Browsed by
Category: RF & RFID Projects

Radio Frequency (RF) and Radio Frequency IDentification (RFID) Electronics Projects

Pager-Controlled Thermostat Teardown (Work in Progress)

Pager-Controlled Thermostat Teardown (Work in Progress)

After installing a new furnace and thermostat, I was left with an old thermostat that was controllable by the power company to allow them to shut off theĀ A/C remotely during high-load time, and allows users access to set their thermostat online

The Cannon Technologies Inc “ExpressStat” board (Rev M) has:

  • a Renesas H8/3937 non-roaming FLEX decoder, with on-chip 60-kbyte ROM and 2-kbyte RAM,
  • a Ramtron FM24CL64 “F-RAM array” (similar to an EEPROM),
  • an Infrared TX/RX pair,
  • a Texas Instruments TIR1000
  • a pager sub-board, including pager motor and beeper/buzzer, antenna and receiver circuitry
  • an 8-pin header to the thermostat’s mainboard

Attachments:

D-Link DWL-120 Hacking/Probing

D-Link DWL-120 Hacking/Probing

I found 3 or 4 of these at a garage sale a few years ago for a few bucks, and I am (surprisingly) just cracking them open now.

On the front, it is marked as D-Link DWL-120 11Mbps Wireless USB Adapter, on the back is FCC ID# MXF-WL280, H/W: B2, F/W: 2.25

On the bottom of the PCB, we have the following chips:

  • Atmel AT76C503AWireless LAN MAC Unit with ARM7TDMI RISC Processor
  • Atmel AT25040N4K (512 x 8) SPI Serial EEPROM
  • tmTECH T14L1024N128 x 9 High-Speed CMOS Static RAM
  • Intersil HFA3861BINDirect Sequence Spread Spectrum Baseband Processor

On the top of the PCB (under the RF shield), we have the following chips:

  • Intersil HFA3683AIN2.4GHz RF/IF Converter and Synthesizer
  • Intersil HFA3783INI/Q Modulator/Demodulator and Synthesizer
  • Intersil HFA3983IV2.4GHz Power Amplifier and Detector

I plugged it into my i386-based laptop (My x64 desktop doesn’t have drivers) and got this dmesg:

[   80.592101] usb 1-2: new full speed USB device using uhci_hcd and address 2
[   80.763204] usb 1-2: configuration #1 chosen from 1 choice
[   81.504200] cfg80211: Using static regulatory domain info
[   81.504209] cfg80211: Regulatory domain: US
[   81.504215] 	(start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
[   81.504224] 	(2402000 KHz - 2472000 KHz @ 40000 KHz), (600 mBi, 2700 mBm)
[   81.504233] 	(5170000 KHz - 5190000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
[   81.504241] 	(5190000 KHz - 5210000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
[   81.504248] 	(5210000 KHz - 5230000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
[   81.504256] 	(5230000 KHz - 5330000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
[   81.504264] 	(5735000 KHz - 5835000 KHz @ 40000 KHz), (600 mBi, 3000 mBm)
[   81.504290] cfg80211: Calling CRDA for country: US
[   81.654555] cfg80211: Regulatory domain changed to country: US
[   81.654567] 	(start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
[   81.654577] 	(2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2700 mBm)
[   81.654585] 	(5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 1700 mBm)
[   81.654593] 	(5250000 KHz - 5330000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   81.654601] 	(5490000 KHz - 5710000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   81.654609] 	(5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 3000 mBm)
[   81.912231] Atmel at76x USB Wireless LAN Driver 0.17 loading
[   81.912307] usb 1-2: firmware: requesting atmel_at76c503-i3861.bin
[   81.965349] usb 1-2: using firmware atmel_at76c503-i3861.bin (version 0.90.0-44)
[   81.967174] at76c50x-usb 1-2:1.0: downloading internal firmware
[   84.329808] usb 1-2: reset full speed USB device using uhci_hcd and address 2
[   84.477154] usb 1-2: device firmware changed
[   84.477265] usbcore: registered new interface driver at76c50x-usb
[   84.492786] usb 1-2: USB disconnect, address 2
[   84.604098] usb 1-2: new full speed USB device using uhci_hcd and address 3
[   84.781393] usb 1-2: configuration #1 chosen from 1 choice
[   84.789161] at76c50x-usb 1-2:1.0: downloading external firmware
[   85.032206] phy0: Selected rate control algorithm 'minstrel'
[   85.034924] phy0: USB 1-2:1.0, MAC 00:05:5d:f1:9d:39, firmware 0.90.0-44
[   85.034935] phy0: regulatory domain 0x00: <unknown>
[   85.383777] udev: renamed network interface wlan0 to wlan1
[   89.584738] ADDRCONF(NETDEV_UP): wlan1: link is not ready
RFIDGeek/Univelop RF500B RFID Module

RFIDGeek/Univelop RF500B RFID Module

This is the RFID Module sold by RFIDGeek/Univelop Tech. While this little module might not look like much, it IS true what they say, “Good things come in small packages”.

