STM32 + Gotek floppy emulator

User avatar
ddrown
Posts: 128
Joined: Sat Jan 09, 2016 4:49 am

Re: STM32 + Gotek floppy emulator

Post by ddrown » Sat Mar 04, 2017 5:25 pm

I am interested in this topic too. I've been thinking about how to securely store an encryption key on the mcu. Enabling read protection and disabling the debugging peripheral seems like good first steps.

User avatar
sheepdoll
Posts: 232
Joined: Fri May 22, 2015 12:58 am
Location: Silicon Valley Vortex
Contact:

Re: STM32 + Gotek floppy emulator

Post by sheepdoll » Sat Mar 04, 2017 8:18 pm

I am finding this topic of interest too as I have reverse engineered a number of abandon ware project where the originators are dead or of advance age. Interesting enough I just posted some code this week to git from a floppy disk based MIDI file player. That project I did not reverse engineer. I Used the specs from similar Yamaha, Rolland Yamaha. Piano Disc and QRS interfaces. I had inherited the 8051 project, then after the company failed ported my code to AVR. By the time I got the player to work floppy disks were obsolete.

I put my obsolete AVR code on git along with some code for MIDI driver interfaces
https://github.com/sheepdoll/AVRMIDIHardwareASM.git

It may be of interest for others to see two different takes on code that runs on the same hardware. The first attempt was to create code that was based on the user manual documentation specifications. Namely the SYSEX dumps. ATMDI88.ASM was the result. When the successor to the creator of the board got ill then passed away I found the online updater code posted as shareware http://midiator.millsnovelty.com/Software/index.html

As I use this hardware in production, I took over some of the support on this product. Not sure how long the above website will be active. The current maintainer is of advanced age with family and personal medical issues. I found in a local surplus store the remaining stock of programmable Roms. I inherited the remaining hardware to complete in case the existing production units fail. So far no critical systems have failed. (or else they have been upgraded to newer hardware) When Arduino happened;. Now one can build an equivalent device for the cost of a single starter kit. The legacy 68HC11 chips alone can individually cost as much as an Ardino starter kit or Raspberry pi.

As there is/was updater code released online, I was able to dump the .S file then dump the update section (which uses MIDI SYSEX messages.) This was done with a windows 98 machine, which I no longer have. This resulted in the port from 68HC11 inside the git as OctetAvr.asm.

Now to the topic of this thread The floppy disk emulator. My MIDI floppy player was designed to interface to the OCTET UM0. This was not an emulator, although I considered coding one. Interesting enough to change a Hardware floppy disk assembly to work with these MIDI players one has to set the straps on the FDA the same as an AMIGA.

As noted I inherited the first 8051 based MIDI file sequencer hardware with no driver software. I was hired to write it from scratch. The hardware used the SMSC37C38 floppy disk controller that was used in most PC floppy disk cards and laptops. I started with the POSIX driver code and had to simulate the DMA using the chip register mode. In theory the chip could run in NON DMA mode. In contacting the manufacture they claimed that I and the people who could not write the software that I inherited were the only ones that wanted to use this chip register mode. That there was a silicon bug.

As I did get it to work on the AVR I think that there was not really a silicon bug (Or I worked around it.) By the time I got it working (10 years ago) floppies were obsolete. I sold about 5 units to recover costs. Still have the better part of a tray of the controller SMSC37C38 chips and AT90S8515 processors with like a 0247 date code. Yes 47th week of 2002. These are first generations AVR and have a speed grate of 4 MHz! I also have the 128KB SRAM chips, which could be useful If I could figure how to interface them. I am pretty sure there is no market for adding a floppy disk drive to a F103 or F104, although it would probably be trivial using the on board support for DMA mapped devices.

What most folks want is the other way make old hardware see a flash drive as a floppy. There are two ways then to emulate floppies on embedded systems. One is to emulate the analog timing and motor step control. The other would be to replace the SMSC37C38 which is a register device that works similar to the way the poplar hx8257 LCD drivers work. In either case one is mapping the storage space by cylinder track head addresses. Where the fun begins is dealing with FAT12 non bit aligned FAT entries as well as sparse sectors which jump tracks, so one has to buffer the track and write things in Fat order rather than file order. Anyone want a SPI based Floppy interface for Arduino? I think I may have some interesting Retro hardware for my sadly neglected blog. The Floppy disk Shield :twisted:

At least with floppy disk emulation one does not have to worry about badCRCs and misaligned tracks.


None of this is new. Back in the early days of Hard drives and the Apple ][ computer there was a company called Corvus, which made Hard drives. When the Apple /// and the //e came out. They made a parallel port connected drive. My first hard drive was one of these. All of 18 megabytes. When it was connected to the Apple ][ Dos system it would look like a stack of floppy disks. Each with it's own drive letter. On the apple /// one could have the whole drive partitioned as apple had the 5MB 'profile drive' (later used on the Mac and Lisa) In my spare time I wrote the proDos driver. As usual by the time I got it to work, Corvus was bankrupt. I did use that 18MB drive on my Mac by converting it to SCSI. A lot of storage space for 1987. I upgraded the HDA a number of times keeping the old case, Till SCIS became obsolete. I do still have on black foam, the Apple ][ driver rom with it's glass window, wonder if the Apple ][ code is still programmed. My code is long lost unless it is somewhere on the stack of Apple //e floppy disk images stored on a CD rom somewhere in my backup drawer.

