Daily Archives: November 29, 2022

A Modchip To Root Starlink User Terminals Through Voltage Glitching

Posted on by

[…]

this modchip-based hack of a Starlink terminal brings us.

[Lennert Wouters]’ team has been poking and prodding at the Starlink User Terminal, trying to get root access, and needed to bypass the ARM Trusted Firmware boot-time integrity checks. The terminal’s PCB is satellite-dish-sized, so things like laser fault injection are hard to set up – hence, they went the voltage injection route. Much poking and prodding later, they developed a way to reliably glitch the CPU into verifying a faulty firmware, and got to a root shell – the journey described in a BlackHat talk embedded below.

To make the hack more compact, repeatable and cheap, they decided to move it from a mess of wires and boards into slim form-factor, and that’s where the modchip design was made. For that, they put the terminal PCB into a scanner, traced a board outline out, loaded it into KiCad, and put all the necessary voltage glitching and monitoring parts on a single board, driven by the venerable RP2040 – this board has everything you’d need if you wanted to get root on the Starlink User Terminal. Thanks to the modchip design’s flexibility, when Starlink released a firmware update disabling the UART output used for monitoring, they could easily re-route the signal to an eMMC data line instead. Currently, the KiCad source files aren’t available, but there’s Gerber and BOM files on GitHub in case we want to make our own!

Hacks like these, undoubtedly, set a new bar for what we can achieve while bypassing security protections. Hackers have been designing all kinds of modchips, for both proprietary and open tech – we’ve seen one that lets you use third-party filters in your “smart” air purifier, another that lets you use your own filament with certain 3D printers, but there’s also one that lets you add a ton of games to an ArduBoy. With RP2040 in particular, just this year we’ve seen used to build a Nintendo 64 flash cart, a PlayStation 1 memory card, and a mod that adds homebrew support to a GameCube. If you were looking to build hardware addons that improve upon tech you use, whether by removing protections or adding features, there’s no better time than nowadays!

Source: A Modchip To Root Starlink User Terminals Through Voltage Glitching | Hackaday

Rolls-Royce successfully tests hydrogen-powered jet engine

Posted on by

Britain’s Rolls-Royce (RR.L) said it has successfully run an aircraft engine on hydrogen, a world aviation first that marks a major step towards proving the gas could be key to decarbonising air travel.

The ground test, using a converted Rolls-Royce AE 2100-A regional aircraft engine, used green hydrogen created by wind and tidal power, the British company said on Monday.

[…]

Planemaker Airbus is working with French-U.S. engine maker CFM International to test hydrogen propulsion technology.

It said in February it planned to fit a specially adapted version of a current generation engine near the back of an A380 superjumbo test plane.

The aircraft manufacturer however told the European Union in 2021 that most airliners will rely on traditional jet engines until at least 2050.

A switch to hydrogen-powered engines would require a complete redesign of airframes and infrastructure at airports.

Eric Schulz, chief executive of SHZ Consulting, said in July that the changes in design are so massive it would take more than one generation of aircraft to get there.

Other technologies backed by companies such as Rolls-Royce include electric engines, which would be initially suitable for short flights, and sustainable aviation fuel (SAF).

Engines that are already in service can use a mixture of SAF and conventional fuels, but it is only currently produced in miniscule levels.

It could eventually be produced by combining carbon captured from the air with green hydrogen, but the process is energy intensive and not yet available on a large scale.

Source: Rolls-Royce successfully tests hydrogen-powered jet engine | Reuters