mungewell

I checked out the datasheet for the PIC16F833 (on www.microchip.com).

The pinout for the 28pin SSOP gives the SSI interface on:
pin 14 - SCLK/SCL
pin 15 - SDI/SDA
pin 16 - SDO

And the UART on:
pin 17 - TX/CK
pin 18 - RX/DT

Tracing the tracks from the J1 header should easily tell you which one they are using for the comms link.

The device supports ISP (in-circuit programming via JP1 header?) on:
pin 24 - PGM
pin 27 - ICSPCLK
pin 28 - ICSPDAT
pin 1 - _MLCR/VPP

Have fun,
Mungewell.

MP3Car.com

 

c0nsumer

Ah, you're implying that one could then use that to have the controller do other things... That makes sense. There is also AutoHotKey which is a bit more affordable. I didn't compare features particularly closely, though.

That said, I'm not too interested in said automation myself, just the hacking of the device.

-Steve

Defiler

Holy crap the price for Girder has gone through the roof!?!!??! I still have the last ver. that was free. Ahh the good 'ol days.

Anyway, girder has an area in their app that will sniff out inputs and then you can apply that to what ever key you want. An easy way, for now, to get to point B.

__________________
/////Alpine PXA-H700
/////Alpine MRV-F345
Aura MR62 (F and R)
Sansa Clip
All wires by Knukonceptz.
My Current MP3s
IamDefiler.com
Still have tons of parts for sale!!!
Looking to sell my Alpine PXA-H700 setup

mungewell

Good job Steve, any chance of a photo of the reverse (keypad) side?


The PS2 protocol is quite simple, basically is sends serial data (scan codes) when the a key is pressed/released whilst the host is not sending. The host sends data to set LEDs status and request settings/reset keyboard etc. The other note is that the keyboard sends a 'AA' packet when first powered.

If the PIC is wired with the SSI interface connected, it should just require reprograming the PIC (via JP1?) to get it operating as a normal PS2 keyboard.

Mungewell.

thermoptic

Welcome. Thanks for the high quality teardown photos.


I was hoping you would have knocked this out by now. PS/2 or USB would work for me.

thermoptic

If c0nsumer has nothing on hand, I should be able to post some pics next weekend.

Snortonnorton

ok smart people. what can we do to help get this done?

CrazyIvan

Hi all,

Great site you have here. Has anyone sniffed the PC to wireless gaming receiver USB connection (or just the direct controller USB connection if not using wireless) to see if the keystrokes are obfuscated at all? Even if they aren't ascii or PS2, as long as the same code is sent as USB data for the same key each time it is pressed we are off to the races.

I'm not a car PC guy but I'd love to use a chatpad with my whole house HTPC remote control

Cheers,
CrazyIvan

c0nsumer

Oh, sorry. I forgot to check the thread for a while...

What sort of photos are you looking for? If its the keypad side of the PCB, sorry. The keypad is held to the PCB with some adhesive, and since I want to use the keypad still, I'm hesitant to pull off the adhesive. If there are others you are looking for, I can dig them up.

I didn't actually do much of an analysis of the board, I just pulled it open to see how it works, grabbed some photos, then put it back together and used it.

If I get bored / have time this weekend I might give a go at grabbing some data from the controller. It should be pretty straightforward. I've also now got some kit which will just snag serial data, so I'll see what I can get out of the board. I've got some other electronics work to do this weekend (stuff that will pay bills), but I should have time to noodle with this as well.

Personally, I'd (if possible) write a translator to take whatever the chatpad spits out and make it PS2, that way you don't have to write something to scan the keyboard. Actually, if the data coming out of the chatpad is as simple as I suspect it is, I could probably bang this together myself...

ioi8

I have just read through pages 1-8 of this thread. I might have a solution to your problems.

Uart stands for Universal Asynchronous Receive and Transmit. It is TTL logic for +5v for high and 0v for low. It is a serial interface.

Did you guys know that UART and the serial interface for the pc are exactly the same? Except you need to do voltage conversion using a max32 chip. You need to convert the +5v high to +10v and the 0v low to -10v. Then just plug the data lines into your serial port and viola.

