Few years back I started thinking about how much information could be extracted from a phone’s inertial sensors to guess some sensitive information such as PIN / UnLock Codes / other passwords. One of the first papers a came across was (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers where the authors were able to decode strokes from a nearby keyboard using the phone’s inertial sensors.

Not until a couple months ago a started working on this more seriously, when I wrote few applications to retrieve data, started analysing and came to some conclusions. …

Pebble ( http://www.getpebble.com) is a smart-watch pretty popular for rasing more than $10 million from a Kickstarter campaign.

Features a STM32 microprocessor as can be seen in wikipedia ( http://en.wikipedia.org/wiki/Pebble_(watch)).

Pebble’s update package contains a bootloader image but I wanted to dump what really is on the internal flash.

In this post I dump the memory content using a logging feature provided by pebble’s sdk, which allows a developer to send text from the watch to a monitoring computer.

The next image shows the memory map of the microprocessor and how the flash is mapped onto the memory space, which…

Almost every company manufacturing Embedded Systems produce their own boards with their very own peripherals, which of course, need to be initialized when the boards is powered up.

They can go from simple leds, to amplifiers or external appliances, but what they usually share is that they depend on GPIOs so they need to be properly set to a specific output. It is pretty ugly to see leds blinking or a fan that starts without meeting the requirements.

This of course needs to be done during the whole boot process till the Embedded Application takes control of the hardware.

I…

A few days ago I hit an awful bug in the iOS’s TCPI/IP stack which drove me crazy for a while since everything worked fine on other devices except a brand new iPad.

The problem appears when UDP packet’s payload is larger than 9200 bytes; Beyond this limit the app will always read 9216 Bytes, losing the rest of the data.

I need large UDP packages since I am working on a Real-Time video transmission protocol which need as little latency as possible < 100ms and quality must be acceptable. I need large UDP packets in both side, specially in…

If some day you find yourself debugging u-boot, or maybe another bootloader, you will probably face a problem when setting breakpoints at some symbols; the application doesn’t stop where you have told the gdb to.

Bootloaders usually are written to the system’s flash so the microprocessor starts executing there at a specific address and at some point they copy themselves to RAM in order to perform different kind of operations.

Once you have compiled u-boot, the symbol table you have is referenced to the flash starting address where u-boot resides; once it has been relocated to RAM the addresses for…

After my last post I got a request from @trufae asking for a benchmark against Android’s bionic library so there I go. I begun compiling the available bionic’s strlen version and running the same test as in my previous post.

The first thing I noticed reading the bionic’s strlen version is the they use a better way to detect the null character, which reduced by 1 instruction my straight forward byte-to-byte search which, of course, would lead to a performance improvement. They also unrolled the loop a little bit more up to 4 ldr instructions.

# This is inline C…

Note: This optimization are for an ARMv5 processor (arm926ejs) further improvement could be achieved in a newer ARM versions

The next function I want to play with is strchr() used for locating a char in a given string; returns a pointer to the first occurrence of the character or NULL if not found.

char *strchr(const char *s, int c);

The code I have come up with has 4 differentiated sections as can be seen in the code listing below:

• Lines 12–18: Address is un-aligned so we look for the given and null character and then leave or we hit an…

Few weeks ago I started a personal project to enable lua programming under u-boot to allow easy access of peripherals and create small embeddable initialization scripts which I have missed during professional Embedded Development.

Another goal of this projects is to optimize u-boot’s ARM code so the first optimization go through string manipulation functions, today strlen().

The current strlen code is just a simple C loop looking for 0x0 to then return the number of Bytes read. This is far from optimum since it really miss some interesting ARM features and algorithmic improvements.

Here is the code I have come…