Hardware Hacking, We Need To Go Deeper

good morning class hello thank you for thank you thank you for coming here I produced people speaking in these guys nice to see you I've been here last year and I wasn't expecting I see that we'll be talking next year so it's been a ride for me so what is this talk about first of all this is meadow meadow is working in hardware security and she was she likes to talk about herself in third person and she works against criminals mostly right that'll do it so I don't only guest I don't what the dance trackers I won't against criminals and so there is and the the q7r and outside is grabbing of Jesus Cuba and this talk originally

he was supposed to be just my ranting about how we need to go deeper in had where it had were hacking but as I was doing this I got too much content Oh one-hour talk so I decided to make it a training so what's gonna happen here I will just give you our brief overview of deep level Harbor happen and in the background there will be a training behind this it will land on github some point next few weeks so you'll be able to follow I will make learning path of if you can follow this path and build this this this thing you hear and learn all the little things that are happening between the keyboard and the the hosts

are the be seen at the keyboard is connected to and land the protocols let you learn to how to analyze them and then have to break them so there will be some talking and hopefully if everything works there'll be some demos as well and yeah as I said moment ago you don't have to take notes because everything I'm saying here mold it will be available online in the future so what brought me here several questions problems were happening on Twitter or empathic world in general and I was thinking that I should I should really like have one place to answer at least several of those questions because I cannot solve every problem but maybe some of them I

can actually try to strain your map one of them is people are talking about buying powers to fee to two USB adapter and connecting them to are doing or as well if I like that's not - that's and no one is connecting them if you were just following and then and then they're all happy about that we do it's not anyone's fault that if they don't know about this but this people are repeating this this this disguise over it just became truth and that's not exactly true and the other thing I was asked this question a lot actually someone who has very experienced hacker they asked me what what voltage does SPI Ronald SBI's do one of these serial protocols I was

like it's not the right question because actually there is no voltage on SPI is like it's much more complicated right but obviously for someone who's not a hardware hacker he's a legitimate question how do i what porches do i used to connect usb on right sorry and that third one asks I was asked this question by one of one of P so this question many times I'm being asked how to be a hard worker right I like what you do I like that you do they have how do P I have I have - what do I do to be I hard what happened was like this but this is this is not a right to recover that one - no because I

if I if I tell someone just stole a dude's captive just go and not build stop because there's so many things that can do so I was thinking how will make something for you right I will design the ball then follow you can you can build together there with me for it with me tagging you and if you do this you can follow my steps if you build this up you okay I don't know it right there will be this maybe one of your starting point into I'm happy it's intimidating alright and it is scan and this is what most people do they start have a hacking they try to do something they get intimidated by the lack of knowledge or

something else or like this is mostly it is intimidating it will be intimidating I'm being intubated at work at work because it's just a matter of level that you are like I encounter something and I'm not thinking like I really should know this I will do this we is I said we should know this I don't like a sack up my world and this is not true I mean I hope so it's normal because there are so many things that you need to know about and it's not to be intimidated by not knowing anything it's just what I'm trying to say here is that no matter the level you are you always still be always something that's

that's intimidating right so you don't have to be afraid and you don't have to be intimidated so how the haka is just some other skills alright so this happened at some con last week week ago there at the conference in in in DC and and I say went and then started not started they were just posting ads for jobs and an NSA people are taking pictures of this saying like all I say is probably ever be hacking us like that it's a good play on the no variability not gonna Billy but threat vector when you connect our phone to UM no charge or someone has your phone I mean it's not that simple anymore but this is this is

what they did and if you weren't just taking pictures like oh and I say nice and I was like that's just go and check right I mean taking pictures no if you had Oaxaca if you're curious you just go there connect something those charges and check if it's really something malicious or not all right and honestly if you if you build this stuff you will know how all right so it's not it's not that much complicated but if you're curious enough if you see something like this I want to I want to find out what it is you are already heard will happen right and the rest is just the knowledge that you have to gain

