/RealTermBusPirateSniff

Bus Pirate SPI sniffer using RealTerm for highspeed transfer

Primary LanguageVisual BasicMIT LicenseMIT

RealTerm BusPirate Sniff

Applies faster baud rate to real term and launches bus pirate SPI sniffer.

Introduction

The Bus Pirate has at least three other out-of-the-box methods of sniffing SPI data from a Master and Slave communication:

I believe the fastest of these may be the sniffer utility. I used BusPirate.SPIsniffer.v0.3 application with a version 3.0 Spark Fun Bus Pirate Clone to sniff the SPI data between a microcontroller and a BK2421 tranceiver slave device from an MJX RC helicopter. This was fine to grab the initialisation sequence but the 115200 baud FTDI USB link to the laptop could not keep up long after that. I was able to interpret the hex code grabbed using my own parser - see my GitHub project at ParseSPI.

For higher speed comms, I discovered the solution had been found on this post:Using Bus Pirate with SPI Sniffer. Armed with this, the Bus Pirate SPI API and the Real Term help file, iwas able to develop this small console program in visual basic (VS2010) to automate the process of receiving the sniffed data at 800000 baud.

Installation

I will never include executables in my github repositories so if you find one there - beware.

This project was compiled with Visual Studio 2010 but there should be no reason why it cannot be compiled with Visual Studio Community 2013. Once you have installed Visual Studio, open the .sln project file and rebuild. Install RealTerm from here with all the recommended service registrations (I don't understand how these work but they allow RealTerm to be included as an activeX component in the visual studio project). The installer I used was named Realterm_2.0.0.70_Signed_Wrapper_setup.exe

Usage

The compiled executable can found in the debug directory and can be run with an optional path for the captured data followed by an optional virtual com port number.

e.g. RealTermBusPirateSniff.exe C:\Users\home\Documents\bp1.txt 4

The default is to save it to the executable directory as bp.txt.

The default com port is COM9, but this is just the port that bus pirate was given when I first used it.

After some issues with a faulty USB cable, the port changed to COM5 as could be seen in the Device Manager.

The program will open an instance of RealTerm (assuming it has been registered as an ActiveX control as per the installation process) and will attempt to open the bus pirated at Com9 (or your selected Com port).

If all goes well, the Real Term application will establish contact with the bus pirate, renegotiate baud rate from 115200 up to 800000 baud and then prepare the bus pirate for SPI sniffing.

For sniffing the master and slave systems using the Bus Pirate, I have 3K9 resistors on the inputs to the Bus Pirate.

Even with this protection, and though it should be safe to do otherwise anyhow, I do not power the master and slave system until this stage is reached.

.

Note:I also use 3K9 resistors in the all the connected lines to attempt to protect the devices from output mismatches.

At this stage it is possible to make further configeration changes directly in the RealTerm gui if required. Otherwise return to the RealTermBusPirateSniff console.

Once the system is ready to sniff, press any key to commence sniffing and once more to stop.

The program should then restore to Bus Pirate to it's original state and close the program.

If things go belly up and the Bus Pirate is left in the higher baud rate mode, running my program again will still reach a position ready for capture.

You will notice that the data is prefixed with hex 01, but otherwise follows the raw hex protocol with 0xHB to start a packet, 0xHD to end a packet, and 0xHC to start each Master and Slave data pairs.

I have not found a way to tell how much data that RealTerm has downloaded until I stop the capture - if anyone knows please let me know.