By wiring +5 and Ground, as well as RS232 RX and TX to the board, you can use the included program to read and write to/from MiFare cards.

The company website (RFIDGeek.com) does not do the module justice. This little ~1.35″*2.25″ RFID reader/writer module packs the following onboard:

Top Side:

  • Fudan Microelectronics FM1702NL (32-pin SOP): [PDF] Parallel or SPI Interface (Note, the higher models, FM1715NL and FM1725NL both share a common pinout, and offer increased features [see the PDF]. I wonder if the board would work with one of these instead of the FM1702…)
  • 13.56Mhz Crystal
  • Sipex SP232EEN: TTL-RS232 Converter

Bottom Side:

  • LSI 1021WI?: (8-pin SOP, bottom side of the module)
  • Unknown Microcontroller: (44-pin, ID has been shaved off)
  • 11.0592Mhz Crystal

There is space available to add pin headers to the board for each of the following: (All of these are subject to change and/or verification)

J1: Antenna Interface

  1. Ground
  2. Transmitting Antenna 1
  3. Ground
  4. Transmitting Antenna 2
  5. Ground
  6. Receiving Antenna

J2: Microcontroller Interface

  1. Control Output
  2. Buzzer Output (High)
  3. RS485 Control (Low)
  4. VCC
  5. Reset Onboard MCU (High)
  6. Ground
  7. UART Receive
  8. UART Transmit

J3: Microcontroller SPI? (For the “Module 500” Only?)

  1.  
  2.  
  3.  
  4.  
  5. SPI Clock Out from FM1702NL Pin 24

J4: RS232 I/O

  1. VCC (+5V)
  2. RS232 Receive
  3. RS232 Transmit
  4. Ground
Targus RemoteTunes for iPod

Targus RemoteTunes for iPod

This is the Targus RemoteTunes(tm) for iPod. I got it from XSCargo, where they currently have them available for CDN$9.99.

Its guts include a transmitter and receiver pair. Even considering I don’t have an iPod to use this with, for $10.. I’m not arguing.

The receiver has:

The transmitter has:

The receiver and transmitter both have some unused pins on them:

Receiver (Base):

  • J: ICSP Data 
  • C: ICSP Clock
  • V: VPP / !MCLR
  • G: Ground
  • +: 3.3V from iPod

    PIC Pins:

  1. Power (Vcc = 3.3V)
  2. ?
  3. (Something to do with the output jack)
  4. VPP (Programming Voltage) / !MCLR (Reset)
  5. Data (From HiMark Pin 8)
  6. ICSP Clock
  7. ICSP Data / Serial Transmit
  8. Ground

    HiMark Pins: (Pages 11-12 of Datasheet. Pins I especially care about are un-italicized.)

  1. Oscillator 2 (From Tunable Coil)
  2. IF filter output
  3. Comparator input A
  4. Comparator input B
  5. Comparator offset adjustment
  6. Ground
  7. Ground
  8. Data (to PIC Pin 5)
  9. Disable
  10. Comparator input C
  11. Limiter Input
  12. Limiter Feedback A
  13. Limiter Feedback B
  14. RF Amplifier Input (Virf)
  15. RF Amplifier Ground (Vee)
  16. RF Amplifier Output (Vorf) 
  17. Mixer Input
  18. Power (Vcc = 3.3V)
  19. Power (Vcc =.3.3V)
  20. Oscillator 1 (To Tunable Coil)

Transmitter (Remote):

  • J: VPP / !MCLR
  • C: Serial Programming Clock
  • Unlettered: Serial Programming Data
  • G: Ground
  • +: Batteries (6V)

    PIC Pins:

  1. Power (Batteries)
  2. ?
  3. Play/Pause Button (Center)
  4. VPP (Programming Voltage) / !MCLR (Reset)
  5. Volume Down (Bottom Left)
  6. Volume Up (Bottom Right)
  7. ?
  8. LED
  9. ?
  10. Crystal?
  11. ?
  12. Serial Programming Clock / Back Button (Top Left)
  13. Serial Programming Data / Forward (Top Right)
  14. Ground 

See also:
Apple iPod Jack Pinout – Explains the pinout and protocol for 2nd and 3rd Generation iPods.

(iPod is a trademark of Apple Computer, Inc.)