Sunday, August 11, 2019

Reverse Engineering Smart Wristband LM707

Recently bought a couple of "Smart bracelets"  LM707

to try RE so that I can put my own Firmware.
They have some nice features such as:
1. Color IPS LCD 80x160
2. Accelerometer
3. Pulse sensor
4. fast CPU...
5. BLE
6. Motor

I read some of articles about this and they usually have a NRF51/52 micro with BLE.
Sometimes they have the TLRS8266 by Telink.
So I thought get one open it up, see whats inside, *RE*, profit!

Got mine, opened it up and this what I got.
That weird chip is the MCU with markings 05PUN2 and a date code, and nothing else.

I had no idea what type of micro that is (still don't).
I've RE the APK that comes with it (luckily it was not protected), the app supports different types of 
MCUs (about 49 models), some are based on TELINK MCUs there are a mentions in the code.
and something called MAXSCEND, and this is what it's based on. 
No SDK no Datasheets, not info whatsoever, I have a method of uploading Firmware over OTP
(D/L of all the firmwares from the site). but they are of unknown Architecture so no idea.
I'm stuck, if anybody has any info, write in comments.


Sunday, May 19, 2019

ESP8266 GameBoy Emulator, attempt.

I had an idea, to port a GameBoy emulator to an ESP8266 with an LCD screen.
found a good candidate for porting Peanut-GB, it's only a single file (.H) and with
plenty of examples.

Very little setup required and a single lcd_draw_line callback, implement LCD drawing
there and voila, GB emulator on the ESP8266 (node MCU clone), but it seems
the raw power of C is not sufficient for this task, and the LCD library
that I've chosen (TFT_eSPI) and modified was also insufficient to make
the emulator run at adequate speeds.

Games are stored in the flash using bin2hex.

The LCD in use is ST7789 based 240x240 connected to the SPI bus running at 40 Mhz.

3.3V -> VCC
3.3V -> BLK
D3 -> DC
D4 -> RES
D5 -> SCL
D7 -> SDA

So what do we have:
1. The emulator runs, tried with "super mario land", Tetris and a demo.
2. Uhm... Profit ?

What we don't have.
1. Good frame time, each frame takes between 70~200 ms which translates between 14~5 FPS.
2. Audio (There was not enough time for smooth frame rates.. so ...)
3. Key input (Yeah.. no..)

It seems that no matter how hard I tried to optimize the code the drawing part
would always lag, if we remove the LCD part, the core did have enough
time to emulate the game, but I think an emulator without a screen
is not a good emulator :)

What did I try to do:
1. ESP runs at 160 MHz, I can try to use NO_SDK (run at 340 Mhz) by CNLohr but the SPI bus is        affected by it.
2. Optimize the gb_draw_line up the wazoo, replaced all multiplications with right shifts.
3. Added per line hash drawing capabilities, so if the pixels of the line did not change, don;t draw            them, helpful with static games, not so much with scrolling.
4. Moving the game code to DRAM, did not produce significant speed ups. *
5. DynaRec? will probably require a lot of RAM and we have only 32000 bytes left.

* One of the issues that I've encountered is that the game needs to reside on the flash,  but because of alignment issues (the game is a an array of bytes [8-bit] but the memory of the ESP is 32Bit) the reading is slower.

Everything was developed using Sloeber, highly recommended for Android development.
Sources: primary project.
Sources: TFT_eSPI modified library
Hope that helps anybody.


Thursday, November 29, 2018

Blue Pill (stm32f103c) as SPI programmer

I had a need to program SPI eeproms so looked around and found this for Arduino and off-course
it requires a 3.3V Arudino, I only had the Blue pill clone so I adapted the code and modified it
slightly to work with the pill attached is the connection schematics and code.

You will need to program the Pill with a bootloader for it to work as Arduino board.

Chip pinBlue pill pin
1 /SSPA4
3 /WP+3.3V
7 /HOLD+3.3V
8 VDD+3.3V

Also add a clip into the mix and create an ICSP.

