- Previous podcast episodes:
- Incognito Mode which was episode number 69
- Arduino, The Gateway Drug To #BadgeLife which was episode number 109
- Espress-ify? Designing Products Around the ESP-32 Platform which was episode number 144
- Feel the Hum which was episode number 183
- RTOS vs No OS (i.e. Arduino or pure SDK usage)
- What about a Bootloader?
- Zephyr RTOS
- Whats good about Zephry / What SUCKS about Zephry
- Middle Ware
- App Layer
- The Cloud
- Flags and CTF
- Patching firmware in the wild
Special thanks to whixr over at Tymkrs for the intro and outro!
About The Hosts
Parker Dillmann is MacroFab's Co-Founder, and Lead ECE with backgrounds in Embedded System Design, and Digital Signal Processing. He got his start in 2005 by hacking Nintendo consoles into portable gaming units. He also runs the blog, longhornengineer.com, where he posts his personal projects, technical guides, and appnotes about board layout design and components. Parker graduated with a BS in Electrical and Computer Engineering from the University of Texas.
Stephen Kraig began his electronics career by building musical oriented circuits in 2003. Stephen is an avid guitar player and, in his down time, manufactures audio electronics including guitar amplifiers, pedals, and pro audio gear. Stephen graduated with a BS in Electrical Engineering from Texas A&M University.
Host 1 00:11
Welcome to the macro fab engineering podcast. We're your guest Hi, Ron, and zap.
Host 2 00:16
And we're your hosts, Parker Dolan and Blitz. Oh, that's right. Oh, I just,
Host 1 00:26
We've we've done this like, what, five times?
Host 1 00:28
Maybe five times.
Host 1 00:30
One more time than Joe granted we're already screwing it up. Yep.
Host 1 00:34
And we're your hosts crab foam.
Host 1 00:36
Host 2 00:37
This is episode 238. So, zap pion. How's it been? It's been a year. I think it's been
Host 1 00:46
A year and a half in COVID time.
Host 1 00:49
Actually, the last time we did a podcast with you guys was at DEF CON last year, right? Yeah,
Host 1 00:54
No, I vaguely remember that one.
Host 1 00:57
That was fun. That was that was a lot of fun.
Host 1 01:00
That was an unofficial Mac fab engineering podcast.
Host 1 01:03
Oh, good point.
Host 1 01:04
You're right after hours because we never put it we have we give I think we dropped it on a dropbox link. And just as like, Yeah, listen to this for some like lols antics,
Host 1 01:14
I think Hi, Ron. You're on. You're on one last Christmas time Correct.
Host 1 01:20
Host 1 01:22
I don't know the the Star Wars Christmas special does episode three. It doesn't count as a real podcast does like it doesn't count as a real Star Wars entry.
Host 1 01:34
Which is kind of funny because Parker and I sort of treated as like the one episode a year that doesn't count.
Host 1 01:40
Going on a short tangent. Did you see that Disney plus is doing a LEGO Star Wars Christmas Special? Yes.
Host 2 01:47
Wait really creating this Star Wars special in Lagos by the recruit is going to be the same script where like half of it is will keep noises
Host 1 01:55
They just released pictures and said LEGO Star Wars Christmas special is coming. Shut up and take my money. Subscribe,
Host 2 02:03
Take my $7
Host 1 02:04
I'm like I'm okay with it. Just like it.
Host 1 02:10
I really hope it is actually the same because there's that whole section where I think Chewbacca is son for like five minutes has to like assemble electronics project. And it's not like done for TV as in like they show him like doing parts of it. No, like they intricately show him like building electronics. And I really hope that there's a Lego guy building Legos in the LEGO Star Wars special. That would be phenomenal.
Host 2 02:33
Now would the Legos be the same size as him or like the same scaled down version of Legos?
Host 1 02:40
That's, that's there's a couple of levels to meta for me.
Host 1 02:45
I'm into it, though. Okay, I'm sorry. I diverted on the Christmas special. And we know what, what that does to everyone that like Star Wars. I'm not gonna hear this.
Host 2 02:56
I promise this episode is not about Star Wars.
Host 1 03:00
What is this episode about? Do you see that segue there?
Host 1 03:04
That was great. It's about
Host 1 03:05
Ones and zeros. Who
Host 1 03:08
Host 2 03:10
It's about the thing people really care about in badgers.
Host 1 03:14
Yeah, so if you haven't heard, we're the tube to the six from the aeronautics or team. We make Blinky badges for DEF CON. And we just finished our fifth year, surprisingly, of making badges for DEF CON starting at DEF CON 24 courses here. DEF CON was in safe mode due to COVID. But we went ahead and proceeded and released our badge sent out hundreds and hundreds of packages to the Postal Service. And they all got there. They all got there. Maybe not on time. They all got there. So yeah, it's been nice to wrap up, wrap up a project and then move on to the next one.
Host 1 03:54
Yeah, and I would say what we're doing, kind of finishing up the first phase right now that we kind of dovetail with the end of every project is start work on the next one. And that begins with prototyping and initial firmware development will interchangeably say software and firmware but you know, we mean firmware. And it's so important to talk about this stuff, because most people don't don't like to deal with software development, firmware development and all the fun intricacies that come with it. It's like, what can I copy paste off GitHub and get it to work?
Host 2 04:29
Stack Exchange, but yeah.
Host 1 04:31
Oh stackexchange Bible of the technical internet.
Host 1 04:36
Have you seen any of the studies that look at software vulnerabilities introduced by Stack Exchange? Oh, yeah, it's the same sorting algorithm over and over and they have the same vulnerabilities. Not that I've ever copied pasted from there.
Host 2 04:49
So before we dive in, though, Hi, Ron, you mentioned the difference between software and firmware. What is your take on that?
Host 1 04:56
Okay, wait, hang on. That's really funny because I was literally about to ask the same thing. Hey,
Host 1 05:03
I'm okay, I'm gonna get a not a textbook definition. But I would go the route of sane firmware is something you compile to run on your MCU, or system on chip, where a software is something that rides on top of a higher level language. And typically on a computer, you typically think of software running on top of like Windows or Linux or, you know, OSX, but firmwares more designed to be down at the hardware level running on the chip.
Host 2 05:38
So an OS would be more firmware than
Host 1 05:42
Maybe the BIOS. bios that runs on the
Host 1 05:47
Bios are getting quite a bit more complex nowadays, they're almost their own OS. At this point now,
Host 1 05:53
They have their own USB stacks and network stacks and all sorts of stuff. Yeah, there we just
Host 1 05:59
Keep blurring the lines and adding more lines.
Host 1 06:03
Host 1 06:08
Back in my day, we called it Samos, and it was good. And we didn't complain.
Host 2 06:14
Wait until you can actually like browse the internet on your BIOS
Host 1 06:18
Know if you have Doom embedded in your bios, that's when it's all over.
Host 2 06:23
That has to exist already.
Host 1 06:27
American megatrends doom.
Host 1 06:30
People don't work on LIKE IT infrastructure a lot. That is something that's like been baked in for a while that's scary. Like, you can boot into your UEFI or see moss, and it has a full network stack in there. So if you want to run an installation, you can just point it to an IP address and say, go pull these files, running installation, boot net load, basically. Yeah, connect your hardware straight to the internet. It's a great idea.
Host 1 07:01
That's what an ESP 32 is.
Host 1 07:06
Careful. Last time I set up, I set off the SP community because I don't like their SDK.
Host 2 07:13
Did you sit down on the podcast? Did anything actually fall out from that?
Host 1 07:17
I don't. Yeah, I got some hate mail on Twitter. It's okay. And then that's what Twitter's for, though. I know. And the best part was they confirmed everything I said. They're like, well, that's not true. Because if you go to this post on this message board and scroll 30 pages down, I'm like, Yeah, I was complaining that you guys don't have a proper document documented manual, or scripts or anything. Like I shouldn't have to look on a message board to learn how chip works.
Host 2 07:41
No, that's that's how the documentation works. It is a search field on a message board.
Host 1 07:48
You know, I've heard so many times that the ESP does have documentation somewhere. But it's like this weird ancient document that you have to search for, and you'll never actually find it but it's supposedly exists.
Host 1 07:59
There's there's actually someone in the community, I can't remember his name. He releases a monthly book on the expressive SDK and chips and it's amazing that someone out there does it. It's not amazing that a person in the community does it and not the company who produces the chips. I
Host 2 08:17
Really hope this person gets paid
Host 1 08:20
In ESP chips. But firmware, firmware zaf What do you like about firmware? Oh, yeah. What's What's your firmware vs. Software? Or? Moving on?
Host 1 08:36
Yes. So my, my, I did not Google this answer, which I didn't firmwares anything, it runs on an embedded device software run on general purpose. Os. And there's probably, it's probably slightly wrong, maybe there's a better definition. But that's the way I see it. But I think now you're seeing with the artists that are out there, there is very much a blurring, where you're able to write code that's a lot more portable. And you can retargeted between different architectures really easily.
Host 2 09:09
Same thing with like, like, micro Python, it's like, you drag a Python script over, you plug your device in, and it makes a, you know, a thumb drive basically, on or hid on your, on your computer, and you just drop a file on it and unplug it and it runs a Python script.
Host 1 09:27
And actually, that'd be a very good delineation, in my opinion, it would be the Python itself would be the software
Host 1 09:36
Interpreted, interpreted. Though, to be fair, right, and I didn't touch on was, I think, even when we both started, like working on embedded systems. You know, we've called back and when, like, Hey, I just got started on Arduino. It was great. It was turnkey. You start going. You write some pseudo C code, it compiles, but you go from using something like Arduino, where you're just compiling C code into firmware. And then I think the first year we use that riguardo system on chip, we were actually using Nordics SDK. So we have a software development kit, but you're still writing in a framework, very complex firmware that gets compiled on. But then we kind of moved on to do in a real time operating system. Because Why do all of the crappy stuff over and over when you have a badass are tasked to, to abstract that and do it for you?
Host 1 10:36
Great segue. And so that's actually going to make the ESP 32. So the year after the the Nordic sort of native SDK that we use, year after that, we followed up with the ESP 32. And that's actually based on free our toss. And so for me, that was my, that was my first time getting into an AR toss environment, learned a lot about the way you manage memory. With static allocation, those sorts of things, a lot of painful lessons as to how expressive, architected there are toss. One of the so so the year after that, so not this last year, we just completed but the year before, DEFCON 27, we switched to Zephyr OS, which is an open source our toss, basically targeting the internet of things. And it was for a while, I forget the name of the company that started it, but they were acquired by Intel, Intel sort of manage it. And now it's kind of been split off. But I think it was when river wasn't when River, I think it was Wind River. And I know they have their own commercial our toss. And this is kind of the open source variant. But they got new releases about every, I guess 10 to 12 weeks ish. We adopted that one, two years ago, because they had a very nice Bluetooth stack. And when I mentioned earlier about being able to retarget hardware, you actually go in there and say, hey, I want you to compile this code for such and such and such at a fruit board, because they've already got the board definitions in there. And they'll reroute the GPIOs, and all sorts of stuff, as long as all the registers and that kind of stuff, all the registers. Yeah, they'll, they'll even pull in the SDK for that particular board. And they'll they'll do some of that abstraction. In a similar way the Arduino does it. But I, I'd actually argue that it would, it's a lot more efficient, because rather than having layers and layers and layers, and then where you eventually get down there, begging a spy bus, they're not doing that they're just they're doing one, one, maybe two layers of abstraction, just enough to kind of unusually through C macros. So it's not adding a lot to then jump in and call the SDK in the right way. And so it was one of the reasons I liked it, because I could go in and just change board definitions. And then retarget it also meant that samples that somebody had written for a particular Intel device, right, with x86, those samples were good enough to actually run on our NRF 52. That's not all perfect, right, there's always issues going between them, your hardware isn't always going to be the same. So you do have to deal with some of those things. But it was a good experience. The other thing, Zephyr is it's tied up with MCU boot, which is comes at the minute our toss project, that's the the bootloader that they use to kind of do a lot of support a lot of DFU sort of stuff. Nice thing about that is MCU boot also compiles itself as a Zephyr project. So you could tell MCU boot, hey, compile yourself against this board, and it will remap all the GPIOs and everything and work and then it has a follows a lot of the same kconfig and the same framework around it. Now, that being said, there's a lot of abstraction going on. So you can actually go in and say, hey, I want a USB stack that does like a USB stack that does mass storage, right. So USB MSC profile, you can actually have that working without writing a single line of C code. It's a matter of going into the device tree files, which is a Linux construct that in Zephyr supports it setting up all the right parameters, a lot of trial and error going into the K config, which is also kind of a Linux kernel. thing, no C code, no no C code, no C code. And then it will handle the spy bus and everything behind the scenes, all the registers sending partitions, stuff like that. And that's, that's great. We will use them NRF 52 842 years ago, and then this year we use on the STM 32 F 412. And I was able to copy for parts of our batch that were similar. I was able to copy code over with and with very little modification make it work and most modification was because Zephyr was in the process of deprecating old API. So if follow along with what Zephyr was doing. So that was that was really good for next year's project plan is also to use Zephyr. So getting bootloader and everything like that running again. Because DFU will be an important part of next year's badge. Very important part, in fact.
Host 1 15:17
Yeah, no, I definitely think that was a cool part of their abstraction layer and how easy it was to work with it. Because I don't think we've gone one year where the we're using the same chip or family of chipsets from the prior year, where we're hopping around from, you know, STM to Nordic to expressive to SDN. And having something where it's like, Hey, I just need to tweak the K config, and some of the chip select on the background, which I know certain systems, you know, like Atmel have that, though it's really clunky. And you do it in the web Interface and stuff, and it's never really worked well. But I love the fact that you know, you can use VS code or anything else and just tweak your configuration files for a different target MCU. And everything transfers over where you know, you're capable of doing it. But you don't want to spend time re inventing the wheel over and over and over. And it helps your code be a little more portable in that respect.
Host 1 16:19
Yeah, now one thing I want to say though, with the abstraction, if you're used to writing code, where you're having to write the assembly to bring up the microcontroller, and then write a lot of your own abstraction to whatever the SDK gave you, as far as the hell, you're not going to really get to have that experience. But the same time, your luck, you have a lot more productivity, I would argue, just because the they've done a lot of the heavy lifting there is not always the most efficient and it's really depend on on the chipset in the SDK, when they learned the STM 32 was they did not support DMA very well on the spy bus actually didn't support it at all. And so I was digging very deep into their, their, their kernel. Ferro. Okay, what registers are you or are you not turning on Android Auto or off to get to get this to work and at the end of the day, just couldn't make DMA work the way I wanted to NRF 52 spy DMA all works because it's, it's a much easier SDK to to get it to work on the STM is and so it's kind of a trade offs. So if you look at our bedroom this year, it has two screens, the left screen is a 128 by 64 OLED. So that hides a lot of the slowness of our spy bus on that the right screen is a color TFT I think it's the same one Parker used on the Doom SHPO. Actually, I think the exact same one exact same screen. Yeah, because I couldn't drive that with DMA. I basically was stuck with something around a 20 megahertz by bus. And having to wait to write to that was also reading from the spy flash. Couldn't get it as efficient. And so that's ultimately why you don't see animations on that great screen. They're just too slow.
Host 2 18:08
It was never really fast on Doom either, though. But that was limited from the chip we were
Host 1 18:13
Using. So that was a snappy. Yeah.
Host 2 18:17
But it was like the tiny one.
Host 1 18:20
Just out of curiosity, why did you end up going with the 412, the STM for 12.
Host 1 18:26
So a lot of it's actually driven by Zephyr. So if you if you look at their supported boards, and there's 100 or so the easiest way that I like to get started is to look for development boards, they already support out of the box, pick one of those. And then when you roll your custom hardware, basically start with that schematic and then tweak it where you need to that way, you can just take their board definitions, all config files, all that sort of stuff that they've already got set up for you, you copy that over for custom, they call it an out of tree board, and then just tweak it where you need to if you've changed a GPIO you've added a peripheral you've removed something you can do those tweaks, the 412. Well, we picked a slightly different one different for 12 than the one they support. It, it was easiest to bring up without starting from scratch. And I think it's time we started which was about this time last year, they the STM 32 support was a little bit weak and spotty in certain areas. So if you look at our code, once we eventually release it, it's actually copied from the 411 and not the 412. It was it was easier to get get some of the peripherals of work from the 411. But those those chips are also similar. It doesn't matter.
Host 2 19:44
Is there any particular reason blitz for that question?
Host 1 19:48
Well, just the the 400 series of STM chips have a decent bit of grunt behind them and and they have some rent. Well, I mean they they have some pretty decent processing power and they have some DSP stuff going on under the hood. And they're pretty quick. And they can be a little bit power hungry. So I was wondering for a badge, if there was like, extra reasons why you went with a 400 seat?
Host 1 20:14
Yeah, so that's, uh,
Host 1 20:16
I went for probably additional memory space as well. Yeah, we always run out of memory. we tax the chips today.
Host 1 20:25
Yeah, I think on the 412, r e t six, we have 256k of RAM. And 512 Or one meg of flash. But yeah, Hirens. Right. It's, it's the RAM that matters on our projects more than anything. So that's kind of the starting point, what put us in that family. The other reason was, we're very concerned at last August before COVID was a thing. We were concerned about repairability and be able to physically inspect the pins. We've had QFN issues before we've had the Nordic chips where they have all those balls and stuff underneath or whatever. Nordic chips are LGA. Yeah. And we've that's been a real pain repair when you're in a hotel room, possibly hungover from the night before qf p is a lot easier to fix.
Host 1 21:13
Just requires a glob of flux and you're half awake. Good. Whoo. So random tangent on Zephyr like, yeah, we're saying, Oh, I love this our toss. I love this. I love that. One thing that is weird about it, which I think in the recent release, they started changing their their setup documentation, because I'll give it to them, their their website getting started, everything is clean. But the thing that drove me nuts last year was they recommend how to run your project, and where you check out certain parts of the SDK, and the different tools. And they use something. They call it their meta tool. It's called West and West manages a lot of configurations and plugins for Zephyr. It doesn't say this explicitly, but kind of figured out that West is based on Git. So you have something managing configuration inside of something that you have in a git repository. So if you're using like a Git management tool, you start seeing these dead repos inside of it, where it's like, I don't know what this is, because it hasn't same header file as like a git repository. But we just moved it outside of the project, and it doesn't do it anymore. And I started noticing their documentation says, Dad, don't don't keep this inside your rapids, kind of keep certain parts of it out. But it was freaking out, get left and right before. It gets weird things like that, that come on.
Host 2 22:44
I say you're running your odd toss,
Host 1 22:46
Not Toss. Toss, no.
Host 1 22:50
Row toss, right. Rotate us, or toss. Yep.
Host 2 22:57
Aaron, I can blitz laughing on that one. So you got Zephyr running? What lies on top of that? OS?
Host 1 23:09
So we think so it's everything from the SDK for the hardware all the way up to GUI layer. So they'll they'll do layers of device drivers to some IoT stuff. And then there's some, you know, obviously, threading and mutexes and semaphores. And all the fun. Actually, can
Host 2 23:29
We back up? Like, how does threading work on on Zephyr? Or how does that work on an embedded system? Because when Blitzen crap from me, we were writing our own kind of like management in terms of interrupts, which is a how to do thread a threading, right is you stop and do something else, and then go back to what you're doing, which is what threading is, is you're allowing something else manage that? Correct?
Host 1 23:57
Yeah. So it's, it's the same way your old 3d Six worked as a kid, right? You had a single core, and it's just switching between thread contexts.
Host 1 24:09
Pause one thread hop over the other jump.
Host 1 24:12
Yeah, interrupt one jump to the other. On the STM 32. It's a single core. So you're, it's gonna depend on priorities or whatever scheme you've given it is it round robin, or there's some tree models red, blue wack, whatever. There's, there's some different methodologies for how you switch between threads. It'll let them run for a certain amount of time before switching to the next one. And I'm I'm totally getting this wrong. Somebody is going to tell me I don't understand threading which I don't completely. All I know is when we did it in undergrad. And we had to submit all we did it all the same time on this Linux cluster. You could tell when the operating system class was submitting their final project because the Linux class Sure would go down every time, it would just be hung Well, these wild processes, because he had to write your own threading. So it's been a while since I've studied it academically, but usually our tasks will make it really easy where you, you statically define, hey, run this function with this amount of statically defined stack space. And, you know, give it this this data. And then basically, that function gets called when the OS is ready, ready for to run, you either throw in a while loop, which will keep the thread going all the time. You maybe you if you're nice, actually, not, if you're nice, you should be nice, you may sleep or that sleep won't just allow it allow the microcontroller to go into a deep sleep mode, that also signals to the OS, hey, it's time to go look at other threads that you need to go do some work on. And that's where it may check to see hey, another one's ready to go wake up. So what you lose on that as you lose the deterministic nature of the embedded system. So you mentioned interrupts right, with the interrupt, I can say, run this code every time 20 times a second. And I know it's going to run 20 times a second. So it's really good for signal processing and whatnot. Not so. But these sort of OS threads are less deterministic. Because sometimes it may run a thread, sometimes it won't. And it doesn't always line up perfectly the way you want it to. For, for a user sort of application. It doesn't matter as much, because you want one thread that's managing the UI, and other ones kind of doing whatever processing behind the scenes and other passing data safely between them. Hopefully that makes sense.
Host 2 26:39
No, it makes sense. Me. I'd like how you mentioned round robin, which is how parallax propeller handles threading.
Host 1 26:46
Right? Yep. I'm just waiting. I'm waiting for Yeah, the second one is prop
Host 2 26:52
Two out yet. I haven't asked this question in line
Host 1 26:57
For our weekly check. Do we have a prop two dev board?
Host 2 27:00
I've been actually asked this question in the podcast in actually back when we had parallax on.
Host 1 27:07
We had parallax on and they were like it's coming from this show. I
Host 1 27:11
Was excited. Even though I don't quite like spin. I was still excited. Because it's i Yeah, it's I spoke evil. Well, it did happen by
Host 2 27:19
An evaluation board. How much $150 She says and I have actually get microcontrollers. You get a engineering samples right now. You can actually go buy them. I am going through that at this podcast. I'm excited.
Host 1 27:39
I know what next next week's topic is my house burned
Host 1 27:41
Down because it parallax propeller Burg
Host 1 27:46
Parker tried to write some spin code.
Host 2 27:49
I haven't read spin code in ages.
Host 1 27:53
So the back to threading real quick what, when it comes to operating systems on a microcontroller that just feels so to me, like it feels sort of like kind of gross in a way because like, the whole point of me coding a micro is that I have control over every little aspect. And throwing an a, an operating system on there is like saying, Well, you control everything. And I just kind of tell you do some things here and there and you handle everything else. And that just feels like I'm just losing all the control that I'm happy Well, no, I
Host 1 28:29
Agree with you. And that's, that's like the weird control, you're giving up, it feels dirty, almost. I would say at least for our badge project, kind of what we're doing and I understand why Zephyr exists for this purpose. It's for IoT. And from a digital design embedded design purpose, if you really had to scrap your our toss, and just down and dirty, you know, try to control a Bluetooth and a Wi Fi radio and screens and user input and clock and I think the control you gain would be lost in productivity trying to implement that on your own. Just because it's so difficult to to coordinate all those kinds of things. Like you know earlier, we're talking about threads and then handling the handling things properly. And I only think you get semaphores until C Plus Plus to try to like deal with race conditions. And yeah, with microcontrollers, you're more or less dealing with these things or I'm just going to insert a couple of sleep 20 is right here until until it works.
Host 1 29:46
Famous got a story about that one. On a real project. I
Host 1 29:49
Fixed the spy problem just the other day by just slapping some some knobs in there and it ended up working. Nothing wrong
Host 1 29:56
Host 1 29:59
Nothing like Making your DMA spy bus blocking.
Host 1 30:04
You know, so So I actually dug into that issue quite a bit more and found out that there was actually a flag that I wasn't checking properly. And, and I just put enough knobs until it overflowed, and then it just worked anyway. So like, that was the solution. But like, I was just, I pointed to the wrong
Host 1 30:22
Oh, on on our badge, thankfully, because we never will again, use SD cards. But we have spy flash, we have really slow spy flash. Well,
Host 1 30:33
We're cheap. Oh, yeah.
Host 1 30:35
I mean, it's NOR flash, right? If we go with NAND flash, it would have been a lot faster on the right side. But
Host 1 30:42
Yeah, we were right. But we're running like a fat 32 file system on there. And basically, like, between plugging the badge in the computer, and like when you were actually using it and saving our CTF game state, we were getting tons of spy flash corruption on there. And you know, I was we were both debugging it back and forth. And eventually it got to the point I'm like, I think our different threads are trying to write the spy flash spy flash at the same time, and I'm like, sleep 20? Who should it went away? I'm like, Okay, let's write a script that writes 10,000 times and it didn't destroy the flash. And like, it works, don't touch it. The sleep. works. And I did 10,000 writes, I feel somewhat good about this for the time. That versus the time, it's going to take to truly debug and dig into the guts and the kernel and figure out what the hell's going on. It's like, Yeah, I'm just gonna delay this thread by 20 mils. And we're good.
Host 1 31:47
So as far as you know, when it's appropriate. Blitz, it really depends on the use case, right? If you really have a real time use case, I think it's best to not use an AR toss, because you do need that level of control. With with our badges, it does make it makes a lot of sense for us. Because we have the user doing input were blinking LEDs were throwing stuff on screens, on most of our badges or some sort of Bluetooth stack that's being run in the background. And sometimes there's even a USB stack going at the same time, we have to have certain certain guarantees with both of those. So yeah, letting the OS manage those guarantees. And then for the user side, the LEDs and whatnot. We don't need as quite deterministic behavior on that side. And oh, by the way, that that particular model we did, that was the DEF CON 27 badge, we had Bluetooth, USB UI LEDs all at the same time on a single core. So pretty impressive on a microcontroller to do all that.
Host 1 32:50
I know that this doesn't necessarily translate one to one but how fast did you have it running?
Host 1 32:56
That year, I think was a 64 megahertz you using the 6496 this year, or 96, which is way more than we ended up needing. But again, no one's at DEF CON. So battery life wasn't quite as important to just need to be able to sit at home and plugged into USB. We had a great power supply setup. Crab foam helped us quite a bit with that. Do it we had a power mux and some ti chips in there and no issues with power this year. Usually we have a few failures. Just it just worked beautifully build a switch between USB and battery power seamlessly. But again, no one's at DEF CON to to build appreciate it. But next year, but next year. Yeah, yes. Well.
Host 1 33:47
I'm talking about with the current badge.
Host 1 33:50
Yes, people will use it next year. Yeah, it's blanked out for sure.
Host 2 33:55
Don't give away too much about next year
Host 1 34:03
All right, dead air.
Host 1 34:04
Dead air. Let's talk about GUI good movie. Gui is here's
Host 2 34:11
Oh good is great. No, actually I think it's not a movie. I think that is a left for dead to map. Video game.
Host 1 34:20
That's the one with the 747 Yeah,
Host 2 34:23
Where the airplane crashes. Yep. And you kill zombies. Yep.
Host 1 34:28
Host 1 34:30
I need more beer. Who go get more beer
Host 2 34:35
You know we don't edit any of this out.
Host 1 34:40
So goes back there's no one here.
Host 1 34:42
Yeah. So if people haven't figured out we're kind of building our way up the EU I don't want to say the OSI stack just the basically the different layers going from like the hardware to the MCU to the our top or for from the bootloader to the arts. I don't these layers have held a about it's firmware. It's beautiful. It's the layers of firmware, know something that I think this really, really helped out. Because I think one thing that we love is GUI design. And they package lvttl into Zephyr, it is the light and versatile embedded graphics library. And what I thought was really cool about this. I do
Host 2 35:29
Like when people call their libraries like that, because then when you ever make something that's better, you have to be like, extra light.
Host 1 35:36
Oh, yeah, the ELV GL. Yeah. Oh, it will be the evil, evil GL. Oh, they need to change that.
Host 2 35:42
Yeah, they do. They did that they did a refactor everything would be better.
Host 1 35:46
But something I thought was cool about that is it. If you've ever programmed in Java, it works a lot like Java, in the sense that it's really working with events and listeners, similar, you know how you deal with interrupts. But what I really like about it is that there's already object stations. So you can say, hey, I need a GUI object. And I need a text area and a scroll bar and an OK button. And oh, do you have a touch screen? Yeah, accept input from touch. And you can lay out your screen layout on the embedded device to be relative. Like, instead of saying, hey, it's going to be 10 pixels long, you can just say, start in the top left, go to the center, or go to the bottom, right, because, and draw something that's big. Yeah, because let's say you are going to port your firmware to a new hardware platform, and you got a new MCU and you got a different screen. If you take the time to do your graphics section correctly, and set it up relatively, you can use a different screen that has a completely different resolution. And it's going to scale it appropriately just like you do with like Android apps and whatnot. So we're working on a 4k screen now. Oh, is your badge going to have a 4k screen? Oh, you're you're you're doing two SEO
Host 1 37:09
We're in a 36 inch monitor on curved
Host 1 37:14
100k of RAM to run it.
Host 1 37:19
Blast process and scene is going to be great on that. But ya know, it's it's cool that they have these like higher level type of things that you can do in there where you're like, Okay, I don't want to deal with, you know, drawing graphics out. And you have a whole graphics library built in. Or for like a lot of the CTF we do. It's it's command line, like text based adventure. And we have like embedded maintenance terminals and, and serial consoles, and being able to have like a full command line capable parsable you know, interface built in. So you're like, cool, I'm going to spend more time working on the logic behind my commands and interacting with the hardware peripherals than
Host 1 38:07
Procedure a draws the letter A correctly. Yeah. Or like, oh,
Host 1 38:11
I wrote my own serial interface wrong. Like, we don't need to do that.
Host 1 38:17
Well, one of the cool things we did was with LV GL, I found this website that has all the old DOS fonts that were embedded in the IBM BIOS. So going back to the bios, took that fun, ran into a couple of conversion tools, and got it into a format that LV GL recognized. It was great, the fonts even smaller than their smallest font. So I was able to squeeze a lot more on this screen. And it's got kind of this old school nostalgic feel to it. And normally when I'm doing font rendering, I'm doing it myself. And it's always where, hey, that that last line of pixels is off by one. And then it doesn't quite print Ryan I'm having to handle word wrapping and spending weeks or months. You know, relearning UI layout.
Host 2 39:05
Or don't remind me about word wrapping.
Host 1 39:07
Oh, that's a that's a really hard problem. It's NP hard. Yes. To do it, right. But yeah, they support it's not the best, but it's better than what I want to write in a weekend. I'd rather spend my weekend drinking beer and write another code. So
Host 2 39:24
Ya know, I've been writing a lot of PDF stuff for for the fab and yeah, making sure that if you have an infinite TextBlock How do you make sure that fits on a page on a PDF? Yeah, yeah, you might think that might be easy. It is not.
Host 1 39:43
At what point is your algorithm go with a negative font size?
Host 2 39:46
Yeah, exactly. Start running those edge cases.
