HOME ARTICLES DOWNLOADS CONTACT
Openschemes Feed

  Subscribe in a Reader

Subscribe via Email

Main Menu
Openschemes Articles
Categories
Site Sponsors
Site Hits
Total Hits
« Reading Xilinx Serial EEPROM with Arduino
Hacking the REB1200… A revival! »

Hacking USB Serial Ports

QRCode

Tags: , , , , , ,

Filed under: Hacks | September 17, 2009 @ 5:53 pm (Views: 9113)

An unnamed bonus of this dual-port setup is if you would like to eavesdrop on some system’s internal RS-232 communication .  By splicing both the USB and the DB9 ports into that system, you can force it to talk to your PC who then retransmits the data to where it was originally going.  The system you’re attacking has no idea, but you can now record all the communications between them, modify the communications, or pipe in your own commands.  Very useful if you need to get into a trusted system that requires handshaking or other authentication to proceed.

Details:

As was previously mentioned, the device you are looking for is a two-chip system.  There are some adapters on the market that have the usb controller and level shifter integrated into a single chip - these are no good for us.  I don’t know what device you may happen to encounter, but the hack process is the same.

1) Disassemble the device and identify the controller and level shifter.  This is usually pretty easy because the controller is fairly large, but you can also use the following clues.

  • Controller is connected to USB side (and usually physically located there) and the level shifter is connected to the DB9 side.

  • Controller usually has a metal can crystal connected to it in close proximity.

2) Identify the RxD, TxD lines running from the controller to the level shifter.

  • Easiest way is to use the datasheet for one or both of the devices.

  • More difficult way is to trace the circuit, either by physical observation or by using a multimeter on “beep” mode to find which pins (other than VDD and GND) are connected between the two devices.

3) Cut the TxD and RxD lines between the controller and level shifter, and install jumpers or ports for connecting to your own project.

  • NOTE: If you’re tracing by hand, you will still need to determine which one is TxD and which one is RxD.  After cutting the lines between the chip, you can apply 3.3v or 0v to the level shifter inputs and watch the voltage on the DB9 port to see which pin goes high and low.  Pin 2 on the DB9 is the PC’s RxD (PC Receive, controller transmit) and pin 3 is the PC’s TxD (PC transmit, controller receive).

Examples:

We will use the example of the Keyspan HS-19HS, which contains the Texas Instruments TUSB3410 microcontroller as the USB controller, and a no-name RS232 chip as the level shifter.

The first thing we do is download the TUSB3410 datasheet and look at the pinout.  This is the easiest way to identify the pins, obviously.  We see from the pinout diagram that pin 17 is “SIN” (Serial in, TUSB RxD) and pin 19 is “SOUT” (Serial out, TUSB TxD).

TUSB3410 Pinout

Fig 3 - TUSB3410 Pinout

By checking these pins with a DMM on “beep” mode, we can verify that they are really connected to the level shifter as a sanity check before doing any cutting.  In our case, the traces were VERY small so it was much easier to carefully pry up the pins with tweezers while heating the pin with a soldering iron.  Carefully is the operative word here, break the pin off and you might as well trash the adapter - you’re down one port.  For our device, we soldered a yellow wire onto SIN and a red wire onto SOUT.  Please note that you must also connect the GND of this board to the GND of the board you’re working on (or else it won’t know what’s 3.3v and what’s 0v!) so you can see a third wire, black, also soldered to the board.  For GND, you can usually find a large copper area of ground plane and just scratch off the green solder mask with an x-acto knife.

Continued on the next page…

Bookmark and Share

Pages: 1 2 3


Related Posts:
  • Nandoori - SPMP8k Raw USB NAND Dumper (February 16, 2010)
  • SPMP8k FRMorp v1.1 - Improved the Linux side (February 9, 2010)
  • SPMP8k FRMorp - USB IMG dumper (February 8, 2010)
  • SPMP8k Serial Port Pinout (February 4, 2010)
  • SPMP8k NAND Overview and NAND File Dump Tool - beta (January 29, 2010)

    • Metadata:

    RSS feed for comments on this post.
    TrackBack URI

    2 Comments

    1. Pingback by Hacking USB serial port adapters - Hack a Day:
      September 23, 2009 @ 2:11 pm

      […] The folks at Openschemes.com have written up an article on how to convert a USB serial port adapter to a low voltage serial interface for interfacing with microcontrollers. Though you can always just buy one, this is a fairly quick and cheap solution, especially if you are in a pinch or don’t have access to a retailer. The specific models you should watch for, are the two chip ones.They go through the process of finding exactly where to patch in to add an extra interface. It only takes a couple wires and you are ready to go. […]

    2. Comment by lilikindsli:
      October 5, 2009 @ 1:55 am

      I want to say - thank you for this!

    Leave a comment

    Contact Openschemes


    Copyright © 2003 by Openschemes  |   |  Design by 7dana.com