 Welcome to the annual DEF CON convention. This meeting was held in exciting Las Vegas, Nevada from July 9th to the 11th, 1999. This is videotape number 52, embedded systems hacking. Not going to be hacking into embedded systems is actually going to be how to build yourself a nice little black box to assist in either hacking or denial of service or anything you really bloody want. Actually, a good segue was what we just saw previously with the wearable computers. This is indeed a type of embedded systems. I'm not going to get into it because to be honest, I mean, squat about video. It's basically all about video. Everyone knows what an embedded systems is. I mean, if it wasn't for embedded systems, telecommunications as we know it wouldn't exist already. But modems, the telephone switches, the routers, everything that most people go through to get into the internet and get through the internet is an embedded systems. Basically what this is is a computer that's built into a box. Usually no real accesses other than telnet, some sort of an ethernet or one port. There's no keyboard, there's no monitor, and it does a very specialized purpose. So it doesn't do three-train things just like your PC does, unfortunately. Though some people end up throwing in real fun hooks. If you know the right commands, you can suddenly play space invaders on your modem. But this is a little unusual. Most people don't bother to do embedded systems even though these could be convenient in the hacking environment. Specifically, you can build a nice little small box that's easy to avoid in detection. You can throw something in the planets box. No one knows what it is, and you can be saying there's nothing for all you want. But no one seems to do it. Partially it's because no one seems to be truly aware that they can build a nice little box, or they don't think they have the skill set to do it. It's really pretty easy nowadays. There's actual, if you go into embedded systems journal on the back, you've got demo boards. These demo boards will have everything you want on it. There's going to be a built-in processor. You'll probably have an Ethernet port, a T1 port. You'll have to do your software on it. And most manufacturers even provide software for you. So it's not very difficult anymore. Another problem that most people consider in developing embedded systems is price. Because you're actually going to have to buy all your individual components. You're going to have to go out and get my 960. You're going to have to go out and get a T1 chip. Or you have to get the demo board. Now one of the easiest ways to avoid the price thing is to salvage from old supports. You've got a 386 sitting around you've got no use for. How about you solder an iron and yank that chip. Find an old Ethernet card. Yank the chip there. Suddenly you're not having to pay for components. You just have to slap them out together. Which is not that difficult. In addition, a lot of manufacturers still offer the demo boards for free or for very little. Because they want you to use their product and they think by offering this to you very conveniently that you are far more likely to go buy a lot of their product. Okay, so we're not going to. But they don't have to know that. Now you do have to know where to be able to get these things. If you're not going to be yanking them from your boards then you're going to have to find vendors and manufacturers. You can go directly to the person who makes the chip. You can go to Intel if you want a 960 or Motorola for a power PC. But the chances are they're not going to give you anything because they don't care about the individual person. You're going to have to find vendors. Now the good news is if you go on to a company's website they're going to list the vendors. You give one of them a call-up and most of them will end up sending you some sample chips. One or two of the cheap stuff, of the more expensive stuff, maybe 10, 12 cheaper stuff. I've sometimes gotten e-pumps this way. Call up enough vendors. You can get a couple hundred if you need them. Now there's plenty of uses for embedded systems. One is just be a sniffer. You can monitor and record traffic or any specific traffic if you want. The one problem with this would be embedded systems over a standard computer on this would be storage because you may not be able to come in and be able to yank your floppy or a flash card or whatever you're going to be using regularly and you don't want to make this a huge box. Another use for embedded systems would be denial of service. You can actually build a box who will sit on the network for a day collecting MAC addresses and IP addresses and then suddenly start spreading out garbage packets, large packets, something else. We'll be completely spoofed to IP and a spoofed MAC address so that nobody knows where it's coming from and there's no real way to trace it back because ideally with a little bit of social engineering you've plugged it directly into somebody's network. You can use this also to filter or block certain messages. If you want to scrape people up badly you can block everything from www.microsoft or whatever you want. Stick a little box in and just have all these things go into a black hole. So there's plenty of uses for this. One guy I was talking to yesterday is actually building a little key strip recorder that he wants to ideally fit into a keyboard. So it'll just sit there and record every key strip type in the keyboard. Once again, this is a quick convenient and something with embedded systems is ideal for. Now there's going to be some fundamental skills if you're going to try and do embedded systems. You're going to need to be able to program and need assembly. You also probably need to see some people can do embedded systems completely in assembly but this is very rare nowadays and most everyone uses C once you get off the initial driver level. So if you want to try and do this most in assembly, most in C. Those are the two main languages if you know Java wonderful, go away. You're also going to need some hardware