Posts Tagged ‘ ttyUSB0 ’

ez430-Chrono BlueRobin reverse engineering

this is a quick-wrote draft, it will be reviewed

Hello
here is just a little tutorial to give you some idea for reverse engineer and hack your next gadget

today i would like to know how the blueRobin chest strap can communicate with the ez430-chrono

the software delivered with the watch contain a « BlueRobin emulator »

the software only launch when the CC1111 dongle is plugged – ok, no problem

the dongle is seen as /dev/ttyACM0 and is configured at 115200 baud

let’s assume we have 2 dongles CP2102 providing usb serial port /dev/ttyUSB0 and /dev/ttyUSB1

and they are connected together like this

gnd ---- gnd
RX  <--- TX
TX  ---> RX

close the software, unplug the CC1111 dongle.

plug the 2 dongle CP2102 (FTDI dongles  will certainly work too)

create a fake ttyACM0 symbolicaly linked to /dev/ttyUSB0

sudo ln -s /dev/ttyUSB0 /dev/ttyACM0

set the speed of both dongle:

sudo stty -F /dev/ttyUSB0 speed 115200
sudo stty -F /dev/ttyUSB1 speed 115200

in a terminal be ready to read the output of ttyUSB1 = what the software send to ttyACM0

cat /dev/ttyUSB1 | xxd -p

the probleme here is that xxd only write the line to the terminal when it get a full line, so we can use the option « -c 10 » or even « -c 1 » to reduce the line, but it would be hardly readable.

I prefered send a bunch of zeros from another terminal whit this command:

echo 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | xxd -p -r  > /dev/ttyUSB0

so this technic help me to cut the communication in several sentence

In Fine, I get this : ( I add some comment while i capture to remind me what the « sentence » means)

mathieu@confusion:~$ cat /dev/ttyUSB1 | xxd -p
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000ff01030aff00
04000aff0004000aff0004000aff0004000aff0004000aff0004000aff00
04000aff0004000aff0004000aff0004000a000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
init ^^^ control center launch
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000ff030798ffff000aff02030aff0504280aff
0a060000000aff0504290aff0a060000000aff05042a0aff0a060000000a
ff05042b0aff0a060000000aff05042c0aff0a060000000aff05042d0aff
06030aff0a060000000a0000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
start, sweep from 40 to 45 bpm, then stop
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
00000000ff030798ffff000aff02030aff05042d0aff0a060a00000aff05
042d0aff0a061401000aff05042d0aff0a061e02000aff05042d0aff0a06
3205000aff05042d0aff0a063c07000aff05042d0aff0a06500a000aff05
042d0aff0a065a0e000aff06030a00000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
start, sweep from 1 to 10 km/h, then stop
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
0000000000000000ff030798ffff000aff02030aff05042d0aff0a06110f
000aff05042d0aff0a062110000aff05042d0aff0a063112000aff05042d
0aff0a065116000aff05042d0aff0a06611a000aff05042d0aff0a06811f
000aff05042d0aff0a069125000aff06030a000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
start, sweep from 1 to 10 mph, the stop
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
TX ID: 1677711
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000ff07030aff31160380000007
d90101061e0000000000000000000aff0004000a00000000000000000000
000000000000000000000000000000000000000000000000000000000000
0000000000000000ff31160381020307d90101061e000000000000000000
0a0000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000ff31160381020307d90706
061e0028000500000000000a000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
ff3116070000000000000000000000000000000000000aff09030a000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
^^^ here i try to set the time : 01:02:03 AM, 4°C, 5m Alt...

Ok, I Hope this little tuto will help you

I think that the more useful command in this tuto is « xxd » : it can translate octet-stream to readable string and make the inverse operation with the « -r » option.

And now a litle script to watch the cpu load of your computer directly on your watch :

#! /bin/sh

stty -F /dev/ttyACM0 speed 115200

# send the initialisation frame
echo "ff0307beffff000aff02030a" | xxd -r -p>  /dev/ttyACM0

sleep 1

while true
do  
    BPMDec=`cat /proc/loadavg | sed 's/\(.\)[.]\(..\).*/\1\2/g'`
    BPMHex=`printf "%02s" $(echo "ibase=10;obase=16;$BPMDec" | bc) | tr ' ' '0'`

    data=ff0504`echo $BPMHex`0aff0a060af3010a

    echo $data | xxd -r -p>  /dev/ttyACM0
    sleep 1

done

# send the termination frame -- never used since there is a "while true" before
echo "ff06030a" | xxd -r -p>  /dev/ttyACM0

exit 0
2011
09/27
CATEGORY
Uncategorized
TAGS









1 commentaire

cheapest usb-to-serial cable.

T6X USB to TTL serial cable

T6X USB to TTL serial cable

If you play with microcontrollers and embedded systems like SOHO routers, you may need a serial connection to monitor your target and sometime (everytime) realize that it don’t really work as expected.

The lucky of you may have old enough computer to  have a real RS232 serial port with the db9 socket and can use this interface with a TTL target thought the traditional max232.

But for the others, the recent computer have no longer this interface, so the only inteface available is the USB.

With a quick search on the Internet you can find USB to TTL-serial on several microcontroller-related website such as sparkfun, seeedstudio, nkc electronics, Adafruit Industries from approx $14 to $20 or on Ebay as low as $8.50 here.

But my best finding is the USB cable (see image) sold with my chinese RC transmitter (a Turborix 6ch 2.4GHz). It’s given as a « programming cable » without any other information. The truth is that this cable is nothing else than a USB to TTL-serial cable. Its price is as low as $2.99

The dongle is based on the Silabs’ cp2102 chip and provide only TX, RX and GND with the 3 wire cable but I plan to change it  to use a 4 wire cable with the fourth wire soldered on the USB’s VCC (5V). By this simple mod I would be able to USB power some little MCU’s projects.

The drivers  are available on the manufacturer site , for the most of the OS , including Linux, MacOS, Windows CE/2000/XP/Server 2003/Vista/7 (note that it was recognize « out-of-the-box » as ttyUSB0 and works on ubuntu and probably on others linux)

For the mini-DIN plug at the end ot the cable, don’t worry, just replace it with a standard header.

Drawbacks

– the 3 wire cable don’t provide VCC to the target

only suitable for 5V design (? to be tested) edit :It works great in 3.3V, and the 3.3V built-in regulator can provide 100mA so i manage to power and get data from a EM410 GPS Module without any other component.

for a far similar dongle which provide 3.3V try the Ebay Usbflying’s dongle It’s based on the cp2102 too

for a bit-bang capability you can use a FTDI cable such as this one

for a full-featured USB-to-UART I propose you this device

and If you want even more, try the Hackaday’s Buspirate

2009
09/30
CATEGORY
embedded
Microcontroller
TAGS

















Laisser un commentaire

Recent entry

Archive

Catégorie