Logic Sniffer

From YobiWiki
Jump to navigation Jump to search

Description

I'm talking about this beast

Installation

My udev rules

I added a /dev/OpenLogicSniffer symlink by following this page:

#File /etc/udev/rules.d/77-ols.rules
#Rules for Openbench Logix Snifferslogic. Creates a nice link to the ols
ATTRS{idVendor}=="04d8" ATTRS{idProduct}=="fc92" MODE="0666" SYMLINK+="OpenLogicSniffer"

If you've problems with modem-manager trying to access the device (as seen in /var/log/syslog), you can add the following rule:

ATTRS{idVendor}=="04d8" ATTRS{idProduct}=="fc92" ENV{ID_MM_DEVICE_IGNORE}="1"

Firmware upgrade

Get tools from here

  • PIC upgrader
    • fw_update
  • FPGA upgrader
    • ols-loader

Howto: see here

svn checkout --username anonymous http://gadgetforge.gadgetfactory.net/svn/butterflylogic//trunk/package/OLS_Upgrader
mv fw_update OLS_Upgrader
mv ols-loader OLS_Upgrader
cd OLS_Upgrader
wget http://kormus.cz/data/OLS_Upgrader.patch
patch -p0 < OLS_Upgrader.patch
chmod +x OLS_Upgrader.sh
sudo aptitude install dialog
./OLS_Upgrader.sh

Note there is a typo in the script: to enter PIC programming mode, you need a jumper between PGC & PGD on the ICSP header & press reset.
Jumper doesn't need to be present all the time, you just need to shortcut PGC & PGD during reset (easier if you didn't solder a header on it)

Software

I tried this fork: http://www.lxtreme.nl/ols/ which is the official client for this board
and changed a bit the run.sh script to handle it through symlink :

if [ -h $0 ]; then
    DIR=$(dirname "$(readlink $0)")
    cd "$DIR"
    BASEDIR=.
else
    BASEDIR=$(dirname -- "${0}")
fi
  • Make sure that the Device is set to "OpenBench Logic Sniffer".
  • Click the capture button and type in your OLS port path in the "Analyzer port" field (i.e. /dev/OpenLogicSniffer if you installed it as I did). Leave the other settings at their default value for now and click "Capture".

Usage

See 101 and 102 tutos

  • Number scheme inside/outside in SUMP client refers to number scheme printed on PCB
    • Default: inside: pin0 is at opposite of RESET button, on buffered probe header (up to 5V)
  • External clock source in SUMP: through the CKI header (see the 4 holes in the middle of the PCB)
  • Limits:
    • 5V on buffered probe header / 3.3V on unbuffered wing header
    • 200MHz with 2 groups, no noise filter
    • 1 group: 24K / 2 groups: 12K / 4 groups: 6K
    • RLE (compression): 4 groups only (v2.12) / all (v2.11).
  • Trigger before/after ration: samples before/after the trigger
  • RLE
    • Problem of never ending if no changes occur
    • Better to ground the unused probes of one group to not loose space recording noise

Test on Smartcard <> Terminal communication

Trying to sniff a T=0 communication:

  • channel 0: CLK (actually at the sampling rate given below we're largely undersampling the clock which is about 1MHz)
  • channel 1: RST
  • channel 2: I/O

All signals are low before card is inserted
I/O is high when idle
We sample @ 200kHz and trig on the RST signal

  • 3/97
  • complex
  • Stage1
    • Immediately, //
    • Mask vv.
    • Value v.. (RST down, IO up idle)
  • Stage2
    • On level1, //
    • Mask vv.
    • Value vv. (RST up, IO up idle)
    • Action: start capture

We have nicely all the ATR in one window
Trying Tools / UART analyzer

  • Set Rx on channel 2
  • 8E1, invert

=> all got wrong :-(

I also tried serial trigger but I don't understand how it considers baudrate and of course it doesn't work

Misc

  • Could we disable/GND unused probes of a group to save space in RLE mode?
  • Could we stop properly capture in RLE mode if there is no data anymore?
  • Support idle high in UART decoder?
  • There is now a daughter board to have buffered input on the other 16 channels too