Given the name of this blog and the number of requests that I’ve had, I think it’s high time we discussed serial ports; specifically, serial ports in embedded systems.
- Serial Port Monitor
- Serial Port Sniffer Cable
- Usb Serial Port Sniffer
- Serial Port Sniffer Free
- Serial Port Sniffer Freeware
H ow do I sniff and monitor data on a serial port under Linux operating systems? You can use the following tools: a) jpnevulator – What once started as a Jackpot Navigator emulator (hence the strange name) is now a nice serial sniffer and you can use it to send data on a serial line too.
My goal here is to describe the techniques that I’ve found effective in identifying and reverse engineering embedded serial ports through the use of definitive testing and educated guesses, and without the need for expensive equipment.
- Owtap - Packet sniffer for the owserver protocol SYNOPSIS. The physical bus is usually connected to a serial or USB port, and other processes connect to owserver (1) over network sockets (tcp port). Owtap (1) is a pure Tcl/TK program and will run whereever Tcl/TK is available (Windows, Macintosh, Linux, Unix) LINKS.
- It seems like this should be easy on Linux, where the serial port is represented by a fil. Stack Overflow. Log In Sign Up; current community. Stack Overflow. How can I monitor data on a serial port in Linux? I wrote my own sniffer:). Most of the serial ports now are just USB-to-serial converters. My sniffer collects data from USB.
- My dell dimension 8400 has a serial port on the back. I want to use minicom to interface the serial port on this computer with Ubuntu installed. How to find serial port. Ask Question 5. My dell dimension 8400 has a serial port on the back. I want to use minicom to interface the serial port on this computer with Ubuntu installed.
Serial ports are extremely useful to embedded developers, who commonly use them for:
- Accessing the boot loader
- Observing boot and debug messages
- Interacting with the system via a shell
Needless to say, this functionality is also useful to hackers, so finding a serial port on an embedded device can be very advantageous. As a case study, we’ll be examining the PCB of a Westell 9100EM FiOS router for possible serial ports:
Now, these aren’t your dad’s RS-232 serial ports that we’re looking for; these are Universal Asynchronous Receiver Transmitters (UARTs), commonly found in embedded devices. Although protocol compatible, RS-232 and UART are not voltage compatible (from here on out I will use the terms “UART” and “serial port” interchangeably). UARTs most commonly operate at 3.3 volts, but can also be found operating at other standard voltages (5, 1.8, etc).
Unfortunately there aren’t any industry standardized UART pin outs, and manufacturers don’t often go around advertising or documenting their debug interfaces, so we’ll need to do a bit of work in order to interface with these serial ports. Specifically, we need to reverse engineer both the hardware interface and the software protocol settings.
Let’s start with the hardware interface first. For this, you’ll need a multimeter and a pair of eyeballs (or even one will do just fine). Yes, oscilloscopes and logic analyzers are useful and sometimes necessary, but 99% of the time a trusty multimeter and a bit of knowledge is all you need.
The first step is to try to identify potential candidates for serial port headers. Most serial port headers have at a minimum four pins:
- Vcc
- Ground
- Transmit
- Receive
![Sniffer Sniffer](/uploads/1/3/3/2/133276495/741769418.png)
Typically you’ll want to look for a single row of 4-6 pins, although this is not a hard and fast rule and they can come in any pin configuration the manufacturer has decided on.
On our 9100EM PCB we find two possible candidates, labeled P1402 and P1404:
Possible serial port headers
Sometimes you won’t have a nicely broken out set of pins like this, and you’ll have to examine test points on the board; usually starting with test points closest to the SoC is a good idea. Here is an example of a serial port exposed via test points on a different board, the WL530G:
In either case the process of pin identification is the same, but usually takes longer if there is no header since there will likely be more than 4 test points on the board that you will need to examine.
At this point either P1402 or P1404 could be serial port headers. Or they could both be serial port headers. Or neither could be a serial port header. So we’ll examine the pins on each header individually to try to gain some insight.