Also, there are already converters made with drivers for convertering between spi, uart, and i2c all to usb. The links are below.

http://www.totalphase.com/products/aardvark/i2cspi/
http://www.ftdichip.com/Products/Eva...its/MM232R.htm

Those above links can the serial-usb translation inside the housing. But this next link might be exactly what your looking for. A serial to usb cord.

http://www.ftdichip.com/Products/Eva...s/TTL-232R.htm

Also, if you want to be ambitious, they make wireless ttl uart modules.

http://www.rfsolutions.co.uk/acatalo...ee_Module.html
http://www.rfsolutions.co.uk/acatalo...SB_Dongle.html

This way, you can add a battery pack and use the keyboard wirelessly by itself. Then use the usb dongle to decode the signal and translate that into commands. I hope this info i have shown you help you guys.

ioi8

Ok, that cord that i showed in the last post? Either mod it or make an adapter for a 4 contact jack. Below is the picture of what i mean.



All you have to do is mod that cord or create a jack at the end. Uart is only a 4 wire interface. You dont need to use the RTS or CLS lines. But you do have to either set them to ground or power, i forget which.

But im pretty sure it will work like this. However, this will handle the hardware problem. There still needs for a driver to be written. But with so many usb keyboards, i dont see that being a problem.

thermoptic

Well, I broke down and purchased a chatpad and controller. Disassembly was a breeze with c0nsumer's photos. This morning I traced the J1 connector signals to the PIC 16F883. The good news is that the I/O connection is using the UART TX/RX lines.

The UART link appears to use 115200 8-N-1. There is a NULL character handshake sequence with some data exchange. I see this at connect and disconnect. I could be off on the link settings. Keep in mind that I am connected to a PC and not an XBOX, so the controller is not activating the chatpad. c0nsumer or someone else with a TTL serial analyzer should be able to sniff the link on an XBOX-connected controller. The J1 surface mount pins are large enough for micro test clip connections, so no soldering required.

Once we get the init sequence and decode the keycode protocol this will be a snap! I have two candidates for the UART-to-USB HID host side translation. I have included I/O information and partial BOM reference information below. I am guessing on U2, mainly from diode drop readings. I briefly reviewed the LED backlight circuitry. The U5 part has a "AUH" laser marking but I was unable to decipher the part. Not really an issue since I plan to interface at J1.

Parts
(Q3, Q5, Q6, Q7) PMBT2222A NPN Transistor SOT23 (W1P Marking):
http://www.nxp.com/acrobat_download/...22_2222A_5.pdf

(U2) BAV99DW Switching Diode Array SOT363 (JG Marking):
http://www.diodes.com/datasheets/ds30145.pdf

SMD Marking Decoders
http://www.tkb-4u.com/code/smdcode/
http://lab.artematrix.org/papers/SMD_codes.pdf (PDF Version)

Package Types
http://www.infineon.com/cms/en/produ...ed_Devices/SOT

Attached Images

  

thermoptic

You will need a hardware USB protocol monitor to snoop the USB connection on a controller connected to the XBOX 360. I don't think you will get much from the link on the PC side. I could be wrong here as I don't know much about USB driver programming (yet ) . If we compare the USBView readings with and without the chatpad connected, would this give us more insight into the interface? I will investigate more when I get some time.

It looks like we roll our own interface now and wait for Mircosoft to get off their duff and release a PC driver. Maybe end of next year? They could release interface specs and host the driver development as an open source project on CodePlex (http://www.codeplex.com/). Maybe they would have to divulge too much? Definitely not Microsoft's style.

thermoptic

I think the XBOX 360 host side queries the controller for devices. If present, then the chatpad is initialized (i.e. backlight illuminates) and key strokes are processed. For the PC side, the host side doesn't instruct the controller to initialize the chatpad and it is ignored. I suppose it depends on the level of controller intelligence. Is host-side initialization required before keystroke codes are sent to the PC?

Any seasoned USB driver developers in here? What's your take?

c0nsumer

Nice work. I'm glad to see someone else actually digging into things. It's convenient that the work I'm doing right now (not on this project) just happens to be a serial data level converter for communicating with some specialized machinery. I've got a toolchain already in place to do bidirectional serial decoding with a very hacked together decoder. I just use a MAX232 (clone), two serial ports on my PC, and some freeware serial port monitoring software.

How much would you like to bet we'll just see the chatpad spitting out unicode strings?

MP3Car.com