<openfpga-github>
libfx2/master 0863ae2 whitequark: Implement EEPROM firmware programming, updating and dumping in fx2tool.
kmehall has quit [Remote host closed the connection]
<cr1901_modern>
azonenberg (or anyone really): I hate to ask this, but is the difference between a router and a switch that "a router uses layer 3 to decide which port to send data" and "a switch uses layer 2 to make the same decision"?
DocScrutinizer05 has quit [Disconnected by services]
DocScrutinizer05 has joined ##openfpga
<sorear>
cr1901_modern: yes
<sorear>
(layering is fuzzy in real networks, these are not sharply-bordered categories, etc etc)
<cr1901_modern>
sorear: Ack, thanks
<qu1j0t3>
doesn't this imply other differences though? e.g. doesn't a switch have a much greater aggregate bandwidth?
eduardo has joined ##openfpga
steakpizza has joined ##openfpga
kuldeep has quit [Remote host closed the connection]
kuldeep has joined ##openfpga
m_w has quit [Ping timeout: 240 seconds]
futarisIRCcloud has quit [Quit: Connection closed for inactivity]
steakpizza has quit [Remote host closed the connection]
<awygle>
time triggered ethernet was used at spacex at one point
<awygle>
don't know if it still is
<eduardo>
rqou: this ethernet eqipment flies on Airbus380, on Boeing 777, on Space rockets, and it conrols the brakes at Audi A8
steakpizza has joined ##openfpga
<eduardo>
and btw: we work with them to formally verify their chips ....
steakpizza has quit [Read error: Connection reset by peer]
steakpizza has joined ##openfpga
<zkms>
interesting
<awygle>
yeah that's very cool
<zkms>
i knew about the 802.1 stuff for ethernet fronthaul but i hadnt heard of time triggered ethernet
kmehall has joined ##openfpga
rohitksingh_work has joined ##openfpga
MrSynAckster has joined ##openfpga
<MrSynAckster>
Hello all
<MrSynAckster>
weird question
<MrSynAckster>
I ran into the dude from silic0n pr0n ages ago at a con and he said he had an irc channel, but I can't find any evidence of it existing.
<MrSynAckster>
You need an invite or something to get in?
<MrSynAckster>
Figured you guys would know him.
<eduardo>
rqou: Have you already decided what will your next "full time engagement" will be?
<MrSynAckster>
You guys working on a project?
<awygle>
i think it's safe to say "several"
<MrSynAckster>
Fair enough.
<MrSynAckster>
You guys RE FPGAs right?
<azonenberg>
cr1901_modern: also, a router can modify layer 3 data
<azonenberg>
and a router works at layer 2
<azonenberg>
MrSynAckster: yes its kinda in stealth mode
<azonenberg>
digshadow: poke
<azonenberg>
MrSynAckster: you want to talk to him ^
<azonenberg>
MrSynAckster: We RE them, write tools for them, write code for them, etc
<azonenberg>
all of the above
steakpizza has quit [Remote host closed the connection]
<awygle>
We Like FPGAs. the t-shirts are in print.
<MrSynAckster>
Ah nice.
<MrSynAckster>
I wanted to ask you about something I learned recently. Apparently microsemi fpgas have some kind of anti-tamper system built in?
<MrSynAckster>
I was curious what the hell that was.
<azonenberg>
My understanding is that they're just hard to get the bitstream out of
<azonenberg>
Because they either use flash or fuse memory on die
<awygle>
yeah, they store the bitstream internally as opposed to externally. they also support encryption of the bitstream.
<azonenberg>
well so does every other big fpga vendor
<awygle>
oo actually the polarfires have some kind of anti-tamper listed
<azonenberg>
But there have been successful DPA attacks on all of that crypto afaik
<awygle>
that's cool
<awygle>
"tamper detection" and "active mesh" whatever that means
<awygle>
"DPA countermeasures" (just saying words now, i have no idea what DPA is. sounds like a plastic.)
<MrSynAckster>
DPA attacks?