Host 1 39:52
You know, when he's when he's bringing up the graphics library and drawing those fonts and stuff, what what we originally intended, which I think some People are still doing is, you see that there's a Blackberry keyboard on there. And since a lot of our CTF is like command line based, you don't actually need to have anything like putty or mini comm or, or pi term to log into it, you can actually interface with the serial directly on the badge. And if it weren't for the AR toss, it wouldn't have been as easy. We essentially man in the middle of the serial bus by splitting the input stream, using the AR toss and saying,
Host 2 40:32
Okay isn't like a standard output or something like that?
Host 1 40:35
Yeah, we basically overloaded printf with print B for print vendor, and it's like, okay, when you print, dump it out the serial interface and dump it out the spy interface to the screen, when you take input take input from both areas. And it's kind of cool, because if you actually have the badge hooked up to the computer, and, and you're like going through a play in the CTF, whatever you see in your serial terminal is mirroring on the screen. And if you weren't doing that with an AR toss, you would have a lot of things to discombobulate on that. So we are able to gain some efficiencies and doing that, like, Hey, I know what I need to do, I still get a lot of power on my STM 32. So kind of a good compromise there. But it ended up working out. Um, well how many people are like we need to split our serial interface and display it on a screen and the computer at the same time like now boundary conditions. Useless invention.
Host 2 41:37
A lot of single board computers do that though with the with their boot up sequence, they will spit it out on a CL TX D line. And you can see that on the screen.
Host 1 41:45
Now. That's true. That's very true. Yeah.
Host 1 41:49
Now, did they do it that way? I don't know.
Host 1 41:52
That's what we're going for. But to get to fit on a small screen, you had to play some games as well. Right? Make sure that the map that Hirens outputting is only so many characters. He did a lot of creative word games in the game in the vendor game. So that it would fit is not as it's not as straightforward as just pay print the same thing out on both because then the user experiences, you know, scrolling hundreds of lines of text, then having to interact with the non BlackBerry keyboard was not that great.
Host 1 42:25
Oh, and there was a way for me to cheat to fit more on the screen. One, it makes it funny because it's a hacker CTF. But I found a website called translate it and you type in a message and it translates it to millennial SMS speak. Sounds like why is this useful? Oh, I just condensed 120 characters down to 45 because it's using like text emoticon weird things. And I'm like, Cool. Now I can fit more on the screen without dealing with such BS. And then I get a bunch of people texting me like what the hell does this mean? I'm like, I don't know figure it out.
Host 1 43:08
That's part of the puzzle.
Host 1 43:10
It's part of the fun and they're like, What does this mean? Am I.
Host 2 43:20
So let's talk about more of that CTF then. So actually, some people might be lost what is hacker CTF or CTF?
Host 1 43:28
So okay, to be fair, there is official Capture the Flag is what CTF stands for. And it's really common at at hacker cons or different security events that you have captured the flag events. Now officially, a capture the flag event is where a bunch of people are given software they've never seen before, on an operating system they've never seen before. And they have to reverse engineer it, find vulnerabilities, patch those vulnerabilities to get points and then exploit them against the other teams. We start using CTFs really loosely, where it's more of just a hacker competition where you're not like attacking the other teams. I was just giving you more the formal DEF CON, you know proper CTF, but you'll go to conferences where it's like, hey, 30 people are playing, there's a server. In general, you're trying to find the vulnerabilities. And when you when you get to the core of that you find a flag. And when you find the flag, you go to the scoreboard and you enter that flag and you get points. We do that for our badge. And we typically take some kind of multidisciplinary approach because we like to use the badge as a platform and learn from so. Our CTFs are not really purely hardware based. You'll Have some hardware puzzles, some cryptography, like encoding and encryption puzzles. Some stuff is hosted outside the badge. Like we had some wireless puzzles this year where I use the software defined radio to, I'll say broadcast certain things that people had to demodulate and decode and figure out what it says. Some open source intelligence gathering, we had some, just just like a variety of security disciplines in there. That way, it's not like one person is going to do great because they happen to be an expert in one thing, but it's really trying to challenge people into learning something new. And we approach that through using the serial terminal and doing like this text based adventure game. So you can think of like old school like multi user dungeons or Zork, Colossal Cave, where you're typing around like, look, what do I see, you know, take this, hack this with that. And eventually it gives you clues on to what the challenge is to where you actually go and try to hack some hardware hack some software reverse engineer by an airy and so we have that going on with a scoreboard. And zap had to design kind of a creative encryption type set up better than zoom. And that allows us to get information off the badge out of band into the cloud so that we can have some cloud based scoreboard.
Host 1 46:36
Yeah. Okay. So this, this encryption, I love it. Okay, so the way the way the flags work, one of the struggles we always have at DEF CON because it's it's an RF hostile environment. Bluetooth doesn't work well. Wi Fi is fake Wi Fi, everywhere cellular is too expensive, in a lot of the same problems is. So getting data off badges so that we can show a public scoreboard is difficult. So we, this year, we took a different approach. We said hey, let's This is before COVID. Let's find a way so people, we encourage people to do that data transfer for us. And we're not putting an app on their phone. We're not having them go to any shady websites, although we have a pretty shady website.
Host 1 47:21
What's our website?
Host 1 47:22
It's Never Gonna Give You Up never gonna let you down.com ever gonna give you up? Never gonna let you down.com It's got flying toasters on it. Yeah.
Host 1 47:34
I was gonna say it's BOC blitz reaction if he hadn't seen it yet.
Host 1 47:39
Oh, I know, I've been there. And I was on the scoreboard for a little bit. So
Host 1 47:42
The idea is, hey, you type in nine words. And the reason we pick we pick the word, one reason we picked words was somebody could look at the badge on a small screen or on their terminal, and not have to type out some random base 64 or hex string or something like that. That would be difficult to kind of copy into a
Host 2 48:04
Way I did that when I was eight years old with a Nintendo.
Host 1 48:07
I'm sure you did. I did, too. We want to take a little bit, we want to be a little bit different. So we did let's so we decided let's use words, right? Let's and we'd settled on five character words. And there's there's dictionaries out there you can get that, you know, have every word you can think of. And so what ends up generating are these flags like I'm reading one off the page because we post all the all the flags at work. You can see there on the page and you'll see them get posted. It'll show you the last 10 and but they'll just keep adding as people do it in real time. So one is Hubby match nodal Durst dwell steak bogey muskie hunch
Host 2 48:46
That that sounds a lot like my favorite Password Generator. It's what password generator.net And when you generate a password, it will give you a way to remember your password. But if you generate a 16 character random with symbols, you get stuff like Hulu for visa, Yelp music, Jack Park, USA, Korean Skype, like Does that really make it easier to remember what that password was?
Host 1 49:13
Correct horse battery staple
Host 1 49:15
Exam. And that's that's actually kind of the same thinking right? Used to be easy to remember easy to transfer?
Host 2 49:20
Well, yes. But what Hi, Ron brought up is that is the password. What I just said is a mnemonic to remember what the password was.
Host 1 49:30
But we got layers on layers.
Host 1 49:32
Yeah. So the whole thing is with the with, there's nine five character words. That's in that's a data transfer that's going on there. Each word is a symbol that maps to six bits. So you're transmit your six bits. No 12 bits. Sorry. Yeah, there's 4096 words. So each one is 12 bits. So you're transferring 60 bits. and this was this took a lot of time to get just right, there's there's a sweet spot in there, the first word well ends up translating to 48 bits of data, when you map those symbols out, and they're not in alphabetical order, so good luck trying to reverse engineer it. But you map those symbols out, you get a bit pattern, that bit pattern, we decrypt, in, which will give you of course, another set of bits. There's a CRC hidden in there as well. So basically, we're able to decode all those now. So you end up with 40 bits of a struct, and in there, there's a command, there's, hey, it's this badge ID. And this is the the payload that went along with it. So that's how we're able to do that. But one of the neat things about it is each flag you see on the page, and this is the reason we're able to show it to everybody is uniquely tied to the badge that generated it. So I could give blitz one of my flags I generated it will do them no good. So we were able to share these things publicly.