First, let’s visibly inspect the pins. We’ll start by taking a look at P1402:
P1402 top
On the top layer of the PCB the right most pin is labeled as pin “1”. This is not terribly important, but it gives a common frame of reference when describing the pin numbers.
On the bottom of the PCB we see that pin 3 has four traces in a crosshair pattern that connect it to the surrounding ground plane. This easily identifies pin 3 as ground.
Pins 2 and 4 have thin traces connected to them, while pin 1 is connected to a fatter trace. Wide traces are typically used for supplying power, while narrow traces are usually used for signal traces. This suggests that pin 1 is Vcc and pins 2 and 4 are potentially transmit and receive (although we don’t yet know which is which).
Let’s take a look at the P1404 header now:
P1404 top
Here, the left most pin is marked as pin 1. Again, we see that pin 3 is connected to ground on the bottom layer of the PCB. Pin 4 also has a thin trace connected to it, so it could be a transmit or receive pin. Douwload ebook herry potter jar.
The other two pins of P1404 however have no visible traces connected to them on either the top or bottom layers of the PCB. It could be that they aren’t connected to anything, but more likely their traces are connected on one of the inner layers of the PCB that we can’t see. Time to break out the multimeter.
A continuity test introduces a small current into the circuit; if enough current passes from one probe to the other (i.e., there is sufficiently little resistance), the multimeter will emit an audible tone indicating that the points that the probes are touching are electrically connected.
The first thing we want to do is perform a continuity test between ground and all the pins on each of the headers using the multimeter. This will tell us which pins are connected directly to ground. We’ll start with P1402.
Metal shielding is a convenient ground point to use for testing. Placing one probe on a shield and touching the other to pin 3, the multimeter emits a continuous audible tone, indicating that pin 3 is connected to ground as we previously observed:
Continuity test between pin 3 and ground
Performing the same test against pins 2 and 4 results in no audible tone, so we know those pins aren’t grounded.
The same continuity tests for P1404’s pins 2, 3 and 4 produce the same results. Thus we know that for both P1402 and P1404 pin 3 is grounded and pins 2 and 4 are not.
Vcc is less important to identify since we don’t actually need to connect anything to it, but locating the Vcc pin is a good exercise and is useful in eliminating the Vcc pin as a possible candidate for transmit or receive.
Based on the trace widths, we suspect that pin 1 is Vcc; measuring the voltage on pin 1 when the board is powered on appears to confirm this:
A steady voltage reading on P1402 pin 1
The same voltage readings hold true for P1404’s pin 1 as well, suggesting that both P1402 and P1404 have pin 1 tied to Vcc.
Another method of identifying Vcc is to perform a continuity test between ground and the suspected Vcc pin. Although it may first appear counter intuitive, this will commonly result in a very short beep (though not a continuous tone).
What happens with the Vcc continuity test is that there is usually a filter capacitor connected between the Vcc pin and ground. This is done to eliminate any possible noise in the power lines on the PCB, and such filter capacitors are used liberally in any well designed board. Due to the nature of how capacitors work, they will “pass” a direct current very briefly until they are charged to capacity, at which point they will cease “passing” direct current and will “block” direct current, resulting in the short beep observed during the continuity test (it is worth nothing that current doesn’t actually pass through a capacitor, although it appears that way to an outside observer).
Although it doesn’t always work, the continuity test is a more conclusive method of determining Vcc than simply measuring the voltage on each pin, as any number of pins could all read the same voltage. Note that you will also need a multimeter with a rather responsive continuity tester in order to perform this test properly; cheaper ones can take up to a second or more before they are triggered, at which point the capacitor has already been charged. Most multimeters in the $100 range should suffice.
The transmit pin is fairly easy to identify provided that the serial port is active and is transmitting data (and if it’s not, this entire effort will likely be futile anyway). https://yellowjb835.weebly.com/blog/car-camcorder-gs8000l-manual-pdf. The transmit pin on the board will be pulled high to the same voltage as Vcc (typically 3.3 volts). As it transmits bits of data, the voltage will drop to 0 volts (to send a “space”), then back to 3.3 volts (to send a “mark”). When reading a changing DC voltage, digital multimeters will end up displaying an average of the sampled voltage; this means that the average voltage – and thus, the voltage displayed on the multimeter – will briefly dip down during bursts of activity on the transmit pin.
