WEBVTT
00:02.090 --> 00:04.410
Welcome to CuVoodoo,
00:04.410 --> 00:06.750
the sorcery of copper.
00:08.960 --> 00:11.630
In this episode I'll talk about this board,
00:11.630 --> 00:12.940
the (os)motoserial.
00:13.230 --> 00:14.620
What does it do?
00:15.580 --> 00:16.720
Very simple.
00:17.470 --> 00:19.080
Plug it in.
00:20.970 --> 00:22.240
Start osmocon.
00:24.060 --> 00:28.700
And voila! It allows you to remotely flash a motorola phone.
00:29.390 --> 00:31.150
Let's set the context first.
00:31.400 --> 00:34.920
Maybe you already have heard of the osmocom project.
00:35.260 --> 00:38.830
osmocom stands for Open Source MObile COMmunication.
00:39.290 --> 00:43.310
And this is actually an umbrella project,
for a lot of smaller projects
00:43.310 --> 00:47.710
which cover different aspects of mobile telecommunication.
00:49.870 --> 00:53.390
The particularity is that it's open source,
00:53.390 --> 01:00.910
and this idea is to be able to build a complete GSM infrastructure just based on open source software.
01:01.660 --> 01:05.720
The number of projects is quite important as you can see here.
01:05.720 --> 01:07.020
http://git.osmocom.org/
01:07.080 --> 01:08.060
But one of them,
01:10.430 --> 01:12.490
osmocomBB
01:12.860 --> 01:16.250
is specially made for the mobile handset.
01:16.350 --> 01:18.800
BB stands for baseband.
01:18.800 --> 01:25.600
The baseband is the small chip, the modem, which is responsible to talk to the base station.
01:26.200 --> 01:28.760
It handles the radio link,
01:28.760 --> 01:32.220
and it does all the protocols on top of the radio link.
01:34.270 --> 01:37.870
What they made is, they implemented an open source baseband.
01:38.650 --> 01:45.420
And it's possible to flash it on one of these old phones: the motorola C123,
01:45.420 --> 01:48.400
or C121, or C118.
01:48.510 --> 01:50.040
It works on several phones.
01:50.270 --> 01:54.090
It's a very old phone, and it's the one you've seen just before.
01:54.380 --> 02:00.380
And what I did is just flash this open source baseband on this phone.
02:00.380 --> 02:03.000
This is what I've shown in the beginning.
02:03.610 --> 02:10.590
Now, this is not ready to be used every day and to replace your normal phone.
02:10.590 --> 02:13.580
First, it's a very old phone.
It's not a smart phone at all.
02:13.720 --> 02:16.940
And second, it's more intended to researchers,
02:16.940 --> 02:21.530
to find out how this whole infrastructure works, and to play with it.
02:21.950 --> 02:24.480
And this is what I do actually with these phones.
02:25.260 --> 02:28.620
To install it you first need on of these old phones.
02:28.620 --> 02:36.190
Just go on eBay and look for a Motorola C123, C121, or C118.
02:36.240 --> 02:40.910
They all have the same board inside: the compal E88.
So it does not matter which one you take.
02:41.280 --> 02:44.010
You can find it for 20€ on eBay.
02:44.010 --> 02:49.840
But be aware, most of them are designed to work on European GSM frequency bands,
02:49.840 --> 02:52.000
not on US GSM frequency bands.
02:52.160 --> 02:55.040
But once you have on of these phones,
02:55.230 --> 03:00.140
you also need a serial cable, to be able to flash the firmware on the phone.
03:00.200 --> 03:02.430
The cheapest one is this one.
03:03.080 --> 03:05.920
You can also find it on eBay or anywhere else.
03:05.920 --> 03:12.410
Just look for a CA-42.
03:12.560 --> 03:16.750
It used to be a Nokia adapter cable.
03:17.120 --> 03:22.650
So this includes a USB to UART convert, which is inside there.
03:22.860 --> 03:27.760
On the other side you will cut the connector and replace it with a
03:27.760 --> 03:32.220
2.5mm stereo jack like this one.
03:32.410 --> 03:38.400
So you can plug the USB to serial to the computer,
03:40.120 --> 03:45.900
and then the 2.5mm jack in the earphone actually.
03:45.900 --> 03:50.140
How to wire the connection, you can find it on the osmocom wiki.
03:51.740 --> 03:54.910
Once you have the hardware, you need the software.
03:54.910 --> 03:57.880
So first we need libosmocore.
03:57.880 --> 04:02.800
You just need to download, compile, and install libosmocore.
04:02.800 --> 04:07.020
Then you need an ARM cross-compiler.
And this is probably the hardest task.
04:07.020 --> 04:12.880
There are some guidelines on the osmocomBB wiki.
04:12.880 --> 04:17.950
But once this is done, just download osmocomBB and compile it.
04:18.220 --> 04:20.000
Then we can start flashing the phone.
04:20.430 --> 04:23.100
So how it works is that you call osmocon.
04:23.100 --> 04:25.870
osmocon is the software which will flash the phone.
04:25.870 --> 04:27.930
You tell which device to use.
04:27.930 --> 04:30.520
So this is our USB to serial converter.
04:30.520 --> 04:34.760
We will flash this C123 board, which is the same.
04:34.760 --> 04:38.970
And then we say which firmware we want to flash.
04:38.970 --> 04:42.010
In this case we will just use the hello world example.
04:42.540 --> 04:44.570
You plug is it. And how it works is:
04:44.570 --> 04:47.100
remove the battery;
put the battery in;
04:47.240 --> 04:50.960
and press the power on button;
and then it starts to flash.
04:51.360 --> 04:55.720
And as we can see, the hello world firmware has been flashed.
04:55.720 --> 05:00.190
So we have successfully flashed our own baseband.
05:00.540 --> 05:03.210
Sometimes the flashing just fails.
05:03.210 --> 05:05.210
Let my try to provoke it.
05:10.460 --> 05:13.720
Here. Here you can see "fmtool error".
05:14.810 --> 05:17.230
This means that the flashing failed.
05:17.360 --> 05:19.870
In some cases you will see it very often.
05:19.870 --> 05:23.130
It's unclear what triggers it.
05:23.130 --> 05:27.610
It could be because of the OS you are using.
05:27.610 --> 05:30.360
It could be because of the adapter you are using.
05:30.410 --> 05:34.460
It could be because of the USB hardware, or the USB stack.
05:34.570 --> 05:40.680
It could just be because of the weather, or because you cursed in the wrong language.
05:40.700 --> 05:42.350
It really depends.
05:42.350 --> 05:47.950
But I often find these USB to serial converter quite unreliable.
05:48.490 --> 05:52.990
The cheaper ones use the Prolific PL2303 chip.
05:52.990 --> 05:57.870
They are very very cheap, but they are not as good as other ones.
05:57.870 --> 06:02.510
The best ones are the FTDI USB to serial converter,
06:02.510 --> 06:05.900
which usually is a FT232 chip.
06:06.280 --> 06:07.500
But they are expensive.
06:07.500 --> 06:09.500
In between you have these ones.
06:09.500 --> 06:14.000
These are quite inexpensive nowadays, and they use
06:14.000 --> 06:19.440
the Silabs CP2102 or 2104 chip.
06:20.080 --> 06:24.430
They are very inexpensive.
06:24.430 --> 06:29.080
And then instead you just connect to 2.5mm to it.
06:29.080 --> 06:35.400
So you can see it, ... just plug it again, ... this way.
06:38.330 --> 06:40.060
Start osmocon again.
06:40.920 --> 06:45.100
And then, remove the battery, put the battery in, and press the button.
06:45.280 --> 06:51.100
And this is how you flash your own baseband on these old phones.
06:52.090 --> 06:54.670
But as you can see, it's quite tiresome.
06:54.670 --> 06:56.890
You need to be physically there.
06:56.890 --> 07:02.090
Whenever there is a problem you need to remove the battery,
put the battery, and press on the button.
07:02.120 --> 07:07.690
And this implementation is not a complete finished product.
07:07.690 --> 07:10.270
So it may happen that the software hangs.
07:10.270 --> 07:15.370
So a some point you will need to remove the battery, put the battery, press on the button again.
07:15.450 --> 07:22.760
And my idea was to use these phones to monitor far a long time the GSM networks.
07:22.760 --> 07:26.560
So if I do it for a long time, I will be sure that they get stuck.
07:26.560 --> 07:31.950
And I don't to every hour go there and check if it works,
07:31.950 --> 07:33.500
and if they are still running.
07:33.500 --> 07:41.080
And then if they are not running, remove the battery, put the battery, press on the button, and hope it works with this serial adapter cable.
07:41.450 --> 07:44.490
And this is why I came with this board.
07:44.490 --> 07:49.950
So I don't have to remove the battery, put the battery, and press on the button again.
07:51.000 --> 07:53.390
It uses several tricks actually.
07:54.430 --> 07:58.490
This first one, ...
let me get the connector ...
08:03.280 --> 08:05.340
so this is the charger for the phone.
08:05.340 --> 08:10.670
The first trick is that you remove the battery, put the battery in,
08:11.200 --> 08:13.360
and then instead of pressing the button,
08:13.400 --> 08:17.850
it also works if you simply put the charger inside.
08:18.460 --> 08:20.670
You see the trick now?
08:20.670 --> 08:25.500
The idea is that you have to remove the contact from the battery, the connection to the battery,
08:25.500 --> 08:30.830
and remove the connection from the power.
08:31.770 --> 08:36.520
Put the connection again to some power source in the battery compartment.
08:36.760 --> 08:40.760
And put some power again in the charger compartment.
08:40.940 --> 08:43.360
And this is possible to do with electronics.
08:43.360 --> 08:47.740
You just use some kind of transistor to remove the connection between the battery,
08:47.800 --> 08:50.620
and the connector, and you do the same for the charger.
08:51.770 --> 08:55.130
And then you just have to control these two transistors,
08:55.130 --> 08:56.800
which remove the connections,
08:56.800 --> 08:59.020
and this you can reflash.
08:59.020 --> 09:02.410
So power off and power on the phone again in this sequence,
09:02.410 --> 09:05.050
so you can flash the phone itself.
09:06.440 --> 09:09.390
And that's almost all this board does.
09:12.400 --> 09:16.960
When I solder one of these boards, I will explain the design behind it,
09:16.960 --> 09:20.240
and the decisions I had to make while designing this board.
09:24.300 --> 09:27.230
The bill of material is quite short.
09:27.230 --> 09:29.230
Everything fits in here.
09:29.230 --> 09:31.560
So you need eight components,
09:33.950 --> 09:35.800
a USB to UART converter,
09:35.800 --> 09:39.790
which you can get from eBay or alibaba,
09:39.790 --> 09:42.280
that's where I got it, using AliExpress,
09:42.280 --> 09:46.760
and one board obviously.
09:46.760 --> 09:51.820
And it's a single board design. So you don't need any external board. This is the single board you will have.
09:51.820 --> 09:55.680
I had it prototype it by iTeads studio,
09:55.680 --> 09:58.440
but any cheap prototyping service would be enough.
09:58.440 --> 10:00.440
It's a very simple board.
10:00.570 --> 10:03.370
As you can see you only have traces on one side.
10:03.370 --> 10:05.930
It's a single layer board.
10:05.930 --> 10:08.700
On the other side you just have the silkscreen,
10:08.700 --> 10:13.390
which will tell you where to connect which component and where to place which components.
10:13.390 --> 10:15.290
But this is the most important one,
10:15.290 --> 10:18.380
where you will solder all the components,
10:18.380 --> 10:19.710
and you have all the traces.
10:19.710 --> 10:22.960
And here we can see the battery connections.
10:27.790 --> 10:29.470
This is the battery.
10:29.950 --> 10:34.510
And it's pretty much the same.
10:34.510 --> 10:35.920
So it's the same dimensions.
10:35.920 --> 10:39.290
It also has the knob on this side,
10:39.290 --> 10:41.530
and the two knobs on this side,
10:41.530 --> 10:46.880
so you can slide it in this way.
10:46.880 --> 10:48.540
And then you can ...
10:49.000 --> 10:52.030
slide it in this way because there are two holes in here.
10:54.240 --> 10:55.820
You can here the click.
10:55.930 --> 10:59.160
Now it's pretty stable and can't be removed.
10:59.180 --> 11:03.470
And if you want to remove it, like the battery you press here, and you lift the board.
11:04.640 --> 11:11.000
It's not very easy to remove but the idea is to have it fit inside and to never remove it,
11:11.000 --> 11:17.290
because it should always work, and it's thought for long time measurements.
11:18.280 --> 11:21.260
It's still possible to remove it.
11:21.980 --> 11:26.250
It's single sided and it only uses through hole components.
11:26.250 --> 11:31.160
This idea is that everyone would be able to make this board.
11:31.640 --> 11:37.000
I had mine built at a prototyping PCB service,
11:37.180 --> 11:39.130
but you can build it at home,
11:39.290 --> 11:43.130
because the board is quite small,
11:43.130 --> 11:44.960
the trace are only on one side,
11:44.960 --> 11:48.300
so you don't have the hassle of having two layers.
11:48.300 --> 11:51.690
You don't have to plate the holes.
11:51.760 --> 11:53.210
You can do everything at home.
11:53.210 --> 11:55.050
And it's all through hole components.
11:55.050 --> 12:01.120
So even if you are new to soldering, it's pretty easy to solder.
It doesn't have any surface mount components.
12:01.120 --> 12:04.800
And you have all the marking on the front to help you place the components.
12:05.180 --> 12:06.540
So we'll start.
12:06.540 --> 12:10.590
And while I do this I'll explain the design.
12:11.160 --> 12:14.240
First we will solder all the resistors here.
12:14.460 --> 12:16.440
Most of them are ...
12:16.440 --> 12:19.240
There's is one resistor which is used ...
12:19.240 --> 12:21.240
Let me get the resistors.
12:29.240 --> 12:31.550
If you would at the schematic.
12:31.550 --> 12:33.550
Here is the schematic.
12:33.980 --> 12:37.200
One resistor is used as pull-up.
12:37.200 --> 12:41.070
So this is a pull-up for the first transistor.
12:41.070 --> 12:45.360
All the other resistors are used to limit the current.
12:45.360 --> 12:48.490
We have two resistors in front of the nMOSs.
12:48.490 --> 12:50.970
This is to prevent the ring back,
12:50.970 --> 12:53.500
whenever we switch very fast.
12:53.560 --> 12:55.260
It's just a security.
12:55.260 --> 12:59.290
Generally it's not really required, but it improves the quality.
13:00.280 --> 13:03.000
Particularly because it's a power transistor.
13:03.130 --> 13:06.520
And then we have two resistors here.
13:07.000 --> 13:10.010
This is to protect the input/output of the serial port.
13:10.010 --> 13:15.900
So this is the phone side, where we will plug the UART 2.5mm jack in the phone.
13:15.900 --> 13:20.970
And this is the side which will go to the USB to UART converter.
13:21.150 --> 13:24.300
And just to protect these inputs/outputs from the phone,
13:24.320 --> 13:27.200
or the other way around,
we have current limiting resistors.
13:27.200 --> 13:30.720
But also because whenever I switch the power off,
13:30.720 --> 13:36.010
sometimes the phone will try to get all the power from TX or RX,
13:37.130 --> 13:40.190
and will no completely shut down.
13:40.200 --> 13:45.880
So the next time I will want to flash it, it won' t be completely shut down and it will restart the bootloader.
13:45.900 --> 13:48.540
This is also why I put these current limiting resistors,
13:48.540 --> 13:54.200
so I'm sure that it doesn't drain any power from these ones and will shut down the right way.
13:57.370 --> 14:04.760
We have one 10kΩ resistor,
14:04.760 --> 14:06.760
which does on top,
14:11.480 --> 14:13.050
which is R2.
14:14.670 --> 14:18.000
How to find out where which component goes is pretty easy.
14:18.000 --> 14:21.660
On the bill of material you have the reference designator column.
14:23.310 --> 14:24.640
You see it right here.
14:24.640 --> 14:27.630
This will identify the components,
14:27.630 --> 14:30.380
using some kind of reference.
14:30.380 --> 14:32.190
So here we have R2.
14:32.190 --> 14:38.570
R2 as you can see is a resistor, and it's 10kΩ.
14:38.760 --> 14:45.050
There is some kind of description and I propose one of the products and where you can buy it.
14:45.340 --> 14:47.050
And on the silk screen, ...
14:47.050 --> 14:48.970
On the board you have silk screen.
14:48.970 --> 14:51.740
On the right side you will see R2.
14:51.900 --> 14:57.310
So you know which component, which it described by the reference designator R2 here,
14:57.310 --> 14:58.990
goes where on the board.
14:58.990 --> 15:01.760
Here we have this resistor.
15:02.320 --> 15:07.900
And then we have four 1kΩ resistors.
15:15.870 --> 15:17.280
Just bend the leads.
15:18.704 --> 15:19.792
Put it inside.
16:04.200 --> 16:08.250
Then we bend the leads on the other side on the outward, so they are stable.
16:10.110 --> 16:13.150
And you can either solder it directly,
16:14.220 --> 16:17.240
or you can cut the leads first.
16:17.500 --> 16:20.120
I do cut the leads first, so the next time ...
16:21.130 --> 16:25.120
so it doesn't stress the solder joint whenever I cut it.
16:25.120 --> 16:27.580
If I would first solder it and then cut it,
16:27.580 --> 16:31.200
when you cut the lead you have some force which could stress the solder joint.
16:31.200 --> 16:33.240
That's why I cut them first.
16:33.440 --> 16:41.840
Also I use a pair of side-cutting pliers.
16:41.840 --> 16:48.240
When you use the side-cutting pliers the stress goes mainly upwards, and not on this side.
16:49.760 --> 16:51.230
Whenever you cut the leads,
16:53.920 --> 16:55.630
catch them before they fly.
16:55.630 --> 16:59.390
Because if you don't hold them, they will fly all over the place,
16:59.390 --> 17:03.560
and they could go somewhere you don't want, like in your eyes.
17:03.900 --> 17:06.480
So catch the leads before they fly.
17:07.130 --> 17:12.700
And also wear protective glasses. Just to be sure, whenever something happens.
17:16.880 --> 17:18.380
I have a second pair here.
17:18.730 --> 17:21.920
You can use one of these glasses.
17:21.920 --> 17:23.920
Just for your safety.
17:23.920 --> 17:26.920
So now we have all the leads there.
17:26.920 --> 17:29.130
I will use my soldering iron.
17:29.550 --> 17:32.220
I will use some solder wire.
17:32.220 --> 17:34.220
And we can start.
18:12.490 --> 18:14.220
The leads are still a bit long.
18:14.220 --> 18:17.520
Now a least the resistors are in place.
18:17.920 --> 18:22.220
Let's cut the leads a bit further so they don't go too far in the battery compartment.
18:35.770 --> 18:38.920
The next components are the connectors themselves.
18:40.170 --> 18:41.320
Just use ...
18:41.370 --> 18:47.040
You can buy rows of 90° bent headers.
18:47.040 --> 18:51.240
These are just 0.1 inch headers.
18:51.290 --> 18:52.540
They are very standard.
18:52.840 --> 18:56.990
There are two time five pins.
19:06.768 --> 19:08.704
Perfect. Actually it's 2x5.
19:13.920 --> 19:16.040
The idea is that you have the connectors.
19:16.090 --> 19:19.050
On one side you will have ...
19:24.320 --> 19:28.200
On one side you will have a connection to the USB to serial converter,
19:28.480 --> 19:32.600
using the cable which is generally provided with the USB to serial converter.
19:33.080 --> 19:34.300
On the other side
19:37.760 --> 19:39.290
you will have the connections ...
19:39.290 --> 19:41.850
And this is what is written here: PC UART.
19:41.930 --> 19:43.500
Because it will be the UART ...
19:45.660 --> 19:50.350
PC UART. It's the UART ....
19:50.400 --> 19:51.480
PC UART.
19:51.630 --> 19:54.970
It the USB to UART converter coming from the PC.
19:55.080 --> 19:58.040
On the other side you have charge (CHG).
19:58.040 --> 20:00.040
These are the two first pins.
20:00.040 --> 20:03.640
And then you have PHONE UART.
20:04.570 --> 20:05.800
Just UART.
20:06.090 --> 20:09.400
And every time you will see underneath
20:09.870 --> 20:11.790
what the connections really are.
20:11.790 --> 20:13.790
Where you have to connect the pins.
20:15.040 --> 20:17.950
This is the description what you connect to.
20:18.000 --> 20:20.380
On the charger you just need +/-.
20:20.380 --> 20:21.630
And then on the serial,
20:21.630 --> 20:24.010
which is a 2.5mm stereo jack,
20:24.010 --> 20:27.310
you need TX, RX, and the ground.
20:28.560 --> 20:35.180
The connections on the PC UART are the same than described here.
20:36.670 --> 20:42.410
Here you have 5V, TX, RX, and DTR.
20:46.560 --> 20:48.040
Let's solder these on.
20:48.040 --> 20:52.190
I made a mistake in this design.
But you only see it in the end.
20:52.460 --> 21:00.330
When you put the header on, you don't see the names, which are under it, anymore.
21:00.990 --> 21:04.040
As we can see here, we don't see the names anymore.
21:04.270 --> 21:06.910
That's an error I know. I'll correct it.
21:06.910 --> 21:12.240
But you can always print the silkscreen by yourself,
21:12.240 --> 21:16.640
and here you still see the names so you know where you have to connect the pins.
21:18.110 --> 21:19.630
Let's add the two of them.
21:19.850 --> 21:23.020
What I do is, I always start with the flattest package,
21:23.870 --> 21:26.280
and then I solder them.
21:26.280 --> 21:27.320
I go to the next one.
21:27.320 --> 21:33.100
So whenever I put the components inside
21:34.990 --> 21:37.900
I can flip the board and have it stuck.
21:39.310 --> 21:41.160
Not always.
21:41.760 --> 21:43.210
Normally it should work.
21:53.710 --> 21:56.810
This way I can put the components in and I can solder them.
21:56.810 --> 21:58.430
And I can flush them ...
21:58.910 --> 22:02.040
I can press it on the table itself.
22:02.190 --> 22:03.530
And it's high enough.
22:03.760 --> 22:05.600
Let's solder then pins.
22:38.240 --> 22:40.840
Normally I have some fume extractor,
22:40.840 --> 22:42.840
to remove the flux fumes.
22:43.560 --> 22:48.010
But here because I don't want it to be too loud in the microphone I just don't use it.
22:48.010 --> 22:51.950
Then what I do is, when I solder and the fumes are coming up, I am just blowing on it.
22:51.950 --> 22:54.730
So I remove it, and don't inhale it.
22:55.470 --> 23:01.180
I also have some lighting, but then the contrast would be just bad on the video.
23:03.790 --> 23:06.970
Now we have the two connections. That's done well.
23:07.080 --> 23:12.030
Next component is the next flattest one, it's this transistor.
23:12.540 --> 23:14.350
This is a power transistor.
23:15.070 --> 23:18.300
What it does is, it cuts ground.
23:18.560 --> 23:22.650
It's an nMOS transistor, a n-channel MOSFET transistor.
23:22.990 --> 23:27.760
And what it does is, it cuts ground to the board.
23:27.760 --> 23:29.800
It cuts two ground connections:
23:29.800 --> 23:33.880
the minus from the charger port.
23:34.090 --> 23:35.870
and the ground from the UART.
23:36.080 --> 23:40.330
Because if you only cut the ground from the charger,
23:40.520 --> 23:44.800
what happens is that the 5V will go through the + pole of the charger
23:44.800 --> 23:47.690
and come back through the UART's ground.
23:47.840 --> 23:50.570
That's why you have to cut these two grounds.
23:52.000 --> 23:55.550
Else you could use pMOSs, but pMOSs are
23:56.960 --> 23:59.980
just a bit more expensive, a bit more bulky,
24:00.250 --> 24:02.330
and a bit harder to control.
24:03.160 --> 24:04.780
So what I do is ...
24:05.000 --> 24:07.980
You just put it in and then ...
24:14.330 --> 24:15.600
You can also use tape.
24:16.880 --> 24:19.800
And I will probably use it at the end if it continues this way.
24:19.880 --> 24:22.830
You can also use tape to hold it on.
24:22.830 --> 24:29.720
I don't put anything to ... behind this metallic tab
24:29.720 --> 24:33.720
to remove the heat, because there is not a lot of heat when powering.
24:37.980 --> 24:39.070
Let's soldered it.
24:46.910 --> 24:48.910
The leads are a bit short, but
24:52.540 --> 24:53.550
it should be fine.
25:00.800 --> 25:02.880
This should hold quite well.
25:03.210 --> 25:06.060
The next component is this diode here,
25:06.060 --> 25:10.170
which you see in the schematic.
25:11.580 --> 25:13.550
In the schematic it's this diode.
25:13.610 --> 25:15.560
It does two things actually.
25:16.540 --> 25:21.370
This did will provide power from the +5V to the battery port.
25:21.550 --> 25:23.920
This battery port which is here.
25:24.280 --> 25:26.110
You can see it.
25:26.110 --> 25:27.880
The battery port which is here.
25:27.880 --> 25:37.160
I use I diode because on the battery port you generally expect 3.7V to 4.2V,
25:37.160 --> 25:39.160
because it's a lithium-ion battery.
25:40.120 --> 25:43.260
Here we use the 5V from the UART,
25:43.710 --> 25:45.690
the USB to UART converter.
25:45.690 --> 25:47.770
And using this diode we will,
25:47.820 --> 25:51.560
because of the voltage drop out of the diode,
25:51.560 --> 25:55.310
we will have around 0.6V drop.
25:55.470 --> 26:00.720
So it will be only 4.4V on the battery connections, around there.
26:00.720 --> 26:04.430
Actually even if it's 5V it's not really important.
26:04.430 --> 26:07.360
The voltage regulator on the phone will still work,
26:07.360 --> 26:12.490
but at least we have it closer to the battery voltage level than to the 5V. So it's better.
26:12.590 --> 26:20.030
The second reason is that, whenever you connect to charger, it will try to charge the battery itself.
26:20.030 --> 26:25.210
So normally current should go in the battery to charge the battery.
26:25.310 --> 26:27.760
And this is why this diode is very important.
26:27.760 --> 26:34.040
So we don't have any current from the charging circuit of the phone going back to the 5V.
26:34.460 --> 26:39.630
That would create a mess. So this is the protection, and why the diode is there.
26:40.190 --> 26:43.420
You can use any normal diode.
26:43.420 --> 26:44.810
Let's take the diode.
26:47.720 --> 26:49.100
Where is my side cutter?
26:56.680 --> 26:59.200
Here we have the + and - indication.
26:59.200 --> 27:06.080
On the diode, generally this where it should be connected to +. This side.
27:06.520 --> 27:09.080
On the other side you have a white marking.
27:09.150 --> 27:11.340
This should be where the minus is connected.
27:12.750 --> 27:13.320
Here.
27:13.480 --> 27:17.480
So this should be the +, connected to the +. And this should be connected to the -.
27:17.600 --> 27:19.760
You can see the marking here,
27:20.200 --> 27:26.030
which corresponds to this side.
27:27.600 --> 27:28.840
So this is the marking.
27:29.480 --> 27:33.720
But just to be sure, always look in the data sheet.
27:36.400 --> 27:37.888
Let's put the component in.
27:51.760 --> 27:53.136
Bend the leads.
27:54.496 --> 27:55.904
Remove the leads.
28:04.352 --> 28:05.664
And solder them.
28:20.928 --> 28:22.608
Put it back.
28:22.600 --> 28:30.688
Next we have this transistor: Q2.
28:34.736 --> 28:39.600
This transistor, in the schematic, this is Q2.
28:40.000 --> 28:46.176
What it allows you is ... reverse ... it's actually used as an inverter.
28:46.592 --> 28:52.320
The DTR signal coming for the USB to UART adapter is high when no ...
28:52.320 --> 28:54.320
when the serial port is not opened.
28:54.720 --> 29:00.400
And when the serial port is opened DTR (Data Transmit Ready) will be low.
29:01.456 --> 29:06.912
Because nMOS let the current through when the signal is high,
29:07.120 --> 29:08.608
we want the inverse from DTR.
29:08.600 --> 29:12.304
We want when the connection is open, when the serial port is open
29:12.300 --> 29:13.472
DTR will be low
29:13.470 --> 29:17.968
but we want the line to this power nMOS to be high.
29:17.960 --> 29:21.072
So what we use is simply another transistor
29:21.536 --> 29:30.592
which will invert the voltage level going through Q1,
29:30.592 --> 29:32.590
which is the power transistor.
29:32.960 --> 29:35.584
And it simply does that by ...
29:35.744 --> 29:38.400
per default there are 5V.
29:39.120 --> 29:41.216
How does this work?
29:41.210 --> 29:45.984
It will simply not connect the 5V which are coming here to ground.
29:45.984 --> 29:47.980
So there will be 5V in there.
29:48.304 --> 29:51.680
Because this gate will be closed when this goes low.
29:51.680 --> 29:55.824
So if this closed, this point which is at 5V,
29:55.824 --> 29:57.820
is not connected to ground anymore.
29:57.820 --> 30:01.120
So this connection will be at 5V.
30:03.664 --> 30:05.504
How to place it is also quite easy,
30:05.500 --> 30:08.528
you have a flat side on the silkscreen on the board here.
30:08.800 --> 30:13.184
This is where the flat side of the transistor goes.
30:13.296 --> 30:16.496
Be aware that transistor generally ...
30:16.528 --> 30:17.936
The hole is blocked.
30:22.624 --> 30:28.640
Remove this out. Sloppy! But it's not easily with a camera to solder properly.
30:55.456 --> 30:58.096
And then you can bend it down.
30:59.232 --> 31:00.592
Now it's bent.
31:01.216 --> 31:02.816
Let's solder.
31:11.088 --> 31:15.280
If you use another transistor than the one described in the bill of material,
31:15.280 --> 31:23.072
be sure that the source, drain, and gate correspond to the ones I expect.
31:23.070 --> 31:27.504
Because generally transistor don't always use the same pinout.
31:33.664 --> 31:35.984
And then we have three capacitors.
31:35.980 --> 31:38.128
These are huge capacitors.
31:42.048 --> 31:46.112
I use 470μF capacitors.
31:46.432 --> 31:48.288
And why do I use these huge capacitors?
31:48.280 --> 31:52.512
Because on a normal phone you would use a battery.
31:52.720 --> 31:59.984
And the battery is quite important because phones transmit on the radio up to 2W.
31:59.980 --> 32:04.352
And the charger here can not deliver fast enough over 2W,
32:04.350 --> 32:06.944
so the radio transmission can be transmitted at 2W.
32:06.940 --> 32:08.544
That job would be just too big.
32:08.540 --> 32:11.840
This is actually for the phone very important.
32:11.840 --> 32:15.648
It's a giant capacitor and power source,
32:15.640 --> 32:18.400
where it can draw a lot of power within bursts,
32:18.400 --> 32:20.752
whenever the radio is transmitting.
32:21.792 --> 32:23.712
So we still need some kind of battery,
32:23.710 --> 32:27.072
because the power coming from the PC to UART,
32:27.072 --> 32:29.070
USB to UART converter,
32:29.070 --> 32:32.272
won't be enough to sustain these power transmissions.
32:32.750 --> 32:40.016
I've measured it and actually a peak time, but during short bursts, it can consume up to 2A at 5V,
32:40.010 --> 32:41.152
on these pins.
32:41.150 --> 32:43.280
And this is why you use three capacitors.
32:43.600 --> 32:52.192
And I found out that 3x470μF is enough to work for receiving and transmitting.
32:52.190 --> 32:53.968
I did not test all the scenarios.
32:53.960 --> 33:00.448
I didn't pass any certification yet. I will do it a bit later. On the next design.
33:00.448 --> 33:02.440
But now it seems to be ok.
33:02.880 --> 33:12.064
I use electrolytic aluminum capacitors because they are very inexpensive for huge values.
33:12.208 --> 33:16.288
And also they are particularly inexpensive if you use the through hole package.
33:16.280 --> 33:19.344
If you use the SMD version they are a bit more expensive.
33:19.536 --> 33:23.968
And this was one of the reasons why I decided to through hole completely.
33:23.960 --> 33:26.160
Because we needed the pins here.
33:26.160 --> 33:32.544
We needed cheap aluminum electrolytic capacitors.
33:32.540 --> 33:36.192
So why not have the whole board though hole,
33:36.190 --> 33:38.688
so everyone can solder it very easily.
33:38.680 --> 33:41.920
And then we just need one layer with all the connections.
33:42.080 --> 33:45.264
And the routing is simple enough, so you can have it single layer.
33:45.776 --> 33:48.000
You can bend the leads first.
33:48.944 --> 33:50.944
Also look at the polarity.
33:50.940 --> 33:52.800
Here you have the minus.
33:52.800 --> 33:55.488
And then on the plus, generally there is a long lead.
33:55.480 --> 33:59.792
On the board itself you also have the markings + and -.
34:00.464 --> 34:03.408
You can put things in.
34:06.832 --> 34:07.680
1
34:12.032 --> 34:13.216
Other way around.
34:20.032 --> 34:20.992
2
34:27.904 --> 34:28.896
and 3.
34:29.072 --> 34:30.624
And as we can see,
34:30.620 --> 34:35.472
even if the silk screen is crossing the diode,
34:35.552 --> 34:38.320
here the contacts are not touching.
34:38.320 --> 34:41.104
It's just because I used a standard silk screen,
34:41.100 --> 34:44.160
or standard footprint, for these capacitors.
34:44.160 --> 34:46.960
Ant that's why you see the silk screen which are crossing.
34:46.960 --> 34:49.424
Generally is not good design, but
34:49.536 --> 34:50.624
that was easy enough.
34:50.620 --> 34:52.704
And once you know that you have to bend it,
34:52.700 --> 34:54.256
it's good enough.
34:54.250 --> 34:56.048
I bent all of them.
34:56.040 --> 34:58.560
Let's cut the leads off. Let's do it afterwards.
34:59.776 --> 35:01.968
The leads are very thin on these ones.
35:15.776 --> 35:18.176
And since the components are far apart,
35:19.376 --> 35:21.664
they don't block us in our soldering.
35:25.072 --> 35:27.696
Now cut the leads.
35:48.864 --> 35:49.648
And that's it.
35:49.640 --> 35:52.016
As you can see it's pretty easy.
35:52.010 --> 35:52.688
It's done.
35:52.680 --> 35:55.872
There is a last thing which you should do.
35:55.872 --> 35:57.870
Here we have the battery connections.
35:58.272 --> 36:01.264
And we want the battery connections ...
36:01.260 --> 36:02.848
Let me find a phone ...
36:05.120 --> 36:07.824
We want the battery connections to mate on here.
36:07.820 --> 36:11.472
So what I did, just to have better contact,
36:12.032 --> 36:13.792
and to be sure the contact is there,
36:13.790 --> 36:16.928
I put a blob of solder on the two ends.
36:17.584 --> 36:19.328
The + and the -.
36:19.568 --> 36:23.008
This makes it a bit higher in the elevation.
36:26.944 --> 36:29.040
So here we have a blob of solder.
36:29.600 --> 36:32.384
This one is not high enough. Let's make it even higher.
36:33.100 --> 36:38.176
And what I did is, on my phone I also added some blobs on the two contacts.
36:38.320 --> 36:39.552
+ and -.
36:41.408 --> 36:43.056
Now we put the board in.
36:43.056 --> 36:45.050
The capacitors will just fit fine.
36:46.832 --> 36:52.480
We will show that it is connected, because of the raised contacts.
36:53.296 --> 36:55.296
That's it. That's actually done.
36:55.290 --> 37:01.136
The last thing we can do is remove all the flux residue using isopropanol,
37:01.130 --> 37:06.384
or any kind of flux solvent. It depends on the ones you have.
37:15.400 --> 37:24.528
I'm just using isopronal to clean the board, and have it look nice and clean.
37:49.820 --> 37:53.008
this flux shouldn't very aggressive.
37:53.000 --> 37:55.984
That should cause any problems.
37:55.980 --> 37:59.856
But I just remove it for the cosmetic side, because it's cleaner.
38:00.352 --> 38:02.480
In the next step, now that we have a board,
38:02.480 --> 38:04.384
we need to make the cables.
38:04.380 --> 38:05.312
That's the 2nd step.
38:05.310 --> 38:06.768
And then we will test the board.
38:06.768 --> 38:10.240
For the external connections we ween actually three things.
38:10.240 --> 38:12.336
First we have the USB to UART converter,
38:12.330 --> 38:17.152
which comes with a 5-cables connector.
38:17.150 --> 38:20.368
So this is quite good because we need exactly 5 here.
38:20.640 --> 38:23.024
And then we need two other connectors.
38:23.020 --> 38:24.720
We need the charger connector.
38:26.272 --> 38:27.824
This charger connector.
38:28.048 --> 38:31.760
And we need the 2.5mm stereo jack connector.
38:31.760 --> 38:33.760
This one, which we will plug in here.
38:34.992 --> 38:40.688
Actually for the charger connector you could use the charger which comes with it.
38:40.680 --> 38:43.408
It has the right charging connector.
38:43.888 --> 38:47.968
But I also included ... Where is the BOM?
38:50.352 --> 38:56.432
In the bill of material, you will also find a link to this charger connector.
38:56.480 --> 39:03.952
It's a 3.0mm outer diameter, and 1.1mm inner diameter barrel jack connector.
39:04.560 --> 39:08.928
If you want to build you own one and don't destroy the charger.
39:08.920 --> 39:12.032
For the 2.5mm connector you can use, ...
39:12.030 --> 39:14.864
the cable are available a bit everywhere.
39:14.860 --> 39:20.592
But again on the bill of material I included a link to this 2.5mm jack connector,
39:20.592 --> 39:22.590
so you can build your own cable.
39:23.104 --> 39:27.728
To build your own cable, I actually like to use USB cables,
39:27.720 --> 39:29.440
because you have them everywhere.
39:29.440 --> 39:31.440
You just cut pieces of it.
39:31.690 --> 39:34.128
I cut 2 pieces.
39:35.424 --> 39:37.344
For each connector.
39:37.340 --> 39:43.104
And I like to use USB cables because you have four cables and a shield.
39:43.184 --> 39:47.424
That's enough for most of the projects.
39:47.488 --> 39:49.920
And you have USB cables everywhere.
39:49.920 --> 39:53.376
They're pretty cheap and they come with every toy you buy.
39:54.032 --> 39:57.568
With that you need also ...
39:57.560 --> 40:00.592
because we want to connect to these pins here.
40:00.590 --> 40:02.592
To this header.
40:02.656 --> 40:05.296
You also need some crimping headers.
40:05.664 --> 40:08.848
The female connectors for the headers, which you can crimp.
40:08.840 --> 40:11.408
I won't show you how I crimp it on these cables.
40:12.544 --> 40:13.856
It's just too boring.
40:13.850 --> 40:16.176
And if you want to have a nicer look,
40:16.170 --> 40:21.152
you either put heat shrink tube on the headers,
40:21.150 --> 40:26.080
or you use these housing,
40:26.080 --> 40:28.208
which you will put at the end of the cable.
40:29.536 --> 40:31.856
I'll just make the two cables,
40:31.850 --> 40:34.848
and show you the result.
40:35.840 --> 40:37.856
Now we have one phone,
40:38.832 --> 40:40.304
one soldered board,
40:40.864 --> 40:42.656
a USB to UART converted,
40:42.768 --> 40:44.560
the cable belonging to it,
40:44.960 --> 40:46.448
and two cables.
40:46.440 --> 40:47.872
They are ready as you see.
40:47.870 --> 40:52.160
I also cut this kind of rubberish protection.
40:52.592 --> 40:53.920
This part.
40:54.272 --> 40:56.064
The cable bender protector.
40:56.060 --> 41:00.288
So I can bend the cable more, and keep the leads short ...
41:00.288 --> 41:02.280
keep the cable short.
41:02.280 --> 41:05.792
Also what I did is, at the 2.5mm stereo jack,
41:06.000 --> 41:08.512
I've cut the beginning,
41:08.510 --> 41:10.976
so actually it would fit inside.
41:10.970 --> 41:14.096
Else the plastic protection would be in the way.
41:14.752 --> 41:16.448
Now we can connect everything.
41:19.312 --> 41:22.176
We will connect everything to these pin headers,
41:22.170 --> 41:25.408
but since the text is covered by the header themselves,
41:25.440 --> 41:26.480
(my mistake)
41:26.480 --> 41:30.720
we can still use this silk screen,
41:30.720 --> 41:32.720
from the layout export,
41:32.992 --> 41:34.976
which is available in the releases.
41:36.016 --> 41:39.568
Let's start with the UART.
41:39.568 --> 41:41.560
The 2.5mm serial jack.
41:41.560 --> 41:44.752
They are also called TRS connectors,
41:44.750 --> 41:48.912
because of the Tip, the Ring, and the Sleeve.
41:50.976 --> 41:54.528
The tip should be connected to the TX pin.
41:54.520 --> 41:55.792
That's the third one.
41:55.790 --> 42:00.320
The ring, which is in the middle, should be connected to the RX pin,
42:00.384 --> 42:01.632
which is in the middle.
42:01.630 --> 42:05.088
And the ground should be connected to ... The sleeve...
42:05.080 --> 42:08.752
The sleeve here, this part, should be connected to the ground here.
42:09.008 --> 42:11.024
That's pretty simple. Let's do it.
42:15.664 --> 42:17.936
For the ground I used black.
42:21.230 --> 42:27.696
For the sleeve ring I used green. That's TX RX.
42:27.690 --> 42:31.104
And for the tip, TX, I used red.
42:32.656 --> 42:34.352
Put them all in.
42:40.656 --> 42:43.984
The first connection is done. The cable is a bit short.
42:44.208 --> 42:46.896
Next connection it the power cable.
42:46.890 --> 42:49.648
This jack barrel.
42:49.680 --> 42:55.280
3.0mm on the outer diameter, and 1.1mm in the inside.
42:55.280 --> 42:56.416
So it fits.
42:56.496 --> 42:58.880
You can even use the one from the charger if you want.
42:59.920 --> 43:02.944
The first pin in the inside is -.
43:02.940 --> 43:05.824
The pin on the outside is +.
43:06.752 --> 43:11.472
I used red and green ... red and black.
43:12.208 --> 43:14.288
- and +.
43:15.088 --> 43:20.768
Very frequently on these barrel the - is the outer shell and the + is the inner pin.
43:22.768 --> 43:23.664
That's done.
43:23.660 --> 43:26.416
Now we can connect the 5 other ones.
43:26.410 --> 43:28.224
We have to look at the sheet.
43:30.208 --> 43:34.016
And we just follow the marking which are also here.
43:35.072 --> 43:40.288
We GND, DTR, RX, TX, 5V.
43:40.752 --> 43:45.952
I'll just use these connections this ways.
43:54.320 --> 43:56.992
Here GND will be brown.
43:58.048 --> 43:59.776
DTR will be red.
44:00.912 --> 44:02.640
RX will be green.
44:06.496 --> 44:08.624
RX will be orange actually.
44:10.896 --> 44:12.624
TX will be yellow.
44:14.672 --> 44:16.384
Adn 5V will be green.
44:16.380 --> 44:21.136
So we can insert it this way.
44:27.728 --> 44:30.400
So we can insert it this way when we have the flat ribbon.
44:30.640 --> 44:33.296
And on the other side we will do the exact same thing.
44:33.744 --> 44:35.344
Brown in GND.
44:36.864 --> 44:38.144
GND is here.
44:40.848 --> 44:43.184
Red is DTR.
44:43.296 --> 44:44.512
Which is here.
44:46.352 --> 44:49.872
Orange is RX.
44:51.552 --> 44:52.560
Which is here.
44:54.800 --> 44:58.640
Yellow it TX, which is here.
45:00.496 --> 45:02.496
And green is 5V.
45:03.664 --> 45:04.384
Which is here.
45:05.552 --> 45:07.360
Now we are ready to go.
45:07.360 --> 45:09.920
We have all the connections. We can fit it in.
45:13.008 --> 45:14.288
We can fit the earphone.
45:20.128 --> 45:25.600
And we can fit the 5V connection (charger).
45:25.600 --> 45:28.896
As you can see, perfect. It's holding.
45:29.088 --> 45:30.256
Now we soldered it.
45:30.250 --> 45:33.120
The next step it to test it.
45:33.120 --> 45:37.456
And I'll describe all the steps to test the different functions,
45:37.450 --> 45:39.728
to be sure that everything runs well.
45:40.240 --> 45:41.568
Let's see that.
45:42.256 --> 45:45.632
Now we have our phone with the motoserial board
45:45.630 --> 45:48.048
and we want to see if our construction works.
45:48.560 --> 45:50.480
If everything has been done the right way,
45:50.688 --> 45:53.536
you just have to connect the USB to serial converter,
45:53.888 --> 45:55.696
start osmocon,
45:56.096 --> 45:58.304
and then you can see here it starts flashing,
45:58.432 --> 46:03.472
and the phone should be flashed with your own baseband implementation.
46:03.536 --> 46:06.416
So here we see that the board works really well.
46:06.416 --> 46:08.410
What if it doesn't?
46:08.576 --> 46:10.880
Then we will try to debug it.
46:12.360 --> 46:18.336
The osmoserial ... the motoserial board does three things.
46:18.330 --> 46:24.000
It provides a serial connection to the phone to be able to flash the baseband.
46:24.560 --> 46:27.664
It provides a power connection to the charger,
46:27.728 --> 46:29.568
to be able to trigger the flashing.
46:29.560 --> 46:31.552
It triggers the power on of the phone.
46:32.224 --> 46:35.264
The bootloader starts, and the flashing can happen.
46:35.712 --> 46:41.296
And lastly it provides power to the phone using the battery connector.
46:42.256 --> 46:46.000
So these are the three different aspects. And we will test them separately.
46:47.984 --> 46:50.032
First we'll test the serial connection.
46:50.300 --> 46:56.304
Just put the USB to serial adapter in the computer.
46:56.300 --> 47:00.592
Connect the stereo 2.5mm jack in the phone.
47:01.072 --> 47:03.040
Start osmocon.
47:04.256 --> 47:07.168
Put the regular battery in, not the board.
47:08.048 --> 47:11.424
And start the phone. At least the bootloader.
47:11.632 --> 47:14.848
Briefly tap on the power on button. And we can see that it flashes.
47:14.896 --> 47:18.448
So we know that our USB to serial adapter works.
47:18.448 --> 47:20.848
We know that the serial connection works.
47:21.408 --> 47:24.896
If this does not work, it could mean different things.
47:24.990 --> 47:30.384
Try to switch the TX and RX pins on the USB to serial converter.
47:30.380 --> 47:35.280
Because TX stand for transmission, RX for reception.
47:35.280 --> 47:38.480
But it does not tell you who is transmitting and who is receiving.
47:38.752 --> 47:41.120
Is it the computer, or is it the phone itself.
47:41.120 --> 47:44.784
So just try to swap both of them and flash.
47:45.000 --> 47:49.616
And test the USB to serial connection serial connection again.
47:50.304 --> 47:51.680
If this still does not work,
47:52.352 --> 47:58.704
plug the 2.5mm stereo jack directly to the USB to serial converter.
47:58.752 --> 48:00.320
And test if this works.
48:00.736 --> 48:05.968
If this does not work, use the continuity tester of the multimeter to find out if the cable is working,
48:05.960 --> 48:12.672
And if the cable is working, then either the USB to serial converter is broken,
48:12.670 --> 48:19.984
or you have something work with your software, with your computer, or ... I don't know.
48:21.280 --> 48:25.920
The next thing we want to test is the charger.
48:26.320 --> 48:28.896
We just switch off osmocon.
48:29.696 --> 48:32.448
If we plug the charger, the phone shouldn't charge.
48:32.440 --> 48:35.952
Because if osmocon is switched off,
48:36.448 --> 48:38.064
the serial port is closed.
48:38.060 --> 48:42.512
And if the serial port is closed, there is not power going to the charger.
48:43.600 --> 48:45.216
If osmocon is on.
48:45.328 --> 48:47.184
The serial port is open.
48:47.232 --> 48:50.528
And the charger ... to power to the charger is enabled,
48:50.544 --> 48:52.976
So you should see the phone charging.
48:53.504 --> 48:55.184
Now we know that the charger works.
48:55.180 --> 48:59.872
If osmocon is off, then we will see ... there is no charging anymore.
49:00.736 --> 49:02.304
If this does not work,
49:02.672 --> 49:05.984
try to find out if it provides 5V,
49:05.980 --> 49:12.464
try to connect your charging cable directly to the USB to serial adapter,
49:12.460 --> 49:15.696
like we did here, on the 5V pins (GND and 5V).
49:19.880 --> 49:23.040
If the cable works, but the board does not work,
49:23.040 --> 49:24.384
it could mean two things.
49:25.904 --> 49:30.672
The transistor could have something wrong.
49:31.120 --> 49:38.400
But since we tested the USB to serial serial port, that shouldn't really be the problem.
49:38.400 --> 49:46.496
Because the transistor only cuts or allows the ground to be connected to the real ground.
49:46.490 --> 49:53.760
The ground from this pin and this pin to be connected to the real ground from the USB to serial converter.
49:55.024 --> 49:58.064
Try to probe if 5V is coming to the board.
49:58.060 --> 50:05.376
Try to probe if 5V are coming to the pin using the multimeter whenever the serial port is open.
50:07.936 --> 50:10.688
And the last aspect is the battery aspect.
50:10.680 --> 50:12.848
This is the easiest one.
50:14.720 --> 50:19.760
Just put the board in.
50:20.640 --> 50:22.256
Switch osmocon on.
50:22.880 --> 50:24.272
Now there should be power.
50:24.270 --> 50:28.080
And of you press for a long time on the power on button,
50:28.080 --> 50:29.504
the power should power on.
50:29.504 --> 50:31.500
Here we can see it powers on.
50:31.720 --> 50:39.088
This is because we didn't the phone still has the original OS on it. The original baseband implementation.
50:39.180 --> 50:46.096
What osmocon does per default is to load our own baseband implementation it RAM, and not in ROM.
50:46.090 --> 50:49.568
So the original one stays in the flash ROM.
50:50.128 --> 50:51.648
And here we have seen that.
50:51.744 --> 50:55.680
The battery works. And it only works whenever osmocon is on.
50:55.680 --> 50:57.184
If it's off, it should not work.
50:57.936 --> 51:00.656
And there we tested the three different aspects.
51:00.928 --> 51:03.792
If the battery did not work,
51:03.790 --> 51:06.496
try to probe here if 5V is coming
51:06.490 --> 51:14.432
whenever you have the USB to serial converter connected, and osmocon on.
51:15.408 --> 51:18.800
Let's try everything together.
51:19.648 --> 51:23.472
Connect the serial.
51:23.936 --> 51:25.616
Connect the charger.
51:27.424 --> 51:28.928
And have osmocon started.
51:29.280 --> 51:31.600
And as we can see, it flashes.
51:32.320 --> 51:34.400
So we have a working board.
51:35.072 --> 51:37.616
And the work is done.
51:38.480 --> 51:41.104
The osmotoserial board which I just presented,
51:41.100 --> 51:43.152
wasn't my very first design.
51:43.150 --> 51:45.712
I actually had to go through a couple of iterations,
51:45.710 --> 51:47.392
to come to this result.
51:47.390 --> 51:50.752
And every time I learned a bit. And this is what I will explain now.
51:50.928 --> 51:52.912
This was my very first prototype.
51:52.910 --> 51:55.680
It looks a bit crude, but it worked quite nice.
51:55.680 --> 52:00.448
Particulalry because I only had three day to come up with something.
52:00.440 --> 52:02.672
Here we have the 5V input.
52:02.670 --> 52:05.552
which are shared between here and here.
52:05.770 --> 52:10.448
This is where you connect the charger port of the phone.
52:10.440 --> 52:13.312
And this is where you connect the battery port of the phone.
52:13.310 --> 52:15.008
This is the common ground.
52:17.552 --> 52:21.104
Here the have the + pin.
52:21.100 --> 52:23.696
Here you have the - pin, here you have the + pin.
52:23.690 --> 52:30.464
You can also see the diodes, to prevent current from going through the charger back to the battery,
52:30.460 --> 52:33.328
and then back to the power supply (as protection).
52:33.888 --> 52:35.680
Here we have two pMOSs,
52:35.680 --> 52:38.688
which are used to control these two power sources.
52:38.680 --> 52:40.128
To switch them on and off.
52:40.120 --> 52:42.528
And here you have two buttons,
52:42.800 --> 52:46.096
so you can manually switch on and off these things.
52:46.090 --> 52:49.104
But you also have this USB to UART converter.
52:49.712 --> 52:51.936
I did not use the serial port on it.
52:53.104 --> 52:56.016
I use it because it has 2 GPIO pins
52:56.010 --> 53:00.944
which I could use to switch on and off the pMOSs,
53:00.944 --> 53:03.296
and then to switch on and off the power sources.
53:03.290 --> 53:07.824
The disadvantage of this design was simply that ...
53:08.496 --> 53:11.792
all the phone were connected to the same power source.
53:11.790 --> 53:15.776
And I only have two transistors.
53:15.770 --> 53:22.592
So I could only switch on all the phones and switch off all the phones again.