You can use a serial console directly on the pill or the python script on the original repo
tested on Windows and Linux.


Saturday, September 23, 2017

Modular Smart Array 500 G2 LCD - C51343NFU OPTREX

I was rummaging through my collection of old hardware and came across a HP storage module labeled:
HP StorageWorks
Modular smart array 500 G2

and it had a nice LCD on it so decided to see if we can use for something.

After extracting it, it became obvious that it was a separate module with:
* Microcontroller
* buttons
* Dual color leds
* EEPROM memory

all in the small board !
Printed on the board :
OPTREX Made in taiwan 284-3

Let the hacking commence.

So what's inside it:
* Microcontroller - PIC16F877 , (Not the A variant)
* LCD - HD44780 variance
* EEPROM - 24c32 I2C 4K
* 3 Dual color leds. (green and red)
2 - single leds, connected to the same output pin. (red)
A RC Oscilator of unknown speed.

That's great they even left pads for in circuit programming.

Here are the connections:

You will need an ICSP capable programmer, to program it.
Word of warning while programming, connect the 5V line to an external power source, most
programmers have insufficient current to supply the board.
I successfully programmed it with Pickit 3 and the Minipro programmer.

The LCD has weird display ROM the character map is "funky" to say the least, only space numbers and English letters are where they supposed to be, everything else requires some searching.

Attached is the source code which is in C, for MLAB X ide.
I have modified my version and added a 20Mhz crystal, I've removed a resistor (R24) from the RC circuit and added a resistor between MCLR and 5V, the code is written for the Crystal, should work for RC but the config bits need to be changed.


Saturday, September 2, 2017

Orange PI PC + TFT ILI9341

Here is a quick way to configure a TFT display with a ILI9341 driver.
This should work with most (if not all) of Orange PI boards that are based on H3 (no Pi Zero).
I use Armbian as the OS.
such as:

here are the connections that are needed:

Once connected, install Armbian for your board and connect to a network.
Find the IP of the device (connect to a screen and a keyboard, use the log of the router and etc.)
Putty/ssh to it, login (user: root pass:1234 , it's the default values - please change the password to something more secure)

The TFT screen should be ON (white or black screen) with nothing on it.

Create a new file /etc/modules-load.d/fbtft.conf with the following content:


Create another file /etc/modprobe.d/fbtft.conf with the 
configuration for the fbtft_device device:

options fbtft_device custom name=fb_ili9341 gpios=dc:6,reset:9 speed=48000000 fps=25 busnum=0 rotate=270

restart device:
shutdown -r now

wait for boot,login again (the screen should be black)

Goto /etc/X11/xorg.conf and edit it, change the line that says
 Option                  "fbdev" "/dev/fb0"

 Option                  "fbdev" "/dev/fb8"

And restart again,
shutdown -r now

When the device boots you should have a working screen.

Friday, February 17, 2017

RS232 to TTL level shifter using transistors

Here is a schematic for a convenient circuit to connect a micro to RS232 (COM) port using only common parts, no MAX232 and such.

C1         220pF
D1         1N4007 - Can be almost any regular diode
J1         DB9
P1         CONN_4 - Can just use wires
Q1         BC558  -  PNP Transistor can probably use any PNP transistor
Q2         BC547 - NPN Transistor can probably use any NPN transistor
R1         10K
R2         10K
R3         10K
R4         3.3K
R5         3.3K
R6         3.3K

PIN 1 requires VCC the same voltage that the Microcontroller uses

Tested up to speeds 115200, used in many projects, ESP8266,sniffing router ports and the likes.

Friday, July 15, 2016

SDA5714 LED Display working with Arduino, with source

Found an old LED display from a Motorola MicroTAC with the markings SDA5714
Looked around the internet and found info mostly in Russian and with different code for atmel but not Arduino, decided to create a sketch with pinouts and a comprehensive example that uses both rows and the other LEDs (phone icon dots and etc), the font is implemented in the code, so you can modify it.
So here it is in action.

Here is the Arduino Sketch
Hope that helps anybody.