on your way so yes it's intimidating it is scary if you're curious if you if you see something this this NSI stunt and go to hack it go to find out what it is so idea how that happened so there are several ways to do hardware hacking to go and you have a hacking and one of them this is this is I read a book right with a heavy fake book and it's to some extent is good because the way I've been taught many years ago assembly language for example we were doing assembly language of paper so we're writing stuff on paper it wasn't like you type something in you compile it or just one

and see what the errors are go back correct Wow you have to learn how to code before we actually go and get a chance to do something about the actual machine right so you learn how to respect the resources you learn how to correct your typos before you actually start to type something all right this is one approach that we are angry at why having we why aren't we doing this other computers on some computers and but 20 is like there I think that that was a very good thing so reading a book is one approach but we don't have time for this this is like 600 pages and it's I mean it's fascinating for me but it's quite

boring we want to do something interesting and well in our lives so path 2 is obviously business online so build something together it's fine sometimes it doesn't work and you need to know why it doesn't work right because you cannot just go to circle the globe and copy it basic code because it's not carved you have to build it and this knowledge in this book helps so don't obviously don't spend your life 5 years 5 years of your life learning the stuff and then start to do stuff but be aware that those books those even those even though they are heavy and in somewhat intimidating there are friends all right so you probably will need to

do some reading and do some recent enough of this talking but that's not actually true because I will be talking for a while sorry so here's a keyboard and this is not what I planned for today because I forgot to take the keyboard that I wanted so so I bought a keyboard on my way here and this is not the keyboard that very good for this example because it's about wire and wireless one so the the one that I have for the training is actually a wild one and this keyboard just has a very small receiver alright so this is not only a keyboard or a wireless well I don't know what's gonna happen if it's gonna work for my demo so

maybe maybe it's gonna work or maybe we have to stop life debug session but the the the the keyboard that I have for prepared for the training is doing something maybe is doing something magical is not but it's wild keep my quiet USB USB human so why a keyboard because they're not simple but they are one of the simplest devices that another website so because this impress a key then I get to informations going back and forth one that you pass the key you want you to release that you so there's a small amount of data going back and forth so it's sort of easy to analyze it all right because you're not being over

overlaid with of this packets flowing back and forth so that's one reason for me picking a keyboard I did it as a demo for this as a tool for this for this demo and key possibly even plus a very favorite my favorite everyone's favorite hacking tools because that's who they're two angles to that one of them is probably know about rubber ducky which is basically what you do is you take a USB keyboard and you pack it up in a very small package probably the size of this and then you program the keys to press all right so imagine yourself being in front of a load in machine you have a keyboard but you don't have a screen all right so you

type something and something happens so this is this is a very nice thing to do and I'm not doing penetration testing but I know that this this method is usually out of scope because it's so evil that companies don't really want to take this into death coordinate so that's one thing the other thing and this is what this is very scary actually the other thing about USB keyboards is similar similar vector is that you have Evo made in your corporate environment so you have your Nokia office you have a keyboards normal use the t-bolt they all look the same what you do if you put something inside your keyboard right and you swap it someone comes in they do their work the

keyboard wants us as it should it's not loving the keys because that's that simple all right come in the keys is no easy thing to do one of my favorite thing is that when the keyboard when the user logs out of the windows I press windows Cannell right the placement of them and they go up what this keyboard is doing for example it's not like I mean no one ever done that obviously the keyboard intercepts the windows out a shortcut and before it sends Windows L it does something else right in the background and then in sense and because people when they are working for to go to the toilet or get a coffee they just press those two tees and leave

and don't look at the screens so something happens before the lock screen appears all right and there's something is how you own a machine all right so the evil might copy the environment someone comes in to pee in the office they swap out if you match and it's like very scary actually so assuming that we have a keyboard that does something evil and this is not hundred percent accurate example because when you have a when you have a good criminal working with this with this vector then you will not let you know that this being that this is happening I don't mean only hackers with big egos they always want to leave the marks behind all right so on is good you