<MrSynAckster>
So I assume the RE method for these things is just to get it to write out the IP stored in the LUTs? I imagine that's pretty easy on most devices.
<MrSynAckster>
awygle: yeah that's what I was curious about. I'm fascinated by the hardware anti-tamper stuff.
<MrSynAckster>
A colleague of mine RE'ed a femptocell and ran into that kind of thing. Meant to brick the chip if it's tampered with.
<sorear>
"DPA countermeasures" usually means stuff like dual-rail logic
<awygle>
MrSynAckster: there are a variety of techniques. azonenberg, being both more hardcore and more paranoid than most, decapped the coolrunner-ii chips and reverse engineered them from the images. the other stuff is mostly done by fuzzing - generating tons of bitstreams and looking for correlations.
<MrSynAckster>
Oh you guys mean differential power analysis?
<MrSynAckster>
Well I imagine those guys are trying to RE the structure of the chips themselves to make tooling, I meant like pulling someone's design back off the chip.
<MrSynAckster>
but maybe those tasks end up being the same thing.
<sorear>
this channel is *mostly* for the former
<sorear>
the latter comes up occasionally
<MrSynAckster>
both are of interest to me.
<MrSynAckster>
As a security dude, I imagine the latter is more likely to come up for me in a work type context.
<azonenberg>
MrSynAckster: was said colleague mat rowley from matasano?
<azonenberg>
he was doing femtocell stuff circa 2014
<azonenberg>
i helped him with some jtag stuff
<azonenberg>
i recall basic antitamper but he didnt get down to silicon
<azonenberg>
this was more like, jumpers pulled off the board by a clip on the case when you opened it up
<digshadow>
MrSynAckster, azonenberg: I work on projects that document FPGA bitstreams. Legally it seems that reverse engineering refers specifically to binary analysis, which I don't do (on FPGA toolchains)
<digshadow>
I'll check the backlog in the near future, on ping me again if you have a specific question
<digshadow>
azonenberg: speaking of t-shirts, I'm thinking of doing a project x-ray t-shirt run with the Xilinx CLB on the back
<digshadow>
MrSynAckster: re microsemi FPGAs, sergei s. claims there is a sort of manufacturing backdoor in them that allows you to get the code out
<azonenberg>
digshadow: sign me up
<digshadow>
there is a paper on it somewhere
<azonenberg>
any chance of getting some layout on there too?
<digshadow>
we've talked about doing more serious imaging (ie more than top metal) but none has been done to date
<digshadow>
also I color correct my camera better now :P
<azonenberg>
yeah i was talking about lower layers, implant or ideally poly
<digshadow>
I still have that chip
<azonenberg>
I need to get a new microscope camera once i'm set up in the new lab
<digshadow>
if I get bored maybe I'll strip it to active layer
<azonenberg>
i ran most of the power and lighting circuits for the garage todaty
<azonenberg>
today*
<digshadow>
if a pile of 50Ts show up though it would probably increase the likihood an image pops out
<digshadow>
azonenberg: did you see kens xc2000 write up?
<digshadow>
he used some sem + optical images to figure it out pretty thoroughly
<azonenberg>
Nice
<azonenberg>
no i didnt
<digshadow>
he gave a talk about it at least mtvre
<azonenberg>
i havent spent much time on anything but work and house lately
<azonenberg>
managed to get a little bit of work done on the ethernet switch and starshipraider stuff when it was too late in the day to do construction, but not much
<rqou>
azonenberg: would it be a good idea for me to visit over memorial day weekend?
<rqou>
or "too much of a mess?"
<azonenberg>
rqou: Depends, are you willing to turn it into a work party?
<rqou>
sure
<azonenberg>
If you dont mind getting your hands dirty, we can do construction during the day then go back to the livable house and have an fpga-something hackathon by night
<rqou>
sounds fun-ish
<azonenberg>
If you want to do that, bring a set of clothes you dont mind getting filthy and be prepared to shower upon return to my place
<rqou>
since i'm not going to fanime (burned out on it)
<azonenberg>
we've tidied up a bit but expect to get dust and dirt all over you even so :p
<rqou>
btw azonenberg you should try xc2par :P
<rqou>
i released 0.0.1 but nobody seems to care and i am sad :(
<azonenberg>
rqou: i'll play with it if you come over, lol
<azonenberg>
If not sooner
<rqou>
digshadow: any progress at all on zia fuzzing?
