Pages

20170622

"The Hardware Hacker" by Andrew 'bunnie' Huang

  • One reason I wite is to solidify my own understadning of complicated subjects. It's easy to believe you understand a topic until you try to explain it to someone else in a riguours fasion. Writing is how I distill my intution into structed knowlege.
  • Most customers refuse to pay fo rimoerfect goods, forcing the fqactory to reat the cost of any part that isn't exactly to specification. Thus, factories strongly dissuade customers from using cheaper but low-quality processes.
  • There's no substitute for going to China to tour a factory.
  • In general, factories welcome you to take a tour, and I wouldn't workd with one that didnt' allow me to visit.
  • Foxconn is a huge facility, apparently with over 250,000 employees, and it has its own special free trade status.
  • One imortant metric for gaugin how well a facotry treats its employees is how good the food is, as it's common for factory workers to be housed, fed, adn cared for on site.
  • Some manufacturesers are indeed out ther to make  abuck at any cost, but I think the majority of mistakes are made out of ignorance. Most of the rank-and-file in tfactories don't knwo what their product is ultimately used for, and under intense pressure to reduce costs, they make those bad decisions.
  • In the end, the factories play a game of "ship and find out", and if the customer doesn't notice a missing spec, then the spec must not have been important.
  • One fundamental problem behind this game is that many Chinese residentds do not understand or appreciate basic things that we take for granted in America, and vice verssa. Many Chinese factory workers are well educated, but thye didn't grow up in a "gadget culter" like we have in the United States, so you can't assume anything tabout their abilities to subjectively interpret specifications for a product.
  • The trouble is that aside from the label on the product that says "Made in CHina" or "Made in the USA", consumers really don't care about the manugacturing process.
  • The cost premium for US labor is 10 times what it is in China.
  • In the end, manufacturing in China is the best way to keep costs down, and to maintain quality, thre is no substitute for going to China and getting directly involved.
  • It's importatnt to learn what the factory can and cannot do.
  • There's nothin like standing on the line and showing the workers who will be building your device how it should be made.
  • Describing the process remotely, approving samples via photographs, and ultimately approving a unit delivered via FedEx might have taken a couple of weeks, but stadning in front of a group of workers and demonstrating the process firsthand took only a few minutes.
  • Every product goes through a phase wohere bugs that werent'acuaght be internal QA get pounded out. You have to rely on a top-notch customer service and suppor team, and you have to plan on being very agile and innovatine during this phase to solve the problems and prevent them from ever happening again.
  • It's hard to understand how a computer works without opening it and looking around inside. Lisewise, it's hard to understand how products are made withtout going into a factory and touring the line.
  • An inventor thinks about a product once; a facotyr thinks about the same priudct day in and day out, sometime for years on end.
  • Some of the greatest insights I've had into iprpving a product have come from observing techniciqans at work on a line and seeign the clever optimization tricks they've developed after doing the same thing overa nd over for so long.
  • The first step in processing PCBs is to drill all the holes--pads, vias (the small holes that connect different layers of the PCB), mounting holes, plated slots, and so forth.
  • Once the panels are drilled, cleaned, and deburred, they are ready for the next step in the manufacturing process.
  • The next step is to apply a photoresist, a light-sensitive checmical, to the panel and e4xpose a pattern.
  •  After photo processing and devlopment, the panels go through a series of chemical baths that etch and plate the copper.
  • Once the copper is polished, the panels are ready for the solder-masek (a protective, lacquer-like layer that insultates the coper traces below and prevents solder briding above) and silkscreen (the ink used to label components, draw logos, and so on).
  • Every value-oriented wire-bonding facility I've visitied relies on the manual placement of bare die.
  • The challenges and trade-offs in low-colme manufacturintg are different from those of well-funded coporaret exercises that protoypte at the scale of thousands of units.
  • The devil is alwasy in the details, and one fun part of making new, innovative hardware products is there's no end of novel and interstgin challenges to be solved.
  • Whether you work with the assempbly shop down the street or send your work to China, a clear and comlete bill of materials (BOM) is the first step to outsourcing production. Every singe assumption you make about your circuit board, down to the color of the soldermask, has to be spelled out unambiguously for a third party to faithfully reproduce your design. Missing or incompliete documentation is the leading cause of production delays, defects, and cost overruns.
  •  A proper factory will require you to suply an approved vendor list (AVL) specifying the allowed manufactuter(s) for every part on a PCB. A manufacturer is not a distrubtuer but rather the company that actually makes a part.
