SIMtrace Hardware » History » Version 23
tsaitgaist, 02/19/2016 10:49 PM
v1.1p added
| 1 | 1 | laforge | [[PageOutline]] |
|---|---|---|---|
| 2 | = Osmocom SIMtrace Hardware = |
||
| 3 | |||
| 4 | 7 | laforge | This page is dedicated to the Hardware for Osmocom [wiki:SIMtrace], which looks like this: |
| 5 | |||
| 6 | 3 | laforge | [[Image(simtrace_10_front.jpg, 33%)]] |
| 7 | 17 | laforge | [[Image(simtrace_connectors_scaled.png, 39%, align=right)]] |
| 8 | 1 | laforge | |
| 9 | 21 | tsaitgaist | STATUS: We have received the second batch of 100 units from the SMT factory, ready for the 28C3 (Version v1.1p) |
| 10 | 1 | laforge | |
| 11 | 9 | tsaitgaist | == Connectors == |
| 12 | |||
| 13 | |||
| 14 | * USB: USB mini-B connector. The main connector. The host software communicates (sniffing,...) through USB with the board. It can also be used to flash the micro-controller (using DFU). |
||
| 15 | * serial: 2.5 mm jack serial cable, as used by osmocomBB. port used to debug the device (printf goes there). |
||
| 16 | 18 | laforge | * debug (P3): same as serial, but using the FTDI serial cable. '''It is recommended to cut the voltage wire of the 6pin FTDI connector before plugging the cable into the simtrace.''' |
| 17 | 9 | tsaitgaist | * jtag (P1): JTAG 20 pin connector to do hardware assisted debugging. |
| 18 | * BT1: battery connector (4.5-6V DC). normally the USB provides power, but the battery port can be used for autonomous use of SIMtrace. The sniffing can be saved in the flash (U1). |
||
| 19 | * FFC_SIM (P3): to connect the flat flexible cable with SIM end for the phone. |
||
| 20 | * SIM (P4): put your SIM in there (instead of in the phone) |
||
| 21 | * reset (SW1): to reset the board (not erasing the firmware). If your are too lazy to unplug and re-plug the USB. |
||
| 22 | * bootloader (SW2): used to start the bootloader so to flash the device using DFU. press when plugging in the USB. |
||
| 23 | 19 | laforge | * test (JP1): short circuit using a jumper to flash using [wiki:SIMtrace/Firmware#EnteringtheSAM-BAmode SAM-BA]. |
| 24 | 9 | tsaitgaist | * erase (JP2): short circuit using a jumper to erase completely erase the firmware. |
| 25 | |||
| 26 | 4 | laforge | == Schematics, Gerber & Co == |
| 27 | |||
| 28 | 1 | laforge | The schematics, Gerber files, etc. can be found in the 'hardware' subdirectory of the simtrace.git repository: |
| 29 | * http://cgit.osmocom.org/cgit/simtrace/tree/hardware (web browsing |
||
| 30 | * git://git.osmocom.org/simtrace (git clone URL) |
||
| 31 | |||
| 32 | 2 | laforge | We're using Kicad as EDA tool. Most of the work on the schematics and Gerber files has been done by Kevin Redon, |
| 33 | 1 | laforge | based on the original design by Harald Welte. |
| 34 | 5 | laforge | |
| 35 | 1 | laforge | The latest schematics are also available as an attachment to this page. |
| 36 | |||
| 37 | 15 | laforge | == Interconnections == |
| 38 | |||
| 39 | The hardware schematics are very, very simple: |
||
| 40 | |||
| 41 | * Connect SIM-RST with PA7 |
||
| 42 | * Connect SIM-I/O with PA6(TXD0) and PA1(TIOB0) |
||
| 43 | * Connect SIM-CLK with PA2(SCK0) and PA4(TCLK0) |
||
| 44 | * Connect SIM-GND with GND |
||
| 45 | |||
| 46 | == Mode of operation == |
||
| 47 | |||
| 48 | The USART of the AT91SAM7S is capable of T=0. The documentation only mentions it in clock-master mode, like you |
||
| 49 | would run it in a smart card reader to actively talk to a smart card. However, by using the USART input clock multiplexer, |
||
| 50 | you can use an externally-generated CLK like the one from the SIM card socket of the phone. |
||
| 51 | |||
| 52 | Unfortunately, the Rx Timeout feature of the USART is not working in T=0 mode, so I had to re-implement Rx timeout (waiting time) |
||
| 53 | handling by means of the TC (timer/counter) block 0. Due to technical limitations, we will wait up to one byte (12 etu) more |
||
| 54 | than we should. |
||
| 55 | |||
| 56 | |||
| 57 | 14 | laforge | == Revisions == |
| 58 | 1 | laforge | |
| 59 | 23 | tsaitgaist | === v1.1p (1.1 Production branch) === |
| 60 | |||
| 61 | This is a slightly corrected version of the v1.0p. |
||
| 62 | |||
| 63 | Changes: |
||
| 64 | * a critical capacitor is near the LDO |
||
| 65 | * some other capacitors are nearer to the CPU |
||
| 66 | * some power traces are wider |
||
| 67 | * the SIM C6/VPP contact is also routed through the bus switch (sometimes used for Single Wire Protocol) |
||
| 68 | * sysmocom is added in the copper for legal reasons |
||
| 69 | * the FTDI Vcc is cut |
||
| 70 | |||
| 71 | Downloads: |
||
| 72 | * [attachment:simtrace_v11p_schematic.pdf] |
||
| 73 | * [attachment:simtrace_v11p_gerber.zip] |
||
| 74 | |||
| 75 | 7 | laforge | === v1.0p (1.0 Production branch) === |
| 76 | |||
| 77 | 20 | tsaitgaist | |
| 78 | [[Image(simtrace_v10p_front_mid.jpg, 33%)]] |
||
| 79 | |||
| 80 | 7 | laforge | This is identical to v1.0 on the schematics side, we simply altered the footprints of some components to accommodate |
| 81 | whatever the SMT factory had in stock. Specifically the LED are 0805 instead of 0603, and the shottky diodes are |
||
| 82 | in a slightly awkward looking very large package. |
||
| 83 | |||
| 84 | Downloads: |
||
| 85 | 22 | tsaitgaist | * [attachment:simtrace_v10p_schematic.pdf] |
| 86 | * [attachment:simtrace_v10p_gerber.zip] |
||
| 87 | 7 | laforge | |
| 88 | === v1.0 === |
||
| 89 | |||
| 90 | 20 | tsaitgaist | |
| 91 | [[Image(simtrace_10_front.jpg, 33%)]] |
||
| 92 | |||
| 93 | 7 | laforge | This is the first stable release. We built some 5 prototypes from this version. |
| 94 | |||
| 95 | Downloads: |
||
| 96 | 13 | laforge | * [attachment:simtrace_schem_v10.pdf] |
| 97 | * [attachment:simtrace_10_gerber.zip] |
||
| 98 | 7 | laforge | |
| 99 | === v0.9 === |
||
| 100 | |||
| 101 | 20 | tsaitgaist | |
| 102 | [[Image(simtrace_v09_top_mid.jpg, 33%)]] |
||
| 103 | |||
| 104 | 7 | laforge | As of June 04, 2011 the components had all arrived and four PCBs were in production. We assemble the first |
| 105 | 1 | laforge | units around June 14, 2011. |
| 106 | |||
| 107 | 7 | laforge | As of June 21st, we had four re-worked prototypes that are fully functional. |
| 108 | 1 | laforge | |
| 109 | 7 | laforge | === v0.8 === |
| 110 | 20 | tsaitgaist | |
| 111 | |||
| 112 | [[Image(simtrace_08_front_mid.jpg, 33%)]] |
||
| 113 | 1 | laforge | |
| 114 | 7 | laforge | Never really was an official release. However, a friend took the unfinished Gerber files and built 5 units. |
| 115 | 1 | laforge | |
| 116 | 7 | laforge | Since the Gerber was not finished, we had to do lots and lots of re-work in order to make them work at all. |
| 117 | |||
| 118 | 1 | laforge | == License == |
| 119 | |||
| 120 | Schematics and Gerber files are released under the Creative Commons CC-BY-SA (Share Alike / Attribution) license. |
||
| 121 | |||
| 122 | == Sales == |
||
| 123 | |||
| 124 | 12 | laforge | Sales started at the 2011 CCC Camp and the hardware can be bought through the web-shop of sysmocom GmbH ([http://shop.sysmocom.de/]) |
| 125 | 7 | laforge | |
| 126 | == Credits == |
||
| 127 | |||
| 128 | 8 | laforge | * Harald Welte |
| 129 | * Original project idea, schematic design |
||
| 130 | * Olimex SAM7-P64 based prototypes |
||
| 131 | * Firmware and host software |
||
| 132 | * Kevin Redon |
||
| 133 | * KiCAD work on schematics, footprints and routing |
||
| 134 | * Soldering of some prototypes |
||
| 135 | * [http://sysmocom.de/ sysmocom - systems for mobile communications GmbH] |
||
| 136 | * funding for hardware prototyping (PCB, components, etc) |
||
| 137 | * Christian Daniel |
||
| 138 | * post-production flashing + debugging, design + test of v1.0p rework |