probably never know that the keyboard is evil and that's that's the problem with it because it's very hard to detect but for therefore the training for the learning purposes we just assume that the keyboard is the keyboard is you and we know keys are doing press will to a nicety what you see what's happening up see we don't want to connect the keyboard to the to the PC directly because you don't want to get hurt again so we need something to filter the data and to understand the data so a beta we are talking of what's on the bottom device was on the keyboard and how to how to how do we how can we see what's

in there nowadays luckily everything 0 now I don't want to bother you with history because that I'm taking a few hours but in the olden days staff was parallel which means a bits were being sent over eight lines nowadays is just one bit after one bit on one wire or two wires when it's bi-directional what I'm where I'm going this is that it's quite simple to capture the data and this is a this is the way our personal problems some making a problem absurd or very abstract so that I can I can work from obstruct solution to our problem is something that's feasible in this case because this is data is on one wire ones

and zeros so if I had a multimeter which mine is voltage zero is low voltage while is hi Bob so if I attach my D mm the meter to the wire and measured the voltage I could just get those ones and zeros write them down right one after the other and then if I enough time and type I could just put them together and understand what the protocol is how it's how its and what the data is and because the most of the protocols unless they are encrypted even if I encrypted you can usually get some information from the encrypted data it's out there right the only thing that's stopping here some understand what's happening on the one is our time and the

effort put into the unders into the into doing some reason all right as I said all the protocols are described somewhere on the internet and they usually free for us to get them so obviously nowadays you have a scenes to do that for us we don't have to write anything down and one of the machine is the oscilloscope now if I go like I cannot buy an oscilloscope I cannot be have at our hacker that's not exactly true but what I want to say here today amongst other things that if you have an opportunity like a hacker space and make a space because they usually have those staff available for you to play with going

them like this is really important because when you have a hacker challengers work for example you can buy a black hacker black box that does the job for you but when you have real challenges with will say criminals they don't usually do stuff as you would expect them right and have to go to the deeper levels you have to be able to understand how the data flows back and forth on the lowest levels that's why if you get this opportunity you definitely need to learn how to how to operate this this type of machine so what an oscilloscope is doing and may be able to do this here so that's Keith measures voltage against time so what it does work so it probably

won't be on the video that's fine but you will see it and I will explain later and then come together it draws a line will scream right like this this is your time base this is that the speed of the dog is constant on the X and so the time controls the the x-axis and the voltage controls the y-axis so as the voltage changes goes up down up and down up and down and this if you do it fast enough you don't get a dot you get a line and they look something like this this is that the old school source code the slower that the dot moves the brighter the the the line is so you see

when it moves horizontally it's bright because it's moving slowly then it drops very quickly to the bottom that's why you cannot you almost cannot see the line because it's so fast alright so this is the the principle behind the oscilloscope measures voltage against time and the that was a simple that's not simple those knobs and switches they are again intimidating unfortunately but I mean those are the types of devices that I started my my time learning about hardware it takes a while to get on to understand what's happening there and the but again if you get a chance because it takes it takes a while as I said to understand them I get the chance I understand how

to operate this device you will be able to operate any modern oscilloscope because the principles are still decide so if you start with something difficult and then you move to the usb one which I have here you will be able to use them and utilize all the features that they have if you start from this and then you go to our job that has top oscilloscope proper the Altos to the Scopes if you like so and the the biggest not on there is that the stickers I have for you today that falling out some whatever be available some ways maybe inspired by the biggest note that this is the time-base know this is how you

define how you control the speed of the doctor the horizontal line is the biggest one because it's the most most important wonder if you work well scope this is the most important one that's used nowadays that simpler ones they don't have those knobs they don't have that nice being screen they are obviously better because the taken forward but the eternal does sexy and and we have USB ones which is the the ones I have here this is the picker scope and this is the same thing one just they are good but they are not as well as the as the the standard on one has the price one of them this is the side is more digital this one is more an