Host 1 51:09
And that's one of the cool things that you run in. Well, the pitfalls that you run into in CTFs, is someone may find an answer, right? And just share it with their buddies. If they do that, we're like, hey, we can just share them. It's like a public key. I don't care if anyone sees it. It does you no good because privately, it's only related to your badge hardware.
Host 2 51:32
The only thing does is it gives you access to whoever used your key.
Host 1 51:36
Right. So actually, that that data transfer, I don't have to type it in. I can give the flag to Hi, Ron, he could type it in, and I'll get the credit. There are flags. You can generate flags from your bed that will switch the scoreboard into a Rick Roll or into Jimmy Barnes screaming for 10 hours. Yeah. Or was it man on a buffalo I think was the third one. It'll do anything. Yeah, Guy buffalo.
Host 1 52:03
That is my alarm at 6am Every day.
Host 1 52:09
Mrs. Hi, Ron probably hates you.
Host 1 52:11
Oh, no, she laughs and then I'll just need to turn it off every morning.
Host 2 52:17
You should mix it up with the buffalo slot machine.
Host 1 52:21
Like a buffalo? Yeah,
Host 2 52:22
We should next time we're in Vegas, we should find machine and get a like jackpot or something on it and record the audio from it.
Host 1 52:33
So yeah, that's that's the basics of the flags. One of the reasons why the names of each badge is limited to six characters is we can only fit six characters in the payload at the end of the day. We tried for eight, but we had to make some changes at the end that it to jump it down to or drop it down to six. It's unfortunate, but it you know, it worked. In the end. We can also do things where and this actually we kind of got lucky and COVID We set up a public Slack channel. And people, we encourage people to friend each other. And that was hey, I'll send you a sin n sy n. So it's a TCP term from my badge, and it's it's one of these nine word flags. You type it into your badge, it will generate a flag that you can punch on the web page, it will each get two points. And then likewise, that person that gate you just sent the sin to when they do the Akkad they could send back and then you can ask theirs and then you get two points again. So every time you do one is bi directional friend sin x, you each get two points, you end up with four total. And so I was so encouraged on the social aspects. You see one person our scoreboard actually at the top of our scoreboard. It was 152 friends so he did that Synack 76 times.
Host 1 53:51
Yeah, I joke with him. I was like, at least I made like, between leveraging that encryption and working with with the the framework you set out and like it's not as frustrating as like a Nintendo friend exchange on a DS but we tied it into the CTF where ballpark there's like 20 main challenges 30 Easter eggs and then another five bonus challenges. And the based on the badges hardware. Some of them are randomly locked. So you can only share the ones you have unlocked with other people. So it encourages people like why do you want to make friends when you do the friend exchange it sharing? Hey, you get to have this unlocked. And it's like a Pokemon game. Yes. So part of it. It was interesting to watch because you can imagine the first few days people are just hopping in Slack going need friend Id give me a friend Id want to be friends. And eventually people started drinking and bullshitting which is what we really wanted because You want people to make friends and and, you know, try to work on these things together so that way, you know when they can hopefully meet up in Vegas next year, it's like, Hey, that was you, you and I were like, bullshitting and slack and working on the game together. And we were able to unlock those challenges together. And, and, and I think that's just kind of a cool social aspect to bring into it. From a from a technical aspect, what made it more difficult, you know, zaf was talking about how we had 48 bits to play with. If you're trying to pack in a friend, inside of those 48 bits, eight of those bits gets used up to the friend ID. So that means I have 40 bits to track. What are the three or four unlocks I'm sharing with that person. And the only way you can do that is through the beauty of bit packing. Where it's like bits zero through seven actually represents, you know, is a challenge one to 2011 and that eight through 15. And so I'm basically packing those, packing the the correlations between all those challenges down into 40 bits, it comes across in that tiny nine character word stream, and when it gets decrypted, they're expanding it and parsing those out. So I don't know I like doing stuff like that kind of like down at the bit banging or backpacking level. It's I don't know. That's, it's logical bit banging. I guess you would call
Host 1 56:34
It a little bit of the game for you guys. Yeah.
Host 1 56:37
It's like, what do you enjoy on a Wednesday night?
Host 1 56:40
Oh, it's like, Oh, my God, I packed all this information and for unlocks in the 40 bits. You know, I don't think a lot of people like really focus on or like to think about, how do I get efficiency out of 40 bits right now, but it's fun. It's a fun challenge.
Host 1 56:57
Out of curiosity, has anyone unlocked everything has any? Are you aware of anyone who's done all?
Host 1 57:03
Um, funny story? No. So no, I don't think anyone's done all of it. Because there's some challenges they can't do without us. And we just
Host 1 57:14
Isn't that cheating? No, it's a way for us to detect cheaters.
Host 1 57:19
Yeah. So the interesting story there. So to avoid having to reflash badges, which we ended up having to do. But we intentionally put flags in the badges that we weren't sure we'd end up needing. And they were just miscellaneous one through nine or something like that. And it's just to preserve it. So we wouldn't have to add code later. They're already pre programmed, what we figured out was, we did have to release a firmware update. And people went in and they reverse engineered it, they found the flags. And they started punching them into their badge and putting into the website and they're getting all these points that they didn't earn. So we decided, okay, fine, you're using flags that you shouldn't have earned, making them worth negative 1000 points.
Host 1 58:07
But sidebar, you know, it is a hacker CTF. So in a way, we are recognizing the fact that you're a hacker, someone released their firmware, as a bigger, you know, proof of concept or example, like hardware in IoT is not safe. And when vendors put their firmware on the website, you're opening the gates. I know some people rely on security through obscurity, but you release your firmware, anyone can reverse engineer it and figure out what the heck's going on and exploit IoT devices. So by having those landmines and to give you a rough idea, like a good score would be 1600 to 1800 points. These landmines Doc 1000 points per landmine
Host 1 58:55
Base. If you hit one, you're dead. Yeah, well, and some
Host 1 58:59
People start going through like, Oh, I'm just going to enter all these flags. And someone went from second or third place down to the bottom with like, negative 1600. And I won't go further into the details, but
Host 1 59:11
They want to stop. That's the first one.
Host 1 59:13
Yeah. But they figured out how to come back. And and I think from a discovery and hacker CTF point of view, like that's what we're all about. I'm like, there's many different paths to enjoy this and learn from this and, and if trying to rack up points is your thing. And you hit some pitfalls in reverse engineering. Hopefully, you learn something from that, and, and others did, too. And now, I see people on Slack and they're like, you could reverse engineer the firmware. But my God, it's going to screw your score if you do that. I don't know. Let's figure out how it actually works. I'm like, good. That's what you should do. If you reverse engineer something, figure out how it works.
Host 2 59:54
A couple times. Now what would be the chance if you if you've got the list of the flags and you punch something And it wasn't, let's say was valid. It could be for someone else's badge to correct.
Host 1 1:00:06
So there are there are codes that we that are hidden places, you have to get them by solving challenges and whatnot. They're usually like 656, character codes, lowercase, uppercase numbers, those sorts of things. Some are maybe on Twitter, some are on Twitter, some are buried on GitHub, different places like that. If you find one, legitimately or otherwise, you can type that into an app that's on the badge called the decoder app. And if it's valid, it will produce a flag that says, hey, you've gotten that. So here's a Twitter one. There are a couple of reliefs on Twitter, like, Hey, you got the Twitter one flag, you get the Twitter to flag, here's the nine symbol. flag that you need to go claim your points.
Host 1 1:00:54
Yeah, and not only do we have like those negative landline flags, there are regular like, Easter egg flags, like Zack was talking about that are just worth, like, 10 points that we didn't release. So people may have figured out oh, what's positive and negative and they go and enter the flag. But it's like, guess what, we never tweeted that out or released it. So if you enter that flag, I know you reverse the firmware, because that's the only way you could have gotten it. You go into the other category.