53:24.480 --> 53:26.640
I also have two transistors because
53:27.968 --> 53:30.320
the very first time I tried this,
53:30.592 --> 53:33.008
I had the same procedure
53:33.000 --> 53:36.800
where you first disconnect and reconnect the battery,
53:36.800 --> 53:39.952
so you switch on and off this pMOS,
53:39.950 --> 53:43.440
and then you disconnect and reconnect the charger,
53:43.440 --> 53:45.744
so it starts the phone into the bootloader.
53:46.064 --> 53:48.208
And by playing a bit with it,
53:48.200 --> 53:55.056
I recognized that you don't need to have this time difference.
53:55.120 --> 53:58.880
If you switch on and off the battery and the charger at the same time,
53:58.880 --> 54:02.912
it will automatically switch on the phone and start the bootloader.
54:03.760 --> 54:07.472
This is the first lesson I learned from this design.
54:07.648 --> 54:09.024
And this is where I used.
54:09.020 --> 54:11.728
Here you can see this board. This very simple board.
54:11.720 --> 54:13.904
Here we have an ATX power supply,
54:13.968 --> 54:16.688
which I use to provide 5V.
54:16.680 --> 54:21.552
And I use this ATX power supply simply because there was one lying around.
54:21.550 --> 54:25.472
And it delivers a lot of power if I need to.
54:26.128 --> 54:30.576
Because here I have 12 phones which I used to monitor.
54:30.570 --> 54:37.808
You can see all the connections from the phones to these USB to UART converters.
54:38.464 --> 54:40.112
And I have 12 of them.
54:40.110 --> 54:44.112
10 here, are 2 here, which control the phones.
54:44.110 --> 54:47.232
And here again you can see the connections to the battery.
54:47.230 --> 54:49.568
I soldered the cables directly to the battery.
54:49.560 --> 54:51.680
And here the connections to the charger.
54:51.680 --> 54:54.592
There I used the normal connectors.
54:54.624 --> 54:56.368
And that worked quite well actually.
54:56.360 --> 54:58.832
So really the main disadvantage was that,
54:58.830 --> 55:02.176
I switched on and off all the phones at once,
55:02.176 --> 55:04.170
and not just single ones, when it got stuck.
55:04.448 --> 55:06.048
That was a bit of a pain.
55:06.040 --> 55:09.536
Because having all the phones flash the right way,
55:09.530 --> 55:12.384
that every time almost never worked.
55:12.670 --> 55:14.688
This is why I designed the second board,
55:14.960 --> 55:19.392
based on an FTDI FT4232.
55:19.904 --> 55:25.840
This chip is a USB to 4 UARTs converter.
55:28.670 --> 55:32.880
What it allowed be to do is, connect 4 UARTs phones,
55:32.880 --> 55:35.184
on these 4 serial ports,
55:35.180 --> 55:37.504
just with one USB chip.
55:37.712 --> 55:39.040
That is quite useful.
55:39.040 --> 55:41.504
These are the 4 serial connections you can see,
55:41.504 --> 55:43.500
and these are the 4 power sources.
55:43.600 --> 55:47.536
What I wanted to do is, use the RTS signal,
55:47.530 --> 55:49.840
of each of the serial ports,
55:49.840 --> 55:51.968
to switch on and off
55:53.552 --> 55:55.024
the power going to the phone.
55:55.020 --> 55:58.160
As you can see here, I only have one power source,
55:58.160 --> 56:02.128
which is used at the same time for the charger and the battery.
56:02.608 --> 56:05.504
The problem is that it did not work quite well,
56:05.500 --> 56:12.512
because this FTDI chip didn't behave as I wanted it.
56:12.784 --> 56:17.248
Every time The first time you open the serial port,
56:17.240 --> 56:19.984
the RTS signal goes low,
56:20.640 --> 56:25.072
to indicate that the serial port has been opened.
56:25.070 --> 56:26.544
So the phone is powered on.
56:26.540 --> 56:29.312
The problem is that if you close the connection,
56:29.520 --> 56:31.952
the RTS line doesn't go up again.
56:31.950 --> 56:33.456
It doesn't switch off the phone.
56:33.450 --> 56:35.376
The phone will all the time be on,
56:35.370 --> 56:38.272
and I could not switch it on and off to reflash it.
56:38.592 --> 56:40.400
That was one of the drawbacks.
56:40.400 --> 56:43.712
The other drawback is that this chip costs a lot of money.
56:44.160 --> 56:50.896
Anf it requires also a lot of components for it to work properly.
56:51.104 --> 56:56.336
There is an alternative from SiLabs called CP2108, which is a bit cheaper,
56:56.432 --> 57:00.800
and which behaves the right way corresponding to this RTS signal.
57:01.552 --> 57:05.616
But I didn't design a second board using this chip,
57:05.610 --> 57:07.984
simply because of this overhead.
57:09.360 --> 57:13.456
The other part I did along with board,
57:13.450 --> 57:16.848
was to design this small board to put on the back of the phone.
57:17.040 --> 57:21.744
Here you have the 5V input coming from here.
57:21.952 --> 57:27.248
And because you switch on and off at the same time the battery and the charger,
57:27.240 --> 57:29.168
you only had one input.
57:29.424 --> 57:32.048
This was going to the charger again.
57:32.040 --> 57:34.256
You had to connect the cable to the charger.
57:34.250 --> 57:35.840
And as you can see here,
57:36.912 --> 57:39.808
on the back of the board, you have the battery connection.
57:40.320 --> 57:42.624
You also have several capacitors,
57:42.832 --> 57:46.368
to compensate for the battery,
57:46.360 --> 57:51.200
because whenever you switch on and off the phone it draws a little of power.
57:51.200 --> 57:56.336
And whenever I would start to transmit, it couldn't transmit with the 2W in bursts.
57:56.330 --> 58:02.896
So to cope with that and because the power supply wouldn't handle these power surges very well,
58:02.890 --> 58:04.448
I put a bit of capacitors.
58:04.440 --> 58:10.960
Here again you have the diode to prevent from the reverse power,
58:14.176 --> 58:19.472
So the power which went through the charger couldn't back from the phone to the 5V.
58:20.000 --> 58:22.272
And it worked very well.
58:24.032 --> 58:27.408
I still want to have 4 UARTs,
58:27.400 --> 58:32.240
and I wanted to have a computer controlling it.
58:32.320 --> 58:34.944
This is where I found the BeagleBone Black.
58:35.056 --> 58:37.408
It's a very neat board.
58:37.400 --> 58:40.208
This is a single board computer, so it has everything you need.
58:40.200 --> 58:42.656
It's very similar to the Raspberry Pi.
58:42.832 --> 58:46.464
It's a bit more powerful. It has more GPIOs.
58:46.460 --> 58:49.072
And it's also open hardware.
58:49.072 --> 58:51.070
These are the advantages.
58:51.070 --> 58:56.944
And I could connect and control this computer over this Ethernet port and an SSH connection.
58:57.648 --> 58:59.264
The 5V come in here.
59:00.336 --> 59:02.544
But the rest is almost the same.
59:02.540 --> 59:04.944
The other advantage this board has is,
59:04.940 --> 59:09.536
it already comes with 4 UARTs which I could use to do my things.
59:09.530 --> 59:14.032
It comes with a bit more UARTs, but 4 are really usable for my purpose.
59:14.030 --> 59:15.840
This is what you see here.
59:15.920 --> 59:18.864
Here we have the 4 UARTs coming from the board.
59:18.860 --> 59:21.488
We didn't need any USB to UART converter.
59:22.448 --> 59:29.056
And here again you have the 4 power connectors to switch on and off the phones.
59:29.050 --> 59:32.000
What you see here is just the controlling of the power,
59:32.000 --> 59:36.976
and what I do have it one time a
59:40.064 --> 59:43.296
the pMOS to control the power on and off,
59:43.290 --> 59:46.736
and this is the nMOS so I can switch the pMOS on and off,
59:46.970 --> 59:49.872
because of the voltage level used by the pMOS.
59:49.870 --> 59:51.632
This worked quite nice.
59:51.776 --> 59:53.296
Here you see the setup.
59:53.296 --> 59:55.290
We have 4 phones.
59:57.360 --> 59:59.008
Thenwe have all the cables.
59:59.000 --> 01:00:03.536
As you can see you have here only one power source,
01:00:03.530 --> 01:00:06.816
It goes here in,
01:00:06.816 --> 01:00:09.312
here it goes out to go back in the phone,
01:00:09.472 --> 01:00:16.048
And also on the back of the board you have the battery port.
01:00:16.400 --> 01:00:18.800
You also have these cables here,
01:00:18.800 --> 01:00:21.168
the 3 cables. These are just the serial,
01:00:21.160 --> 01:00:23.808
which go into the phone.
01:00:25.424 --> 01:00:27.776
This setup worked quite nice.
01:00:27.770 --> 01:00:30.048
But the main problem is here:
01:00:30.040 --> 01:00:31.504
this BeagleBone Black.
01:00:31.500 --> 01:00:34.128
While I recommend everyone to get one,
01:00:34.176 --> 01:00:37.632
because they are not too expensive, very powerful, and quite neat.
01:00:37.630 --> 01:00:46.864
Probably not everyone wants to buy a $50 computer just to control 4 very cheap phones.
01:00:47.840 --> 01:00:51.616
So I came up with almost the last design which you see here.
01:00:51.610 --> 01:00:54.864
Here we have the USB to UART converter,
01:00:56.250 --> 01:00:59.200
which are very cheap nowadays.
01:00:59.280 --> 01:01:01.360
You have all the cables going in.
01:01:01.360 --> 01:01:07.904
What goes here is: 5V, the UART, but I also used the RTS pin
01:01:08.416 --> 01:01:11.360
to control this nMOS which you see here.
01:01:11.360 --> 01:01:13.680
To control the transistors which you see here.
01:01:13.680 --> 01:01:15.232
So just using this signal,
01:01:15.744 --> 01:01:16.976
on the board itself,
01:01:16.970 --> 01:01:18.784
I could switch on and off the phone.
01:01:18.780 --> 01:01:21.232
And it didn't need any external board again.
01:01:21.230 --> 01:01:26.160
Because in any cas I need a board which goes in the phone to control to battery,
01:01:26.160 --> 01:01:30.304
why not use this board to also control the rest, the remaining of the things.
01:01:30.384 --> 01:01:32.848
Here you have the input for the USB to serial.
01:01:32.840 --> 01:01:35.456
Here you have the output to the charger.
01:01:37.152 --> 01:01:40.544
The battery connection is on the back, which you don't see here.
01:01:40.736 --> 01:01:45.728
And here you have the serial cable (this one) which goes back into the phone.
01:01:45.904 --> 01:01:47.776
We also have 3 capacitors.
01:01:47.770 --> 01:01:50.768
Again this is to compensate,
01:01:50.800 --> 01:01:53.120
because we don't have any battery anymore.
01:01:53.232 --> 01:01:56.224
And we need some kind of local power storage
01:01:56.220 --> 01:01:58.224
in case the phone wants to transmit,
01:01:58.220 --> 01:02:00.032
or do some high power things,
01:02:00.030 --> 01:02:04.880
and the USB does not handle these power surges.
01:02:05.312 --> 01:02:10.080
It even has a fuse which switches at 700mA I think.
01:02:10.080 --> 01:02:14.384
So if you draw to much, the power will got low. This is why we have the capacitors.
01:02:16.768 --> 01:02:18.176
And this is the final board.
01:02:18.170 --> 01:02:22.016
Here we see again ... I actually have 2 nMOSs now.
01:02:22.992 --> 01:02:28.512
This nMOS is used to inverse the RTS signal.
01:02:31.536 --> 01:02:38.064
Whenever I open the serial connection the RTS goes low,
01:02:38.120 --> 01:02:46.080
but I want that it gets high for this nMOS to activate and put power in.
01:02:46.080 --> 01:02:50.528
And this is why I have 2 nMOSs. This is just an inverted, and this is really the power nMOS which I use.
01:02:50.520 --> 01:02:51.952
Here we have the diode again,
01:02:51.952 --> 01:02:53.950
to protect from the reverse current.
01:02:53.950 --> 01:02:55.568
Here we have the 3 capacitors.
01:02:56.128 --> 01:02:59.248
These are just limiting resistors. First for the serial.
01:02:59.240 --> 01:03:02.704
so power does not flow back through the serial,
01:03:02.760 --> 01:03:05.392
or any way around in the serial,
01:03:06.208 --> 01:03:09.072
This is the charger port.
01:03:09.070 --> 01:03:12.960
And this is the USB to serial port.
01:03:13.936 --> 01:03:15.456
That was a prototype.
01:03:15.450 --> 01:03:17.888
And I made it a bit more professionally ...
01:03:20.656 --> 01:03:23.968
So the prototypes which I use here. Here you see an example.
01:03:23.960 --> 01:03:27.888
I just had to buy these USB to serial for each of the phones.
01:03:27.880 --> 01:03:29.824
And it works really quite well.
01:03:29.888 --> 01:03:33.136
Here you have simply the USB to UART going to the back of the phone.
01:03:33.280 --> 01:03:34.960
The you have the charger connection.
01:03:34.960 --> 01:03:36.160
The serial connection.
01:03:36.160 --> 01:03:37.376
The battery connection.
01:03:37.370 --> 01:03:39.936
And whenever you open the serial port,
01:03:39.968 --> 01:03:42.560
it switches on the phone so you can directly flash on it.
01:03:42.560 --> 01:03:44.720
And when you close it, it switches off the phone.
01:03:44.720 --> 01:03:46.400
And you can reflash it.
01:03:46.400 --> 01:03:49.808
After I did a prototype in my lab,
01:03:49.800 --> 01:03:53.360
I ordered PCB prototypes.
01:03:53.648 --> 01:03:55.376
And this is the final result,
01:03:56.896 --> 01:03:59.184
the current revision I have, which is revision F.
01:03:59.392 --> 01:04:01.184
I will change some things.
01:04:02.240 --> 01:04:06.496
The first thing is that I will remove these pin connections.
01:04:06.490 --> 01:04:08.080
These are a bit a a hassle.
01:04:08.080 --> 01:04:12.880
Here we will have really a 2.5mm TRS connection
01:04:13.152 --> 01:04:15.680
to connect this phone jack.
01:04:15.680 --> 01:04:20.464
Here we will have a barrel jack connector, to connect the charger.
01:04:20.880 --> 01:04:26.336
A proper one, and not this flimsy pin thing which I have to prepare and consume a bit of time.
01:04:27.056 --> 01:04:30.512
These 3 capacitors are electrolytic capacitors.
01:04:31.440 --> 01:04:34.192
They have a high ESR,
01:04:34.190 --> 01:04:36.672
and also they don't switch on and off
01:04:37.104 --> 01:04:40.992
as good as tantalum capacitors, or ceramic capacitors.
01:04:40.990 --> 01:04:44.192
What I will add here is tantalum and ceramic capacitors
01:04:44.190 --> 01:04:49.280
to cope with the bursts and to have a clean signal on the radio transmission,
01:04:49.280 --> 01:04:51.280
whenever it transmits something.
01:04:51.552 --> 01:04:54.560
Also this components are through hole components.
01:04:55.328 --> 01:05:00.880
It was my purpose in the beginning that I use only through hole components so everyone can easily solder it.
01:05:00.880 --> 01:05:05.632
And also this is why I have a single side board,
01:05:05.630 --> 01:05:08.224
so everyone can produce it in their home lab.
01:05:08.320 --> 01:05:12.048
But what I will do is, I will use surface mount devices (SMD).
01:05:12.040 --> 01:05:14.880
They are a lot cheaper. They consume less space.
01:05:14.880 --> 01:05:18.160
And also I will use two layers PCBs,
01:05:18.160 --> 01:05:22.400
because they are as expensive and they just simplify the routing.
01:05:24.832 --> 01:05:27.408
The last aspect I will change is that,
01:05:27.400 --> 01:05:30.720
there will be no cable to the USB to UART converter anymore.
01:05:30.720 --> 01:05:33.216
I will stick it somewhere here.
01:05:33.680 --> 01:05:40.304
I won't have a USB to serial chip directly put on this board.
01:05:40.300 --> 01:05:44.000
Simply because then there is a bit of overhead.
01:05:44.040 --> 01:05:47.360
You still have to design the USB to UART.
01:05:47.820 --> 01:05:54.352
Not the converter itself, but you have to put some capacitors and additional components or protection.
01:05:54.640 --> 01:06:00.080
And also because it would be a bit more expensive.
01:06:00.224 --> 01:06:02.496
These USB to UART converters,
01:06:02.490 --> 01:06:06.640
you get them between $1 and $3. They're really really inexpensive.
01:06:06.640 --> 01:06:10.192
They come with LEDs, the right capacitors, and the protection,
01:06:10.190 --> 01:06:13.360
and all the parts you need around these USB to UART converter.
01:06:13.440 --> 01:06:15.952
And also they come with a USB connector,
01:06:15.950 --> 01:06:17.376
which also costs money.
01:06:17.440 --> 01:06:23.120
So what I will have is just use these cheap USB to UART converter, and solder them directly on the board,
01:06:23.248 --> 01:06:28.512
instead of having the chip put myself in and soldered by hand by myself.
01:06:31.392 --> 01:06:33.168
That will be the next revision.
01:06:33.160 --> 01:06:35.984
But for now if you want, you can use this revision F,
01:06:36.000 --> 01:06:37.472
which works really quite nice,
01:06:37.470 --> 01:06:38.848
and produce you own boards.
01:06:39.104 --> 01:06:43.280
And enjoy remote flashing of these phones.
01:06:43.840 --> 01:06:49.488
I used this prototype for 6 months now, and it worked really nice.
01:06:49.480 --> 01:06:52.992
And I'm still monitoring the mobile phone networks.
01:06:53.248 --> 01:06:54.176
Enjoy!
01:06:54.784 --> 01:06:59.776
video blog: https://www.cuvoodoo.info
documentation wiki: https://wiki.cuvoodoo.info
source files: https:/git.cuvoodoo.info
Creative Commons Attributions-Share Alike 4.0 International