  • It may seem silly to trile over who makes a capacitor, but there are definitely situations where the maker of a compnenet matters--even for the humble capacitor.
  • Of course, some parts in a design can be truly insensitie to the manufacturere, in which case I would mark "any/open" on the BOM for the AVL.
  • For resistors, specify at minimumn the tolerance and waattage.
  • For capacitors, specify at minimum the toelrance, voltage rateing, and dialectric type.
  • Inductors are sufficiently specialized that I don't recomend ever labeling them as "any/open" in your BOM.
  • For pwer inductors, the basic paramaters to specify are core composition, DC resistance, saturation, tempaerature rise, and current, but unlink resistors adn capacitors, inductors have no standard for casing.
  • Always fully specify the form factor, or package type, of a component. Poorly speciiced or underspecieif package aparameters can lead to assembly errors.
  • The bottom line? Every digit and character counts, and lack of atention to detail can cost real money!
  • If the lead time of a part is very long, you may want to consider redesigining for a part with a shorter lead time. Using parts with shorter lead times not only saves time but also imporoves cash flow: no one wants to tie up cash on long-lead components four montsh in advance of sales revenue.
  • Many prducts have been deleayed simley because a use manual or box art wasn't completed and approved in tiem, and it sucks to have a hundred thousand doallar's worht of inventory idling in a warehouse for want of a slip of paper.
  • Beyond a proper BOM providing the factory with golden samples of your product along with your CAD files is another best practice. These working prototyptes enable the factory to amke smarter decision about any ambiguities in your submitted BOM.
  • Before crossing the threshol into productiong, formalize the process for changing a design with the factory. It's best practice to use written formal, engineering change orders (ECO) to update the factoyr on any changes after the initial quotation.
  • While you're desigingin your final product and putting tofgether a BOM, considering yeild, the number of good units that come out of the manufacturing process, is also important. Yield is a boring subjhect for many engineers, but for entrpreneurs, success or failure will be determine un part by whether they archieve a reasonable yeild.
  • Unline softwre, every copy of a phsical goo dhas lslight impoerfections. Sometiems the imoperfections cancel out; sometimes, they gang up and degreade performance. As production volume ramps, a fraction of the product always ends up nonsalable.
  • The goal of DFM is to ensuer that your product always passes muster and thet you're never faced with th3e unsavory choice of r3ducintg margins, lowering quality standards, or going out of bsiness.
  • Passive component tolerances are the most obvious tolerances to design for. If a resiwstor's true value can be +/- 5 percent of its labled value, be sure the rest of your circuit can cope with the edge cases.
  • Always read the datasheeet, and watch for parameters with a great disparity between their minimum and maximum value, a sdifferernce often refered to as a min-max spread.
  • Neither PCBs nor cases will come out exactly the right size, so design your case wiht some wiggle room.
  • ANy manufactured product is subject to smal blemishes, such a sdiest trapped in plastics, small scratched, sink makrs, and abroasion. It's important ot work out the acceptance critereis for such defects with the factory ahead of time.
  • To keep your product cheaper, avoid high-gloss finishes and conser using matte or textured finishes that naturally hid blemishes.
  • One stop-gap option is to rework the failed units.
  • Alongsid edealing with tolerances, another often-neglected desig nresonsoiilty is the test program. A factory can only dtect the problems it is instructed to look for. Therefore, every feature of a product msut be tested, no matter how trivial.
  • As a rule of thumb, for every product you make, you're actually making two related products: one for the end user, and a test for the factory.
  • And no, don't outsource the test program to the factory, even if the factory offers that service. The factory often won't understand your design intent, so their test programs will either be inefficient or test for the wrong behavior. Factories also have an incentive to pass as much material as possible, as quickly as possibel, so their test programs tend to be primiateive and inadequate.
  • Optimize the amount of time required to set up the test for each unit.
  • An ideal test runs with a single button press, and produces a pass or fail result. In practice, there are alwyas sopt points that require operator intervention, but try not to require too much.
  • Rcord test results correleeated to device seriveal numbers by incorporating a barcaode scanner into the test rig.
  • Like any program, test programs have bugs. Tests also need to evolve as your priduct is patched and upgraded. Have a machanism to update and fix test programs without visiting the facotyr in person.
  • Production tests are meant to check for assembly errors, not parametric variations or design issues. If a test is screening out devices becaus of normal parametric compoenent variations, either buy better components or redo your deisng.
  • It's good practice to rerun validation tests on a couple of randomly sampled units out of every several thousan units produced.
  • Every additional test run incurrs equipement costs, engineering costs, and the variable cost of the test time. As a result, testing is subject to diminsihgin returns: at some point, it's cheaper just to take a poduct reutrnthan to test more.
  • A final thougth: always apply solid engineering to your test jug design.
  • I chose to daisy-chain the connetions across the adapter and use a single multimeter to check the nedt resisteance of the daisy chain. By putting the connections in seriers, I could check all 50 connections with a single numeric measuremenqat.
  • There are good and bad ways to imlement even a test as simple as checking for cold solder joints on a cable adapter.
  • Even if your product passes all validation test with flying colors, it still may not be successful if consumers don't want it. Remeber: sex sells. To within a factor of two or so, the performance of a CPU or amount of RAM in a box is less imoprtant to a typical consmerm tahn how the device looks.
  • Trim and finish are difficult, making them poitns of distinction in a product's appearance.
  • Minimalizt designs are very hard to manufacture becasue with fewer features, even tiny blemishes stand out.
  • A good factory chooses you as much as you choose it, so forget the term vendor and replace it with partner. If you're doint it right, you aren't simply instructing the factory; there should be a frank disalogue about the trade-offs involved and how the manugacturing process can be imoproved. That's the only way to get the best product possible.
  • A healthy relationship with a facoty can also lead to better payment terms, which imporoves your cashflow.
  • First, pick the right-sized factory for your product. If you work with a factory that's too big, you risk getting lost in bureacracy and pushed out of the production line by bigger customers at critical times. Work with a a factory too small, and it won't be able to provide the services you need. As a rule, I pcik the biggest facility whre I can get direct access to the lao ban (factory boss) on a regular basis, becasue if you can't talk to the boss, you're nobody.
  • Second, follow the adage "Sunlight is the best disinfectant". If a factory won't quote wiht an open BOM, where the cost of every component, process, and margin is explicitly disclosed, I won't work with them.
  • As sillly as it sounds, being a pleasatn and constructive person goes a long way in currying the favor of your facility.
  • Mistakes ahppen, and being able to turn a bad situation tin ot a learning experience will benefit you on the day you make s tupid (and perhaps expenseive) mitake.
  • Openness aside, know that if a quote seems too good to be true, it often is. When negotiating prices with a factory, step back and check if the quote make sense.
  • A factory's first prerogative is survival, even if that means mixing defective4 units into lots to boost margin, or assigning novice engineers to a flagging project to better monetize their seasond engineers on more profitable customers.
  • In gerneral, margin ranges between single-digit adn low double-digit percentages, depending upon volume, value add, and project complexity.
  • Note that reusing test equipment between customers is consdiered bad practice; if a multimaete is required a spart of a production test, don't be surprosed if a bill for a mlutimeeter is tacked onto the NRE.
  • Despoite everyone's best efforts, mistakes will happen, customers will recieve bad devices, an you'll want extra working units for returns and exchanges.
  • As a general rule, I order a few percent excess beyoned the number of units I need to deliver to customers, to have stok con hand to handle returns and exchanges.
  • Keep an eye on shipping costs. These fees aren't typically built into a facotyr's quotation, butthey impoact your bottom line, even more so for low-volume products. Shipping FedEx is a great way to save time, but it's also very expensive.
  • Small engineering change orders can invalidate an import license.
  • As a rule of thumb, a small US-based company is often better off assembling PCBs in the United States for voklu nes under 1,000 units, adn you won't start seeing clear advantages until volumes of perhaps 5,000 to 10,000 units.
  • China has a reputation for lax enforcement of intellectual propoerty (IP) laws, and that leads to problems like facke and copycat products.
  • In fact, the spectrum of fakes runs an entire gamut of possibilities. Used and damaged good get upcycled; production rejects with minor flaws are refurbished and sold as orginials; orginial produts get relabled to advertise a higher capability or capacity, and so on.
  • Cloning and copying are alos common practices in China.
  • Here lies a key distinction between most Western innovators and their counterparts in Shenzen: everyone who is anyone in Shenzhen owns or has close ties to a factory. The fastest path to material wealth is selling more product. Arguing over who has rights to abstract ideas is a waste of effort best left for baijiu-fuled discussions after dinner. On the oppposite end of the psectrum are Western patent trolls so removed from factories that they probably don't even have a soldering irion, yet they invest millions of dollars into litigation and collecting royalities on ideas they didn't invent.
