 Hello, I'm Andrew Kongs, and I'm going to be talking about a project I've been working on for about a year, and the title of our presentation is Training the Next Generation of Hardware Hackers. What we've been developing is a set of tools and documentation to help people understand computer organization and assembly language. The goals of our project when we started out were to help people specifically undergraduates in electrical engineering, computer science, understand more about what was going on at the chip level, and that kind of thing, so that they aren't just blindly compiling code and not understanding what it's doing. And it evolved to where, well, we're obviously releasing this to the public, and we want anyone to use this who wants it and just want to help people learn. It took about a year to develop the things we've got to present today, including the hardware, and we have an assembler that we've built, and we have already taught this as a university course one semester, and we'll be doing it again at least twice in the near future. And again, we want to spread this, so the documentation that we're releasing online is free, and feel free to go do anything you want with it, try to learn. Assembly language itself, a lot of times can be a whole lot more difficult to use than something like C, if you want to get something done quickly, or just program a microcontroller. I can get something done in C in 10 minutes in assembly language, it may take me an hour. But the point is that you're learning it so that you can understand what's going on, and you don't necessarily have to always use this, but it's a good way to understand and then do it in a smarter manner, and you can go back and debug it as a disassembled code or something like that. So how are we going to help people learn assembly language in computer organization? Well, we developed an embedded system kit that we've got, and we wanted to put it in the hands of every one of the students taking our courses, so we had to make it cheap. One of the other problems is the embedded development software is really hard to use if you've never done it before, and people who use it all the time may look at me and say it's not that bad, but the truth is, if you've never seen it before, it can be really hard to use. If anybody's played with code warrior, it's not the friendliest thing on the planet compared to something like Java, but we wanted to give them a free, easy to use tool chain so that they could learn assembly language. To get the learning curve down, we actually had to write our own assembler, and that's the better set of tools that we're going to be talking about. Talk about the development board before I talk about the assembler. The development board is pretty small. In fact, I'm going to have to show you videos of it because I don't think you even want to be able to see it, but it's based on a pretty simple free scale chip similar to the chip that was used on the badge a couple years ago. There's only one chip on the development board, and you can load code on it over USB still using that chip. It's a pretty unique device, so we decided to build our kit around that. You only have 10 general purpose IOPNs, but for a learning tool, we thought that was enough, and it's, again, dirt cheap. We made 25 of them, or, I'm sorry, 50 of them for $25 each. We were doing this, we had to make a lot of decisions about what to use, and a lot of the textbooks for computer organization use MIPS, and we kind of abandoned that and went with what we knew and what we knew would be more difficult to teach, but we give people a better understanding of assembly language. The instruction set for HCS08, which is the processor on the development board we built, is a little more complicated than something like MIPS assembler, but it's more similar to X86 or something. It's got a lot of instructions and a lot of addressing modes, and of course, again, the design decision came back to the chip that we've got is ridiculously cheap, it's almost disposable. We were expecting students to fry the chip and need a replacement, and it's still be cheap to fix. The assembler we've written is written in Python, and you can download it off the website, it's on the conference CD, and it's pretty simple. You just run the Python file with an ASM file, which is just assembly instructions, and it generates the S19, which is the binary that you upload to the board later. And the assembler also spits out what's called a listing file, which is the assembled binary right next to the code so you can see what it looks like. And our assembler actually implements a couple of things that Dr. Jerry Cain came up with that we don't think are in any other assembler ever, but they're kind of hard to describe, so I'll direct you to the website if you want to play with any of that kind of stuff. We did not develop an IDE specifically because we wanted to make it simple, so it's just a command line application. And we also wanted to make sure that incoming engineers knew how to use the command line instead of have a point and click interface for everything, so that was another reason we used that. The bootloader that is on the device is not something we wrote. It is something that Freescale wrote that we are actually planning to replace because we don't like it as much as our ideas for what we could do with something. There's no device specific program where you don't need to go buy a specific tap or pod to reprogram it. Anybody can just, if you've got the board and a computer, you can reprogram it. So the idea was most computer science and electrical engineering kids have a laptop, so as long as they've got a laptop, they can program the dev board. And being able to program a real device instead of run code and simulator, we felt was an incredibly valuable experience compared to reading about in a book or running in a simulator. The bootloader that Freescale has only runs on Windows, and we're planning on rewriting the bootloader. We don't have it done yet, but right now it only runs on Windows, and the only problem with that is that we don't have it working on 64-bit Windows. I haven't talked to anybody at Freescale about that in a while, but it's kind of buggy, and we really don't like it, which is why we're going to write it. The kit itself contains the development board, which is tiny, and a solderless breadboard. I don't know if anyone can see this, but we just give them a little breadboard so they can hook up accessories that we've built, or LEDs, or anything that they've got. We put it in a 6x8 static bag. And the reason being that most people don't know about properly handling electronics. So putting a static bag and explaining static safety is part of the curriculum we developed, and we kind of discovered that there are some problems with static safety unless you beat them over the head about it. So we'll talk about that again in a minute. But we've also got a bunch of accessories. I'll show you a demo video here in a little bit, but we've spent a lot of development time on building things to plug straight into it so you don't have to wire it up yourself. That is a picture of the board. And as you can see, it is positively tiny. I built 25 of those by hand, and that's what the first semester was done with. There were 17 kids, and one of them was a computer scientist, but that's just how it came out. There were four projects where they were given a board and asked to write code and actually provide a working project. It was an on or off type of thing. If they got it working, they got a good grade. If they didn't get