The most activity on the transmit pin typically occurs during system boot up when all the boot information from the bootloader/kernel/system is being printed to the serial port. By monitoring pins 2 and 4 during boot, we should be able to easily identify which of them is the transmit pin. Let’s try header P1402 first:
Measuring voltage on P1402 pin 4
The voltage readings for both pins 2 and 4 on header P1402 are a steady 3.3 volts with no fluctuations:
This is not encouraging, so let’s move on to the P1404 header. We’ll start with pin 2:
Measuring voltage on P1404 pin 2
The voltage reading on pin 2 hovers around 40 millivolts for the first few seconds, then it jumps to a steady 2.3 volts:
Final voltage reading for P1404 pin 2
Let’s check pin 4 next:
The voltage reading for pin 4 is a steady 3.3 volts for the first few seconds:
Initial voltage reading for P1404 pin 4
Then suddenly we begin seeing rapid but substantial changes to the voltage on pin 4:
P1404 pin 4 voltage rising back up to 3.2 volts
P1404 pin 4 voltage dropping back down to 2.3 volts
There is definitely some activity on P1404’s pin 4, indicating that it is in fact an active data pin and likely the transmit pin of a serial port.
Although this is an effective method of identifying the transmit pin, it is worth noting that if the serial port only transmits a small amount of data, the voltage fluctuations will be too brief for the multimeter to register and you will need an oscilloscope or logic analyzer to capture the data activity on the transmit pin. This is rare however; usually there is ample data sent out on the serial port for this method to work.
Definitively identifying the receive pin is the most difficult, as it has no truly unique defining characteristics. I have observed various voltages for the receive pin from one system to the next, including:
- Pulled high to the same voltage as Vcc
- Pulled high to a voltage a few hundred millivolts lower than that of Vcc
- Left “floating”, wildly fluctuating around a few hundred millivolts
- Left “floating” for a few seconds and then pulled high when the serial port is initialized
Since we have only one unknown pin left on both headers and we know that only P1404 is active, by process of elimination we can assume that pin 4 on P1404 is the receive pin. However, sometimes it just comes down to connecting a serial adapter to all possible receive pins individually, pressing a few keys in minicom (or your terminal emulator of choice) and seeing what happens. Speaking of connecting our serial adapter, let’s do just that.
Inexpensive USB to UART adapters are readily available and are supported by default on Linux – they just show up as a standard USB serial port and can be used with minicom, python, etc. We will need to connect our UART adapter to the serial port in the following manner:
- The adapter’s ground pin must be connected to the serial port’s ground pin
- The adapter’s transmit pin must be connected to the serial port’s receive pin
- The adapter’s receive pin must be connected to the serial port’s transmit pin
The easiest method of accomplishing this is to cut a breakaway header to size and solder it in to P1404:
And use some male-to-female jumpers to connect the appropriate pins between the serial port and the adapter:
UART adapter wired to P1404
With our hardware in place, we’re ready to start checking the serial port’s protocol settings. Serial ports can have a variety of settings, and we need to know all of them in order to communicate with the serial port:
- What is the baud rate?
- How many data bits are used?
- How many parity bits are used?
- How many stop bits are used?
Luckily, the de facto standard is to use 8 data bits, no parity bits and 1 stop bit (abbreviated as “8N1”), so that only leaves the baud rate unknown. Trial and error is the fastest and easiest method for identifying the baud rate. Since serial ports are typically used to display debug information (i.e., they transmit ASCII data), and there are only a small number of possible baud rates, it is practical to cycle through all possible baud rates until intelligible data is observed.