  • Rights atrophy and get squeezed out by competing interest if they aren't vigourously exercised.
  • Counterfieet chips can be particularly probelmeatic when they find their way into military projects. The US military has a unique probelm: it's one of the biggest and wealthiest buyeers of really old parts because military designs have shelf lives of decads. Lie anything lese, the older a part is, the harder it is to find, and sometimes contractors are sold fakes.
  • The most trivial counterfiet chips are simly empty lastic packages with authentic-looking top marks, or remoarked parts that share only physical traits wiht wuthentic parts.
  • I consider external mimicry trivial becasue fakes produced thais way are easy to detect in a factory test.
  • Refurbished parts are authentic chips that are dsoldered from e-wast and reprocessed to look new.
  • Some fakes are created on the exact same fabrication facility as authentic parts; they're run very late at night by rouge emloyess wihtout the manufacturesr's authorization and never loggged on the books. These unlogged production runs are called ghost shifts.
  • Second-sourcing is a standard indsutry practice where competitors create pin-compatible replacements for p9opular prpoduct ot drive price competition and strengthen the supply chain against aevenents like natural disasters. The practice goes bad when inferior parts are remoarked wiht the logos of permium brands.
  • The variety of counterfieting mthosds available, combined with the fact that many commodity parts have production cycles of onley a few years, presents a big problem for institutions like the US military, where design lifetimtes are often measured in decades.
  • The counterfeit chip situation is a mess, but some simple measures could fix it.
  • Embedding anticounterfeit measures in cihips approved for military use is one option.
  • Meanaging e-waste more effectively would also alleviate the counterfiet probelm.
  • If the Untied States dtopping shipping e-waste overseas for disposal, or at least groudn up the parts before shipping them, then the supply for refurbished chip s markets woudl decrease. Domestic e-waste processing would also create mre jobs, a resource as valuable as gold.
  • A final option to ensure trustworthiness for critical military hardware could be to establish a strategic reserve of parts.
  • Manufactuerere IDs are usually the ASCII character given by the hexadecimal value, not the hexadecimal values themselves. Confusing hex and ASCII is a possible sign that someone who didn't appreciate the meaning of the fields was running a ghost shifft making these [memory] cards.
  • Stacked CSPs place the microcontroller on top of the memeroy chip. This is significant;'y more complex than side-by-side placement because the chips must first have their inert back-side meterial ground off to make the overall height of the stack fit inside such a slim package. Despite the difficulty, stacking chips is popular because it allows vendors to cram more silivon into the same footprint.
  • FPGAs are very handy for implementing teim-sensitive hardware interfaces that software would have trouble emulating.
  • Usually if your design calls for an FPGA, you're pushing boundaries on mlutipe fortons, so a scarp rate of a few percent is to be expected.
  • Finally, it's imortant to note htat most vendores in a supply chain survive on signel-digit margins, so finding an extra 3 to 5 percent of "free money" on the most expensive part on a board virtualy doubles profitiablility. That provides a very strong incentive to cheat, especiialy if you tink you won't be caught.
  • The explosion of interest in hadware startups is in part thanks to the highly competitive manufactirng ecosystem that could fllurish only in a product-over-patent culter.
  •  To ensure source code could be shared freely, the software community created open source license.
  • Virtually every peice of hardware used to ship with a schematic. Somewher along the way, however, it becaome impossible for users to service hardware themselves wihtout breaking its warranty. Devices are now filled with trade secrets.
  • Hardware can't be purely open source, bceause at some point, ideas must translate into matter, and access to the objects required to transforma and shape matter is rarely open to the community.
  • If we allow technoogy to become a blcok box, we also surrent our agency to the companies and governments that produce and regulate it.
  • In hardware, what's good for hackers is also good for developers.
  • Brick-and-mortar retailers hire teams of buyers assigned to monetize shelf space. They think about products in terms fo revenue per shelf space, and they don't really see aything beyond that.
  • Everyone in the supply chain has a hand out: the distributor, the merchant, and the factory. Beyond that, market development funds and other slush money have to be factored in. At the end of the day, the shelf cost of a product is about three times your BOM cost.
  • Retailers are notoroisousl bad a tpaying on time.
