Difference between revisions of "Beamo Hacking"

From Eleccelerator Wiki
Jump to: navigation, search
(Created page with "The FLUX Beamo is a relatively inexpensive and small laser cutter. Its brain is made of a Raspberry Pi married to a STM32F103 microcontroller. This page is also probably appli...")
 
(Firmware Updates)
 
(4 intermediate revisions by one user not shown)
Line 12: Line 12:
  
 
The screen is displaying a web page. The contents are located in /var/fluxmonitor/data/panel/
 
The screen is displaying a web page. The contents are located in /var/fluxmonitor/data/panel/
 +
 +
The web interface can also be viewed from port 8000. Use your browser's developer tools to begin hacking. I was able to hack a temperature display into the job progress page. There are also APIs to send G-code while you are on the maintenance page.
  
 
==Recent FC Files==
 
==Recent FC Files==
Line 24: Line 26:
  
 
The .bin file is loaded to the STM32 using its built-in bootloader over UART. This is well documented, look for ST's document CD00264342.
 
The .bin file is loaded to the STM32 using its built-in bootloader over UART. This is well documented, look for ST's document CD00264342.
 +
 +
There are also two Python pre and post process scripts that seem empty. Perhaps this is a convenient payload for hacking.
  
 
==Old Source Code==
 
==Old Source Code==
  
Some outdated source code can be found inside /home/pi/fluxmonitor/
+
Some outdated source code can be found inside /home/pi/fluxmonitor/ . Although outdated, it contains critical information, such as the GPIO pin mappings, the fc file loader, etc.
  
 
==FLUX Task (fc) Files==
 
==FLUX Task (fc) Files==
  
 
I have taken some clues from the source code to be able to understand the fc files that Beam Studio generates. Have a look at https://frank26080115.github.io/flux-fcode-tools/ for conversion tools that I've written.
 
I have taken some clues from the source code to be able to understand the fc files that Beam Studio generates. Have a look at https://frank26080115.github.io/flux-fcode-tools/ for conversion tools that I've written.
 +
 +
==Mainboard FW==
 +
 +
The mainboard.bin file from the fxfw package contains ARM instructions and strings that indicates it's a fork of grbl 1.1f indicated by the string "VER:1.1f.20170227". There are much more hints to the additional capabilities that FLUX added, such as "Gradient print mode ON" that doesn't exist in any known grbl variants. There's also something in it called "NCODE_NOT_ACCEPTED", perhaps that's their name for the raster pixel data format.
 +
 +
More in-depth disassembly is possible, and it uses a standard STM32 startup script so it's easy to find the reset vector and the main() function call. After that, reading assembly code becomes a bit nightmareish. Perhaps it'll be easier to try matching sections up against the assembly listing of a known build for STM32.
 +
 +
$I reports back "VER:1.1f.20170227 OPT:VZN,9,0"

Latest revision as of 13:24, 8 July 2020

The FLUX Beamo is a relatively inexpensive and small laser cutter. Its brain is made of a Raspberry Pi married to a STM32F103 microcontroller. This page is also probably applicable to the Beambox.

Contents

[edit] Obtaining Raspberry Pi Access

On boot, there's no prompt, no desktop access. SSH access is enabled but the password is unknown. Changing the cmdline.txt file will not help grant access to the shell. UART also does not provide a shell, just the boot log.

The microSD card can be removed and the EXT4 partition on it can be mounted into any Linux desktop computer. From this point, all the files on it can be accessed.

To obtain SSH access, follow instructions on https://www.maketecheasier.com/reset-root-password-linux/ , but instead of changing the root password, instead, make a new account with a new password. Add the new user to the sudo-er list.

[edit] Editing Screen Interface

The screen is displaying a web page. The contents are located in /var/fluxmonitor/data/panel/

The web interface can also be viewed from port 8000. Use your browser's developer tools to begin hacking. I was able to hack a temperature display into the job progress page. There are also APIs to send G-code while you are on the maintenance page.

[edit] Recent FC Files

Files sent to the Beamo are found inside /var/gcode/userspace/Recent/

[edit] Firmware Updates

Files are found in /var/db/fluxmonitord/update_fw

fxfw files are actually ZIP files. Inside, there will be a .bin file for the STM32, and a Python .egg file for the Raspberry Pi.

The .bin file is loaded to the STM32 using its built-in bootloader over UART. This is well documented, look for ST's document CD00264342.

There are also two Python pre and post process scripts that seem empty. Perhaps this is a convenient payload for hacking.

[edit] Old Source Code

Some outdated source code can be found inside /home/pi/fluxmonitor/ . Although outdated, it contains critical information, such as the GPIO pin mappings, the fc file loader, etc.

[edit] FLUX Task (fc) Files

I have taken some clues from the source code to be able to understand the fc files that Beam Studio generates. Have a look at https://frank26080115.github.io/flux-fcode-tools/ for conversion tools that I've written.

[edit] Mainboard FW

The mainboard.bin file from the fxfw package contains ARM instructions and strings that indicates it's a fork of grbl 1.1f indicated by the string "VER:1.1f.20170227". There are much more hints to the additional capabilities that FLUX added, such as "Gradient print mode ON" that doesn't exist in any known grbl variants. There's also something in it called "NCODE_NOT_ACCEPTED", perhaps that's their name for the raster pixel data format.

More in-depth disassembly is possible, and it uses a standard STM32 startup script so it's easy to find the reset vector and the main() function call. After that, reading assembly code becomes a bit nightmareish. Perhaps it'll be easier to try matching sections up against the assembly listing of a known build for STM32.

$I reports back "VER:1.1f.20170227 OPT:VZN,9,0"

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox