Yann’s Blog

DigiChrome – DigiKey Enhancements now has version 0.2 available through the Chrome Extensions Gallery. The extension will auto-update, but you must re-enable it when prompted for it to function. The permissions have changed in order to allow some new features to work.

New in this version:

1. Multi-page loading of search results – loads up to 20 pages in one search results page (configurable). Loading progress indicator is also displayed, and the Next and Previous links are updated to skip 20 pages at a time.
2. Get shareable links to search results and filter pages, shorten links with Bit.ly!
3. New options link on search pages.

Git repository

DigiChrome is Open Source, and available as source from http://gitorious.org/digichrome.

Ever got frustrated with DigiKey.com‘s interface, specifically the “In Stock” checkbox and the limited size of the search selector boxes? Are you using Google Chrome?

Then get my Chrome DigiKey Enhancements extension now!

The current version:

1. Adjusts the height of the search selector boxes to a user configurable value
2. Auto-checks all “In Stock” checkboxes (when configured)

The extension has an options pages (under the Tools->Extension page, click “Options” under DigiKey Enhancements) which allows you to pick which modifications the extension performs.

Untested: International DigiKey pages, full ordering workflow.

More features coming soon!

EVE-Central has received a minor site update today. Two new features were introduced:

• The usesystem parameter is now supported on the marketstat API call.
• Statistics are now recalculated on upload, flushing any cached data. The point-in-time statistics are now stored as well, which will lead to a future site feature.

Feel free to submit futher patches and features. I have a few patches to merge into Contribtastic and the website once they are tested.

I am working on the cache format change that was released in the latest EVE release. This may take a few days to sort out.

My Windows build machine is up and running again. Alpha 5 of Conttibtastic is prepackaged for testing.

As many of you noticed, Contribtastic Alpha4 is bugged. The code is fixed, but I haven’t had a functioning Windows build machine to turn the handle on in order to produce the installer package. Stay tuned.

A new version of Contribtastic, the 100% open source cache reading uploader, is now available. If you’ve been hit with the data.pickle corruption bug from previous versions, this is an essential upgrade.

Next release may actually add the CSV export option along with re-implementing login functionality. Contributions welcome!

I had the privilege of attending the Embedded Linux Conference in San Francisco this year. All in all it was a great experience, especially the networking opportunities with other developers working on core functionality. Personally, I found the following presentations and technologies the most memorable:

• Linux Without a Bootloader (Greg Ungerer) – A well paced example on booting Linux without a direct bootloader (for NOR flash) or without U-Boot (for NAND flash). Good demos, and a good discussion post presentation. This will be an approach I will try in future systems, combined with Kexec
• Kexec – Ready for embedded Linux? (Magnus Damm) – A good talk discussing the Kexec framework on embedded systems – especially relevant after Greg’s talk
• Android: A Case Study of an Embedded Linux Project – All around fun, and highlighting some of the problems with the current fork of Android. The only thing this keynote could have done better is presenting at least one concrete example of how mainlining reduces overhead for the developers. Not that I don’t agree with Greg, but it would be great to use this keynote as ammunition in all companies.
• Flattened Device Tree ARM Support Update (Grant Likely) – In the “things to watch” camp is the upcoming unification of the flattened device tree support in PowerPC and SPARC, adding ARM support. This will be something to hack on to make sure all the various system drivers work correctly, and something I will be tracking.
• Ftrace – Embedded Edition (Steven Rostedt) – A very energetic example of what FTrace can do for you, and the announcement of trace-cmd and kernelshark. This will be going into my toolchest.
• State of Embedded Linux (Tim Bird) – Overviews can be drab and boring, but this was enough context to bring in people who don’t follow lkml on a daily basis. And Tim, I will test out LogFS and ramzswap on my systems and report back
• Link Time Dead Code and Data Elimination Using GNU Toolchain (Denys Vlasenko) – A good overview on the current support and caveats with -function-sections and –gc-sections in the GNU toolchain. Could have used some more technical insight, but the discussions it triggered generally filled any holes.
• A Consideration of Memory Saving by Efficient Mapping of Shared Libraries – A very indepth technical discussion which is invaluable for very small systems. The slides are great as well.

