me verify that the complete design looked and worked as
desired. Each board took about one hour to assemble.
The total BOM cost per unit was $10.72, not including
taxes or shipping. The largest line items were the PCB
fabrication, manufacturing, assembly, and testing at $3.88
and the microprocessor at $1.95. What I thought would
be the hardest part of the project (the engineering) was
completed with relatively few mishaps.
Badge Functionality
The DEFCON 16 badge packed in lots of functionality
using minimal components. A single pushbutton switch
serves as the user interface to cycle through the badge's
three operating states: Receive file; Transmit file (or
TV-B-Gone if no SD card is inserted); and Sleep. Let's take
a look at the technical details of the major subsystems of
the badge.
Infrared Remote Control and TV-B-Gone
For the infrared (IR) subsystem, I decided on using
on-off keying — one of the oldest and simplest modulation
techniques. I would essentially turn on and off a low
frequency carrier (in our case, 38 kHz) in order to modulate
data. Then, using an encoding scheme known as Pulse-Width Encoding, I defined a logic 0 and logic 1 by the
width of the "on" pulse, while the pulse distance (the
distance in between the pulses) or "off" pulse remained
constant. This no-frills approach is used by just about every
infrared remote control device on the market and the only
circuitry I needed was an infrared LED (D9), current-limiting
resistor (R9), and transistor driver (Q1, R11, R13).
I opted for this discrete approach over using an IrDA
( http://en.wikipedia.org/wiki/Infrared_Data_Association)
transceiver module — a common, robust solution for file
transfer between computers or consumer devices — for a
number of reasons. Many IrDA modules (such as the Vishay
TFDU4300) require an additional encoder/decoder
(whether done in hardware, like the Vishay TOIM4232, or
software) to convert serial data to IrDA-compatible pulses. I
also felt that a discrete solution would be more hackable, as
one could modify the firmware to generate any sort of IR
transmission desired, instead of being forced to adhere to
the imposed standards of the IrDA module. Cost was a
concern, as well, and I was able to implement the discrete
IR circuit for $1.48 versus approximately $6 I would have
had to pay for a fully IrDA-compliant design.
I used one of the JM60's timer/PWM channels to
generate a 38 kHz carrier at a 33% duty cycle and could
turn the carrier on or off by simply enabling or disabling
the PWM channel. As an initial infrared test, I decided to
impersonate a Sony TV power off code to see if I could
turn off my television using my badge development board.
The Sony remote control specification is well documented
online and defines a logic 1 as a 0.6 ms off pulse followed
by a 1.2 ms on pulse, and a logic 0 as a 0.6 ms off pulse
56
March 2009
followed a 0.6 ms on pulse. I simply duplicated the entire
pulse train for a power-off signal, not caring about what data
I was actually transmitting. The test worked perfectly!
Now, I could move on to incorporating the TV-B-Gone
functionality. I captured this signal from an IR remote
control receiver module, so it is inverted.
The TV-B-Gone simply transmits all known television
remote control power-off codes at their pre-defined carrier
frequency and pulse-width timings, one after another. The
open-source version of the TV-B-Gone (
www.ladyada.net/
make/tvbgone) contains a header file with all of that
information. I grabbed the header file and ported the TV-B-Gone functionality to the badge by parsing the data,
properly configuring the PWM channel, and turning the
carrier on and off at the correct timing. The IR LED (Osram
SFH4650-Z, D9) that I selected for the badge is low power
and narrow beamwidth (± 20 degrees half angle). The
narrow beamwidth is especially important for the file
transfer mode to prevent interference between multiple
people transferring files within the same area. Because of
that, the TV-B-Gone functionality only works with televisions
a few feet away. Most attendees who really wanted to take
full advantage of the TV-B-Gone mode replaced the stock IR
LED with a high brightness, wide beamwidth LED to get the
farthest range possible.
Infrared File Transfer with SecureDigital Card
and FAT File System Support
As opposed to the transmit-only functionality of the
TV-B-Gone mode, a file transfer requires one badge to
transmit and one badge to receive. The badge uses a Sharp
GP1US301XP infrared receiver module for remote controls,
which is tuned to 38 kHz (the same as my IR transmit
modulation frequency). The receiver will bandpass the
incoming signal to help reduce noise caused by the ambient
environment (in particular, lighting) and then provide a
demodulated signal at logic levels that can easily be
interfaced with a microprocessor. The goal of the file
transfer feature is to read a file from an SD card, transmit it
to a willing recipient, and store the received file onto the
recipient's SD card. The physical interface from the SD card
socket to the JM60 microprocessor is as simple as it gets.
In its most basic configuration, SecureDigital uses an SPI
interface, consisting of four lines — Master In Slave Out
(MISO), Master Out Slave in (MOSI), Clock (CLK), and Chip
Select (CS) — for its MultiMediaCard (MMC) protocol. Two
additional switches on the socket — Card Detect (CD) and
Write Protect (WP) — are connected to two general-purpose
inputs on the processor. It is trivial to read and write data to
the SD card using SPI, as it's essentially just an external
serial memory device, but the trick is incorporating the FAT
file system structure (
http://en.wikipedia.org/wiki/File_
Allocation_Table) so you can load and retrieve files from
any computer system.
There are lots of available implementations of FAT for
embedded systems and it didn't make sense for me to try