ERG either both of them have the problems for me someone who learn to work the proper service copes it takes a lot of deep breaths and counting to 10 to use them because there they have the problems but they work right they I will show you how they work in a bit and they also logic analyzers so for example if you're doing do is be only in your life by a logic analyzer because USB the current USB USB to high-speed is close to 500 megabits and they use be free is I think five gigabits so standalone oscilloscope to analyze it because you liked seven 100 thousand pounds alright so but the energy analyzer for that is much much more

affordable so there also note you can horizon and honestly the thing you want it's basically a logic analyzer that has some another capability but yeah this is just a hello Jacana is not really our oscilloscope do you mean one no you don't need my but it will be good if you learn how to use it at some point as I said you may or you will encounter something that no hacker box black hockey box that you buy a line or thirty quid we'll analyze and you will have to be use you have to use the the old type oscilloscope DoD did standalone title sort of scope and again if you had a practice if you take this

bolt or some other boat go to a hacker will make a space they have an oscilloscope you play with it then you you have this advantage of actually being able to understand how it how it works so let's connect it up and I'm try hi Seth I bought this USB keyboard the wireless key with yesterday sir I don't know if it's gonna work but I see yes that's deep breaths shouting to turn it's it's not the best thing out there right so this looks like it actually is connected okay so what I'm going to do the other important thing that you will if you get the chance to learn about the scopes the trigger the trigger is when you start to

measure up measure of and that Sadie doesn't support drive you which for me for so much work the source code is like it's good but you have to start the measurement or something so what I'm gonna do here is I have a trigger that takes the sentiment wow it actually knows something so okay so I said I will show you our low speed USB but this is actually a high speed USB so if I change the settings here I should high speed with full speed ah there we go so when you look at it at the lowest levels of USB hardware this is how it looks it's just ones and zeroes I mean it's it's a bit more complicated with USB

because you must be for us as and use that USB is very simple because we planted in it works on the on the back end is quite complicated because stumble to make something defender usually have to attempt to show through many hoops but what we have here is just the glance and zero of that flow on the USB and what I want to show you here if I can find it I presume to what type of what types of things you can find if you are trying to analyze the the protocol so for example the way USB works when is when is first connected it you can connect up 220 27 devices to a USB bus

each of them guess it's an address assigned at some point by default they are they answer to the address of 0 and the host just like we see here is assigning the D address and what I am looking for at the moment is a packet set of packet that will assign the address we're not waste too much time for this ah there we go so this is the packet that is assigning G in the address I know because the second byte on the packet is four five in hexa doesn't matter this deal of sixteen and the address is 12 in hex and if we go lower so much further down the road you see that the the packets are being sent to

address 12 so I mean this doesn't get you much data but you can get if you have a scope or logic analyzer even the cheapest one you will be able to understand how the USB works on the relatives and you'll be able to design a thing that you can connect to a NSA charger but account all right and my training will provide you this information so you don't have to have an oscilloscope to actually to work on this because I will explain what this hold is no sense is but this is how this is how it works and these decide II is gonna go about this but Sadie has some problem with some issues because you cannot export

the data as you want and and honestly sometimes it just just as fast anyway so this is how USB looked on the on the on the lowest levels if I go further I will show you something more interesting if this goes well we have seen you have been at low speed but the full speed so given you with you with limited number of particles because there's like 20 the most common ones but usually one have a few of them so we'll just be as we've seen before USB like it is not being used for inside hardware communications this SPI which is a nice Percy which are being used to talk with routing devices inside are

larger so we have a route for example have a CPU has a CPU and as a memory day there's a good chance the communications between the the CPU and the memory is over SPL and you don't have others to future all right Mike know that there's no wires to feature anymore so yeah SPI speci between components and UART is the the the protocol that used to communicate to the outside so if you hack your route air box doesn't zero also that you connect your you are to s be adapter and this is what you use the the UART is the protocol used to complete to the absol world and you try and you will note that USB inside you