knowledge. You need to know which end of the soldering iron is hot. Ideally you need to know a little bit about how to wire a breadboard. What a breadboard is. How to actually solder on chips but a capacitor. It's a basic simple part about hardware. You're going to need to know how to get information on the chips you want and how to get samples. Again, most of the time you can go straight to the manufacturer's website and get information. They'll have the entire specs there. I downloaded a bunch. They'll tell you how to get an example sample code. They'll tell you distributors. You can find out how to get everything. Another good source is the embedded systems journal. That thing, if you go back the last 20 pages, it's basically how advertisements, how to get yourself chips, demo boards, anything you really want that makes it easy for embedded systems. That's the basic overview of what the heck an embedded systems is and why you would actually want to do anything with it. Let's give them actually some details because we really want to know how to actually do this. Let's start off with some processors. You can start off with... I've got a list of your firsts to add the main risk processors. There's the Intel i9-60. Now, I personally don't like this. I'm actually programming on it currently and I don't like the chip. Part of the problem is with all Intel chips you have a big ND and little ND in the issue. Now, if you actually want your members to look like the members you intend them to be, this is not the chip for you. An additional problem with the i9-60 is it's expensive and there's nothing built into it. It's just a microprocessor which means if you want to have serial ports or anything else, nothing's built into it. You have to buy it all externally and hook it all in. I don't like the i9-60. However, everybody uses it. There's compilers for it everywhere. You can find the new same compiler that'll do the i9-60. It's confirmed. Everyone knows how to do something with it generally. There's a good knowledge base behind it. There's one benefit with the i9-60. It's a Motorola PowerPC. This is actually better. There's almost as much of a common base for it. Almost as many people use the PowerPC as the i9-60. But unlike the i9-60, it actually does not have the big ND and little ND in the issue. Your members come out nice and normal. They have built-in SCCs, which are serial ports, so that you can actually hook up other pieces of equipment to this without having to do too much terrible engineering. It's got DRAM controllers built in. It's cheaper than the Intel. Again, you can usually find compilers everywhere. In fact, I use a Genesee compiler when I'm doing PowerPC compiles. If you want to go with a risk chip, my personal preference would be the Motorola PowerPC. Another common risk chip is the MIPS. Not many people use the MIPS. It's got some built-ins to it. The big problem is that it's not very common. It's not very sexy. Of course, because of that, you're actually going to be able to get lots of samples of them because the company is desperate to pawn them off on anybody. So this is the one benefit with MIPS. The MIPS is similar in construction to the PowerPC. It's got built-in DRAM controllers. It's got built-in SCCs. It does not have the big ND and little ND in issue. So if you're looking for just 13, MIPS is probably where you want to go. You can also then bow down to some of the lower-level processors. There's the Intel 8051 which you can probably pick up for about, depending on the speed of the processor, from anywhere from $1 to $10 a processor. So it's very, very cheap, even if you're not getting samples. The one problem is it doesn't have an awful lot of first power. We're talking this is an 8-bit processor. You can do some incredible things with it, but you're probably going to have to write an assembly and you're going to have to write some really clever and some really tight code. I've got friends that have been really full of 56K modems using it in 8051, and that took a year and a half of engineering to end. They were constantly having to tweak the code to keep the 8051 powerful enough to do this. I mentioned earlier 386. You can make a 386 off of winning another board and use that, and you'll probably have enough power for what you want. These actually make what they call a PC on a chip. And it's basically a 386 or a 46. I'm a small board, usually with built-in serial in the Ethernet port. You can go ahead and do that, but let's admit it. I happen to think if you're going to use a PC chip, you're cheating. We're talking embedded systems. We're not trying to make this easy. Okay? So this basically covers processors. You probably got a different process as you know of. They've got different flavors that everyone likes. Some people like the Pico. Once again, use what you like. There's plenty of them out there. I'm just covering through the basics. You can buy old devices that you've got. You've got your basic Ethernet. You've got a T1. You even have a wireless or a DSL if you want to get really exotic. If you're going Ethernet, there's a lot of different Ethernet controllers out there. My first preference is probably the Davicon chip because it's cheap. Cheap is always a good thing. You could always just jank off a familiar to Ethernet card that you don't like anymore. No one's using your old 16-bit ISA, but that doesn't mean the chip is bad. Depending on how old the card is built, the chip may not want to be made, in which case you're going to have some difficulties actually getting some specs on it. Or be aware of it. You're actually going to recover from old hardware. Just that everybody makes an Ethernet controller. This makes it easy. I went on the web and did a basic search. There's the Davicon AMV makes one. Serious Logic, National Semiconductor. You know the manufacturer of ICs. And they're probably going to make an Ethernet controller. You can get 10 megabit controllers. You can get 100 megabit. You can get ones that will switch from either way. Personally you're probably going to stick with