<azonenberg>
i also want to try to clean up my yosys fork
<azonenberg>
you know what might be fun also? trying to write a *hardware* zia fuzzer
<azonenberg>
test on the 32a since it has known config
<azonenberg>
basically create bitstreams that do known stuff then experiment to see what zia things do what
<rqou>
goddammit azonenberg i already cleaned up your yosys fork
<rqou>
you just never looked at it
<azonenberg>
You misunderstand, i meant actually adding new features
<azonenberg>
not just rebasing
<rqou>
oh ok
<digshadow>
rqou: I'll have an update soon
<digshadow>
azonenberg: why is there a fork?
<sorear>
remind me what zia is?
<digshadow>
what is preventing it from getting merged in?
<azonenberg>
digshadow: because i dont have commit access to master
<azonenberg>
:p
<digshadow>
azonenberg: have you done a PR?
<azonenberg>
i do development there then send PRs to clifford
<rqou>
digshadow: currently the "netlist RE" code is too hacky for clifford
<rqou>
everything else is merged in
<azonenberg>
yeah thats the main thing that isnt merged
<azonenberg>
things like finding adders in a sea-of-standard-cells netlist
<digshadow>
rqou: what would it take to get that solved?
<rqou>
a novel algorithm? :P
<rqou>
and/or a differently-tuned subgraph isomorphism solver
<awygle>
is that your 'abc big hammer' thing?
<sorear>
what's a zia?
<digshadow>
sorear: ZIA is the interconnect between the logic blocks
<rqou>
awygle: yes
<azonenberg>
sorear: "zero power interconnect array"
<azonenberg>
it's a sparse crossbar
* awygle
has been in here for the better part of the year and hasn't ever seen that defined before
<azonenberg>
In the xc2c32a it's 40 rows of 65:1 mux organized as two levels
<azonenberg>
First level is two wires (Vdd and Vss, always) plus six via-programmed muxes
<azonenberg>
Each via picks one of 0...10, 11...21, 22... 31, etc
<azonenberg>
And the via setting is different for each row
<sorear>
via-programmed ~ metal configurable, not in-circuit ?
<azonenberg>
Correct
<azonenberg>
The second level is an 8:1 one-hot bitstream programmed mux
<azonenberg>
eight pass transistors and eight sram cells basically, although the actual logic has a nor gate thrown in to prevent bus fights during boot
<sorear>
so the chip requires metal config AND a bitstream?
<azonenberg>
No
<azonenberg>
The metal config is static and chosen to reduce the size of the crossbar
<azonenberg>
basically, there is no reason for every one of the 65 signals to be routable to every one of the 40 inputs
<azonenberg>
it's a 40-input and gate, every input is logically equivalent
<azonenberg>
As long as any 40 of the 65 signals can be selected you dont care the order they come out in
<azonenberg>
So by making the crossbar sparse you have each row be a 8:1 mux instead of 67:1
<azonenberg>
Which would be massive
<azonenberg>
In the larger CPLDs the savings are even more dramatic
<lain>
this might be a loaded question but - in gnuradio, using a file source, how would I loop just a section of the file in time? like, say I have some long capture, but I want to analyze a particular segment of time...
