# ARM questions

#### Dr_Doggy

##### Well-Known Member
well, very interesting stuff...

i see now the pin boards for iscp on a tv remote, I get better now what you are saying that "open device" is any port, but that also means I may need to think of things like rf encoders, plus then different protocols and such, compilers, up loaders..ect? I cant help but think one of those "flying probes" mentioned the other day could help me here... it runs on the max Q610, I found the datasheet, but cant figure out how to compile or upload (software required)...

I took apart a fiber optic- to rg6 tv decoder the other day, it was being run by a 16F pic! so i got the compiler and icsp pins on this, but I would then need to trace pcb, and figure out ports... prolly wont find firmware... and cant imagine a uC would be doing much on these things anyway... besides some minor power monitors and such...

it would also be fun to see if i could push some personal firmware in to a cable box, or intercept the firmware download off the cable line to decompile, but i can just imagine the size of scope this would take, i would need to decode the DL from Rf and reencode back to RF, then decompile firmware before any fun, if its even possible... img_033 is the chip for it... but there are several others on the board... *note i dont want to decrypt authorization codes or anything, just change some small features, like maybe disable some buttons or add messages to LCD... or fact that it likes to freeze (global issue )

also it makes a bit more sense about the core of these devices after reading about bootloaders for arduino,, now i wonder is it possible to get bootloader for android cellphones and other machines, and would i want to? maybe it is better to compile using the java compiler and just stick with building apps? instead of building ground up...

One that has my full attention/interest is an advanced game controller, which does not follow common protocol, or have (good)drivers, there are lots of attempts and hacks, but not much mention of fruit, Some were able to interface a microcontroller via the usb interface, , but i wasn t able to decipher the usb.h enough to use for my vb usb lib (which is my ideal). In this case again hard to get firmware , and hard to decompile(i have had little success with decompilers so far). https://d3nevzfk7ii3be.cloudfront.net/igi/Pxl4pYkemGjKR2Xb.medium --- since its arm i am guessing if i did decide to rewrite firmware from scratch that i need python? also i wonder how i would upload, im guessing via usb, but what software, but it is difficult to tell as the vendor has hidden the datasheet. Mostly with this i just want to figure out the communication to get the buffer data from the buttons/sensors, I'm not sure how the handshakes works, or if it needs instruction to send data, i know there is also instruction i need to figure out so i can upload a bluetooth macaddress for pairing,,, on the usb side, i found arduino instruction that looks like this: PS3BT PS3(&Btd,0×00,0×15,0×83,0x3D,0x0A,0×57); but cant figure out what bytes it is inserting prior to mac addr enough to emulate on pc usb... I can get connected , send hex, sometimes i get flashing colors but i have feeling those are error codes.... also any ideas how i can sniff this out when the game system is interfacing ? maybe hook a uC to the usb data lines, but i fear that might entail alot of decryption of annoying packets that are only for ID-ing usb driver and such or that usb2.0 maybe too fast for my microcontroller to listen in on.... i noticed sniffers are quite expensive...

here in the img 20160324_113407 is a zigbee flood sensor, so small i can't see numbers on IC's, my target is just to interface with it, however so far i have discovered there are different pair protocols and handshakes with these devices, so again i wonder how can i sniff this, or another way to get in? In this situation there is no headers or pins, so maybe firmware would upload via the zigbee RF? how would i go about this compiling, uploading or getting firmware? in this board there are really only 2 buttons, the flood trigger and the tamper button.... It kinda looks like the cpu is a zigbee rf module board , simply soldered to the sensor pcb.... (maybe)...

Another device i havn't had a chance to tear down is the bluebolt xbee-lan hub, due to the protocol i was not able to discover or pair it to my devices, plus i dont like how you need cloud server to run it... My options here are to see if i can reprogram it to myown use and to work with my uncompatable devices, or maybe it would be easier to start from scratch: get an arduino, get zigbee & Lan shields and do fresh code from ground up with internal server... would save 100$in circuits if reprogramming bluebolt is possible... I have been thinking about getting a raspberry pi, and far as i can tell I could run it on windows10 and other os', I wonder if that would include win7 or xp, does that mean my vb.c# would work for it? but all talk is about python, also i worry about how hard it would be to program.... or find dll plugins for my C# code... also again, with the mention of devices using python compiler, is there way i can use my vb.c#? so far i am able to compile for arduino with the vb...not sure if i understand what software is needed for uploading... or the different compiler langs involved. if there are any of these we feel we would have success cracking, please elaborate, I am interested in attempting any of them if I could have a hand in walk through! #### Attachments • 841 KB Views: 152 • 227.7 KB Views: 127 #### Tony Stewart ##### Well-Known Member Most Helpful Member My 1st Android experience recently on the MBX MXQ$50 linux box was a learning experience.
In the end after loading 3rd party apps with root access, I was able to install XMBC and KODI and realize <1GB of RAM was not enough for KODI but OK for XMBC with a few addons.

Manufacturer MBX
Model MXQ
Android version 4.4.2; 20141231; SDK19
CPU 4 cores; Amlogic Meson8B meson8; Max: 1536.0 MHz; Min: 24.0 MHz
Display 1920 x 1080; DPI: 240; Evaluated Size: 9.2"
Touch screen NOT multitouch 1 point
GPU Mali-450 MP; ARM; OpenGL ES-CM 1.1; OpenGL ES 2.0
RAM 837 MB
Flash 7.000 GB Build-in; 0.612 GB
SD flash slot avail.

When I tried to disable Google Play startups and update code, I ended up bricking the box so it wouldn't boot nor restore the OS with a reset pin in AV jack on power up, which was used several times before. Even tough it was a Quad core ARM chip the RAM size was just too small for the bloated video addon. But when it worked it worked slow on certain functions even with 38Mbps ethernet thruput but streaming 1080p video was excellent for web movies/TV series and transcodeed live TV. It had a BT remote controller, HDMI output, several USB ports and at times performed like a tower, until it would halt from buffer overflow. I would buy another ANdroid box but go easy on the tweaks with root privvies until I understand the implications more and make sure it had more RAM. Still not bad for free live TV and Movies for $50 one time cost on ethernet. It also had wifi hotspot feature if one wanted it and a bunch of other applications. I used 2 different repositories for Apps besides Google Store as I found the Google services and background processes robbing power from performance which starts when it prompted me to upgrade to "Google Play". In the End I am having way more fun on Debian MINT x64 (Cinnamon Version) on an 8-core i7 with 8GB of RAM. It has all the features of Windows more and/or less and only uses 1% CPU on idle instead of 5~10% with bloated Windows background service scans. I dumped Windows X for now . It has an automated software installer and updater, as well you can use terminal mode, which I am not proficient on ...yet.. apt-get dump_to_brain. The$50 MXQ little TV box is basically a nice cheap Android box with a great quad core CPU and quad GPU that you so many things with like home automation with an web browser of choice like Opera or Firefox and a suitable APP.

#### large_ghostman

##### Well-Known Member
well, very interesting stuff...

i see now the pin boards for iscp on a tv remote, I get better now what you are saying that "open device" is any port, but that also means I may need to think of things like rf encoders, plus then different protocols and such, compilers, up loaders..ect? I cant help but think one of those "flying probes" mentioned the other day could help me here... it runs on the max Q610, I found the datasheet, but cant figure out how to compile or upload (software required)...

I took apart a fiber optic- to rg6 tv decoder the other day, it was being run by a 16F pic! so i got the compiler and icsp pins on this, but I would then need to trace pcb, and figure out ports... prolly wont find firmware... and cant imagine a uC would be doing much on these things anyway... besides some minor power monitors and such...

it would also be fun to see if i could push some personal firmware in to a cable box, or intercept the firmware download off the cable line to decompile, but i can just imagine the size of scope this would take, i would need to decode the DL from Rf and reencode back to RF, then decompile firmware before any fun, if its even possible... img_033 is the chip for it... but there are several others on the board... *note i dont want to decrypt authorization codes or anything, just change some small features, like maybe disable some buttons or add messages to LCD... or fact that it likes to freeze (global issue )

also it makes a bit more sense about the core of these devices after reading about bootloaders for arduino,, now i wonder is it possible to get bootloader for android cellphones and other machines, and would i want to? maybe it is better to compile using the java compiler and just stick with building apps? instead of building ground up...

One that has my full attention/interest is an advanced game controller, which does not follow common protocol, or have (good)drivers, there are lots of attempts and hacks, but not much mention of fruit, Some were able to interface a microcontroller via the usb interface, , but i wasn t able to decipher the usb.h enough to use for my vb usb lib (which is my ideal). In this case again hard to get firmware , and hard to decompile(i have had little success with decompilers so far). https://d3nevzfk7ii3be.cloudfront.net/igi/Pxl4pYkemGjKR2Xb.medium --- since its arm i am guessing if i did decide to rewrite firmware from scratch that i need python? also i wonder how i would upload, im guessing via usb, but what software, but it is difficult to tell as the vendor has hidden the datasheet. Mostly with this i just want to figure out the communication to get the buffer data from the buttons/sensors, I'm not sure how the handshakes works, or if it needs instruction to send data, i know there is also instruction i need to figure out so i can upload a bluetooth macaddress for pairing,,, on the usb side, i found arduino instruction that looks like this: PS3BT PS3(&Btd,0×00,0×15,0×83,0x3D,0x0A,0×57); but cant figure out what bytes it is inserting prior to mac addr enough to emulate on pc usb... I can get connected , send hex, sometimes i get flashing colors but i have feeling those are error codes.... also any ideas how i can sniff this out when the game system is interfacing ? maybe hook a uC to the usb data lines, but i fear that might entail alot of decryption of annoying packets that are only for ID-ing usb driver and such or that usb2.0 maybe too fast for my microcontroller to listen in on.... i noticed sniffers are quite expensive...

here in the img 20160324_113407 is a zigbee flood sensor, so small i can't see numbers on IC's, my target is just to interface with it, however so far i have discovered there are different pair protocols and handshakes with these devices, so again i wonder how can i sniff this, or another way to get in? In this situation there is no headers or pins, so maybe firmware would upload via the zigbee RF? how would i go about this compiling, uploading or getting firmware? in this board there are really only 2 buttons, the flood trigger and the tamper button.... It kinda looks like the cpu is a zigbee rf module board , simply soldered to the sensor pcb.... (maybe)...

Another device i havn't had a chance to tear down is the bluebolt xbee-lan hub, due to the protocol i was not able to discover or pair it to my devices, plus i dont like how you need cloud server to run it... My options here are to see if i can reprogram it to myown use and to work with my uncompatable devices, or maybe it would be easier to start from scratch: get an arduino, get zigbee & Lan shields and do fresh code from ground up with internal server... would save 100$in circuits if reprogramming bluebolt is possible... I have been thinking about getting a raspberry pi, and far as i can tell I could run it on windows10 and other os', I wonder if that would include win7 or xp, does that mean my vb.c# would work for it? but all talk is about python, also i worry about how hard it would be to program.... or find dll plugins for my C# code... also again, with the mention of devices using python compiler, is there way i can use my vb.c#? so far i am able to compile for arduino with the vb...not sure if i understand what software is needed for uploading... or the different compiler langs involved. if there are any of these we feel we would have success cracking, please elaborate, I am interested in attempting any of them if I could have a hand in walk through! PI will run win 10 because it was designed for all things MS, like there phones. You get a kind of cut down version for phones and PI, personally I prefer Linux on the PI as its quicker and seems faster. Broadcom will give you source code if you sign a NDA, some of there products use a unaltered linux as the base so technically its a bit pointless them not helping as you can get the help from a linux forum. Stay away from win 10 on the PI, I tried it and as soon as I connected to the net it spent an awful lot of its time talking to MS My phone runs an old android (kit kat I think), google has since tightened up android and its a little more invasive. I use the phone for tethering to the internet because where we live you cant get decent internet, we told the shop what we wanted and they said go with 3 network as they do the one plan. The one plan gives you unlimited data even on tethering, but 3 changed there mind eventually and decided to limit tethering to 4GB. They have stopped doing the one plan now and our plan ran out a year ago, but I am still on it! The reason being is KIT KAT dosnt report to the phone company if I am tethered or not, so I can use as much data as I like, others with newer Android get a message on the browser from 3 saying you have reached your limit. The other point is 3 kept bugging us to swap call plans so I didnt get unlimited data, but the webpage on your account says you keep the plan until you decide to switch. They sent message after message saying they were going to switch my plan in 60 days and to contact them, we ignored them totally so I guess they cant switch you without contact . We still pay the same amount and it wasnt cheap, but they shouldnt offer eat all you like data then say its over used Last edited: #### Dr_Doggy ##### Well-Known Member lol, yup my buddy had a similar problem when unlimited internet first came out (lanline), they would threaten to cut him off all the time since he was consuming a huge 6gb/month. Plan B, because this is probably more feasible for me: I should elaborate about my purpose for the pi, and it goes back to those zigbee devices, so far my attempts have been utter fail, since every protocol is unique, nothing wants to pair, My goal is to get these sensors to connect to a zigbee host from there I would transmit it via lan from a internal web page, although i do have a pc running all the time and could run it all from here but i think i want a separate low power device to work independently... which leads me to the arduino and shields, atmega+lan shield + zigbee shield... then program.... (np?) but since im looking at arduino i worry if it is big enough to handle all the traffics, which is what makes me think of PI, my buddy told me he loves it as a low power cloud device...has most peripherals already and lots of plugins, hopefully lots of source code too...than all I need is zigbee shield to plugin and figure out, not really interested in letting it talk with Microsoft, but have little understanding about Linux coding and formats, or python and how it builds things, I like the vb...and in circuit debug! Plus I have the feeling I will brick PI in the first 5 min, is it easy to re-up bootloader? so what do you guys think is best for me arduino or pi? Plan A: I would still really like to reprogram this blue bolt device, since it has all the capability built in, but I have just opened it up and found the core chip : mcf52259cag80 -----http://www.nxp.com/files/32bit/doc/data_sheet/MCF52259.pdf But I have never heard of a ColdFire Microcontroller before how do i tell what lang/uploader/coder to use for it, or how to access its advanced features such as :2.11 Fast Ethernet Timing Specifications, or for that matter any of the pins, a quick search shows its freescale device, but wiki says : (by means of translation software available from the vendor) and not entirely object code compatible -- does that mean out of luck, no scripts and bit-bangs all the way even if i do get access? Last edited: #### Dr_Doggy ##### Well-Known Member Also as a side question , lol, also to describe where i am in all this stuff: if i am using .h files is that c++? and if i use dll that is c#? and both these are just the common language to which compiler builds to asm, then to hex, which changes throughout devices due to linkers? #### large_ghostman ##### Well-Known Member Most Helpful Member Go PI with Raspbian linux and use python, you can easily connect arduino stuff to the the Pi if needed. ONE BIG TIP lock the PI down!! It has more back doors than a house of disrepute (second info not experience of said house). Win 10 is a resource hog and even if you really need a win program then use wine on the linux. Look arounf the PI sites they are full of code and small distro linux is mature enough to have a lot of software freely available #### Tony Stewart ##### Well-Known Member Most Helpful Member I would follow the path of least resistance and use what already works, rather than struggle with re-inventing the wheel. Contact the experts through any of their forums which they posted in your video and start with the right tools. They are not expensive, but your time is. Start by explaining your goal to interface with your smart fridge and modify the temperature scale code from C to F. State what you understand with limited experience on linux, languages, compilers and scripts but what you are willing to learn and what tools you have so far. Then see if there is a suggest path for solution. Their site http://dc22.gtvhacker.com/ on your video ;] redirects to https://www.exploitee.rs/ which has a list of various hardware explored by the group. but maybe not including your NXP device who specialize in H/W, OS (MXQ) and home automation interface boards. Make sure your host has enough RAM to to run a decent Linux OS and FLash RAM e.g. my MXQ box for <$50 had 1GB/7GB ram/flash with GPU for video but no binary switched outputs.
HOME AUTOMATION

Belkin Wemo

Greenwave Reality Bulbs

Staples Connect Hub

Wink Hub

HOME AUTOMATION

Belkin Wemo

Greenwave Reality Bulbs

Staples Connect Hub

Wink Hub

Last edited:

#### Dr_Doggy

##### Well-Known Member
I have a wemo, it works very well, but i hear wifi drains power like no tomorrow,
The zigbee devices I have now are very nice due to unique interfaces with entire home.
cant justify a budget purchasing a whole new system.. existing system requires to pay per month for receiver device...also expensive

was hoping there was little resistance in re-coding, but now it seems as if there is not, It may be down to just running some Lan Cable around the house and forgetting about the wireless,

still I think it may be a good idea for me to try to rip in to a linux device, and get to know the simpler things before going in head deep...
thanks for the advices....bbs with more ?'s!

#### large_ghostman

##### Well-Known Member
I have a wemo, it works very well, but i hear wifi drains power like no tomorrow,
The zigbee devices I have now are very nice due to unique interfaces with entire home.
cant justify a budget purchasing a whole new system.. existing system requires to pay per month for receiver device...also expensive

was hoping there was little resistance in re-coding, but now it seems as if there is not, It may be down to just running some Lan Cable around the house and forgetting about the wireless,

still I think it may be a good idea for me to try to rip in to a linux device, and get to know the simpler things before going in head deep...
thanks for the advices....bbs with more ?'s!
The beauty of the PI is no cables if you dont want. The 4 usb ports can habdle wifi and/or bluetooth so you could connect wirelessly to your router and get clever with a web page OR simply use something like VNC to connect directly to the pi screen, I have founf little I cant connect to the pi that you cant connect to a full blown pc, dont compile packages on the pi as it takes ages, compile on another machine and then run on the pu.
Latest tweak for me is to get rid of the SD card based OS, there is a load of info about using a real HDD instead of the sd card, but I am looking into changing that over to a fram board if I can get enough fram cheaply, or i will got the laptop HDD route.

Basically any system like zigbee or whatever can be mixed and match via the pi, add in a arduino or pic for extra I/O (use spi or I2C for connection) and you have a powerful system running at a couple of W.
I went the RJ45 cable route then got a cheap £3 wifi dongle thats tiny and use that with the PI, I am lazy so use team viewer so I can log straight into the pi screen or my laptop etc from main pc, no wires needed.