Or, at least that’s the way it works in theory. In practice all of the terminal emulation programs that I’ve used make it cumbersome to change the baud rate on the fly, if they even support doing so at all. To address this, I wrote a tool called baudrate that attempts to auto detect the baud rate of an actively transmitting serial port (you can also manually cycle through each baud rate if you prefer). Once finished, it saves out a minicom compatible configuration file and optionally fires up minicom for you.
With our UART adapter connected, let’s run baudrate (I’m using manual mode for demonstration purposes, but the auto-detection feature works like a charm here as well):
We can change the baud rate to the next higher/lower baud rate by pressing the up/down arrow keys respectively:
OK, now let’s turn on the 9100EM and see what happens:
It looks like the first baud rate we tried, 115200, is correct (this is not surprising as 115200 is one of the more common baud rates used in practice). Pressing Ctl+C we can stop the capture and save the settings to a minicom config file, in this case I just named it ‘9100em’:
Now we can run minicom:
And see what we get:
Some serial ports require a login, others don’t. In this case the login was just the administrator user name and password for the device, which drops us to a custom command line shell with which we can manage the router. Based on the output from ‘help‘, the ‘system shell’ command should provide a root shell, which it does:
That’s it! Using just a multimeter and some free software we have logically identified the serial port’s physical interface, discovered its baud rate and gotten a shell with which we can further interrogate the system.
Serial Communication in Java with Raspberry Pi and RXTX
Serial communication is one of the ancient technologies in computing that is still relevant today. Its origins date back to the 1960’s when serial communication was used between teletypewriters and modems. Today, serial interfaces can be found inside myriads of embedded systems where they transfer data between different components. A serial interface is also a common way to connect a PC to an embedded system. Application scenarios include firmware update, logging/debugging, data streaming and many more. In an earlier post I introduced the Raspberry Pi as a great platform for tinkering. This post provides a short introduction in UART (Universal Asynchronous Receiver Transmitter), the basic form of serial interface. Some examples illustrate how you can set up serial connections with your Pi and how to implement them in your Java applications by using the RXTX library.
History
One of the first applications for serial data communication was the connection between teletypewriters and modems. The teletypewriter sent out each key press as a character to a modem which then transmitted it further as serial bits via a telephone line. Nhl eastside hockey manager 2013 free download. This legacy remains in the name of serial interfaces on Unix systems:
Teletypewriter => TTY =>
Teletypewriters used a specific bit representation for each character known as the Baudot code. It is named after its inventor Jean-Maurice-Émile Baudot (1845 – 1903), a french telegraph engineer. The symbol rate of serial links is still measured today in Baud.
Teletypewriter => TTY =>
/dev/ttyS0
or /dev/ttyUSB0
as the device name on Unix based systems.Teletypewriters used a specific bit representation for each character known as the Baudot code. It is named after its inventor Jean-Maurice-Émile Baudot (1845 – 1903), a french telegraph engineer. The symbol rate of serial links is still measured today in Baud.
Recent PC models usually don’t have a serial port (RS-232) any more. These ports have been replaced by USB (Universal Serial Bus) to connect peripherals to a PC. Nevertheless there is a solution available in the form of a USB to UART bridge. Such adaptors come in the form of a small PCB (Printed Circuit Board) or a completely integrated USB cable. This cables are often referred to as FTDI cable, named after the FTDI chip used for the USB to UART conversion.
Hardware
A serial link over UART consists of two connections for the transfer of single bits. Each connection transmits bits in only one direction from the TX (transmit) pin of one end point to the RX (receive) pin of the other end point. Both connections can be used at the same time (full duplex), in alternating order (half duplex) or stand-alone (simplex). On both ends, UART uses a shift register to translate between the serial bits on the link and a data byte in the endpoint. UART also defines further signals for flow control but these are not mandatory and are sometimes omitted in simple applications. In the following examples the flow control signals are not used.
Now, let’s get our hands on some real UART hardware. As an example we will connect a Raspberry Pi to a Linux PC via two kinds of serial link.