  • Many retailers offer no-questions-asked return guarantees. That's great for the customer, but guess who services those returns? The reatiler passes the buck back to the entreprenuer!
  • Typically, most returned units aren't defective. They simply didnt' meet customer expectations, or the customer had buyer's remore after an impoulse buy.
  • Patents are a very natural way to protect hardware ideas.
  • The hardware model is readically different from the software model. Software si innately scalable. You can acquire 100,000 uerse overnight. Monetizing the user base in software is trickier, but most software plays start with scale and then worry about money.
  • Because hardwrae requires the movmenet of atoms to acquire a user, scalability si limited by the rate at which you can economically and reliably assembl your atoms and ship them to the customer. On the other hadn, there is a very natural point for monetization in hardware: the margin you cahrge on every unit sold. Money comes eqrlier and more often, but the growth rate is limited by pesky things tliek the alws of physics and the availablity of raw meterials and skilled labor to build the units.
  • Therfore, in hardwre, first ask this: what is your distribution channel, and how hard is getting your product to end users? Ultimately, the size of that pipe and the moetary drag on transactions limits the growth rate of your idea.
  • You'll be shocked at how many support calls you get from people who forgot to plug your product in.
  • I would typically recommend that a maker try to first fund reasearch adn development out of pocket, or with a very friendly angle loan.
  • I don't think it's a god idea to fund early reaserach and development with Kickstartedr or other crowdfunding platforms becaus of the hard commitments you have to make to customers early on.
  • In crowdsourcing your moeny, you've also crowdsourced your board of directors.
  • Ship or die! Particularly if you've accepted VC funding. The moment VC meony hits your books, you're on a fixed-length fuse. If that fuse runs out and you haven't created substantial value, a bomb goes off that wipes out a chunk of your valuation.
  • In the face of "ship or die," don't look to ship the perfect product. Shipping a product that's good enough is more important than shipping a great product late, especiialy in consumer electronics or any simliarly seasonal business. In consumer electronics, up to 90 percent of your bsiness can happen in the fourth quearter.
  • A secodn piece of advice I'd give to hardware companies is to aim high with price. It's virtually imposssible to raise your pricing if you start oto low, and there' nothign liek a sale to get people to buy.
  • Aiming too low on pricing effectively robs you of the ooportunity to use reatil as as possible distribution cahennl, and you simultaneously lose the opportunity to have sales and promotions yourslf. Promotions are imortant becasue viral marketing can only get you in front of a customer once or twice at best. So when you put your heart and soul into your product, price it liek you mean it.
  • A more counterintutinve tihing I learned is that accessories and packaging can talke more imte to develop than a product.
  • Pivoting is so imortant for a stratup. A startup has to be able to run circles around bing companies.
  • But that does show a flaw of fact-based reasoining. Engineers love to make decisions based upon acvailable data nd high-confidence modesl of the future. But I think the real visionaries either don't know enough, or have the sheer conviction and courage to see past the facts and cast a long shot. It's porbably a bit of both. taking risks also means there's a bit of luck invovled.
  • Generally, if you can suffer doing a hardwrea startup through bootstrapping, it's worthwhile. A broad range of hardware products can be bootstrapped at first--and then Kickstarted, debt-financed, or VC-funded to scale.
  • Any hardware company that has passed the ide phase and is entering the scaling-up phase has to be razor-focused on operations adn cash flow. Maintain a build-to-order paradigm is critical but difficult: a key metric for any hardware company, scmall or large, is how quicly you can turn inventory into cash. There are two halves to the equiation. One is leaning up your supply chainad and trimming lead times so you don't need to sit on much inventory, yet can satisfy new orders quickly. The other is leaning up your cash management so you can bill customers quicly while stretching your crdeit lines as far as possible. That's a multidimesntional optimization problem that can make you rhead explode without the right staff, so your team should include a crack operations director and someone adept in semi-exotic financial instruments liek factoring insurance, collateralized lines of credit, and trade contracts.
  • Being able to access China effectively early offers a disruptive advantage to your startup (it's hard toignore thte order-of-magnitude advatage CHina has over the UNited States in assembly costs), but working with China does come at ahuge cast and risk to the organization.
  • The coolest piece of hardware you'll ever own is your body, and if that's not working well, there's no hope for aything else.
  • If you don't have the stamina to work, it's hard to turn opportuniteis dinto outcomes.
  • One of the most critical outcomes fomr my year of soul searching was the realization that the best days of open hardware are still ahead.