Host 1 1:01:28
Okay, so just having a complete non understanding of the difficulties behind this, what is the what is the chance of reverse engineering the flag itself and just being able to hammer yourself points?
Host 1 1:01:42
It gosh, I want to give that away,
Host 1 1:01:45
It's highly unlikely, right? They're probably unlikely also, because there's also a client side on the badge and their server side validation as well. So even if someone's like, Oh ho, I, I figured this out, I'm gonna punch in I get a million points. We still control the server. And that would be an invalid point value coming through.
Host 1 1:02:15
So it just get dropped on the floor. Watch, people are gonna listen to this and get spun up and take our website down.
Host 1 1:02:25
I need to check but I think our cloud hosting cost us here was like 14 cents.
Host 1 1:02:29
We need to move and find someone new.
Host 1 1:02:33
I don't know how I'm going to afford that.
Host 1 1:02:36
All those flying toasters are expensive. They
Host 1 1:02:37
Are all the people that some people told me I know some folks like leave their tabs open. They're like, your page has been open for a week straight and it's running slow. I'm like, I don't know. Fucking hit refresh.
Host 2 1:02:53
We didn't test that thing from memory leaks.
Host 1 1:02:56
Yeah, I'm like, that's on you.
Host 1 1:03:00
Stop running Chrome.
Host 1 1:03:02
Yeah, stop running Chrome like it's using 300 Meg's of RAM I'm like I don't know open up a new tab close the old one don't complain I like I do 40 bits like I don't care
Host 1 1:03:18
So yeah. Oh, it looks like some people have submitted some more flags while we've been talking here. Voice to view guilt shots vital rinse refer mower pair.
Host 2 1:03:29
We can use your flag site as a as a random password generator.
Host 1 1:03:35
The most there's not a lot of entropy there. My a lot of my flags on my prototype. The first two words half the time were amigo frogs I love those.
Host 1 1:03:51
You know, since we're on the topic of of, of software and firmware, one of the really cool like hardware mods I saw to the badge. And when you think about it's, it's not too difficult of a feat to pull off. But it's still pretty impressive. And I'm happy that someone did this. I'm like stalling because I'm trying to look up their name right now. But basically, because you're able to play through serial. I'm trying to give you a conceptual conceptualization of how the CTF starts. And it kind of looks like an overview map if you've ever played like a game called Z Z T. Or it's like the little ASCII happy face and you're walking around in a world kind of reminds you of like Zelda, like original Legend of Zelda. It forces you to grind like you don't know where any challenges or items are. So you have to move one space type look, move another space type look, hopefully you find some. They use some clever Python scripts to take a Dance Dance Revolution pad and connect it to their computer and map the serial commands. W A S and D and send the logo Are cereal. So they're like hitting the DDR pad with like look mapped in the corner is like walking around and I'm like, that's just frickin cool.
Host 1 1:05:07
So here's somebody who spent five hours making a tool to save himself one hour of grinding on the badge.
Host 1 1:05:15
That's what good engineers do. Yes, exactly.
Host 1 1:05:20
You know, you know, I have to admit, the day I got the badge, I pull it out, and I fired it up. I'm like, Oh, this is great. And then I saw that map. And I start walking around the map. And I'm like, oh, geez, really? Like, this is what they're gonna have me do.
Host 1 1:05:35
Yeah, it's a maze. I wish I had time to randomly generate the maze. But yeah, you have to go wander around a maze and grind and find everything first. And I
Host 1 1:05:47
Grind is the right word for sure. Because like, there's zero handholding there's zero. Anything other than like, you just know, you have to move a space and then attempt to do something every space.
Host 1 1:06:00
Yep. So if you make it past the grind, then you find all the challenges and then you can focus on solving the challenges. Yeah. I like to stress people out. I even I took the effort to make sure that the edges of the map because like, you know, you hit the edge of the map and it pans up, kind of like you clip the edge of the screen. I made sure to put May's borders on the edge of the map. So you're like, Why the hell can I go up and you're like, Okay, hit left, try up. Okay, I can't hit left, try off and eventually find a hole. Because there's
Host 1 1:06:36
Like, you know, it was funny, because just earlier in this podcast, I was playing the maze. And it was it was moved one step try move one step. It was it. Yeah, that was fun.
Host 1 1:06:50
I we spent nine months figuring out how we control people for a couple weeks and just frustrated. Hell, I was even surprised that half of those challenges we call them like lols quizzes. We just pick sensitive topics of debate like pineapple on pizza. Red team versus blue team Linux versus Windows versus OSX.
Host 1 1:07:13
Emacs versus Vim. Yeah.
Host 1 1:07:16
I mean, because VIM is the right answer, right. But we were giving people five points if it gets if they get it, right. Negative 10 points if they get it wrong. And people are just hopping on Slack like what the hell, you're wrong. Rah, rah, rah, rah rah Adam? Like, I don't care. It was we it's our game. We're right. You're wrong. It's just fun trolling people. I think it makes it wonderful.
Host 2 1:07:45
I do have one thing to say about the badge. Screen is incorrect. There isn't much. So on it says, Oh, it says I like in and out on it. Which is incorrect.
Host 1 1:08:00
It's forever, forever inscribed on hundreds of badges that people are going to cherish for decades. Yes, that Parker likes in and out more than whatever.
Host 2 1:08:12
Yeah, unfortunately, I did not catch that in my design review.
Host 1 1:08:15
It also, it also says that Macker Feb rocks. So
Host 1 1:08:19
That one I lead through God, so many mistakes on one, but
Host 1 1:08:26
We make it a point to print very heartfelt messages on the PCB so that people the fab could see it.
Host 2 1:08:35
People actually really enjoy it the fab building these things because they all the little tips and tricks. thing is you put crap foam. So no one knew who that was at the fab.
Host 1 1:08:47
But every time I send boards into the FAB, I embed messages in copper on the inner layers of the board, just so whoever is the one person who does design review, they might catch what I have to say,
Host 1 1:09:00
Actually one year I put things underneath the screens. Because we had met Liz and some of the other folks that actually worked on the we would we knew would end up working on the final product underneath the screens and such like hey, thanks. You know, you were awesome. Like, you know, specific names people we had met. Yeah, that's a lot of fun to do. This year is easy, because it's all enclosed in an acrylic case. So we had plenty of room to play with and hide little easter eggs.
Host 1 1:09:33
There's a lot there's a lot of fun that can be had in just the PCB design. Last summer, was it it was a year ago. Yeah, it was a year ago Parker came up to Colorado and hung out. And we discussed a game that we've been talking about making for a long time, and a handful of like fun hardware hacks that reference the game itself that are all embedded somehow in the PCB and it's Just like there's, there's a lot of cool things you can do that involve the hardware itself. Referencing the software. I
Host 1 1:10:07
Love it on our, on our Trevor or little Trevor cockroach badger. We've done a couple years now. He's had a thermistor on his leg. So you had to put his leg in ice water to cool him off. And the number of people that freaked out putting a PCB in water. And ice water. Fishes did not want to do it.
Host 1 1:10:29
You wouldn't think that would be a problem. Like after a while you're like, Yeah, you can dip that in water and they're like, it's gonna I'm like, what you think it's gonna blow up? Like, it's fine. Just
Host 1 1:10:39
It has a double A on it. You're fine.
Host 1 1:10:40
I know that it was a CR 2032. I'm like,
Host 1 1:10:44
Oh, it was just a coin seller. I'm like, okay, yeah, you're fine. But yeah, people want the whole thing in the piece in the water, you're fine. But
Host 1 1:10:51
You can find like circles of people like, I don't know if if are you willing to sacrifice yours? And I'm like, just you could pour water on it and then wash it off with alcohol. It's fine. There's that like, imagination that like sparks are gonna fly everywhere and smoke comes up. And
Host 1 1:11:11
That's what movies have trained people for decades, though. Yeah.
Host 1 1:11:16
For all the firmware, you guys are talking about your shirt, you're starting to sound like hardware guys now. Just put some alcohol on it, you'll be fine. means actually, that's also that's also firmware development. Just put some alcohol in them. They'll be fun.