<lain>
or is that just something I have to do outside of gnuradio
<sorear>
this is a relic of the NMOS "fan-in of an AND/OR gate has no effect on latency" era isn't it
<azonenberg>
sorear: CPLDs are product term arrays by definition
<rqou>
lain: my experience (years ago) was that gnu radio never does what i want :P
<azonenberg>
each coolrunner-2 function block is an "80-input" AND gate (40 signals which you can either select X, !X, or neither)
<rqou>
in general i've found that F/OSS "signals/controls" software all sucks
<azonenberg>
for each of 56 product terms
<azonenberg>
The 56 product terms then feed into 16 56-input OR gates
<rqou>
although this was pre-rtl-sdr so _some_ stuff has gotten better
<azonenberg>
Older CPLDs were based on sense amplifier shared-bus arrays
<azonenberg>
Coolrunner is a tree of CMOS gates
<azonenberg>
So much more power efficient
<rqou>
arrgh libkf5* is still hosed in debian
<azonenberg>
sorear: anyway, to give you a concrete example... Function block #1, pin 1's GPIO input buffer is routable to ZIA rows 0, 11, 22, and 33 only
<sorear>
I mean more in terms of why CPLDs exist at all
<azonenberg>
Function block #2, macrocell 10's output is routable to ZIA rows 0, 20, 29, and 39
<sorear>
because "40-input NAND gate" is a thing that makes perfect sense in NMOS, but doesn't in CMOS
<azonenberg>
It's a very natural implementation of sum-of-products
<azonenberg>
makes synthesis easy
<azonenberg>
you create your equations, minimize them, and basically have a bitstream
<azonenberg>
the main reason is, early FPGAs had unpredictable timing and wide skew
<azonenberg>
slight changes to fan-in of an equation would change propagation delay dramatically
<rqou>
azonenberg: random question: does kicad have "generic logic" schematic symbols?
<azonenberg>
but with a CPLD you could have (almost) arbitrarily complex equations with the same propagation delay
<azonenberg>
rqou: No
<rqou>
wtf
<azonenberg>
It's meant for PCB layout
<azonenberg>
Not abstract schematics
<azonenberg>
I create my own "generic CMOS" transistor symbols that i use to draw standard cell schematics etc
<azonenberg>
i.e. generic pfet / nfet with no specifics
<azonenberg>
I never made symbols for gates because i didnt care
<rqou>
not even W/L? :P
<azonenberg>
never got to the point that it mattered
<azonenberg>
I annotated W/L with text markings
<rqou>
anyways, so if i wanted to redraw the xc2 macrocell graphics, what software would you use?
<rqou>
since i'm getting pretty tired of "no, our docs can't have diagrams because the diagrams are non-free"
<awygle>
lain: iirc you can loop a file source but you can't slice it like that
<azonenberg>
either kicad using the 74xx symbols (but part number changed to our own cell names)
<azonenberg>
or just inkscape
<rqou>
i hate inkscape
<rqou>
fine, maybe i'll try it again
<rqou>
hmm azonenberg
<rqou>
afaict there's no good way to display an xc2 floorplan
<rqou>
without some part of it looking like a mess
<azonenberg>
That was what my fcplan tool was for
<azonenberg>
it was basically the physical layout off the chip, slightly abstracted
<azonenberg>
i never finished
<azonenberg>
i had iirc and array and zia working, display only (no edit)
<azonenberg>
no macrocell or or array
<rqou>
how do the OR gates and PTx get rendered?
<rqou>
ah ok
<azonenberg>
i didnt get that far
<azonenberg>
But it was essentially the physical layout
<rqou>
yeah but that gets kinda messy
<rqou>
would you be making everything "horizontal"?
<azonenberg>
horizontal?
<azonenberg>
i actually showed the zia with dots at legal interconnect sites
<azonenberg>
the butterflied function blocks around it
<azonenberg>
etc
<azonenberg>
So yes the or array would be going out horizontally between the and array
<rqou>
but then how do you draw the wires to the macrocell?
<azonenberg>
I never got to macrocells, like i said
<rqou>
hrm
<azonenberg>
I had little pink outline boxes for where they were going
<azonenberg>
but no internals or connectivity displayed
<rqou>
so you only did the easy part :P
<azonenberg>
If i can find the code and it still builds, assuming you come over
<azonenberg>
i'll show you what i had
<rqou>
do you have any screenshots whatsoever?
<azonenberg>
Somewhere, yes
<azonenberg>
but not handry
<azonenberg>
this was like 3 years ago
<rqou>
yeah i can't think of any way to draw these graphics that doesn't look like a giant mess
<rqou>
digshadow: so, just curious, did you make any progress on the ZIA at all? other than "I'll have an update soon"?
