DIR-818LW Hardware

After cracked open the casing by unscrewing the 3 screws at the bottom (under the rubber anti-skid pads) and 2 screws at the top (under the adhesive plastic ring) and removing the antennas by cutting through the hot glue, the whole PCB is out.

There is only one place which got un-populated header (JP1), so I soldered a header on it:

There are two pull-up resistors on the unknown lines, which are 4.7K and 9.9K(Probably 10K) measured. My first thought is those are for the I²C, as 4.7K is always a good value for I²C pull-ups. But why the hell they put I²C on a header along with the power line? But IF those where UART, why they put pull-up resistors?

To really find out what are those lines, I have hook them up to my logic analyzer:

I have started the capture and turned the router on and I got this:

At this point, I am pretty sure it's UART as CH1 got nothing since power on, It's impossible for an I²C bus to only have SDA activities and no SCL activity or only have SCL activities and no SDA activity. So, it's definitely CH0 is Tx and CH1 is Rx for RTL8881AB.

Next, I am going to guess the baud rate. Fortunately, Saleae Logic got a UART analyzer:

 

Now, I just have to go through the common bit rates (Hope they use a standard bit rate...).

Finally, at 38400bps...: PROFIT!

I got some readable text and I am sure I got the right bit rate!
CLK_SEL=0x00000004,DIV=0x00000000

Now, I can explore the stock firmware of the router :D

Last but not least, let's go through some of the hardware on the router:
The PCB construction is 4 layer, with top and bottom filled with ground plane.

Front:

Back:

Power section (left hand side of the front):

5GHz RF section:

Note that the marking of the RF Frontend IC is:

SKY11
85703
526YV

The last line should be date code, where the first line SKY should be stands for Skyworks Solutions, Inc.

And that's it! I am gonna start playing with the UART!

Hacking DIR-818LW (with RTL8881AB) with openwrt

[Click to see all post about my openwrt hacking on DIR-818LW]

Today, I have got myself a D-Link DIR-818LW (rubbish bin looked alike) router, with hardware revision B1. According to the internal photos found on FCC and information found on wikidev, it uses RTL8881AB as its SoC (with Lexra RLX5281 CPU which also found here) which includes 802.11ac. Another chip onboard RTL8192ER have provided 802.11bgn 2T2R (there are two antennas for 11n and 1 antenna for ac), and RTL8367RB for Gigabit switch.

I was hoping to install openwrt on this router, as the original firmware does not provide wifi bridge/repeater functionallity. A bit of Google search found this, which got an openwrt image for RTL8881AB and RTL8367RB.

Also, there are source code for D-Link stock firmware too! (HUGE Thanks to GPL!)
Original Firmware (v2.05b1):
ftp://ftp.dlink.eu/Products/dir/dir-818lw/driver_software/DIR-818LW_REVB_FIRMWARE_PATCH_2.05.B01.ZIP

GPL source code (v2.03b1, older than the released firmware a bit):
https://dlink-gpl.s3.amazonaws.com/GPL1400446/DIR818LW_GPL203_Readme.txt (md5: 9535d6e47e9c955f97a8cc967d41f30f)
https://dlink-gpl.s3.amazonaws.com/GPL1400446/DIR818LW_GPL203b01.tar.gz (md5: 0c9714c9da99c9c535274423de8de678)

Note that Lexra toolchains were included into the GPL source code package!

Now, I am gonna explore the hardware and I will update more :)

Weird "AT%IPSYS?" and "AT+CGMR" when playing with ESP8266

These few days when i am playing with my ESP8266 on Ubuntu, using a PIC32 MIPS configured as USB UART pass-through (USB UART Tx => EPS8266 Rx, and vice versa).

The problem appeared when i reset my development board, there are some weird AT commands sent out to the ESP8266 which is not programmed in my PIC32. I have also not typed any AT commands on minicom (or screen) terminal and these AT commands just came out from nowhere.

Here is some of the possible weird AT commands that sent out to my serial port (and hence to ESP8266):

AT%IPSYS?
AT+CGMR
AT

After some searching on the internet, i have found a bug report (and it's the only search result related on Google) regarding "AT%IPSYS?" on "ModemManager". At this point, I knew that weird output command were coming out from my Ubuntu!

I think the reasons of the existence of the problem might be "ModemManager" thinks my serial port, which literally connected directly to ESP8266 is an AT modem. It also responds to the "AT" command which returns "OK\r\n" afterwards. After removing "ModemManager" from my Ubuntu machine by issuing:

sudo apt-get purge modemmanager

, this issue had gone away!

TL431 Constant Current LED Driver with control

Just want to share a constant current led driver using TL431. It uses 12V for power supply, and you can assert LOW to turn on the driver, HIGH to turn off the driver.