User avatar
RogerClark
Posts: 6134
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: STM32 + Gotek floppy emulator

Post by RogerClark » Sat Mar 04, 2017 8:47 pm

ddrown wrote:I am interested in this topic too. I've been thinking about how to securely store an encryption key on the mcu. Enabling read protection and disabling the debugging peripheral seems like good first steps.
I think that storing the key in a read protected STM32 should be pretty secure, unless someone will tens of thousands of dollars wants to get hold of it, and in case I suspect they would just hack your dev machine to steal the key

Depending what you are using the encryption key for, You may be interested in the secure bootloader that Nordic Semi use ( its open source).
Where they use PKI with the public key in the bootloader and the binary to be uploaded has to be encrypted with the private key. So even if someone manages to read back the bootloader ( and public key) from the MCU, they cant generate valid binaries, as they only have the public key.
BTW. Nordic needed to do it this way because of a bug in the nRF51 silicon which mean it is generally (but not always) possible to read back the flash. They have fixed the problem in the nRF52, but still sell the nRF51 in large quantities as its cheaper.

User avatar
Pito
Posts: 1279
Joined: Sat Mar 26, 2016 3:26 pm
Location: Rapa Nui

Re: STM32 + Gotek floppy emulator

Post by Pito » Sun Mar 05, 2017 1:54 pm

It always depends on the potential damages caused by hacking the keys. Sometimes $100k is worth to spend - talented hackers will do it even cheaper :) (ie decapsulate the chip package and erase the flash cell holding the read security bit).
So for highest security you need special chips with countermeasures built into the silicon.
Attacks for example:
http://www.cl.cam.ac.uk/~sps32/NCL_2011.pdf
Today you can simply measure the mcu's Vdd current with a digital oscope-like tool and you will extract the keys within minutes.
And here - just listen to your notebook's noise and get the keys
https://www.youtube.com/watch?v=DU-HruI7Q30
:shock:
Pukao Hats Cleaning Services Ltd.

User avatar
BennehBoy
Posts: 420
Joined: Thu Jan 05, 2017 8:21 pm
Location: Yorkshire
Contact:

Re: STM32 + Gotek floppy emulator

Post by BennehBoy » Sun Mar 05, 2017 4:24 pm

I had no idea it was possible to go those lengths to reverse engineer something. Crazy.
-------------------------------------
https://github.com/BennehBoy


User avatar
RogerClark
Posts: 6134
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: STM32 + Gotek floppy emulator

Post by RogerClark » Sun Mar 05, 2017 8:23 pm

Thanks for the links.

User avatar
sheepdoll
Posts: 232
Joined: Fri May 22, 2015 12:58 am
Location: Silicon Valley Vortex
Contact:

Re: STM32 + Gotek floppy emulator

Post by sheepdoll » Sun Mar 05, 2017 9:26 pm

I use a program called expressPCB to do layouts. The user files are encrypted.

A few years back this encryption was hacked. The issue was that every time the document was saved it generated a new key that was stored in the plain text part of the code. Since only the key changes when the file was saved the breakers could see what encryption was used. The result analysis was that if they had not changed the key so often the pattern would be harder to detect.

User avatar
Pito
Posts: 1279
Joined: Sat Mar 26, 2016 3:26 pm
Location: Rapa Nui

Re: STM32 + Gotek floppy emulator

Post by Pito » Mon Mar 06, 2017 6:23 pm

BennehBoy wrote:I had no idea it was possible to go those lengths to reverse engineer something. Crazy.
17y back I had a security consultant telling to us - "hey guys - do not enter your passwords or another keys when using CRT displays - the electron beam and the deflection coils radiate and the bad guys can receive it 5 blocks away and they see what you write..". So nothing new..
I doubt it is possible to keep your keys secret these days :)
Pukao Hats Cleaning Services Ltd.

teevee
Posts: 3
Joined: Wed Mar 01, 2017 6:15 am

Re: STM32 + Gotek floppy emulator

Post by teevee » Mon Mar 13, 2017 8:49 pm

BennehBoy wrote:I don't think the OP is coming back, but it's still an interesting thread.

I was looking at one of these devices to put into an Amiga - it seems pretty simple to flash them with different firmware from what I've seen, and the firmware is 'obtainable'.
I just checked back :roll: I sadly came to the conclusion, that the STM32 is still bulletproof and I have to live with two devices, which are not identical in matter of firmware. Because I dont have the knowledge to get it out :/

I got those 2 two gotek floppy drives, 1 x ft232r usb uart to communicate with the chip and a eprom burner/reader, but it does not help me in this case :/ I also dont want to download a random firmware from the Internet. I want the one, which is flashed onto on of my devices.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest