Saturday, September 21, 2013

Lobotomy of an ancient smartcard reader

Bought a few of these ancient V-Star smart card readers for around $1 a piece. Manufactured in 98, fits in a 3.5" floppy drive bay, no drivers, protocol documentation lost to time. They are essentially useless at this point except for parts.

There is however a very simple interface that is still somewhat useful today. It basically just provides level shifting and clock to the smartcards and connects them to RS232. I'm talking about the "Phoenix Interface". Beloved accessory of satellite "enthusiasts" of the old days.

The V-Star has a max232 clone on-board that is the heart of the phoenix interface. They also provide the standard clock rate that makes the card's uart run at 9600bps, so it has all the parts needed for the conversion already built in. All I need to add is wires, but I do need to remove the entire "brain" of the reader first.

I'm not going to make a thorough how-to though mainly because of the obscurity of this device (also I'm lazy)
Here is the finished mod and a few notes (with lots of omissions):


After the brain removal I had to force-enable the clock output which just meant pulling the 74HC125 buffer's appropriate Output Enable pin low. Then I had to connect the card's reset control the serial port's RST pin, This involved patching through the original micro's pins and then connecting the appropriate RS232 level input of the max232 clone to the RST pin of the serial port.
Presence detect was a bit of a pain because they did their own thing that I couldn't be bothered to trace down so I separated the switch in the smartcard socket via a few trace cuts, connected it to a weak pullup then to an unused channel on the serial chip (the other end of that channel to the CD pin of the serial port). Then the 1wire UART used by the smart card needed to be connected by using a schottky diode (black SMD thing hanging off the SO ic pad on the bottom picture) and that's about all there is to it. (note the idle state of the serial bus is high and TXD works by pulling the bus low so the diode direction is sender < receiver

Monday, April 22, 2013

Fixing the cable

So a few months ago I switched from ADSL to cable. The installation didn't really go smoothly as everyone seems to have forgotten about an extra splitter in the attic which was left in the path of the modem.. D'OH!
The tech was already running late on our install and was forced to take half-measures. Because the modem was seeing crappy signal levels (and we didn't know about the splitter at the time) I believe he adjusted the "street amplifier" so we get a stronger signal. This still only kicked the modem into the far edge of their recommended levels however, but off he went to the next job saying that'll do.. and it did for most of the winter the modem was hovering around -5dBmV receive and 53dBmV transmit but as temperatures rose so did signal levels decline and on the first modem desync I was looking at -9/58 which is very far from ideal. 60dBmV is the maximum transmit power the modem can do AFAIK, so it took almost 100% capacity for the outgoing signal to get through

I was looking at the modem's customer-accessible network information page throughout the months and eventually coded a quick php script that Cosm, an online data gathering and graphing system can poll.

The Cosm feed for my modem data can be found here (like removed, see below)

Well after the first desync I realized I had to do something. Getting up to that particular attic section was something I really didn't want to do but the alternative was just way too invasive. What I found up there explained the issues perfectly. A 20 year old coaxial tap (amazingly with F connectors, but they were extremely weathered..) in a small puddle of water. I have absolutely no idea how that happened. There was no water anywhere else except around the input of that tap. Murphy? Or maybe water was coming in through the coax but hopefully that's not the case..
The cable that the modem actually got the signal through was also very low quality and mangled in several places. It looked like something was chewing on it.
There was also an ancient non-F splitter that supplied 3 TVs in the back of the house.

I threw out everything I could see up there, installed new F connectors, relocated the cable modem tap so it connects directly to the incoming cable and installed a high quality splitter for the rest of the house.

The effect from the modem's perspective:


Cosm graphs

From the low end of the threshold to the high end in 123514 easy steps. The signal level might be a teensy bit high now because of the adjustment they made initially but if that causes any problems I'll just have to call and get them to send a tech out to adjust the street amp back to the default level.

I also discovered self amalgamating tape. Specifically that I had some in my drawer for years not knowing what it was. (Don't laugh..) In case you're like me and this is the first time you hear of it: it's great stuff. Also called self-vulcanizing tape or self-fusing tape, you wrap it on something (a cable connection for example) like a bandage overlapping layers of itself while stretching it out and it'll fuse together into a watertight insulating rubber sleeve after a while.

I didn't want to take any chances so I used it on all primary connections.


Attic-shot

As a bonus of the rewiring the in-house network is now perfectly symmetrical.. which I've read is also not a bad thing.

UPDATE: Yes, sadly Cosm had turned into Xively or whatever... Since my data upload was based on Cosm's "Pull" feature and the new thing didn't retain that (while also being severely deficient at presenting data at least at launch) I didn't bother updating my script. Oh well... Good luck at their attempt at monetizing the service I guess.

UPDATE #2: Now pushing data to data.sparkfun.com instead and using imp.guru to plot. You can check it out here

UPDATE #3: I'm now on GPON so no further data :-)

Monday, March 25, 2013

KludgEee

Couple of years ago I bought a supposedly broken EEE 901 netbook motherboard for $5. Not really sure what I wanted with it. Could've been during a time when I wanted to practice soldering BGAs or maybe I just couldn't pass it up for the price. Either way the motherboard turned out to function perfectly. What now?

The thing ended up at the bottom of one of my junk boxes surfacing from time to time to help test the odd monitor. Then around two weeks ago I realized I have enough junk lying around in random boxes for a functioning PC.
While not doing a very good job at it I'm constantly trying to do something with stuff that's just taking up space and doing nothing because it annoys me. Combining them into a single piece is one way ease that so I finally broke down and decided to build a Trash PC.





Ingredients:
The aforementioned EEE motherboard
1 GB DDR2 SO-DIMM ram
The cheapest Chinese mSATA/SATA converter card I could find (that I had to ghetto-solder a SATA-cable to because it wouldn't fit into the mobo with the connector in place)
Samsung 20GB 2.5" HDD (this was inside a Chinese Xbox HDD. Sold the enclosure for a profit, kept the hdd. Result: 1 (almost) Free HDD!)
Intel 4965ABGN miniPCIe wifi card from a Lenovo laptop, that was the main reason for the previous article.
Antenna connector/cable from a  miniPCIe PCIe WLAN adapter card
3 random heatsinks from the junk-box
Random fan from the junkbox
VGA breakout cable from previous scrapped case-build project
The case of an ancient Amstrad Satellite STB from the dumpster
A piece of veroboard and a switch from the junkbox (power button)
A chinese USB IR PC-Remote (actually not bad for $4.38)
A KIS3R33S based 5V reg built on a piece of veroboard (power supply for the HDD)
Random salvaged wires, mounting screws, nuts, a piece of PCB, zipties, epoxy and hot glue!




The idea was basically: The simpler/easier the mounting option the better, the less holes to drill the better, the less time it takes the better. As long as it stays in one piece everything goes.

The end result is inevitably kludgey and trashy but in the end it works, doesn't fall apart from a jostle and only looks as hideous from the outside as the STB case did to begin with so.. All good!








I didn't take any pictures during the build because I wanted to be done with it ASAP that's why there are only ones of the finished box.


With a $13 VGA/Composite converter it might even see some use on an old CRT TV as an IPTV and media player box now. The 900Mhz Celeron CPU is enough for SD streams and SD content.

I measured the DC power consumption on a whim:
Standby: 1.4W, Idle: 16W, Peak: 22W

Sunday, January 20, 2013

Intel wifi driver brand-check removal

It's fairly common knowledge that Lenovo like many other makers uses a bios whitelist to restrict the wireless cards that can be used in their laptops. I've bypassed that with a modded bios on mine a long time ago when I upgraded various parts of the machine and I've had the original Intel 4965AGN lying around collecting dust ever since. The time has come to finally use it somewhere and ... it doesn't work!

Windows complains about failing to start the device. "This device cannot start! Code 10"

Event log contains two entries
5001 - Could not allocate the resources necessary for operation
5006 - The version number is incorrect for this driver

Head-scratching ensues then Linux is booted where the card works flawlessly.
Several other driver versions are installed on Windows yielding the same result.
Time to Google.
It seems like the issue is fairly common and usually appears when people try to use branded cards in different machines than they are originally for.. At this point I'm beginning to suspect that the Intel drivers are specifically blocking the branded cards from working in non-matching machines. 
With a very low tolerance for annoying practices like this and a free weekend I load up the driver in IDA.

I have to confess never reaching the source of the issue. I've run out of time and got the driver working so I didn't investigate any further. There could be a less nefarious explanation for the behavior, although the same driver working flawlessly with the card in a Lenovo machine would suggest otherwise.
[Update: Next weekend] -
I can now confirm that the driver checks for a special entry in the DMI table for Lenovo branded cards and checks the manufacturer name of the machine for HP branded ones. It would seem that Lenovo branded cards would work fine in HP machines without any modifications to the driver. I'm not sure that patch #2 below is required at all. Just nop-ing out all the brand-check specific ID comparisons in #1 might/should be enough to get a completely unlocked driver.


There are two areas that I patched.
#1 Seems to be doing something specifically for my card's device ID (0x4230). Since my card doesn't work right now and I'm suspecting that the driver does an extra check for branding on my card (and AFAIK the 0x4230 ID is strictly a Lenovo ID) this seemed fairly suspicious so I nop-ed out the jump at 53DF5




#2 0x4229, a generic ID is receiving some attention here that looks to be the right kind. I want in on that. Changed 0x4229 to 0x4230



A PE checksum fix and a driver reinstall later I had working wifi.

I did have a couple of cases where I had to "powercycle" the card get it to see networks or to connect to one. Not sure if that's due to the patch since I couldn't reproduce the behavior after switching to Intel's PROSet tool to manage the connection. Will update this post if the problem resurfaces but even with that issue the driver was working well once it was connected to an AP even after downloading several hundred megabytes so it could be that this driver just doesn't like being managed by XP directly.

[Update: Few Days Later]  - The problem hasn't surfaced since.

Patch info:
File: NETwLx32.sys
Version: 13.4.0.139 (but note that every newer version of the driver seems to contain the same version of this sys at least. Guess it was never developed further)


fileoffset original patch
000002B1 2E 62
000002B2 B8 BB
00043DF6 0F 90
00043DF7 84 90
00043DF8 9F 90
00043DF9 00 90
00043DFA 00 90
00043DFB 00 90
00044103 29 30

Checksum fix included

ps.
This is almost guaranteed to not work with any other card (besides device id 0x4230) as-is but working patches could be created for other cards based on the principle.. maybe.

I'm not responsible for anything you do with this information, you do it at your own risk.
Please don't ask me to patch drivers :)
Leave a comment if this has helped you get your wifi card working.