<rqou>
e.g. is it worth investigating azonenberg's idea of fuzzing it in hardware?
<azonenberg>
rqou: that would be a fun thing to play with that weekend if you want
<azonenberg>
We can prototype on the 32a and ground truth it
<azonenberg>
Then scale up to the bigger chips and see what we find
<rqou>
i'd rather just get somebody in the EU to maintain a fork with the proper data :P
<azonenberg>
i dont want to deal with that if we can derive the data cleanly without much work
<rqou>
yeah, if
<rqou>
hey, um, random question: does anybody know where i can find (approximate) I-V curves for nixie tubes?
<rqou>
(trying to write an actually-educational blog post about that soviet nixie display)
ironsteel has joined ##openfpga
* azonenberg
needs to get a curve tracer
<azonenberg>
s/get/build/
<azonenberg>
But very far down the priority list
<rqou>
mail me the thing and i can probably trace it on the university's buggy-as-shit HP 4145B
<azonenberg>
i meant just to have in the lab
<azonenberg>
not that i have an immediate need
<rqou>
hrm, design the ИГГ1 driver or design Guren? :P
<MrSynAckster>
digshadow: I want to see that microsemi paper
<awygle>
that is either tragic or a really sick burn
<Bike>
i like the OP's implicit premise that money has to be useless
<awygle>
i like how the OP apparently has never heard of fiat currency?
steakpizza has joined ##openfpga
<Bike>
huh, i was going to say fiat money was recent, but apparently the ming dynasty used it
<awygle>
well, fantasy doesn't have to be medieval, especially if "magic has the place of science". but that's a bit of a rabbit hole lol
<awygle>
you know what has always bugged me? why do so many fantasy novels have it so that the past was _more_ technologically/magically advanced than the present?
<Bike>
rome
<Bike>
probably
<awygle>
yeah but patrick rothfuss didn't grow up in the shadows of the aqueducts
<awygle>
idk it just bugs me how prevalent it is
<Bike>
yeah but he's got a cultural background of people who had a cultural background of english people blathering about how great the roman empire was
<sorear>
Because that’s how mythology works
<Bike>
but yes, it is annoying
<Bike>
though i do like the vaguely archaeological aspect of it
steakpizza has quit [Ping timeout: 256 seconds]
<awygle>
yeah what he actually grew up in the shadow of was JRR Tolkien
<Bike>
mhm.
<sorear>
A lot of people IRL think the world was just better in the 1800s
<Bike>
i don't think tolkien did it as much, but he was, like, an actual philologist who cared a lot about old myths
<awygle>
yes, but they don't think we had better science. give me fantasy Luddites, sure
<Bike>
unlike most authors
<awygle>
you're right about mythology but that kind of kicks the can down the road
<Bike>
the idea of continuing technological progress is relatively recent. industrial revolution... probably a couple years after it really
<Bike>
before that it was all woo check out this literal four eyes who invented language all on his own, people were awesome before the xia dynasty ruined everything, bla bla bla
<pie_>
theres probably some "its cooler that way" involved as well
<Bike>
i liked it in lovecraft when the old civilization is old enough to be buried in basalt and also was made of onion people
<Bike>
that's more how i feel when i learn about the megaliths in malta or w/e
<awygle>
yeah lovecraft it's sort of the whole thing
<awygle>
i'm not complaining about this existing, just the prevalence. i've read _one_ "fantasy industrial revolution" story, ever
<Bike>
wow, really?
<Bike>
that's a whole genre now
<Bike>
most if it's shit, but still
<awygle>
well most everything is shit
<Bike>
yes but moreso
<Bike>
i think it's kind of hard to write about the industrial revolution, though
<Bike>
i mean first off you need to get a handle on what things were like beforehand, which i don't think people really do, because it was pretty fucking terrible
<Bike>
and then you add industry, which is nice for a few people at first but mostly makes things worse before a few decades pass and labor laws are invented
<azonenberg>
(alleged russian incendiary attack in syria)
<azonenberg>
inb4 adele is a war correspondent now
<Bike>
but also not very industrial
<Bike>
looks like a very specific meteor shower
<awygle>
looks like a countermissile test to me
<rqou>
wtf daveshah how are you so fast?!
