At first, you can see that there are 12 white LEDs at the bottom, which are running randomly. But if you establish communication between the badge and the computer, then there's much more.

The cube has it's own TRNG (True Random Number Generator) and can create the stream of random numbers. It has also the PRNG (Pseudo RNG), so it can be used as the cryptographic engine, predominantly for experimenting and playing around. It has a FLASH memory with 16 Mbits (2 Mbytes), which can be used, for instance, as the storage for OTP (one Time Pad) random number base, the only cryptography method which can not be cracked, doesn't matter how powerful computer do the Bad Guys have, or how clever they are. There are some disadvantages of this method, which will be discussed later.

The communication is performed via the virtual serial port, so you should have some serial terminal program (RealTerm, or similar). Parameters are 115200, 8, N, 1. This port is used to issue the command or parameters to the cube, send or receive the encrypted or decrypted file, get the status or read the current data. Two or more cubes can also communicate wirelessly, using the capacitive link, so they should be close together, not more then inch or two (or several centimeters).

Command line is not case sensitive. It contains one command character, one or more (optional) operands and one (optional) numeric data, separated by spaces. Here is the command list (N is a nibble, or if preceded by "0x", one hex digit), NNNN is 16-bit number, and NNNNNNNN is 32-bit number):

       M   S   D   [NNNN]        Move NNNN blocks from S to D  (default 1 block = 512 bytes)
       X   S   D    [NNNN]        Move and XOR NNNN blocks from S to D (default 1 block)
       R   NNNN                      FLASH Read address set to NNNN  (please read ERRATA note)
       W  NNNN                      FLASH Write address set to NNNN  (please read ERRATA note)
       S   NNNNNNNN           PRNG Seed set to NNNNNNNN  (32-bit number, hex input only)
       Q                                    Quit the current command execution   (runtime only)
       ?                                     Help 
       H                                    Help

Numeric values assigned to M, X, R and W commands are expressed in Decimal or Hex (with 0x prefix) code. 32-bit numeric in S command can be Hex only. Please note that NNNN literals in R and W commands are addresses, but they are not expressed in bytes, but in 512-byte blocks.

S and D (in the operand group) stand for Source and Destination. Each of them can be:

       B                 Buffer 1    (512 bytes in MCU Data Memory)   
       C                 Buffer 2   (512 bytes in MCU Data Memory) 
       N                 Network   (capacitive link between cubes) 
       U                 UART   (via virtual port) 
       F                 Flash   (internal FLASH memory)   
       P                 PRNG   (Source only) 
       T                 TRNG   (Source only) 
       S                 Seed   (Source only) 
       A                 Accelerometer   (Source only)

ERRATA: There is a bug in the version v1r0. Instead of addressing 512-byte blocks, commands R NNNN and W NNNN address 256-byte pages. Workaround: multiply the block number with two. For instance, if you want to read or write to block 4 (address 2048 or 0x800), please do not type R 4 or W 4, but R 8 or W 8. This bug will be corrected in the next release v1r1.

IMPORTANT NOTE: There is a limitation which is valid for almost all FLASH memories, and which is a consequence of the design technique and optimization. You know that all Flash memories (just like EPROM and EEPROM) must be erased to all 1's (bytes 0xFF) before writing, and, if it was not erased, it simply ANDs the previous contents with the new one. The FLASH chip MX25V1635FM, which is used in this project, can erase only 4K (or larger) blocks. Cube firmware does this automatically if it writes to the first page (or the first 512-byte block) of the 4K block, but erasing will not take place when the MCU writes to some other page inside the 4K block. So, writing to block 1 will NOT erase the previous contents of the FLASH, but writing to block 0 will automatically erase all blocks from address 0x0000 to 0x0FFF (blocks 0...7).


M  B  C          Move 512-byte contents of Buffer B to Buffer C
M  C  U          Move 512-byte contents of Buffer C to UART (print it on terminal screen)
M  T  F  10     Move 10 blocks from TRNG to FLASH at address R (actually 20, note the ERRATA paragraph)
X  U  N           Read UART (512-bytes from Terminal), XOR it with FLASH at address R and send it to network
R  0                Preset R (Read Flash) register to block 0
W  0x100       Preset W (Write Flash) register to block 0x100 (which is at address 0x10000) (note ERRATA)
M  A  U          Move the accelerometer X, Y, Z data to UART (print it on terminal screen)

          DATA FORMAT

All Move commands are executed from S (Source) to D (Destination) in 512-byte blocks. The capacity of the Flash memory is 2 Mbytes (which is 4096 blocks), and every read or write operation from or to the Flash memory is performed starting at the R or W address. After Read or Write operation of every block, the pointer is automatically incremented by 2.

If the numeric NNNN following M or X command is defined, the operation will be executed NNNN times, with proper R or W register incrementing by 2 after every block.

Command M moves a block of data from S (Source) to D (Destination).

Command X does the same thing as M, but it XORs every byte of data with a byte of data in FLASH memory, addressed with R (Read) register, incrementing the register properly. Please note that the command  X F U  (or to any other destination) will first read a whole block of data from the FLASH memory to the auxiliary Buffer 3 (which is normally not visible to the user), and then read the next block of data to XOR it with Buffer 3. So the R register will be incremented twice by 512, which gives a total of 1024.

In some cases, when the source is N (Network), the unit could "hang", waiting for data. There is no timeout function and, if no data was received, it will wait forever. In that case, command Q will end the process and it will be returned to the home state, waiting for the new command.

The same deadlock is possible when the unit is executing the command with (UART) as the source and no data is received. In this case, Q will not be recognized, as it will be accepted as a single byte of expected data stream. The only way to end the process is to turn it off (by unplugging the USB connector) and turn it ON again.

NOTE: Registers R (Read Address) and W (Write Address) are not kept in non-volatile memory, but in MCU Data Ram. So the contents of those registers is reset to 0x0000 after every power-up.

(to be continued)