a 10 megabit mostly because of price. Mostly because you have to need to go to 100 megabits Ethernet for whatever situation you're going to be using for it. T1 controllers are a little bit more tricky because some T1 controllers you have to get two chips for. Specifically a line interface chip which is what actually connects up to the line and talks to it. And then you have a framing chip which actually packetizes everything and sends it out. So if you're going to be looking at doing something with T1 or even E1 applications you're going to want to check to see if you're using... if you're going to be doing a single chip or multiple chip solution. I'd recommend a single chip. They tend to be cheaper than buying two separate chips. Plus let's admit it's easier if you've only got one chip to wire and then to do two chips. One of the more popular single chip solutions would be the Siemens... well it's not in Siemens but off their embedded systems group. They make it a very good T1 chip. Cirrus Logic on the other hand does a two chip solution which actually isn't bad if you want to go with a two chip solution. Wireless... there's plenty of people out there that will do wireless... Cirrus Logic actually is another one who does it. Once again you can also do DSL, Phillips and the National Semiconductors. Everyone does DSL if you're interested in doing it. But in general when we're going to be doing some sort of little embedded systems box we're probably going to do some social engineering and plug it directly into somebody's network. So you're most likely going to be interested in either Ethernet or T1 to be quite honest. Or something that's completely stand alone doesn't hook into any of that in the case of like the keyboard monitor. It doesn't actually need to know anything about T1. It doesn't need to know anything about Ethernet. It just needs to be able to hook into the keyboard. So that's actually convenient depends on what you're looking to do with your embedded program. Now when I'm talking about these things especially if we're talking about building some sort of a sniffer or recording device we've got a big memory problem because we're talking hundreds thousands of packets going through that we're going to have to record. And this is one of the big problems we've got with embedded systems is trying to get enough memory at a reasonable price that still makes your product smaller. You can go out and get a hard drive and wire it on in. But then you're talking you've got extra size you've got a larger power requirement it's not really terribly convenient. So what you're looking to do is you want to save to memory. What's the best most practical way of doing it? You've got everything basic flash chip where you can actually go write it on to a chip. And then there's not a smaller I don't know maybe about an inch long or so in average. So you can get some nice small chips and write it and the only problem is when they're full up the only thing you can do is either yank the chips or yank the board and put in a new board. And you could stick a floppy end that you've got the same problem as with a hard drive. Once again you've got power requirements you've got size and you've still got to be able to go move the floppies in and out. My personal preference is probably a flash card where a PCMCIA card you can get anything from about a 2 make to about a 32 make flash card. You can hot swap them and it's fairly small so you're not talking about a lot of hardware to support it and it gives you the ability to just yank it out slap a new one in. It takes very little amount of time and you can go home stick it in your laptop and read what's actually been recorded on it. There's another way to avoid recording it all and that is if you're hooked up to the network but you can just transmit to yourself have it hard coded to send all the data or record for an hour and send all the data to a certain IP address do it over TFTP perhaps. So this is always a way to avoid resolutions too but remember if you're going to be sending over the network somebody may start wondering how come their mail server keeps sending 2 gigs of data every day to some strange IP address so try and be a little sensible about this in addition if you're going to be building up a nice little embedded box you're going to have to throw some around in it now the good news is it warm is cheap so what you want to do it depends on how good of a coding you are when it comes down to it how fast you're writing the code how fast are you doing it and how much memory do you actually need to process what you're doing depending on what you're doing I'd say anywhere from about 128k for something small which doesn't actually do an awful lot up to several makes the product I currently work on uses actually 64 makes of RAM and that's just for the main controller we're not talking the sub cards okay well you need to build up soon but I don't expect the rest of you to have to do that you've got a question? you've got a choice if it's going to be something very simple that you're doing you can probably write something from the ground up there's several companies that provide OS designed specifically for embedded systems source com does one nucleus actually makes a very good OS if you take a look more on the free slide the next even comes with an embedded version that you can use and what's nice about Linux is it's cheap and it's probably got drivers for just about any chip out there that you want to actually use depending on what you're doing you may want to decide on scaling we wrote our own wanted to know which operating system that I currently use the company I worked for we wrote our own the previous companies I've worked for we tended to buy from a nucleus and nucleus makes one of the best operating systems around that I've seen it's fairly unique similar that it's designed specifically for embedded environments and it's clean, it's nice it has great debugging features and that's another thing you guys need to keep well you're going to have to debug this thing if you imagine you're going to slap it all together and have it work first time through then you guys must be geniuses and I want you to come on up here and give this speech because obviously you're better than I am I can't even write code that compiles clean through the first time usually so imagine that I could slap together some sort of a box to do whatever I want and have all the code and all the hardware work immediately is fairly unlikely in fact if you even take a look at the first production boards of most companies you'll find that someone's been slapping on little wires here and there to make up for the accidents they discovered after they built the first batch yes? buying the little PC boards is the most practical way because you don't have to worry about having hardware failures and it gives you an easy development board I suppose the reason I call it trading is because well it seems a little easy to be honest I'm used to having to work with built-in microprocessors and having to do really engineer things from the ground up the PC boards are great actually for the little home embedded systems program because it's all there together easy to put software together on and it's really the simplest solution so really trading I just I find it a little too easy to grow and qualify as true embedded systems let's see what have I got left? I've covered most of the basics I wanted to do because I wanted to keep this kind of short check and start answering questions I don't know how many of you have actually built something or not to build something or wondering why the heck they're actually sitting here still does anybody really have any questions? okay here you can do that and there are actually some people that have built such and some of our lines in particular both of which provide more power than you actually need for the protocol you can have to be careful for most of them you build it to do to power off of them but there's enough of a variance in the actual real life views that sometimes it won't work one company I worked for built a living burden that was powered off of the phone line and it worked on about 70% of the phone lines the rest of them were bouncing around enough on the power selections that you actually had to plug in a 9 volt battery so just remember you're working in the real world and not everyone's going to actually follow the spec how long have you been doing during the systems I've been doing it for about six and a half years I started off in an industry I'm now in the telecommunications industry I specialize mostly in protocols currently for real life variations of course everyone over here seems to like me we'll just start moving back the big beard one chip solutions there are some of them out there the ones that I have played with I have played with I find them generally pretty flaky they always do strange things and give out on you at the last moment usually in this critical moment they've gotten better and I haven't played with them in a couple years now I've been totally gotten better but I've been really pretty unimpressed everyone tries to slam everything onto one chip tends to leave things out this side's obviously pretty quiet I missed you okay we'll give you we're doing some sort of a solution where everything is added on these serial cards this is actually pretty good you can do an awful lot of things with serials you can everything from HDFC just slap them on another chip it's very convenient it's very quick if you're going to do that you want to make sure that whatever your microprocessor is it has a lot of SCCs to handle it Motorola tends to slap about four of them on a chip MIPS tends to put about two on you don't want to use an Intel i9-60 they don't put SCC ports on their chips each SCC port is going to do some sort of a serial interface for you if you need a lot of serial interfaces what I've actually seen people do is they actually a slave a second Motorola PowerPC chip to the original one SCC ports depends on what you're doing when I was doing modems I was the slave programmer for the entire modem code base I then branched out I have worked on teams from any work from about two people the current team I'm on would be a little hard to describe my current chunk of it I'm the only one working on it but we've got hundreds of programmers working in the code base constantly through simple little things that you're doing especially if you're going to use something along the lines of a PC on a chip or some sort of a demo board where you've already got some software built in you can probably do it on your own in a couple months if you're a decent programmer and you know what you're doing and you can make a spec ideally if you're not that good at hardware and God knows the hardware guys don't like in their lab your best bet is to buy some sort of pre-made solution which means if a PC on a chip or a demo board there's hundreds of demo boards out there using various different chip sets with various interfaces you can very commonly find for somewhere between 20 and 70 dollars a board with a microprocessor an ethernet chip and a T1 chip on it so you've already got just about everything you could need to hook into into a network right there they'll give you power supply information usually it's something it's like a 9.4 transformer you can just plug into a wall you can gen up something independent if you actually want but you can actually get a nice little box that has everything in it and all you've got to do is slack on some code and put something around so it doesn't look like this piece of circuit board flying around which may actually make somebody suspicious okay we'll go with you most of them don't actually deal with the protocols at all it's going to be able to read the line or if you want to be able to read the TCTIP headers or determine what's actually within the data packet you're going to have to write that all into your own software right that's where you really want to be able to do the controlling of it anyway most ethernet chips are only going to do the basics it's going to