<awygle>
lol
<azonenberg>
awygle: if you watch the whole video there's a point explosion then those things expand out from it and fall separately
<awygle>
yeah congrats daveshah
<azonenberg>
so yeah
<daveshah>
awygle: thanks!
<azonenberg>
it looks like a bursting charge
<daveshah>
there's a long way to go still
<rqou>
goddammit you guys keep sniping me
<awygle>
i did eventually get the fuzzer to run, btw
<azonenberg>
daveshah: fast at what?
<azonenberg>
what did you pull off?
<awygle>
it... didn't ever _stop_ running? but it did run!
<azonenberg>
awygle: lol
<daveshah>
azonenberg: routing bits of the ecp5 logic tile
<azonenberg>
:D
<azonenberg>
sounds like the fuzzer i am trying to write for work
<azonenberg>
i'm supposed to be fuzzing an embedded gizmo that has almost no output interfaces
<daveshah>
awygle: the fuzzer of last night is not parallelised and will take a long time to run
<azonenberg>
So even if i *do* crash it
<daveshah>
the latest fuzzer should take 1.5 hours with 8 threads
<azonenberg>
i'm not sure how i can tell i did so :p
<daveshah>
this is a bit less black box
<awygle>
daveshah: yeah i saw that also. i ran it overnight! but i guess that wasn't long enough
<daveshah>
basically the approach is the use the Tcl API to find every possible mux option, and then create a bitstream with just that mux and compare against a baseline
<rqou>
how are you guys getting all the internal net names?
<awygle>
1.5 * 8 = 12h so that makes sense
<rqou>
oh a tcl api
<daveshah>
awygle: yeah
<daveshah>
rqou: yep
<daveshah>
x-ray used the tcl api too, albeit in a different way
<rqou>
someone please fix the fucking xc2 zia problem
<rqou>
digshadow?
<daveshah>
the internal net names aren't actually that useful for building a tile database as is, there's a bit of work to normalise them so they will be the same in every tile of the same type
<daveshah>
awygle: it's a long weekend in Vienna so lots of time for Trellis stuff. First step will be to sort out the CMake issues though
<kc8apf>
rqou: KDE and Qt's only relationship is that the former is built upon the latter
<awygle>
daveshah: awesome :) it's a normal weekend in Redmond, and i have a lot of Glasgow to do, but maybe i'll manage to be useful :p
<daveshah>
awygle: can you put your changes somewhere (or create a PR) so I can work out what needs changing
<awygle>
oh, sure. it's ~the same as last night's gist but i'll update it, sec...
<daveshah>
I think it might make sense to move fuzzing to somewhere other than my laptop soon, next we need to work out all the other interconnect tiles, maybe 20-30 tiles at 1.5 hours each is a little while
<kc8apf>
I recall it being adjustable up to 300V. Not quite sure if it would make it to 400V
<rqou>
but that requires a custom/modified magnetic component anyways
<qu1j0t3>
as previously mentioned i have one of these so i hope all your discoveries will be written up somewhere so i don't need to manually scrape them out of this channel :D
<rqou>
so you might as well just go all out and build a proper flyback
Bike_ is now known as Bike
<awygle>
chips never just work. it's always gotta be a whole thing.
<azonenberg>
awygle: btw respun magnetics-crosstalk board is at fab now, ETA may 29th
<azonenberg>
Components are here already
<azonenberg>
Stencil should be here any day now
<azonenberg>
it shipped
<azonenberg>
awygle: btw, as part of the scopeclient revamp
<azonenberg>
after i do the opengl port
<azonenberg>
I want to also add better display of protocol decodes in deep captures
<azonenberg>
Some kind of scrollable list where you can see packets/data in a denser form than the timeline display
<azonenberg>
The other thing i need to do is improve handling/navigation of really deep captures including segmented ones