Host 1 1:11:32
You know, related from working on hardware, I was so prepared for this COVID lockdown, because like you're going to need masks and protective wear and gloves. And you're going to need like high percentage isopropyl alcohol. And I'm like, You mean what I used to clean off all the stuff that I saw her and work in my bathroom.
Host 1 1:11:55
Ready to go? Do you bet engineers are introverts and we're just gonna stay at home anyway.
Host 1 1:12:02
Host 2 1:12:06
The N word got anyone else to talk about?
Host 1 1:12:12
The last one, we did it to release a patch. One of the nice yeah,
Host 1 1:12:16
You mentioned that earlier. Yeah,
Host 1 1:12:18
We found some one of the symbols didn't patch. We did manual scrubs the word list several times. We ran it through tools. It missed a pretty egregious word. And so we decided, hey, we know we're gonna we had to release a patch. That means putting unencrypted firmware out in the real world. Or hackers are going to do things with it. They did. But I think it was important just to get it out there and get it fixed. It was really easy fix. Cool thing though, was using STM 32. It has its own bootloader baked into the ROM. And so and we had already gotten all the the Gosh, what is it the I forget the two pins yet to toggle while you reset. But we've actually had that all worked out actually running from software. So it's a simple command, you can type into our terminal and go into DFU mode pop up as a device in DFU. util and things just worked. And were able to push the patch out, excuse me relatively easily that way. A lot of people are able to patch it. If that word were to show up in a flag because he had an older version of firmware, the scoreboard would reject it. It was just our way of getting out in front of a problem as quick as we could. So,
Host 1 1:13:32
You know, related to that patch, something that we experience that is like hardware firmware software related, which I don't use a Mac like I don't have OSX none of us do. We all run Linux couple Windows boxes I was not aware of some people are probably gonna attack me on this, the lack of support Apple has for hardware outside their ecosystem. Because I had a lot of people telling me, I can't let's
Host 1 1:14:05
Hardware outside the Apple ecosystem. I don't even know what that is. First People were selling an
Host 1 1:14:09
IPad I they're like, I can't
Host 1 1:14:11
Do this on cereal. And I'm like, I mean, under the hood. You know, OSX is a version of Linux. I'm like it should work. And it wasn't working. And like we can't run DFU util and we finally got them running a virtual machine. And I started doing my own research and I start finding hundreds and hundreds of like angry posts about my Arduino Uno won't work on OSX Catalina and when they went to 64 bit OSX they killed all 32 bit and lower drivers support unless it natively comes with their stuff. And I just could not believe like, you know, let's say you're getting into hardware and you want to like prototype on an Arduino you know all the way up to like, hey, we have a custom badge with an STM 32 If you don't have something with drivers that are 64 bit and signed and officially in their ecosystem. It doesn't even work on like, a modern version of OSX without going under the hood and gutting it and installing third party sources and stuff. And so long as you're telling
Host 1 1:15:17
Me that that that Apple completely dropped support for tons of their people what? That never happened.
Host 2 1:15:24
No, Blitz, you got it wrong. You said the buying igino Oh, yeah,
Host 1 1:15:29
For a couple more $1,000 The newest Duino.
Host 1 1:15:33
So what do you really think? And I get it from a business decision like, Hey, are we going to support people that buy open source that don't buy and spend money on nothing on free open source stuff, but I guess at the at the higher layers where people are just programming websites stuff and whatnot, they don't really care. But I was just blown away that something as simple as like an Arduino Uno or even like an STM 32 poppin on serial like, you could not get it working on OSX Catalina without launching a virtual machine of like a boon to and piping it through to the VM to work.
Host 2 1:16:11
So, Blitz, I did look up there, isn't it? We know. And it's made by of course, by G. Tech. Weiwei does it? Does it have a white PCB? Unfortunately, no. Does not Oh, come on. But it's, it's a brand is BJ e power?
Host 1 1:16:34
So I don't know I wanted to bring that up. Because I don't know how like, it's not very often I don't run into people who like write embedded, you know, develop embedded systems on a Mac. But it's usually Linux or Windows that people use to work on embedded systems. And now that I ran across this, and I'm like, How deep is that in the community? Like I don't normally because you don't see like keel or Atmel type IDs or VS code running in there, but my VS code runs on OSX. But yeah, I'm just surprised. I'm like, wow, if you want to get into hardware or digital systems, embedded systems OSX may not be the platform or path you take. Go with Linux or Windows. I never thought I'd hear myself saying go with Windows
Host 2 1:17:26
Think with that dead air. I think we've come to the end of this podcast.
Host 1 1:17:29
It sounds like I'll start talking about the Star Wars Christmas Special. Again,
Host 2 1:17:37
So yeah, well, we'll have to when does that come out? Hi, Ron.
Host 1 1:17:40
I'm guessing around Christmas.
Host 2 1:17:43
If it does, that is what we like about this year's me
Host 1 1:17:47
Holiday holiday special.
Host 1 1:17:50
Host 1 1:17:51
I wait Hang on before we go I'm looking this up just to see when when this might actually come out.
Host 2 1:17:59
If it is this holiday season, that is what this year's because we don't have a real Star Wars movie to talk about.
Host 1 1:18:05
You know, maybe it's maybe more directly after religion just or maybe we watch it live that'd even be fun.
Host 1 1:18:16
Oh, watch it and talk about it.
Host 1 1:18:18
Like MST three kid? That would be so crazy. I'm down. If I'm not Damn, that would be fun to make that word. Did you find I'm not bad. I like did you did you find the link on the Star Wars website? They have all the Lego guys and girls
Host 2 1:18:35
Will have to do that. That will be not to be this year Star Wars podcast is we'll have to be like at the gong plus Pearl a on Disney plus. Whateley
Host 1 1:18:49
Oh, November 17.
Host 2 1:18:51
We'll be out for a whole year. Not a whole year whole month before we get to do our episode.
Host 1 1:18:57
Oh, perfect. We can watch it like eight times.
Host 2 1:19:00
Scrub. I'm going to be 10 times and Netflix
Host 1 1:19:03
Is going to suck in a year. They're not recording anything. Just think about that.
Host 2 1:19:10
When Netflix isn't recording anything?
Host 1 1:19:12
Well, no, they're just not gonna be making any movies or any shows. Or they haven't. Yeah, like right now Star Wars
Host 1 1:19:19
Are watching on TV and streaming. That's all their past six months. We're gonna hit this dry spell like 2008 when they went on the writers strike and
Host 1 1:19:28
LEGO Star Wars Christmas special for the win.
Host 1 1:19:31
Yeah, for next year. Infinite repeat.
Host 1 1:19:34
I'm just gonna watch Battlestar Galactica again, and I'll deal with that.
Host 2 1:19:40
Alright, let's wrap this thing up.
Host 1 1:19:41
See I made a tangent happen. You're like we're gonna close out the show. I'm like Christmas Special. Holiday Special.
Host 1 1:19:49
Well, with that, would you guys like to sign us out?
Host 2 1:19:53
Oh hon, where can people find y'all?
Host 1 1:19:56
And an xr.com and a nd And XLR on Twitter. So we weren't active on Twitter quite a bit lot more than we update our website.
Host 1 1:20:08
And then what was your flag website one more time just in case people want to go check it out. Yeah,
Host 1 1:20:11
Our scoreboard Never Gonna Give You Up. Never gonna let you down.com It really rolls off.
Host 1 1:20:17
No idea where that's fro
Host 2 1:20:19
Some ancient meme from back in the day.
Host 1 1:20:22
Yeah. Kids just want to understand that these days. All right, so you want to close it out? Close it out. All right. That was the macro fab engineering podcast we were your guest is AP. And Hi Ron.
Host 1 1:20:35
And we were your host, Mark Newman.
Host 1 1:20:42
Host 1 1:20:44
Host 1 1:20:45
Later, take it easy.
Transcribed by https://otter.ai