  • Running existing code on backward-compativble CPUs has almost always been faster than poting old code to a new microacrchitecture.
  • Sitting and waiting have long been more profitable than innovating. If it takes two years to double the performance of a system, you're better off somimmply waiting and upgrading to the latest hardware in two years. Racing against Moore's law is a Sisyphean exercise.
  • One day, you won't be able to rely on buying a faster computer next year.
  • As Moore's law decelerates, there's also potential for greateer stadnarization of platforms.
  • Complexity is the devil.
  • Upstreaming just means that a package that is part of a derivatieve operating system becomes part of the distro it's derived from.
  • As a final note, if there's one thing I have learned in the hardware business, it's that you can't count your chickens before they hatch.
  • Most consumer electronic devices are an amalgamation of rigid PCBs with SMT reflow or throgh-hole wave sodering, ABS or PC injection modling, sheet-metal forming, and some finishing processes like paointing or electroplating.
  • Developin gthose new processes doesn't have to be expensive--as long as you're willing to go noto the factory floor and direct the improvements yourself. IN other words, the expensive bit of process development is typically paying the experts developing and qualifying the process, not so much the equipment or matierls.
  • Kickstarter and Indiegogog have ben plauged by nondelivery scams, and their blithe, caveat emptor attitude around campanaigns highlights the conflict of interest between consumers and crowfunding websites.
  • As one of my Chinese friends once remarked, Mnadarin is a wonderful language for poetry and arts but difficult for precise technical communications.
  • Not all simple requiest are simple for everyone.
  • Eliminate single points of failure.
  • We spent almost three weeks haggling and quoting with ocean firehgt companies. In the end, their price was basically the same as going by air but would take three weeks olonger and incurred more risk. Fiehgt cost is apparaetnyl a minor compoent of shipping by ocean, and you get killes by a multitude of surcharagers, from paying thelongshorment to paying all the intermediate brokers and warehouses that handler your goods at the dock.
  • Engineering and reverse engineering are two sides of the same coin. The best makers know how to hack their tools, and the bst hackers routinely make new tools.
  • Engineering is a creative exercise; reverse engineering is a learning excersie. When you combie them, even the toughest problems can be solved as a creative learning exercise.
  • I spent over a quearter-centery in school, buit I've learned more about electornics from reverse engineering.
  • Highly skilled engineers develop clever thricks without realizing how innovative they are. Those tricks often go undocumented or unpateneted, and the only way to tap theat knowledge is to decipher if from finished designs.
  • But anyone who has raised a child knows that learning though emulation is a part of human nature.
  • If you can't hack it, you don't own it.
  • Technology is fundamentally neutral toward human ethics; the people who control technolgy are responsible for applying ti ethically.
  • Incerasingly, our technology infrastructure is becoming a monoculter managerd by a certel of technology provideers.
  • Looking outside your primary field for fresh ideas is wvery helpfu for problem solving.
  • While engineering is ca creative activity, hacking is an importanat and often underreatted learning exrcseil. The ability to effortlessly switch modes fro mforward to reverse enginering is a powerful tool, and the right to hack is the foundaion of a healthy technological culter.
  • The biggest barrier to hacking is often the fear that you'll break something while poking around. But you have to break eggs to make an omlet; likewise, you have to be willing to sacrifice devices to hack a system. Fortunately, acquiring multiple copies of a mass-produced peice of hardware is easy.
  • I generally try to start with three copies: one to tear apart and never put back together, one to probe, and one to keep relatively pristine.
  •  My typical appracoch to any hardware hack is first getting the device open and; then getting a probe in just the right spot without affecting the device's functionality. When you're looking inside computer chips, thath's virtually the entire cahallange.
  • The goals is to make the primary limitation how fast you can think of ideas to test, not how long it takes to upload a change to test those ideas.
  • Hacks often push the boundary of what's legal and what's been tested in the courts.
  • Keeping a secret is a common challenge for any security system. To solve this chalenge, csecurity system designers frequently hide secrets inside silicon chips becasue the chips' rugged epoxy packages and tiny geometreis are difficult to pepenetrate and inspect. This sounds good in theory but is problematic in practice. Chip designers make mistakes, and when a chip has a problem, the designers need a way to pen it up and investigate. This situation is so so common that there are commercial services that specialist in opening up cips expressly for that purpose. Called failure analysis services, they've mastered several techniques for removings tought epoxy from chips.