don't get up USB inside the device because it's really pain to set it up because like I said it's easy for us as an end user so it's very difficult on the of the on the inside but then again I had before if you get an enemy a clear we know that but that wants to mess up your life they will just do that alright so we need to connect the key word to something and high-level overview of USB is that USB is a USB device can be there a host or a peripheral alright and that they there's also USB on-the-go which allows the device to be configured either as a peripheral as as a whole so

for example your phone when they'll connect it to your PC there is a peripheral but you connect our USB cable to your pound and this our host so we look for USB hubs right and we look for us behold breakout PCB and we find this thingy and this thingy it says this is an additive machine but we don't know to go too easy on this because we want to learn how this thing works and honestly if you put that on another network because this is so the other thing I want to talk about is data because people who get intimidated by death issues and I'm getting intimidated by that because there are sometimes so awful

like I'm if I'm designing something and I want to find the device I'm looking at datasheet it's it just crap I will just move away and take a lot because sometimes it makes you feel like the manufacturers want you want you to hate the device like it's it's just awful and other than that obviously we are still using the two column layout of documents like we're printing anything but we have two columns and when you scrub have to scroll here yes they make you angry and but you all the information that you need is that all right so if you take deep breaths if you come to ten all the information that you need to work on the device is

there so if you find the data sheet that you cannot understand and it is written in some strange language it's not you is that right it's their fault because that's what they do and if we if we design with something obviously with a mobile iphone for this device if you're not having something you have to use what we have so there the other thing I want to tell you about don't trust what it says on the label it says this is yours because that when you feel it's not what it is in fact this this device here that I had a picture month ago is a a breakout PCB for a controller max feet 2 3 4 2 1

which is the USB controller and it's this this PCB doesn't do anything it just has that the controller on it that has all the parts connected to stuff right so yeah it's not an Arduino she I mean it may be used as one but effectively it's just a control on a PCB and it can also be used as a powerful which the manufacturer of the DCP never told you and from the datasheet we learned that this dis control talks over SPI Sony something speaking SPI and the best bet is how do we know because I know you know speaks as peer out of the box and the word about out there you know for me is that is a good platform

to them once you learn how to use how to change states on pins how to control stuff over without Reno move away from it how to be nervous and really not our classroom to build stuff that well that are supposed to be using production because Arduino code makes you use makes you write bad code that's all there is right you will learn and then you move to something that's that's not our do you know and you'll be completely lost right so once you start once you get the grasp of are doing of how it works who - like then but don't use it you know for for something that has to be manufactured right don't use it as a

production gun so we collect you know what and it doesn't work right and it doesn't work because this is what hardware hacking is so the first job with this this this this PCB is that is it because as you might know maybe you know the USB is a 5 volt pass which means the devices are being powered by 5 volts USB now the max faithful to one device that the chip that's on this BCPs 3.3 volts so someone who designed this PCB they protected the 5 volt pin of the USB to 3.3 pin on the max right because Wow right and the I found this is a clone or a spin-off or something so she beat Apple designed

eight years ago and the original author maybe it wasn't original said that yes I checked it doesn't work USB doesn't work with people he votes I checked with keyboards they don't work I checked with my state of the world but he is a PCB right you know private why are you doing this so that's the first trap you can make filo wrap and you don't have a PCB of a break above because it just blows up second trap and the question that I had that I talked to you about though what Dantas does the STI realm you read because the SBI doesn't define the voltage all right did the despi runs on something called system voltage so for

example if you are MCU CPU runs on five pounds SPE will be 5 volts if it can be frequently 1.2 1.6 whatever so there isn't a straight answer to the question of what voltage does SPI random usually you just have to go somewhere else we'll have to look at the PCB and find out what the system voltage of the PCB it is another case it tries on a different pocket right because I'll do you know is 5 volts our SPI on our device on the USB host is few puffy you connect them together and you don't have a PCB yeah right so that's the second loss because once you put 5 volt SPI signal into 3.3 volt divided