read in the data and give it to you in a format that you can actually then read in process you can actually buy ethernet chips that'll do switching but I don't see any of you really wanting to build a box that's just going to switch the ethernet out but I suppose there's possibilities you can get switched ethernet chips you can get ones that are just going to be able to input and output single chip ethernet's a deal I'm building you can find some yeah in fact the ethernet you're far more likely to find a single chip solution than in the T1s specifically so if you're going to be doing some sort of an ethernet solution if it's not being offered in a single chip solution don't go with the company okay we'll go all the way over there black check yes you preferences for compilers and where to get un-chip samples for compilers the past couple companies I've worked at we've actually used one flavor or another of GnuC it works well you can customize it out it's pretty nice to be quite honest and you can get them to run with just about any processor that you want to use if you're going to go away from GnuC you're probably going to have to pay some money for the compiler so I recommend unless you really can't stand it stick with the GnuC as for un-chip samples I don't know off the top of my head where you can get them but I would recommend if you've got a specific vendor that you want to go through you find out who one of their distributors are and you start calling distributors one of them, at least one of them will give you samples maybe only a single one but most people are so desperate to get your business that they will send you samples there's another person from this side they're actually starting to get spunky over here why don't you go for it he wants to know about ethernet chips whether they'll give you access to the packet as it's arriving or whether they'll wait to receive the entire packet before they send it to you usually you can get access to it as it's arriving so you can start tweaking it almost instantaneously they're going to throw it in probably into some sort of a ring buffer or shared memory that you can just start reading as soon as it starts putting any information in there okay he wants to know whether I have to reload code onto my products when I'm doing debugging or if I've got some sort of an emulation and the answer is it really depends on the scope of what I'm doing the larger the project the more likely I'm going to be loading the code on it every single time because I'm probably going to have flash it's probably easier to stick something like a logic analyzer just to watch things the smaller it is the more likely I am to actually do some sort of offline emulation to be quite honest a lot of people like GDB I can't stand it if you're going to actually put some sort of emulator in it's going to cost money because to get an emulator people don't give these things away as samples unfortunately you can do a software emulator which is going to get you a certain amount of information but eventually you're going to have to run it on your actual product which means if you're trying to do it in one time when problems you're probably going to have to burn I don't know half a dozen to a dozen other minimum if you're going to be doing on something that's erasable or flashable it's not that inconvenient you might be able to get your hands on something that will actually plug in and pretend to be in which case you're talking some sort of hardware emulator applied microsystems makes a couple really good ones to be honest but you're going to be paying money these things don't come cheap we're talking about $10,000 if you want to do this make friends with some sort of a software hardware engineer and let them get them to let you into their labs on the weekends this is about debugging the efforts actually involved in debugging depending on what kind of a solution you're going with depends on how much debugging you're going to be doing if you're using a very well known microprocessor you're debugging times probably going to go down a little bit because let me warn you there are going to be bugs that you find that just aren't in the manufacturer's documents and sometimes you'll never convince them that they've actually got a problem so the more well known the process the less likely you are to run into undocumented problems in their hardware if you buy a pre-made solution some sort of a demo board there's less likely that you're going to actually have hardware problems so you can move those as another amount another time saver this leaves you just trying to figure out what your software is doing and what would be hardware actually when you actually tweak this pin does the hardware actually do what it says it's supposed to do and it doesn't always once again out the less likely you are to find out that even though they say this one pin can be floating you always have to keep it grounded if you actually want to seem over the first 32k of memory so once you've assuming that you've got all the hardware problems worked out on the software you can probably do a good chunk of software based emulation gdb once again can go with free stuff is not bad I don't like it mostly because I've used some of the really nifty hardware based debugging it and I'm spoiled but if you want a real cheap simple solution that gdb in itself will probably take care of 80% of all your problems eventually you're going to have to run this on the actual hardware real time and the problem when you start doing this is your limited amount of ways you're going to get information and access to it you can throw on the logic analyzer and actually watch how various pins are being and that is being twiddled but this is kind of difficult and with submitted logic analyzers are not cheap your best way unfortunately when you're actually running it on your when your box is like print apps it's completely backwards but the print app can be your best friend I do a good chunk of debugging actually field simple prints out of statements and assume every week