  • PICs typically have configuration fuses, which you can activate to prevent certain regions of memory from being read or written to. But there's often a legitimate need to read the contents of a secured, programmed PIC.
  • So, I've found the easiest and most reliable way to decap a chip is to just send it to a failure analysis lab. For about $50, you can have a decapped part in two days.
  • Functionally decapped: silicon revealed wiht the device still in its lead frame, fully functional.
  • Fully decapped: just a bare silicon die with no package.
  • Because physics is the same everywhere, most of the fine-grained struture in a silicon schip loks pretty much the same, no matter who makes the chip. These cosntraints propogate their way up to the system level, and with a bit of training, you can read a silcon chip like a book.
  • Full-metal shields covering a device are very rare in silicon, so they're like a big X marking the spot where somthing very important is kept.
  • Still, this hack underscores the fact that quite often, the hardest part of silicon hacking is removing the outer package, and fortunaely, there are cheap, if obscure, services available to assist with that problem.
  • Flash memory is billed as a contiguous, reliable storage medium, and it's really cheap--so cheap that the premise is literally too good to be true. In reality, all falsh memeory is riddled with defects, without exception. It crafts the illusion of reliability through sohpihisticated errro correction and bad-block managment functions. This sysstem is the result of a constant arms race between the engineers and moter ature: every time the fabrication process shrinks transistors, memeoy becomes cheaper but more unreliable. Likewise, with evey generation of chips, engineers create more sohpisticated and complicated algorithsm to compoentsate for nature's propensity for entropy and randomness at the atomic scale.
  • These algorithms are too complicated and too device-specific to be run at the application or operating system leve, so every falsh memoyr disk ships with a reasonable powerful microcontroller to run a custome set of disk abstraction algorithms.
  • A memory card's embedded microcontroller is often a heavily modified Intel 8051 or ARM CPU that approaches 100 MHz performance levels and has several hardware accelerators on-die.
  • Every flash implemenation has unique algorithmic requirments, multiplying the number of hardware abstraction loaywers a microcontroller must handle. This complexity inevitibly leads to bugs, meaning indelibly burning a static body of code into on-chip ROM just isn't feasible, particularly for third-party controllers. Thus, a firmware loading and update mechanism is virtually mandatory.
  • Althought it took a lot of time to devvelop an interactice tool with such a rich feature set, the effort quickly apid off because we could test complext hypthese using automated fuzzing frameworks.
  • We hijacked the inteerrrupt processing mechanism and remapped the default handerl to our own 512-byte code stub. That allowed us to define a novel set of SD commands tha we used to implement the callback functions our REPL environment needed, like peek, poke, jump, NAND register manipulation, and so on. These callbacks were also an ideal hook for implementing an MITM attack.
  • From a security perspective, our findings indicated that while memory cards look inert, they run code that could be modified to perform MITM attacks that are difficult to detect.
  • If you're using an SD card in a high-risk, high-sensitivity situation, don't assume that running a security-erase comand (or some other secure erase tool) on a card will guarantee the comlete erasure of sensitive data. If you really need data to disappear, I recommend dispoising of your memeory card through total physical destructino.
  • Just as engineered systems have hacks, legal systems have loopholes. SOme legal loopholes exist by design; others are unintentional.
  • My first step in reversing a chip is always to dump the ROM, if possible.
  • The assembly for a hash function tends to hve a very distinctive shape, or set of instructions, and a given hash also has some amount of magic numbers unique to it. Given those facts, when trying to reverse an authentication method, one of the first things a hacker does is use IDA to search for such constnacts near a function with the sahpe of the hash function in question.
  • There are dozens, if not hundreads, of open source operating systeme but only one Linux. The truth is that there are far more interesting ideas than capable developers to execute them. For an open source project to catch fire and become self-sustaining, it has to not only pass the minimum viable product (MVP) stage but also meet a receptive audience with a real need for the project.
  • Try a bunch of different things, see what sticks, learn from your mistakes, and try again. It's important not to get too wedded to any one idea, especially if the idea isn't working out. Finally, you'll find it helps to be more about the journey than the destination.
  • I find it heartening to see biologists and hackers applying similiar techniques to reverse engineering complex systems.
  • Electronics technology reshaped the way we think and comunicate, and biotech will reshape our bodies and our environment.
  • As humans, we fundamentally feel differently toward physical things and virtaul things. As a result, there will always be a place for people to make hardware that fills this need for tangible goods.
