconds]
<balrog>
rqou: which voting machines are you working on?
<rqou>
accuvote tsx
<balrog>
not the shouptronic I hope :P
<rqou>
still not much progress on "how does one hack WinCE"
<balrog>
oh
<rqou>
nor do i have any of the smartcards
pie_ has quit [Ping timeout: 248 seconds]
<rqou>
either way, security on these is laughable (as expected)
pie_ has joined ##openfpga
m_t has quit [Quit: Leaving]
user10032 has quit [Quit: Leaving]
soylentyellow has joined ##openfpga
<pie_>
rqou, whatcha crackin
<pie_>
ugh looks like my virt-manager just broke
Dolu has joined ##openfpga
<rqou>
cr1901_modern1: are you using mingw32 or mingw-w64 targeting win32?
<cr1901_modern1>
The latter
<rqou>
hmm that really ought to work
<cr1901_modern1>
It's a binary reader error.
<cr1901_modern1>
or possibly binary writer
<cr1901_modern1>
but reading in the text repr works fine. Just inconvenient
Dolu has quit [Ping timeout: 276 seconds]
<rqou>
did you ever try my builds?
* rqou
really needs to do a production-grade emscripten version
<cr1901_modern1>
rqou: No, and I'm sure they are fine. But they don't help me when I need to hack on yosys and _for better or worse_, most of my environment assumes the 32-bit compiler
<rqou>
i have no idea what the difference is then
<rqou>
bitness seems like it shouldn't break things?
<cr1901_modern1>
exception handling bullshit?
<rqou>
that should be the same too?
<rqou>
oooh shit
<rqou>
that is indeed different
<rqou>
thanks Windows
<rqou>
emscripten solves all our problems :P
<rqou>
(except the "out of memory" part)
cr1901_modern has joined ##openfpga
cr1901_modern1 has quit [Ping timeout: 240 seconds]
<rqou>
damn, still no success on that third voting machine client cert
soylentyellow has quit [Read error: Connection reset by peer]