On “Hardware Hacking” Tools

I got to thinking this weekend – with the advent of one-click shopping, it’s incredibly easy to stack shiny tools which basically do the same thing… and then you always end up writing custom code to do something just slightly out of reach of existing tools.

Still, while it is convenient to have a variety of these tools available, it’s a good learning experience (and generally more productive) to write your own code to do something, once you’re done prototyping with a BusPirate or similar.

I want to provide some thoughts on the common tools available, as well as some unusual alternatives down the bottom. As always, the focus is actually hacking at the thing instead of what to type to make openocd work, so take the below with a appropriate serving of salt.

This post isn’t a dig at any of these tools. I respect the effort that has gone into their development and production. To each their own.

BusPirate

Price: $29.95 USD (Sparkfun)

The BusPirate is an FTDI USB controller attached to a PIC uC. Some custom firmware bit-bangs common protocols (it has to – it remaps the same GPIO’s depending on mode). Of note, the default flywire assembly (the test clips thingy) sucks: I’ve never used the BusPirate without a multimeter testing which test clip connects to which IO pin, every fucking time.

The firmware is pretty decent – my favourite feature is the ability to simply type in data to send via say, SPI: instead of writing code, you can simply use a menu-driven system to enter SPI mode, and type something like [0xFF 0x12 0x34] and it will send the bytes, and handle chip select (the angle brackets do this). An auxiliary pin you can manually toggle is always handy as well if you need to violate some specs.

Of note, the BusPirate has level shifting circuitry, allowing you to safely interface with a variety of targets.

GoodFET (Facedancer lol)

Price: $49.95 USD (Adafruit)

Just imagine the MAX3421 is a bunch of GPIO’s broken out.

The GoodFET (and it’s descendants) are based on an MSP430 controller, tied to an FTDI USB controller to handle host communications. The Facedancer ties the MSP430 to a MAX3421E USB controller (thus it’s role as USB swiss army knife). The MSP430 is loaded with a basic OS, and a number of “apps” baked into the firmware.

These “apps” communicate with things the MSP430 is attached to, sometimes containing logic, mostly a passthrough proxy. In the case of the Facedancer, the host sends data to the MSP430, which mostly passes them straight across to the MSP430 via it’s SPI interface, and grabs a reply. While not as easy to prototype on as the BusPirate, you can get this going in a few lines of Python and maybe a half-hour of reading datasheets.

The MSP430 is surprisingly pleasant to code for using free tools, and I managed to add some GPIO triggering without lightning the board, my laptop or my person on fire, and have it work the first try.

GreatFET

Price: $89 USD (Hak5)

The logical successor to the GoodFET, the GreatFET is implemented on a more up to date LPC core, with integrated USB capability, but otherwise offering the same general capability as the MSP430.

I don’t have one, so I haven’t played with the firmware – but if the GoodFET is any indication, the GreatFET should be just as excellent in terms of usability.

Shikra

Price: From $45 USD (int3.cc)

You may notice that the Shikra is a surprisingly bare-bones device. Infact, only one IC is present on the device, an FTDI USB controller. That’s right, the Shikra is a FTDI breakout board, except with less pins broken out.

This becomes more obvious as you read the Xipiter page for how to use the device. To use the Shikra to dump an SPI Flash rom, you use the following command.

flashrom -p ft2232_spi:type=232H -r spidump.bin

Reading through the documentation some more, a small EEPROM is also available for configuration data (VID/PID, descriptor strings, etc).

HydraBus

Price: $196 USD (Converted from Euro, Lab401)

The HydraBus is an STM32 devkit – in my opinion, this is a beefier BusPirate (with support for more protocols), minus the level shifters. The USB controller is again on-board. This also has an SD card for storing data, though it doesn’t seem that easy to actually interface say, SPI operations, to SD card (without some custom firmware).

Again, a menu-driven firmware system is used (similar to the buspirate), but the menu is much, much larger here.

I have one, but I haven’t played with it (primarily because there’s too many alternatives), but STMCube can generally help kick-start development with STM* family microcontrollers if you want to start from scratch.

For a more in-depth review, take a look at this.

These tools undoubtedly serve their purpose, and the last time I needed to pass an SPI command to a target IC, I reached for a buspirate instead of opening Atmel Studio (or insert tool of choice here), same as you.

Now, with that out of the way, let’s take a look at some alternative options…

FT2232 Mini Module

Price: $27 (Digikey)

Basically a Shikra, with more pins broken out. Anything you can do with the Shikra, you can do with this, and with less worry about damage to your USB connector because you can use a regular USB cable.

ATMega328p

Price: $less-than-a-coffee

Another alternative is to simply use a microcontroller – the ATMega328p is my go-to out of familiarity, particularly when you need a project to have a limited amount of smarts (e.g. “send this thing via SPI, check the results pass this ruleset, beep at me if it doesn’t, otherwise perform logic X, loop”).

With a $10 spare parts ZIF programming jig – or an Arduino board – and a library of sample code in nice, familiar C, you can be up and running in minutes. The bare minimum circuitry is (I think) one resistor for the reset pullup – you can run this off an internal clock as well as a crystal, configurable via fuses.

While this doesn’t have built-in USB support, it has UART, making it perfect for interfacing with other tools (e.g. a chipwhisperer front-end).

PSoC Dev Kit

Price: $17 USD (rs-online, CY8CKIT-059 variant)

The PSoC is a unique line of microcontrollers – you can think of them as a microcontroller ring-fenced by an CPLD, In effect, this lets you create logical functionality (like UART), then arbitrarily map the I/O to any compatible physical pin. The two are then independent – if you want to remap the pins later, you can via the PSoC Creator IDE.

Unfortunately, the software is a bit clunky, and the autogenerated code for logical functionality can be a bit special (in that you need to work with PSoC a bit to learn how these things are named, and after that it’s fine).

FX3 SuperSpeed USB Development Kit

Price: $48 USD (rs-online)

Reading material: https://github.com/cnlohr/fx3fun. Toolset seems Windows-centric.

Potentially the best until last – Cypress sells this as a USB3 development kit, but this seems a bit… fancy for a USB controller, isn’t it? Flip it over, and you discover the pleasant surprise of a fully-featured 32-bit 200MHz ARM9 core.

Multiple power domains are available (unsure how flexible, this is sourced from the datasheet) which should allow flexible interfacing to a range of targets, as well as DMA-based I/O if your name is CNLohr and make this a logic analyzer in defiance of convention.

You can even get addon boards for this development kit (!). For approximately the same price, you can get an expansion board with a Xilinx CPLD (CYUSB3ACC-007) if you want to offload some logic, or high-speed connector boards for both Xilinx and Altera boards, and something about a machine vision interface.

This all comes nice foam-padded magnet-clasp box. As an added bonus, you even get a USB3 controller thrown in you can use if you’re into that kind of thing.

I hope this helps someone choosing their next shiny to buy. If you’ve got thoughts on these products, or if I’ve missed a major feature, please do comment!

About Norman

Sometimes, I write code. Occasionally, it even works.
This entry was posted in Bards, Computers, Jesting. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.