  • I see an ongoing trend toward product deisgn becomming more feasible at low volumes.
  • These small-run products will be develope and sold by teams of just one or two peolel so that the profit will still  be a good living for the individuals. The key to the success for these prodcts is that they are highly customized and help solve a specific problem for a small group of users who are willing to pay more for the soltuion.
  • There is no magic in technology.
  • Unlike software, hardware requires a supply chain, distribution, and a network of relationships to build it at a low cost.
  • In software, the cost to copy, modify, and distribute is basically zero.
  • But copying hardware has a real cost: the parts, the factories, and the skilled workers used to build them; the quality contorl procedures; and the manufacturing pricess are all important factors in the final rpdocut's cost, look, feel, and performance. SImply giving someone a copy of my schematics and drawings doesn't mean thy can make my exact product.
  • One of my key theories bechind open source hardware is that regardless of the license, hardware is essentially open, at least at the level of schematics and PCB layout.
  • But the most innovative products today are't just peices of hardware. They also involve softaware and services. Open hardware business models work better in such hybrid products.
  • Controlling access to an ongoing service is also much easier than controlling the plans for a peice of hardware.
  • Thus, if you couple a profitable online service with your hardware, open hardware makes a lot of snese. Letting other peope copy the hardware, sell it, and add more users to your online service simply means you get mor revenue without more risk.
  • Every country that is a technology powerhouse today started with manufacturing.
  • China is just turning the corner from being a manufacturing-oriented economy to one that can do more design and software technology. I belive this is a netural series of events. Some portion of entry-level workwers will eventually become technicians, then some techncians will become designers, and finnaly, some designers will becom successfull entrpreneurs.
  • All software APIs are simply constructs of human opinoins.
  • The field of software itself is only 30 years old, and older, more experienced engineers are also the most out of date in terms of methodolgy and knowledge. In fact, the young engineers often have the best ideas. But if it's culturally difficult for yung engineers to challange the decisions of elder engineers, you end up with poorrly archiitected code and no hope to be competive.
  • At the end of the day, the most critical factor to success will still be how much value consumers perceive from a product. This is related to superior features and good product quality, but the presentation to the constumer and how clearly the benefits are explained are important, too.
  • As a result, any product will need to be visually appealing, be easy to use, and come with marketing material that clearly explains the benefits of using it.
  • The universe has a lot of patterns to it, and sometimes, you'll find seemingly unrealted pieces fitting othgether like magic. Discovering these links and seeing the world fit together like a big jigsaw puzzle is profound and satisfying.
  • But I have two rules when handling failure:
    • Don't give up.
    • Don't make the same mistake twice.
  • If you follow these rules, eventually, you'll find success after many failures.
  • I believe users should own thie rhardware, and owing somehting means having the right to modify it and having root access rights.
  • The hacker spirit is the ultimate expression of human problem solving ability. It's about the ability to see the world for hwat it is, and not the constructs and conventions that society puts in place.
  • Hackers question converntion through the lens of doing what' smost practic al and correct for the situation at hadn.
  • I think it's important for a society to cultivate and tolerate the hacker spririt. Not everyone has it, but the few who do help make society more resiliet and survivivable in hard times.
  • From the very beggining when you start desigining, I think about how to make something manufacturable.
  • There are a lot of aspects you could forget [when designing]? The two that come to mind first are the ability to source the mateierlas and the yeild.
  • Every step of the manufacturing process has some fallout. If every step is about 99 percent yield and you take 10 steps like that, your yeild will be about 90 percent.
  • It's crucial to build a system that is robust and reqorkable so that every stp can be coupled with another step to minimize yeild fallouts.
  • One reason the Xbox's security was relatively easy to break was because of the assumption that hardware was hard and solering was difficult. But if you know how to solder, breaking the security is very easy.
  • I showed people that the "magic" was actually pretty simple manufacturing technques.
  • People are starting to get into hardware more and more. The problem is that a lot of peole think they have to add hardware to products now, yet have no idea how.
  • Margins are much fatter online, so companies that start business online from the beginning tend to udnerfprice their products. Then, when they get to retail, they can't survive.
  • There is a huge mismatch between the way manufacturing bas been done and the way it needs to be done to match these more agile, lean, and honestly, less experienced companies.
  • You don't just go to China and expect them to do it right.
  • The reason a lot of crowdfunding campaings fail to deliever is because they price too low. They can't actually build the product for the price they set.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)