About untergeek

Early digital immigrant. Father. Maker. Tinkerer. Serendipist. Journalist. Synth nerd.

Free-for-all Filters And VPM – How The Hacktribe came to be

I really like my Electribe 2. I know, it gets a lot of hate from the EMX/ESX lovers, but the workflow really suits me, and, as you might know, I’ve got a heart for underdogs, especially when they are from Korg – don’t you think that even Korg’s blunders are more interesting than Roland’s successes?

A mutant Electribe

StableDiffusion 1.5 hallucinating the hell out of an Electribe with IMG2IMG and “Superman Drum Machine” as prompt

Which doesn’t mean that Korg does everything right. As Electribe users know, you have to make up your mind: 

  • Do you want the (blue or grey) E2 synth (“BlueTribe”), or
  • the (red or black) E2S sampler (“RedTribe”)? 

The RedTribe sampler, gravitating a bit more towards hip-hop compared to the dancefloor-oriented BlueTribe, is generally more flexible – but you have to sacrifice the BlueTribe’s many additional filter types and synth oscillator models.

Which is a real shame considering that the hardware for BlueTribe and RedTribe is absolutely identical – apart from the colour scheme and the built-in samples. You can even crossgrade from BlueTribe to RedTribe and vice versa (involves a bit of hex editor manipulation and a sizeable risk of bricking the Electribe, but it’s doable – I did it once before settling on a black RedTribe for good).

So why doesn’t one just analyze the firmware, and copy&paste the BlueTribe goodness to the RedTribe ROM? It’s that kind of project you dream of for about 15 seconds until you realize how cumbersome this really is, and that it would be madness to commit yourself to that kind of ambitious hacking project.

Luckily, bangcorrupt has already done just that.

Behold: The Hacktribe!

In case you lived under a rock and haven’t heard of it: Hacker bangcorrupt has analyzed the Electribe’s bootloader, finding the requirements for installing modified firmware. And he modified Korg’s 2.02 Electribe Sampler firmware, adding the BlueTribe’s extra capabilities concerning filters and oscillators to it – and even more: VPM, Korg’s version of FM synthesis for people without a degree in acoustics.

It’s as simple as downloading the factory firmware, running a Python script that patches it, and updating your E2 to the Hacktribe firmware. If you want to keep running your existing RedTribe patterns, I created some small additional scripts for that – my tiny contribution to the project – and you will find soon find a step-by-step tutorial as a Python notebook that you can just click-and-run on Google Colab, saving you the intimidating Python installation business.

But for the moment, let’s geek out for a bit: I reached out to bangcorrupt, the hacker who did this, and asked him how he did the hack.

Hacktribing your RedTribe

We were communicating via mail – he answered my first set of questions – which were originally intended just to tell him what I wanted to know – in bulk. These are his answers; I’ve just added some links and notes in italics and square brackets where I felt like it. Everything else is bangcorrupt’s answers.

Q: How did you get the idea of doing it?

bangcorrupt: I got the idea from the firmware swap posted on korgforums years ago.
I wanted to create a hybrid based on the latest firmware version, with some added features and configuration options.

[With the first couple of firmware revisions, it was quite easy to swap the firmware of a RedTribe for a BlueTribe; with v2.02, Korg added checks to keep you from crossgrading, so you had to do a bit of hex editing and downgrading to do the swap. It was quite a feat and, honestly, not worth it, as you wouldn’t get the samples of the other machine – these seem to be stored in ROM, separate from the firmware. While it is quite easy to get someone with an E2S to perform an “Export All Samples” for you, I have not seen the BlueTribe factory sample set in the wild yet.]

Q: Why didn’t you just stop when you realized how overwhelmingly complex the whole thing would become?

[Think about it.The Electribe is a complex machine – see this hardware breakdown in the Korg forums from 2015 which is one of the first things a prospective hacker might end up with. It hasn’t got just one microcontroller but three: The main processor is an ARM9 processor called AM1802 (datasheet), accompanied by a Blackfin 523 DSP from Analog Devices (datasheet) – a type of microprocessor optimized to process real-time data. There is also an additional feeble ARM Cortex M3 reading the front panel dials, which we may safely ignore if we’re lucky. Scanning the datasheets, you will find all sorts of scary words like “protecting code integrity”. There is obviously some kind of bootloader involved which you have to analyze to find out what it accepts as a firmware, and how it is loaded into memory. And once you mess things up, there is a considerable risk of bricking your Electribe for good – which did indeed happen, see below.]

bangcorrupt: Once I started seeing patterns and how they interrelate it was difficult to stop. I was really obsessed with it for a while; hopefully I can find the time to dedicate to taking it to the next level.

Q: Did you have a background in microcontroller development before?

bangcorrupt: I had a basic understanding of computer architecture and electronics, but most of what I know about microcontrollers and reverse engineering comes from working on Hacktribe.

