Since the Samsung processor is a BGA package, the only way to be sure of the connections seemed to be removing the chip and buzzing out the pads with a multimeter. I mentioned this to a friend at work, he said he'd like to have a look at the board. 2 minutes later he arrived back and the board looked like this (thanks Robin!):
After work I got busy with the multimeter and datasheet. The results seem to be as shown below - I've marked up one of the diagrams from the Sharpfin project:
I've got a JTAG cable, but haven't had chance to try anything yet.
10 comments:
I've been trying to access the Sharpfin Project, but it requires a login. Do you know how to register with the wiki?
Cheers
Paul
Unfortunately it looks like the wiki has been taken down. I'm not quite sure what's going on!
Ahh well, hopefully it'll be up again soon
The Sharpfin project is back !
You shouldn't need a login to read the site, only to update.
We'd appreciate some input !!!!!
Trumpton
Could you confirm whether my guess as to pins pr5, pr6 and pr7 are related to the serial port, and in the internal software, is the serial port enabled, and if so, what is running on the other end?
Many Thanks,
Steve C (trumpton@sharpfinproject)
Looking at reciva_uart.c, there appears to be a serial interface using GPH7 (RXD2 from the S3C2410's built in uart) for rx, and GPB9 (one of the GPIO pins) for tx. I'm guessing these are two of the pads on the bottom of the board probably in the IO block.
The init script arranges for the console to be directed to a serial port on startup, so if we can correlate these pins to the pads on the board, this could be a way to unbrick radios (like mine) without full JTAG or Flash chip access.
At startup, the port should be configured at 1200 bps, and the string "Reciva Radio\r\n" should be output, so it should be easy to verify when you've found the tx pad.
Nice work! I'm thinking about buying one of these radios but i'd like to open up the firmware and do my own thing with it. Is there any documentation to show what the progress is like?
seanyseansean:
The sharpfinproject is the official place for information: sharpfin.zevv.nl if you want details about getting access to a shell on the radio then I have a gmail address - internetradiohack.
Richard
Trumpton:
Re: pr5/pr6/pr7 I really hoped that these were a serial port but they seem to be:
pr5 - L16 UEXTCLK/GPH8
pr6 - J11 EXTCLK
pr7 - J17 nBATT_FLT
Nowhere near as exciting as I'd hoped.
Richard
Jason Rumney:
There are a couple of things about a serial console:
1. /etc/inittab definitely has a getty line. Unfortunately, on the last revision of the firmware I've got, getty itself was missing from the specified location.
2. The sales blurb PDFs on the Reciva website mention a master/slave mode. This allows a reciva board to be used within a larger system. It uses 1200bps RS232 - I suspect the serial interface you've noticed in the code (I did too) is for that, rather than a serial shell. Hopefully I'm wrong.
I think the best chance for debricking is currently JTAG or programming the flash directly via the flash testpoints.
BTW if anyone wants to email directly use my gmail account: internetradiohack.
Richard
Post a Comment