Some hacks I’ve done

  • My PhD thesis software and dissertation for those interested in supercomputer/high performance parallel architecture
  • CD player hack where I add a digital audio I/O port to my portable CD player
  • Video game console hacking…it’s sort of a hobby to open these things up and learn from their innards.
  • SH Embedded RISC microprocessor hack where I use the SH7032 embedded RISC as a class-D audio amplifier
  • SH-1 Workhorse flexible embedded controller board. Credit-card sized board for embedded applications that need a big punch in a small package. 12 MHz SH-1 32-bit RISC with 8 MB DRAM, 1 MB FLASH, and many other features in just 2″ x 3″! I built this board for a seminar on embedded controllers that I taught over IAP 1999 at MIT. This board will be used in the
    MIT AUV team’s ORCA-2 submarine, as well as in my car.
  • Persistance of vision lights that I threw together for a party on new year’s eve. I wrote about a more advanced version in Make Magazine. Here is a picture of it working in daylight as well.
  • StrongARM embedded systems. I’ve spun some boards with Intel StrongARM processors that run linux in my “spare time”. I am progressively shrinking the board, and I hope to eventually someday build a robust, wireless-networked linux computer that fits in the footprint of a Motorola Star-Tac cell phone.
  • Some Sega Dreamcast hacking. I recently (er, I really need to stop using relative time, this was recent almost five years ago…) built a little board that lets me read out the ROM contents of my dreamcast and plug a standard FLASH device in its place. I really need to get a digital camera so I can take a picture of it.
  • FPGA Seminar taught over IAP 1998. I used a board I developed myself, the RHP4K to teach students how to design with FPGAs. Check out this page for some seminar slides on how to use FPGAs and other fun stuff.
  • Digital tachometer for my Toyota Corolla. I recently added a 128×64 graphic vacuum flourecent display to the dashboard of my car, where I get a tach reading. I added it because my car is a manual and for some silly reason it didn’t come with a tachometer. The tachometer uses the Hitachi SH-1 to measure the time between ignition pulses and to control the VFD. The relevant source code
    is available; these files are meant to be integrated into Hitachi’s CMON monitor provided with their evaluation board.
  • ReRISC Reconfigurable Reduced Instruction Set Computer measuring in at 1.8 million transistors, I conceived, designed and laid out the datapath elements this 32-bit beast for the introductory VLSI design class at MIT. Check it out, especially if you have an interest in reconfigurable hardware processors.
  • My Master’s thesis research…The thesis is done, but the topic is quite open ended. My thesis focuses on architectures which use reconfigurable hardware as computational elements. More on it down below.
  • Remote controlled light switch. I’ve finished this project but I’ve been too lazy to document it. I’ll be glad to tell you how I did it tho if you are curious. I built this little box so I can be lazy and turn my halogen lamp on and off with my Sony remote control. Laziness is the mother of all invention ;-) (and the bane of documentation)
  • Hardware DES cracker. I’ve got 56-bit DES cracking in an FPGA now clocking in at over 500,000 keys/sec/node and I am &quotseasoning&quot it to work with unix crypt(3) passwords. I’m massaging the design so I can hit 2,000,000 keys/sec/node in a scalable network of up to 256 nodes at a low cost per node. Full specs and docs will be posted when I’m done!
  • Keyboard code converter. This little hack plugs in between any AT-compatible keyboard and a host machine. I use it to translate my keyboard layout from QWERTY to dvorak…software remapping is nice, but sometimes it doesn’t always work and it’s a pain when two people who don’t use the same mapping have to type on the same console! My box has a little switch which lets me flip between QWERTY and dvorak. It’s about the size of a pack of matches. I have provided the code for the PIC16C84 which is the heart of the box; the PIC drives a pair of PS/2 style serial ports using four transistors that talk to the keyboard and host computer. One of these days I’ll make up some schematics and put them here too.
  • Data acquisition card for PCs. A while back (was that sophomore year?) I built an ISA add-in card which sports an 8-channel 8-bit ADC so I could do various sorts of data acquisition. Right now it is being used to log the temperature near my computer every hour (finger graph@etherbunnie.mit.edu or finger temp@etherbunnie.mit.edu). The host PC runs linux and the driver is a daemon that logs to a file accessible by printtemp and graftemp via cfingerd.
  • Keyboard pedals! In addition to learning dvorak, I have crafted footpedals for my keyboard for the control and shift keys. This helps relieve the strain on my left hand, especially when I am using emacs. The pedals work great, and my RSI is getting better, or at least not progressing as quickly. I will probably be the first person with a case of RSI in his feet though. :-P I installed the keyboard pedals by opening my keyboard and wiring across the control and shift keys to a pair of RCA jacks which I installed on the lower left corner of my keyboard. The pedals I built plug into those jacks. Here are some brief instructions on how to do this for your keyboard; I could put a picture up on the web about it too if you’re having a hard time.
  • AOPS. It stands for Alpha Omicron Phone Switch, because the alpha omicron class at ZBT developed the system. I have consulted and contributed bits and pieces to AOPS. AOPS is a digital PABX; it takes in a few trunk lines from the local provider, and distributes it across the entire house. It is also capable of providing voice mail, music on hold, and call forwarding. The entire PABX, from the bottom up, is an original engineering effort by the alpha omicron class, and most noteably Ara Knaian and Matt Debergalis.
  • DRAM FAQ where I try to take on the impossible task of summarizing all the varieties of RAM available on the market today. So far, I’ve only gotten to FPM, EDO and just started SDRAM! I think they are making new RAM types faster than I can document them…I think I am going to give up on this one.
  • Datfiles for XV hack where I add datfile capabilities to xv-3.10a. Not too exciting, but possibly useful if you’re a researcher at MIT. The link is to a gzip’d tar file with the patch code and a README. It’s only useful if you know what datfiles are…you can get the xv source tree from ftp.cis.upenn.edu/pub/xv.
  • TSOP package FLASH ROM burner
    (picture coming soon). I decided to start using these fun parts in my projects lately–they are so small and cheap–but the problem is that buying an appropriate programmer for them often costs upward of $500! So, I built my own burner. Its incredibly easy to do, and it costs around $200 (of which $140 went to the TSOP to DIP adapter that I got through Emulation Technologies). It plugs into your PC parallel port. Visit the design documentation page for more info.
  • TSOP package FLASH ROM burner rev2 An improvement over the first version; cleaner board layout, use of FPGA, cheaper ROM socket and a spot for plugging in other types of ROMs and adapters.
  • Pictures of some projects I’ve done in the past…these are mostly stuff I did in high school and junior high so I’ll be putting their details on-line last. Back then, I only had a drafting table, paper, and pencil so my doc’s aren’t in a nice and easy to deal with electronic form.
  • More to come! I’ve got a long list of projects, and each takes a few hours to properly HTML-ize.
  • Another big project which I have done is my master’s thesis. It was a joint QUALCOMM Incorporated-MIT effort building a reconfigurable hardware processor which I named  Tao. QUALCOMM is in San Diego. They hold the patent for CDMA and other spread spectrum communications stuph. They also sell Eudora, and their stock
    does well.

    6.004 nerd kit

    I used to be a recitation instructor for MIT’s 6.004 class. I had the privelege of creating a new generation of lab kits for the class. The new lab kits are complete. Students now get a set of computational blocks (CBs) which have their function set by software (ie, gates, adders, registers, muxes…you name it). They wire the blocks together using single wires that carry multiple bits (up to 32 at a time) of information to ultimately create a full 32-bit RISC microprocessor. The kit also features boundary-scan capabilities so students can verify their wiring, an on-board embedded controller to aid debugging, buttons with programmable behavior, and an LCD screen.

    For those of you who took 6.004 in the spring of 1997, I have some pictures from the annual 6.004 design contest.

    15 Responses to “Some hacks I’ve done”

    1. [...] Tech companies such as Apple regularly ignore propellerheads such as myself for the very $imple rea$on of money: Though vocal, we’re just not that large of a market, and stuff that makes us happy doesn’t necessarily translate to mass sales. Therefore, those of us who wanted to upgrade and use it on, say, T-Mobile, are acceptable collateral damage. I do suspect that they’ve underestimated how peevish people are going to be at the bad old activation hassle, though. Fingers crossed for the resumption of sanity, because there’s one thing that I’m completely certain of: The iPhone 3G will get hacked anyway. People like this will make it happen, so why play King Canute? [...]

    2. Ram says:

      Well, at the end every security defense get hack/crack by some one that have the knowledge and the time to break it, so it be a mousecat game for a very long time…

      Any way, you have a very nice resume in the hacking area, look like mostly is in hardware and that is great, i am more in software break/reversing…but keep on.

      Ram.

    3. Charlie Harris says:

      Hi

      Have you done any hacks on the TI TMS1000 used in toys, calculators, microwaves etc in the early 1980s.
      Would like to contact someone who has . Any ideas.

      charlie@tech-j.biz

    4. Bops says:

      Noticed that on your GameCube region reset switch hack page you say to solder the wire to pin 1 of the reset switch. Isn’t it pin 4?

    5. I love the digital tachometer! That was pretty awesome. Overall it is a very interesting site. Will be back to visit.

    6. Hosea Larrow says:

      Many thanks for revealing these types of beneficial facts. Your document Some hacks I’ve done bunnie's blog genuinely will help us a lot. You can check the report at the same time, for those who disagree, also you can leave your current review.

    7. Phil Combs says:

      I love the idea of the AOPS–is it documented anywhere so that it could be duplicated? I’m using a NuTone PTX1200 in my home and its nice, but I’m looking for a better/newer solution. It doesn’t handle Caller ID and I’d like to distribute that signal to all the phones in my home.

    8. Great blog right here! Also your website rather a lot up fast! What web host are you using? Can I am getting your associate link on your host? I wish my website loaded up as fast as yours lol

    9. Haggart says:

      Oh man, this was sick! Definitely sharing this sucker with friends :). Thank you!

    10. Haggins says:

      This reminds me of something I saw a while back. Good stuff!

    11. 小狸 says:

      蛮不错的网站

    12. Baidu says:

      Baidu is the best chinese search engine ever in history

    13. News Today says:

      you’re really a good webmaster. The web site loading velocity is incredible. It seems that you are doing any unique trick. Moreover, The contents are masterpiece. you have done a wonderful task in this subject!

    14. I’m it is very info in my situation. And i’m thankful researching your own content. On the other hand really should review on a number of normal troubles, The web site flavor is best, this content articles is definitely excellent : D. Superb practice, kind regards

    Leave a Reply