This is hardly a complete list of the talks I went to, and only reflects some of the most interesting and relevant areas to me (sorry, I don’t do much RT or media). To those not mentioned, I still enjoyed hearing you speak!

And yes, I do have a shiny new free Nexus One thanks to Chris DiBona and all of Google. You still should work on mainlining your code though

I thought I’d do a small interlude into the embedded hardware and firmware space (which is generally my main area of work) from the normal EVE-Central heavy side of this blog. I have been musing about the code security protections of the MSP430 micro-controller, specifically the Boot Strap Loader (BSL), which remains enabled at all times, even if the JTAG interface is disabled (via a fuse on most MSP430s).

The BSL disallows memory reads and writes until a “password” has been transmitted over the serial interface. The password is actually a copy of the interrupt vectors (32bytes) used by the micro-controller, which limits the entropy available by a significant margin: addresses are all even aligned, reset vector is generally start of flash, many interrupt vectors will be identical, general case has all interrupt vectors located in flash. The only defense against this low-entropy brute force attack is the rate limit of the BSL: some versions of the BSL prevent you from changing from 9600 baud until after the password has been verified. However, on devices with small amounts of flash (say, 8Kib), there are only about 61,000 passwords generally in use, which reduces the search time tremendously.

Some BSL versions are also susceptible to side channel attacks are discussed in this paper:
Practical Attacks against the MSP430 BSL

Texas Instruments has improved code security on the new F5xxx series devices in a drastic way: an invalid password will cause a complete device erase. Note that the flash memory also differs from the previous generation devices by being rated to erase and program as low as 1.8V (where the core voltage normally sits – the 5 series has an integrated LDO).

I can see two possible attack vectors – undervoltage to the entire processor (I have a ’5438A running as low as 1.5V, however the BSL is not yet tested down here), or “glitching” the processor (in this case, complete power down) if the start bit of the acknowledgement packet is not transmitted within an allowable window. The second scenario can be defended against in the BSL firmware (delay the acknowledge by a large value).

I have not tried either of these attacks on the 5xxx series yet (specifically, the 5438 and 5438A). Generally, there are easier ways to attack processors to capture embedded code, or simply replicate external functionality based on observed behavior (code security is not on most programmers’ minds). If small-memory variants of the 5xxx series become available (to allow the brute-force searching of the keyspace), the flash memory erase issue would have to be overcome.

In the mean time, you can use some chip disassembly techniques from Flylogic.

On another note, I will be announcing a security related, open source hardware project shortly. Its been keeping me distracted from EVE-Central (trade route tool version 2, specifically), Contribtastic, and working on the EVE-Metrics/EVE-Central unified uploader.

I have had several questions regarding the “rle_unpack” function in libevecache. In order to not repeat myself in e-mails, I decided to make a quick post describing the logic:

The market rows are compressed with an odd variant of run-length-encoding. In this case, the extra “0″ bytes are suppressed and encoded into one byte.

The row starts with a opcode byte, which is split as follows (high bit to low bit). You can find this broken out in the struct packer_opcap.

x x x t y y y b
7 6 5 4 3 2 1 0


There “t” is a flag to say “unpack 0s” if the bit is set, and “copy from source” if the bit is not set. So if the bit is set, “XXX” bytes of “0″ are copied to the output buffer, and if its not set, “XXX” bytes are copied from the input to the output.

This repeats with B and YYY. After one opcode byte has been processed, the next opcode byte is read, or processing is terminated if the input buffer has been exhausted.

This took a fair bit of time to figure out, with lots of sample data and market logs as the study set.

How much space does it save per order row? About 10-30%, from my samples.