of coding you do is going to take two weeks to debug it good point you did mention that you can do some logic if you're cheap and you're not too worried about speed you can throw on some sort of a logic analyzer card into your PC or slow down the processor enough to be able to actually talk to it over your parallel port this is true just remember sometimes bugs will not happen at a slower speed and they will manage speed up I've seen things where just actually plugging on an emulator pod or even a logic analyzer pod slows things down just enough that well in the order of some sort of a waveform that it'll work in the minute you unplug it everything goes flaky again in fact I've got a friend who spent three weeks trying to trace down what the hardware problem was because every time they stuck on any sort of debugging equipment the problem went away so just remember timing can be a real pain oh also on the logic analyzer front you can probably find some old ones, old used ones that you can probably buy pretty cheap they're not going to do all the nice new fancy things as the HPs do currently but if you just want some real simple, if you want to just be able to see what's going on, a good old fashioned 12, 20 year old garden basements logic analyzer is probably going to work for you either I'm a complete genius or you're very bored because I'm not getting I've got a question, go for it embedded systems websites I've got a note that most of what I do if I'm going to get information I actually read journals on it rather than going on the web for information embedded systems journal is a very good magazine if you actually want to do any research into it if you're actually looking for information just on specific chips you can go to the manufacturer's site they're going to be able to give you full data sheets put off and you can download samples of code to make this thing work it's very nice I logged on for example let's find one of these one two let's start here, professional semiconductor I got just a basic little description here in addition I could have gotten the entire spec which was a PDF file for 182 pages which went into details about how to design how to connect this what the waveforms look like clocking cycles, power, everything like that in addition I could actually find some sample code you usually can't find it as often for the T1 chips you can usually find sample code that you can just download for flash guaranteed you can find code that you can actually download and the very little changes will actually be able to get to work on your system a lot of these people will actually have hardware diagrams of how you can wire in this chip into a standard setup so you'll be able to download specs schematics, code everything the best friend is usually the manufacturer's website if you can't find it there you go back to that nice little vendor who gave you your sample chips and tell them you're having problems before you know it they'll actually have some sort of a sales engineer out there to talk you through what's wrong well actually isn't that they give you some good drawings they tell you the details of the chips I've still got a several year old issue which tells you how to build your own carburetor for 25 bucks which one of these days I'm actually not going to do so I could tell I was really good for the home hobbyist again I'm afraid sometimes being a professional you tend to look a little higher than that stuff that's why I mentioned things like embedded systems journal circuit sellers actually really good portable prom burners he was asking me if I know of anyone who manufactures some sort of a prom burner that is portable so that doesn't require great gobs of power and you can basically hook up to your laptop and be able to burn it well I don't know anyone exactly there are some companies that make prom burners that are fairly small and don't require too much power I don't know any that work off of battery or off of the PC's power you'd have to somehow or another plug in some of them will just require a little mindful transformer actually in this case circuit sellers your best bet to take a look on they'll probably list a good 20 or 30 different prom burners for you of various levels and you may actually find one that's real simple a lot of them you can actually plug into like a parallel port and burn your prom another solution has just become real friendly it's got access to a prom burner at work and it's sneaking in on the weekends this is what can be because one of the benefits of a prom burner is if you've got code from another product you can actually stick the prom in the prom burner and have it download to a binary file that you then can search through at will to find out clear text if you want or anything else twiddle a couple bits and out of the sudden it looks a little bit different like you intended so this can sometimes be really useful one is about the embedded systems in cars are there any websites to be able to go to to find out information about the actual chips the chips that are running inside your cars the answer is I'm sure there are I'm not aware of any off the top of my head I know of a lot of companies that offer to sell you modified versions of various chips for your car one of the most common is to get rid of the speed limiters I don't know too much more about that I had a friend who somehow had a connection back in GM who was actually able to get modified code for his car and he just came into work and burned himself a new bomb swapped it out and suddenly was able to get much better gas not a whole lot of his track but I don't know if I need websites specifically I'm sorry FPGAs do I ever use them I personally don't use them a lot of people do that I consider them more along the lines of a hardware engineering or software engineering and the hardware engineers don't particularly like me in their domain they're simply without me tending to destroy just about anything I put my hands on they're nice they're a little expensive they tend to be they tend to do very customized things much like ASICS they can do some stuff that you're still going to have to throw a microprocessor in it and for the general little home hobbyist you're probably just going to want to do a microprocessor and give up the electric speed that you get who wants to know about mailing lists or news groups to be able to find out about this I haven't done a lot of research into it I know there's a couple of news groups we out cop area I don't remember the exact addresses but they talk about some of that I've popped in once or twice when I've had to ask a very specific question and generally gotten one or two good responses followed with a lot of crap that I don't want to have to deal with so I don't pay attention to them very much he wants to know if there's any groups that are talking about what people are working on currently talking about nice new cool stuff and things like that the answer is I'm not sure I've seen one or two that report to be so on the internet but I find most of them start off with someone presenting something they develop very quickly into flame wars or well you must be a complete idiot because of blah blah blah blah blah and so it's very hard to actually get very useful information out of them if you're actually afraid of them it's like wild I'd be very interested see I best buy a hotel whether there's any back doors and have half that I don't hear too much about it the first way to go around finding out if there's any back doors is to get all the information on it see about getting a spec see if you can get a schematic or a drop on it see most of these companies are going to show you how the thing works and to some degree or another once you have an idea how it's actually going to work you can start finding tools and figuring out how to hack it but first you need to find out how it works so I'd recommend going out and getting every single piece of information possibly can get on the I bus and spending the next couple weeks being totally immersed in it I haven't found anything where it isn't a bug in it somewhere you're talking basically about the PC on a stick I was mentioning earlier here studying this at convex and we saw a little PC just on a small board there's a company that makes and calls them PC on a stick they do a little PC on a cube which is like so big or so which has everything built this makes it really convenient easy to develop and let's admit it there's three trillion pieces of software out there that actually run on the PC which takes your development time and minimizes it extremely there's probably good ideas for the home hobbyist however if you're going to get serious and you want something that's going to work in a very narrow field you're probably going to find that this is a little bit too broad for what you want however for a starter it's probably ideal I see another question hold on one sec oh boy he's asking about testing cycles there's these wonderful great little design plans that come out that never actually work usually what's happening is you end up writing your code probably two months before there's actually any hardware for you to stick it on you're hoping and praying that the hardware will actually get done before you get to the point where I cannot write any more code when that happens you stop your code on and you spend the next three months hand in hand with the hardware engineer one in the morning tearing your hair out trying to figure out whose problem is going on it's really painful if you don't have already well developed hardware because you're trying to figure out whose problem you're trying to be bad whether it's software, whether it's hardware and whether it's easier to fix in software or hardware usually if it can be fixed in software that's where to go because let's admit it's software's cheaper it's easier to chain hardware's a royal pain to have to go wiring stuff up to so there quite often be knocked down dried out fights screaming at each other because the software guy doesn't want to have to fix it in his code and the hardware guy refuses to fix it in his code and yes, blood will sometimes occasionally flow but in general it's going to probably take two to three months not for a large board for a small board it's probably not going to take a couple weeks to debug the hardware the software usually is going to take longer unfortunately sometimes there will be a hardware bug that will not show up until many months actually into the development and debugging cycles sometimes will not even show up until you actually change software enough run into problems where it works perfectly fine on one version of software and the next version it breaks and everyone brings the software until you discover it's actually suddenly exploiting a hardware bug that no one knew existed that's one of the benefits about buying vanilla boards or a low PC stick solution is you're avoiding a lot of the hardware pains and on connections first thing you're going to have to do is you're going to have to have some sort of access to the line that the modems either coming in or out on so you're going to have to plug in some sort of a box that's going to take either a phone line or a T1 in and out secondly you're going to have to know well the easiest way would be to know what type of modem the person is running you have an idea of what protocols you're going to you're going to want to be running also basically to be able to talk to a modem connection you're going to need a modem data pump to be able to translate this into something you can read so you're almost going to have to have a modem to begin with and then just modify it somewhat this is not terribly convenient you can have something that's going to just collect the data and spit it out to you but to translate that data into actual useful terms you're going to need a modem data pump and depending on what type of modem you're talking to you're going to need the appropriate data pump because everyone knows that not everything with data pumps is quite as compatible as they claim it to be is everyone happy? again, thank you