just third trap press bi is a full duplex which means you can send data at the same time in both ways so it's sending and receiving this is the definition of the toko Maxim was designed that the the manufacturer of the end of the chip hacked it a bit and maybe I have to place so you send and then we see and from that perspective it was a very nice idea because they design a design device to be used in small devices so into a small to be as small as possible way they hacked it they use one line of the SPI the bus as a bi-directional one so you send the command and then the device is switching

as I took the other direction on the same line you get the information back but obviously I do you know it's not supporting that because why would it so you connected it up in doesn't work because this is half duplex and I spent a moment to understand what's actually happening because this is not sharp of someone who's experienced that I I know how history works I don't have to read that the nine line it says in the manual this is half duplex I didn't really spend too much time on the datasheet so me away to understand why it doesn't work it doesn't work because it's a trap and by default you can swap switch it

this device still full duplex but by default when you power it up it comes up last half - so yeah just careful what you reading and this is the best one when you look at the bottom of the PCB the bottom the bottom the bottom right you have four pins this is a describer this is master out slain in master in slave out crock and SS which is slave select to see the four lines that using the SPI what it actually is this is from left right this is croc master in slave out master out sleep in a slave select why because this is happy hacking right by something it says that what isn't true so again it

took me a while to understand why this thing doesn't work and should work it is connected it doesn't work well it doesn't work because someone made a mistake so don't have the chops that you have on them when you do a hardware hacking and coming back to my slides for my moment ago about things being intimidating this is intimidating right because you know that it should work it's all connect setup it's all proper but it still doesn't work and this what it is it's just normal right so try not to be too intimidated by those things because they are normal and natural and the manufacturers are usually don't want us to get you so we draw out some balls

and after the jostle bolts buy another one it eventually starts to work hopefully and this is what I will try to show you

[Music] I forgot to tell you a couple of sides before when I was talking about the SPI voltage there's our arm how you deal with the different voltages on the SPI you have a magic thing called SPI not SPI just level converter it's best described what it does is best described as magic and is explained in this book so if you really want to find out how it works it's you know go through this book and at some point I will explain note that on the training how it works but that's how we'll deal with this right so someone have this problem before us and they just design and voltage level come by this frequency on one side fivefold

on the other side you couldn't them together and the magic happens and it just works good nap I had to remove some slides from the from the presentation because it was wrong and what I wanted to tell you about what you need to start to build your app there was several minutes about talking about this one of the things that you need to get is the think of breadboard which is this thing that you have that you have here which is basically something that lets you get away without soldering stuff right so because you connect you put things on it you connect so wise you put some wires in and it just works but what I wanted to tell you on the other

slide that that's nots not there is that it's again as Arduino it's not something that should be used it using the product you use it to learn or you use it to debug stuff but you may use it for and the actual products and I will show you hopefully why is that what not actually works no there's something wrong here

actually there is something wrong here but okay this is actually okay so that the breadboard it shouldn't be used in an actual product because people sometimes do like those robots and stuff when you put stuff together on a breadboard connected ugly y'all happy it works it works by accident because sometimes it will stop working and you will not know why and I will show you why it for example why it would stop supporting this is actually something weird happening here that shouldn't be so the thing about breadboard because that's how we're happy you know sometimes so sure that you know what you're doing the thing about the breadboard is that it's doesn't provide you the good connection so sometimes you

will see something that's not really there because you have all those wires crossing each other and they are adding some signals to the to the protocol

[Music] it doesn't work as I wanted it to but basically what you have here on the lowest levels you have what the hell is going on here like I know that this they have to be something here I'm gonna just work you know totally set up what you see here is the the SBI communication so this is your clock on the SPI here you have data out from the from the from the master and should be here the red one and the data coming back from this life you should be here it's not actually what I wanted to see here and I'll confuse you bastards anyway so this is this is the other device that I have today that the

thickest copies it's much more complicated than that they say v1 because it's more analog one so you have more control over what you seeing at how you seeing it and what this thing it should be doing if it was working as I wanted it to maybe I need to change it would be showing you the data I'll show you the data now this is some nonsense it's not what I wanted to be doing so it will show you the data that's flowing on the SPI line which is quite convenient the thing that I wanted to show you on this on this on this trace on this this trace is that the the breadboard is introducing some signals that are not

either and those are those for example also do spikes here they are there because the line the cloak line is right here and the wires are too close to each other this is high frequency signal which means the is just jumping to the other wire right and this is because this is connected the way it is so sometimes you will get away with high frequency signals on a backward sometimes you or not and you will build something else a robot that's talking over spi to some devices on high frequency you connected it up it doesn't work it doesn't work because the breadboard shouldn't use those type of things and again if something doesn't work and you have access to our maker

space you can always go there and try to connect to a device like this and you for example see your spikes and then you know that there's something wrong actually right there and that the problem wasn't that you didn't know how to do it the problem was present new bread right yeah I am really depressed that that it's not doing what I wanted to do but we don't have time because you're almost out of time so but what it's doing basically this what is what this device is doing is just as Sayle dumping the data that is being sent because the data I'm sending from them from the Arduino to the SPI is right here I'm sending those this is what I'm

sending those bytes here and they don't they don't match it sometimes it's probably some interference somewhere and this is also like I was playing with it yesterday or the day before and they're checking if it was because it won't but because this is an open ball and this is our low low voltage signal on a high frequency the thing that can be interfering with that is for example the Wi-Fi here right oh this the projector because the projector has some high frequency stuff in it it may be interfering with this right this is not not how you measure high frequency signals this is just like to do this way so going back to my step out to talk

about and I might actually make it without going over time

[Music] so the last thing for today the the you want or the minus 2p2 so as to feature is a definition of how you want policy used to transport you at over that's what basically it is it takes part like fifty or sixty s before before today and the thing about hours to the two is using much higher voltages then accepted by the things like Arduino so if you cannot ask you to to your Arduino not only it's not gonna work it probably will blow up because that's what it is that's why when I see that people are buying USB to others to fit two adapters I'm think you are not buying cars to each other because you

may there are asked to veto adapters and the reason behind it is that the there's still a lot of devices that I use are stiffly to as a silicon so as a backup in network infrastructure especially so someone needed to design because we wanted to move away from using goes to between those big 8 pin polls on our disease FTDI was was very nice and designed the power stupid to to is be adapt that was we cool but the thing that they did was that nowadays there's a big confusion with the hours to be to and you are and those adapters the reason behind is that the last thing on my on my slide one is no trick hi zo

snotty blow unless otherwise the way I asked if it's worth him like 50 or 60 years ago you connected two terminals between them and you put the voltage on them so that the other side knew that the line is still still works right so the default rate was high voltage and the the active state our logic one was no vote friend so this is its opposite to what we expect so on the UART one is low and zero is hi and that's how most of the CPUs MCU is worked like they are doing a lot so if you look at the trace I may be able to show it maybe I will start showing while I'm talking the way it works is

that the the MCS are expecting the inverse logic so one is slow as you know is high what what's happening is you have many devices that you can buy that say they talk over you are right because why not and they talk about you want and when they are talking over you what they're using the normal human load equals zero is low and while it's high right and you connect them together they don't because I would say so this is because the I'm not entirely sure if this is 100% true so maybe don't quote me on this but I think you are thus at the most if you - is part of the standard so this is the