it working, they didn't get any credit for it. There was part of their final exam that was done the same way, and it worked really well. We had about half the kids do incredibly well. And between the remaining students, there were some that just didn't do well, but I don't think that was the fault of the course. We spent around $1,000 developing all this, and almost the entire dollar volume was spent building printed circuit boards. We've got a bunch of documentation online about the kit. We are not releasing a lot of example codes, specifically because we're teaching a course, and the problem with that is that if we release a lot of example code, then they can just program it and change a few things and turn it in. But the point is this is supposed to be simple and easy to use, and we've got a lot of helpful information online. This is some of the documentation we've developed, or an example of it, which is a state machine diagram for one of the accessory boards we've built, and this is simply emulating traffic light. And this is essentially to teach how a state machine works, but as you can see, it's just four states, and the code for this project is incredibly simple, but that's one of the things we're doing is building some of these diagrams. This is some of the real-world things we've included in the documentation, and this is called Contact Bounce, or Jitter. And this is one of the things we hope to show students is that it's not all theory. There are some real-world problems with developing hardware and software, and this is one of the things we've made them deal with last semester. The first generation of projects, the first one we had them do was we had them simply plinking LED, which is showing that they can plug the thing into their computer and get it working, which is not too hard. We then moved on to things like LED patterns, and I've got an example of, or a video of the accessory we built for that. One of them is a traffic light, and one of them is a little more entertaining. We have a small display that is an LED matrix where you no longer have enough general-purpose IO pins to just run the LEDs directly. You have to do some programming and clever tricks and interface with an external chip to be able to actually use the device. The piece de resistance of our semester last year was we built a vending machine that vended crayons, and that is my professor's choice, not mine. But it had motors and a bunch of storage areas where the device would actually have to bend a crayon to the professor before they were given a grade. A lot of things we learned the first time around when we taught this is, again, static safety. Students don't understand what that is, and a lot of people don't understand what that is. So we tried to enforce that by putting everything in a static bag and telling them these things are fragile and you should handle it by the edges and so on. And a reason we want to be careful about static is I spent about 40 hours replacing dead chips on these boards last time around, which was not fun, and since lead is poisonous, I really don't like replacing chips. We also learned that the bootloader, which we thought was wonderful at first, and after using it hundreds and hundreds of times, it just wasn't cutting it. So we're gonna re-implement that eventually. That's one of the things we wanna do in the future. Another one is we actually are going to put up some example code, but they will not be projects related to the course we're teaching. We also would like to build an inexpensive in-circuit emulator, and that's a device where you can step through each instruction one at a time and then see the real world changes that the processor is making. I think I'm about, okay, the documentation is available on my website, and I hope my little web server can survive, all the people going to it, but there's some PDFs and videos and a couple other things on the website explaining how you can get one of these boards. We've also got the Gerber files, which are the source code for the CAD drawings for the circuit board so that you can make one yourself or have someone make one for you. This is completely open. We are not, the only thing that is under the GPL is the source code because we used a couple, the source code for the assembler because we used a few libraries that are themselves GPL, but the rest of it is free, just take it. The parts list is online so that if you can have a blank PCB, you can put this together and start playing with it. And we want other people to use this. We want hopefully other schools or other organizations or electronics clubs to get together and build these kind of devices and play with them and just help teach others about low level hardware and playing with embedded systems. And now I've got some videos of the demos. The only reason they're videos is they're just too small, I can't hold it up and show it to you. And if you want to see these, I've got these things that I'm showing you videos of in my hand, actually. Plug in the device and this is actually kind of hard to say on the video, but it says DC-18 for DEFCON-18. That's the LED matrix I was talking about. And on the back is the IC, which is a 16 bit shift register. And again, you can come see this if you want. It's pretty simple. The next one is this, which is my favorite accessory. It's called the Baby Cylon. And although it's not red, it does scan back and forth, just like the sci-fi creature. And one of the projects we made them do was code this in assembly. And it's pretty straightforward, but again, this was like the week two project. This is the state machine diagram I showed you running. And it's a board we built that simulates a traffic light. And again, this is not a supposed to be an impressive example, but it's a kit we've built so that you can do this and understand the code easily. And if you flip a switch, it acts like a four-way stop. Otherwise, it functions like a normal traffic light. And I wanted to thank the University of Tulsa's Institute for Information Security. It would not have been possible for me to get here without their funding help. It actually cost more to get me here to talk about this than to build the whole project. So thank you to them. I'm gonna hold questions in the little side room in a little bit, but I guess I have a little bit of time. So if anybody has any questions while we're still in here. Oh, and thank you to the local Apple store. I left my power adapter and they gave me a free one. They were kind of awesome. Any questions? Most of them liked it. Or the question was how the students reacted to the class. Most of them liked it. They liked being able to connect up the board and see what their code was actually doing in real life. And they couldn't imagine how you would have done it any other way. And all the people we talked to that took the previous version where it was just all theory, really wish they could have taken it this way. So, well, right now we only have one computer science guy take the course, but the main difference was that they had already had some coding experience, or the computer scientists have had some coding experience where the double E's. This was their first opportunity. So it was a little different for them. But next semester it's going to be almost the opposite. It's going to be 35 computer scientists and one double E. So I'll be able to answer that question better in a few months. It's a 2000 level, so second semester or third semester depending on which major you're in. Okay, and I will be in the track five question and answer room if anybody has any questions.