[Which I, as a full-blown blunderer and tinkerer, find wonderfully serendipous and inspiring.]

Q: What were the challenges in doing it?

bangcorrupt: Everything. I’m learning how to do this as I go along, most of the tools and protocols are new to me. At one point I bricked my electribe and had to hack some other things to learn how to fix it.

Q: What kind of tools does one use for rewriting Electribe code?

bangcorrupt: A J-Link or a Raspberry Pi running OpenOCD will work as a JTAG debugger for the CPU.

[Let’s stop here for a moment and explain what a JTAG debugger actually is. Imagine you have some sort of program, and want to see what it does – especially if it doesn’t do what you want it to do. In that case, it would be handy to stop the code and look at registers and memory.

As long as the program is still running on your desktop computer, you can simulate and debug your program there, but once it has been transferred to the machine, you will have to use special hardware to do that.

When I did my first 8-bit development project some 30 to 40 years ago, we had to buy a murderously expensive type of hardware called a Z80 In-Circuit Emulator, a blue box that could act as a microcontroller in my machine but kept transmitting data on order to a PC. It has become much, much simpler these days, as all modern microcontrollers have a standard serial interface called JTAG. It takes orders and code, and transmits data if you want to talk to the processor, but you still have to have special hardware and software which does the talking.]

bangcorrupt: I couldn’t get the Raspberry Pi [running the OpenOCD JTAG debugger] working with the Blackfin DSP, but thanks to people sponsoring Hacktribe I was able to buy the official Analog Devices debug adapter.
Raspberry Pi will also work with the Cortex M3 on the panel board, but I want to try using Black Magic Probe [an open-source standalone JTAG debugger for ST Micro’s M3 hardware and others] on an STM32F103.
On the software side I’ve been using Ghidra for static analysis, with Rizin for patching and debugging.

[What is this for? The original programmers wrote high-level code in languages like C, and probably low-level Assembler code handling single processor instructions, before compiling and assembling their program code into the string of bytes in the SYSTEM.VSB file. Disassembler frameworks like Ghidra – by the NSA, for god’s sake! – and Rizin help you turn back these bytes into readable code, much like turning a meal back into a recipe – so you end up with code that your brain can process, and the JTAG debugger which helps you watch what it is actually doing. This gives you a good chance to understand what the code does, and how to expand it.]  

Q: How much of what your HackTribe code does was already in there, and what did you have to write from scratch?

bangcorrupt: This is hard to answer, it’s all interlinked. At the start I was hex editing the binary directly, changing pointers and conditional tests to run existing functions with new data. I’ve started reworking it into separate assembly code; the most new code I’ve written is probably for NRPN handling or FX editing. Even here I am using the existing functions as much as possible, just calling them in a different order with different arguments.

Q: And have you got a clue what the hell Korg thinks about all this?

bangcorrupt: I have nothing to do with Korg. I try to stay within the law and the license agreement, and as far as I know I have.

bangcorrupt’s answers are printed as they were given. All errors in the italics are mine.

Yay! I’ve bought a DIY Minimoog. (And Jenny is going to love it!)

Isn’t it GORGEOUS? Classic Minimoog – less of a control panel, more of an erogenous zone for synth nerds. Tell me you don’t want to feel up these knobs! The pure beauty of a one-of-a-kind electronic instrument. The design and the sounds are still in highest demand more than 50 years after its design – and I was pretty sure I’d never, never even be tempted to buy one.

I never even wanted a Minimoog!

Let’s be honest: Moogs are ludicrously overpriced, and overhyped. Not a single classic Moog ladder filter sound you couldn’t do just as well with a modern plugin, or almost any modern hardware. Hey, even the R3 – my most underdog synth – can do pretty decent Moog impressions. And if you are with the “Digital-will-never-sound-like-true-analog” esoterics, there is still the option of Neo Old School: Using the old design with the upsides of modern analog technology. Get yourself a Boog, for fuck’s sake. (And a life.)

Still… as we know, it’s all about the workflow – and about that unique combination of how an instrument looks, feels, and sounds. So when I saw a Moog enclosure and front panel on eBay for a couple of Euros, I could not resist and had to buy it.

“It’s aliiiiive!” – How to give life to an empty corpus

Continue reading

Repairing your Macbook Air M1 (2020) if the trackpad does not click

Suddenly, the Mac did no longer click with me: The trackpad in my MacBook Air M1 (end-2020) no longer clicked, seemed to have jammed, gave no haptic feedback. I could no longer click any objects on the screen; without an external mouse, the laptop was unusable.

It was quite easy to solve that problem; some short notes might help you if you have a similar problem.

  • Fast fix: Activate “Tap to click”. Get a mouse and go to the Trackpad settings and set “Tap to click”. At least you can use the trackpad now with selecting things bei tapping them instead of clicking them.
  • It might not be the hardware’s fault. I did not realize it at once, but the click you feel when you click the trackpad is not produced by a mechanical spring but by activen electric components – a couple of small electro magnets producing the haptic feedback. This post by pocket-lint.com does a good job explaining the techonology. This means that it might actually a firmware or OS problem. I read that some people had success temporarily disabling all haptic feedback settings; give it a try.
  • It is quite possible to replace the trackpad if necessary. It is not really easy to take a modern Apple device apart, but it is feasible, provided you have the right tools. Remember that Apples patronizing “Genius Bar” technicians might charge you heavily. But: get the tools!
  • The right tools for fixing a Macbook Air. You will need them. I had Torx bits for mobile phone screws anyway and bought some more on Amazon. This is what you need:
    • a Pentalobe-P5 screwdriver for Apples 5-star-hole housing screws
    • a Torx-T4 screwdriver for removing the trackpad cable connector clamp
    • a Torx-T5 screwdriver for the trackpad screws
    • a magnifying glass
    • pincers
    • a box with several compartments to keep the 6 different types of screws apart and safe
    • good workplace conditions – proper lighting, enough space, a workplace mat
  • Taking the Air apart, step by step. ifixit does a brilliant job at explaining and showing every step – have the tutorial on a second screen next to your workplace so that you can look at every step when you need it. Pro tip: Read every step thouroughly before you do it – I didn’t at one point and missed that there are distance shims on top of the trackpad which drop to the floor when you take it out. Some rather undignified crawling ensued.
  • Apple supports your Right to Repair. Seriously. A little bit. „Right-to-repair“ laws have forced Apple to move. If you insist on trying to repair your iDevice, Apple gives you information, tools, and parts – provided that the iDevice is rather recent, and that you live in the US. But to be fair: You can find the comprehensive Macbook Air Servide Manual (PDF) for download. You may also order a replacement trackpad for about $100 in the U.S. Apple’s Service Support draws some criticism for its pricing and for its rather complicated procedures, but it is a start.

In short: This is what I did to get the trackpad working again

  • Bought the tools.
  • Opened the Mac and detached the battery connector. My advice: do that, then reconnect and check whether the trackpad is already working again.
  • Took out the trackpad and gave it some menacing looks, carefully poked at the metal strips, and cleaned what seemed worth cleaning.
  • Cleaned the trackpad bay in the housing to remove any object that might cause problems
  • Reinserted the trackpad. The service manual states that a new trackpad comes with shims in different thicknesses, so I measured the thickness of those I had and found that some were .1mm and some were .15. I inserted the .15mm ones to the front, and the .1mm ones up next to the keyboard.
  • Put everything back together. The critical moments: Reconnecting the battery connector with minmal force. Reconnecting the trackpad’s flat cable to the ZIP connector: open, pull out flat cable, reinsert, close locking mechanism. Reconnect the PCB connector plug for the trackpad next to the battery connector.
  • Triple-checked the connectors, then attached Macbook to power supply and switched it on. Worked.

Work in Progress: Trying out a new shop

Generated and (c) OpenAI Dall-E 2 AI

For years, I have been working with a shop plugin by maennchen1.de, wpShopGermany. It made things a lot easier and was worth its money, but there are a couple of issues I have with it:

  • Ease of use, as in: No…
  • Does not allow me to define the kind of invoice I would like it to
  • Problems with Paypal payments from the UK
  • Really, really dodgy translations.

These issues may not all be wpShopGermany’s fault, to be clear, yet I am trying out WooCommerce – and if that may that cause trouble and/or confusion: Sorry!

Generated by OpenAI’s Dall-E2 AI.

Price raise. Unfortunately.

The global chip crisis has reached my humble shop: When trying to source new programmable ROM chips – nearly all of Bob Grieb’s firmware updates use trusty old Atmel-27C256 PROMs that are still in production – we discovered that they have become much harder to get, and more expensive. Eventually we succeeded in finding a supplier who could help us restock in time, but the chips cost us over one Euro more.

Until further notice we will raise prices for firmware updates by € 1.50 after taxes per chip.

In spite of that: have a good start into 2022, the Year of Hope.

The Noisy One

I’ve won a Dreadbox Typhon in a sweepstake, and it’s bloody brilliant. Like, really, really brilliant! A fun machine with a monster sound and a great concept for real-time sound manipulation and editing. If there wasn’t that nasty problem with digital noise.

Dreadbox Typhon powered from USB hub; preset A1

Just listen to it! It’s wonderful – but you will have noticed the nasty sound on switching it on, and the permanent high-frequency noise. (Oddly enough, it’s no longer in the recording as soon as the sequencer starts, but believe me – it’s there, all of the time.)

Digital noise, for sure.

Continue reading