recommended standard from 50 or 60 or 70 years ago and the UART is not defined anywhere it just sort of happened which means anyone can take whatever the data whatever they want from it and just apply it to the product so I say you would buy say a GPS chip you want to connect to your Arduino and they took over you are and you have a you add on your Arduino you connect them together they will not work and you'll have no way of and you have no way of knowing this hat unless you search your Google or have a scope that to show you that the the lines are invest so that's another how to shop for you

signals are actually opposite to what you what you expect it's not doing and I said what I want you to do but it doesn't matter because I should be able to show you something of the love useful why aren't you see that's my as my problem with hardware because when I have a scope that's a standalone device all of this I would just power it up and it works you have those devices you connect them up and they just don't work so we try this again

so when you buy this is another thing that you have to get used to if you want to get into hardware hacker and there's a bit of and I don't want to rant about this too too long because this is not change anything but you buy those tools that you pay a lot of money for them and they just don't work because that's that's all there is that's that's the that's the hardware that you have today

right so in a moment you have to give up this is exactly though I'm gonna have to do that I spent six weeks trying to do it doesn't matter doesn't matter as I said that the whole thing would be would be on the table anyway and I really regret that because I wanted to show you how to calculate the the baud rate from this code I can tell you actually I may have a screenshot to show you this oh because I was expecting as someone who failed you may have a screen shoot I

have a screen shot but I don't have I don't have the lines here what I wanted to show you is that first of all that the UART is much slower than the SPI because you would expose CPI some Lane protocol like you are you are normally is hundred and fifteen 200 115 thousand and two hundred bits per second that's the top speed that you normally get so mad for my you were SPI you can get there's no limit you can easily get up to more 20 megabits right so it's just fine now laying small protocol that no one knows about actually it's quite fast so here you see D this is the SPI that we saw before this is how small it is

and this is the UART and this is just two bytes right you can see the how how fast SP is and SPI is not lame it's actually quite good what I wanted to show you here I will not show you that you can have calculate the baud rate from the from the scope so this device this the software has this and I think of ruler so you move the thing from the side and two rulers and you apply them to to the trace I can actually here and then on the top here it tells you how long that that how long that the palace is so how many calculate that the birth weight from from a trace you take the

shortest one under you what you think the shortest one and measure how long it is right and the that the birth weight is actually depends on whom you ask for either the exact the frequency of the signal or half of the frequency of the signal right so here if you have 20 megabits that 20 megahertz right frequency is the inverse o period so if we measure the shorter signal here if you measure the shortest signal he'll take the how long it is and on top of my head I think is about eight microseconds 8.5 microseconds divide one by eight microseconds you get the baud rate the thing that that the cool thing I wanted to show you is that we said the in the

software we said the speed of the unit the pole 215 and 200 and that's a lie because Arduino will have to let take this both rate and adjust it to assault and the clock in fact what it is is 170 and 664 something some right and when you connected when you connect it like this and just put the board way that you expect the peakers cold you'll get a target here right is instead of actual data but you have to measure the signal you have to measure the length that the length of the signal 1 divided by buzzes by this length and put this link put the result back into picoscope and get the actual date because it doesn't anyway so

this is this is now I lost my power point as well that's great this is basically shorter this is basically all I wanted to show you today and the last slide is

maybe users are peaceful yes you're

right so this is what I wanted to show you today I wanted to tell you that there's a training made that I'm making in the in the in the background that will be on line one my one of my recommendations is this heavy book this is we have absolutely everything you need to only electronic this is not the hardware hacking this is about the electronics right and it's something that I like to read in my past time because I wield like that I should know most of this not because that that's what I've been taught at school so this is one of my one of my accommodations the other one the other one is marks my

attorney whose organizer of this this fantastic event he's making us a book about hardware tools for pen testers write fantastically because he's actually talking about this this stuff what the protocols are have you bleep starving and I really recommend that for you and what else is here oh I'm also on the many has club you may know me from there so always happy to join it we also talk about that at the know and then so so yeah and take this knowledge take this this things and go home and play and build this stuff and hope that it doesn't break when you go and present it [Music] thank you very much