More than just audio

25.08.2011 17:02

I recently came across this very useful IC that looks like it might be useful in a number of scenarios. This is C-Media electronics CM108 (datasheet). It's an USB audio interface chip that is used in a number of cheap USB audio dongles and headsets. For instance, SPEEDlink SL-8850 goes for around 15 € with shipping from Amazon or the local retailer.

Inside Speedlink SL-8850

It contains two audio DACs and one ADC (48 kHz sampling rate), as expected for such a chip. What makes it interesting is that it also contains an interface for a simple serial bus (I2S) that is meant for driving external AD or DA converters, but can be abused to stream arbitrary digital data from or to the PC, as long as it fits into 32 bits times 48 kHz bandwidth. Also included in the package are 4 GPIO pins and 4 debounced key inputs.

As usual there's an optional place for a serial EEPROM for USB product/vendor IDs, which can also be programmed via the CM108 itself.

From the USB host side, the data stream is exposed as a standard USB audio device (usable for instance via snd_usb_audio ALSA driver in Linux) while the GPIO pins and keys use the HID interface which can be accessed via the HID API.

Right now I'm using it to record data from the 433 MHz receiver I was writing about previously, but it appears it might be useful in other projects as well. For example here's an article about using it for an audio-frequency oscilloscope. Considering you get the chip and a few other tidbits (USB connector, two audio jacks) for such a low price it's certainly worth considering in place of a USB-enabled microcontroller when it fits the requirements.

Posted by Tomaž | Categories: Digital | Comments »

Funcube Dongle Pro

23.08.2011 20:11

During the CCC camp I found out about the Funcube Dongle. It's a small USB device that contains a complete software defined radio frontend. It was designed to receive telemetry from the Funcube amateur satellite, but gained popularity among HAM radio operators and other folk interested in radio communications because of low cost (around 160 €, including shipping) and versatile frequency range (64 MHz to 1700 MHz central frequency with up to 80 kHz bandwidth). So much popularity in fact that the authors had problems keeping up with demand.

I have been playing with SDR interfaces a while ago and was pretty much sold on this gadget when I saw receipt of a satellite transponder from a hand-held antenna. It arrived via Fedex yesterday and I was eager to try it out.

Funcube Dongle Pro

The documentation says software support for Linux is still under development. However because the device uses USB audio and USB HID standards there are no drivers necessary. For setting up the radio frontend hardware there is a nice graphical QT application available that gives you access to all the knobs. It's called qthid.

Setting up qthid 3.0 on my Debian Squeeze system took a few tweaks. First, you need to install a few dependencies:

# apt-get install libusb-1.0-0-dev
# apt-get install qt-qmake qt-dev-tools

Note that you don't in fact need the complete QT Creator IDE to compile. This saves some considerable disk space.

It also turns out that libusb in Debian has a broken pkg-config, which means the following patch needs to be applied:

--- a/hid-libusb.c
+++ b/hid-libusb.c
@@ -40,7 +40,7 @@
 #include <pthread.h>
 /* GNU / LibUSB */
-#include "libusb.h"
+#include "libusb-1.0/libusb.h"
 #include "iconv.h"
 #include "hidapi.h"
--- a/
+++ b/
@@ -53,6 +53,7 @@ win32:LIBS += "C:\\Program Files\\Microsoft SDKs\\Windows\\v7.
 linux-g++ {
     CONFIG += link_pkgconfig
     PKGCONFIG += libusb-1.0
+    LIBS += -lusb-1.0

qthid should now compile with

$ qmake
$ make

After setting up udev rules as described in the README file, qthid still said No FCD detected. Documentation suggested that obsolete firmware might be the cause. qthid actually allows you to upgrade the firmware from within the program, but since it doesn't detect the device in the first place it's kind of a catch-22. I solved this by first setting up qthid 2.2, upgrading the firmware in Funcube Dongle to version 18f (latest stable release at this time) and then upgrading qthid to version 3.0. As you can see, this did the trick:

qthid screenshot

By the way, this is how the device presented itself before the firmware upgrade:

generic-usb 0003:04D8:FB56.0004: hiddev0,hidraw0: USB HID v1.11 Device
[Hanlincrest Ltd.          FunCube Dongle V0.0  ] on usb-0000:00:1d.0-2/input2

and after the upgrade:

generic-usb 0003:04D8:FB56.0006: hiddev0,hidraw0: USB HID v1.11 Device
[Hanlincrest Ltd.          FUNcube Dongle V1.0  ] on usb-0000:00:1d.0-2/input2

The next step is to get the latest version of GNU Radio framework working. After it finishes compiling I guess that shouldn't be too hard.

Posted by Tomaž | Categories: Digital | Comments »

CCC camp 2011

18.08.2011 22:26

Six years ago I started writing this blog when I went to the What The Hack camp in Netherlands. Last week I went to the Chaos Computer Club camp in Finowfurt, Germany. I was hoping for a similar experience of a few days of camping near a 100BASE-TX switch, talking to interesting people, listening to talks and having a good time in general.

Heart of gold at CCC camp 2011

As it turned out, the thing both camps had most in common was the weather. Rain was a constant threat to men and equipment and there were a few tent-uprooting gusts (for a while there was a missing tent listed on the Lost & Found Wiki page). Learning from the What The Hack flooding experience I avoided local gravitational minima when setting up so the level of water in my tent never rose above the sleeping mat. Still, the rain and low temperatures (not much above 283 K in the evenings) made for less then enjoyable environment.

While I can hardly blame the organizers for the weather there were things the could be improved significantly organizational-wise. The most annoying thing perhaps was the fact that a couple of us had to tear down and move tents (not that much fun when you have an incoming storm) because the place we were previously shown has turned out to be reserved, although after moving it turned out it wasn't. Infrastructure in general seemed lacking. While there was a vacant 230 V socket within the reach, I couldn't get an UTP line to my tent. Considering wireless Ethernet was unusable as usual, it was actually quite hard to get on-line. Even the communal areas had a distinct lack of switches so the only way to get the daily Internet fix was in one of the lecture halls (where the shielding allowed a bit more reliable wireless link), in the hack center (a short walk away) or asking for a free switch port at one of the villages. While obviously secondary in priority, toilets and showers could also use some quantitative and qualitative improvement. And I could do without the water you have been drinking for the past few days turned out to contain dangerous bacteria notice on the IRC channel.

IL-14P at CCC camp 2011

However there was one part of the infrastructure that was absolutely breathtaking: the various installations around the camp that were turned on after nightfall were fantastic. My photographs here really don't do them justice. The abandoned military airfield with parked aircraft and hardened shelters, combined with disco balls, LEDs, old-fashioned incandescent light bulbs, lasers and some serious fog machine usage made for really awesome displays. Not to mention flocks of similarly decorated quadrocopters that took off as soon as the wind calmed down a little.

Perhaps it was this atmosphere, or maybe it was just me remembering WTH better than it actually was, but the atmosphere of this camp seemed to be more focused on wild partying (including drunk groups wandering the streets at night) than a gathering of hackers. While I did make a few interesting acquaintances, I more often than not felt unwelcome when I offered a friendly hello and a question about this or that interesting project. This is something I'm not used to at events like this. Another thing I am not used to was the number of press reporters wandering around. You could hardly look into a random direction without seeing a TV camera or someone trying to do an interview. Could it be that people were reluctant to talk because of that?

Sculpture on top of Hackcenter at CCC camp 2011

Anyway, this report could hardly be completed without a mention of the r0ket, the shiny computerized name badge that was given to every participant of the camp. It's a successor to the Sputnik badge that was presented at 23C3 and inherited all of its 2.4 GHz mesh-networking features in addition to the the new periphery. It came with a read-protected firmware that only loaded signed binaries (iDevice style) and you had the option of either attempting to extract the secret keys or flashing the firmware with a custom-compiled one. I chose the former and had lots of fun trying to exploit a heap-based buffer overflow in the font rendering routing. Although I ultimately failed to get the keys I learned a lot about the ARM architecture and this particular NXP-made microcontroller.

r0ket badge

In the end, the camp was a bit of disappointment for me. I carried a lot of tools and equipment there in the hope of using it on some interesting project, which didn't pop up. But not all was bad though. The hacker space program theme was inspiring and presentations from the various groups building serious rockets and rocket engines in their back yards were impressive. It's just that somehow the atmosphere down in the camp didn't exactly reflect the mood on the stage. It might have been just the depressing weather getting the best of me though, and I would be happy to try camping with fellow hackers again at the next opportunity.

Posted by Tomaž | Categories: Life | Comments »

Fun at 433 MHz

05.08.2011 21:06

A while ago I was invited to participate in Farnell's product road testing initiative. I'm a semi-regular customer of theirs and the idea seemed interesting, so I chose a pair of 433 MHz transmitter and receiver modules to test and review. It's something I wanted to play with since I threw a scrapped weather monitor into my parts bin. The modules arrived last week and I found some time to try them out.

AM transmitter and receiver modules for the 433 MHz band

These particular modules are RF Solutions AM-HRR3-433 and AM-RT4-433. They are hybrid circuits built on a ceramic substrate with SMD components and are equipped with 100-mil spaced pins (something of a rarity these days and quite convenient for quickly testing ideas). They are meant for simple digital remote control or telemetry using 100% amplitude modulation on the industrial 433 MHz band.

This receiver is super-regenerative (they also have super-heterodyne receivers that trade low price for somewhat better sensitivity and selectivity). The datasheet mentions the lack of any tunable components which means they are pretty much usable out of the box. The inductor on the receiver is laser-trimmed - you can see the dark trim line at the top-center of the (larger) receiver module where a laser cut adjusted the length of the coil. The receiver works on 5 V and sinks around 2.5 mA of quiescent current.

As the datasheet promised, the receiver went live at the first try, even on a protoboard with its less-then-stellar RF properties (the thin ceramic substrate did get me worried though that pushing the pins too hard might break it). The manufacturer advises against using protoboards, but apart from that doesn't specify any particular bypass capacitor or layout requirements. Not surprisingly perhaps, since there are basically just four connections you need to care about: supply, ground, antenna and demodulated output. Just to be sure I used a 47 μF electrolyte and a 100 nF polyester capacitors on the supply lines.

My first experiment was with the weather monitor I mentioned earlier. This is very simple telemetry, carrying a few tens of bits in a burst at around 500 Hz. The picture below shows the modulation input to the monitor's transmitter on the upper trace and the demodulated receiver output on the lower trace.

Demodulated RF transmission of a weather monitor.

The receiver will also catch for instance the transmission from my car keys (a somewhat more compressed burst of a few hundreds of bits at 2 kHz):

Demodulated RF transmission of a car key.

Or any number of other of transmissions for which I have no idea where they originate from (although this page gives a few pointers in identifying the devices that transmit them). At least in this residential part of Ljubljana it seems this is a pretty crowded part of the spectrum.

Unidentified transmission on the 433 MHz band

Unidentified transmission on the 433 MHz band

A robust error detection and/or correction certainly looks like a must for any kind of communication here. Basically all those devices are communicating on a shared channel and depend on the fact that other devices only transmit for a small time interval and collisions are rare and detectable.

So to conclude, at £10.31 (a bit under 12 €) the receiver module certainly looks like a good bargain for anyone that doesn't want to get their hands dirty with their own RF circuitry. The TTL-compatible output makes it trivial to interface it to digital circuits and receiving telemetry from wireless devices like my weather station is just one microcontroller and a Manchester decoding routine away. Also beyond tinkering with one-off projects I don't see many cases where you would want to roll your own instead of using a finished module like this.

As you can see I only touched the receiver at the moment. I'll try a few experiments with the transmitter next. Now that I have a verified working transmitter/receiver pair I definitely plan to also check some of my own receiver ideas.

Posted by Tomaž | Categories: Analog | Comments »