- A plain FTDI USB adaptor:
PC <-USB cable-> FTDI PCB <-simple wires-> Raspberry Pi - A transparent wireless serial link. Each end of the link consists of an open hardware modem with an integrated FTDI chip:
PC <-USB cable-> modem 1 <-433MHz wireless link-> modem 2 <-simple wires-> Raspberry Pi
Method 1: Plain FTDI
Serial Port Monitor
The most simple connection to the serial port of the Raspberry Pi is made through an FTDI adaptor. Only three pins have to be connected: RX, TX and ground (GND). The range of such a connection is limited by the length of the USB cable. It is robust and easy to set up. Just connect the RX pin of the Raspi to the pin labeled TX on the FTDI PCB, the TX pin of the Raspi to the RX pin on the FTDI PCB, and the GND pins as depicted on the image to the right.
Method 2: Transparent wireless serial connection
A more sophisticated way to connect to the Raspi’s UART is to use 3DR Radio Telemetry Kit. It provides a transparent wireless UART connection and is as easy to set up as the plain FTDI cable. Its advantages are flexibility and a much higher range than the usual wireless connections like WLAN and Bluetooth. As the modem on the side of the Raspberry Pi needs to be powered, we have to connect the 5V pin in addition to the pins used in Method 1.
Serial Port Sniffer Cable
Software
Before you can write your own software to use the serial connection to the Raspberry Pi, let’s prepare and check if everything works as expected by using some standard tools. On the Linux PC you can use GtkTerm (
apt-get install gtkterm
) as a simple terminal to watch the kernel debug messages sent by the Raspberry Pi while it is booting.
- Connect the PC with your Raspi as explained in Method 1.
- Start gtkterm and configure the serial port:
- Now start the Raspberry Pi. You should see something like this:
The modems used for the transparent wireless serial connection are configured to 57600 baud by default. You can either reconfigure the wireless modems by using AT-commands or switch the Raspberry Pi to 57600 baud. For the latter edit the following two files on the Pi:
In
In
and replace 115200 with 57600.
You also have to switch the port settings in GtkTerm to 57600. After a restart, the Raspberry Pi should talk to you via the wireless serial link.
In
/boot/cmdline.txt
change all occurrences of 115200 to 57600.In
/etc/inittab
search for the lines#Spawn a getty on Raspberry Pi serial line
T0:23:respawn:/sbin/getty -L ttyAMA0 115200 vt100
and replace 115200 with 57600.
You also have to switch the port settings in GtkTerm to 57600. After a restart, the Raspberry Pi should talk to you via the wireless serial link.
Java and RXTX
Usb Serial Port Sniffer
Instead of using a terminal program, writing your own application provides much more flexibility when using the serial connection. The RXTX library is just the right tool if you want to use the Java language.
You can install RXTX on your Debian/Ubuntu PC like this:
$ sudo apt-get install librxtx-java
Serial Port Sniffer Free
The following example application forwards all input from standard input to the serial port and vice versa. It is a slightly modified version of a similar example from the RXTX wiki. If you start the example in your favourite graphical terminal, you can even use it to log into the Raspberry Pi and use the command line!
Serial Port Sniffer Freeware
Compile and run the example like this:
For further background on RXTX, there is a nice chapter in the Wiki book on “Serial Programming”.
$ javac -cp /usr/share/java/RXTXcomm.jar:. TwoWaySerialComm.java
$ java -Djava.library.path=/usr/lib/jni -cp /usr/share/java/RXTXcomm.jar:. TwoWaySerialComm
For further background on RXTX, there is a nice chapter in the Wiki book on “Serial Programming”.
Conclusion
Serial communication over UART is still a widely used technology. The Raspberry Pi is a nice example of the typical use case for this kind of communication where a PC exchanges data with an embedded system for debugging purposes. The RXTX library enables access to serial interfaces in Java applications. It allows the implementation of arbitrary serial protocols and can be used at both ends of the serial link. This post demonstrated a simple example to read output from the Raspberry Pi and send commands to it. Stay tuned to learn how to use RXTX on the Raspberry Pi itself and how to use serial communication with the Pi from within Android.