Author Topic: Adding an Internal Bluetooth dongle to the iMX515 APAD  (Read 11280 times)

Destroyer

  • Administrator
  • Jr. Member
  • *****
  • Posts: 60
  • Karma: +2/-0
    • Hardcore forensics
Adding an Internal Bluetooth dongle to the iMX515 APAD
« on: February 28, 2011, 10:00:25 AM »
After much testing and crashing here it is:

A hack to add an internal BlueTooth connection to your iMX515 tablet.
This is not as complex as the RS232 hack since we do not need to modify any Boot-loader or kernel software, however the connection points need to match or there is a potential risk of corrupting your SD-card.
Basically that means as long as you follow the details in this documented hack , you should be OK. But if you start to get 'clever' and attempt to connect the hack to a different point, there is the potential to corrupt the SD-card, during system boot.(See below)

Warnings

USB
There are two USB connection on the iMX515 APAD CPU board.
Please be 100% clear that one port is buffered by a external secondary USB controller.
The Other port is NOT buffered and leads directly into the CPU


Power Supply
For this hack we have utilized the 3V3 power supply, normally a USB peripheral would run from  the 5 volt line,
we have utilized the 3V3 line for a number of reasons:
  • Too allow further power control, since the 3V3 line we have utilized is switched via the power control chip
  • Too limit down the TX power of the Blue Tooth adaptor
  • We do not need to worry about shorting the 5v0 line into the CPU board or into the input circuitry associated with the CPU

You're the one that I want
As highlighted previously there are two USB ports available, for this hack we have utilized the buffered USB connection that is provided via the USB3317.
Utilizing the USB connection into the CPU is possible, but it causes the kernel to issue backtrace errors during the initialization of the USB chain.

An example of this bad process is shown below:
Code: [Select]
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
fsl-ehci fsl-ehci.0: Freescale On-Chip EHCI Host Controller
fsl-ehci fsl-ehci.0: new USB bus registered, assigned bus number 1
fsl-ehci fsl-ehci.0: irq 18, io base 0x73f80000
fsl-ehci fsl-ehci.0: USB 2.0 started, EHCI 1.00
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
irq 18: nobody cared (try booting with the "irqpoll" option)
[<c00394d8>] (unwind_backtrace+0x0/0xd4) from [<c008e764>] (__report_bad_irq+0x30/0x88)
[<c008e764>] (__report_bad_irq+0x30/0x88) from [<c008e918>] (note_interrupt+0x15c/0x1d0)
[<c008e918>] (note_interrupt+0x15c/0x1d0) from [<c008f7d4>] (handle_level_irq+0xe8/0x158)
[<c008f7d4>] (handle_level_irq+0xe8/0x158) from [<c003406c>] (_text+0x6c/0x8c)
[<c003406c>] (_text+0x6c/0x8c) from [<c0034a0c>] (__irq_svc+0x4c/0xc8)
Exception stack(0xc067def0 to 0xc067df38)
dee0:                                     00000000 c067c000 00000000 c06cec00
df00: c067c000 00000000 00000002 00000002 c06cec2c 0000000a 0000001f 00000000
df20: c067df68 c067df38 c0065c00 c00658c0 20000113 ffffffff                   
[<c0034a0c>] (__irq_svc+0x4c/0xc8) from [<c00658c0>] (__do_softirq+0x3c/0xfc)
[<c00658c0>] (__do_softirq+0x3c/0xfc) from [<c0065c00>] (irq_exit+0x44/0xa0)
[<c0065c00>] (irq_exit+0x44/0xa0) from [<c0034070>] (_text+0x70/0x8c)
[<c0034070>] (_text+0x70/0x8c) from [<c0034a0c>] (__irq_svc+0x4c/0xc8)
Exception stack(0xc067df78 to 0xc067dfc0)
df60:                                                       00000000 00000018
df80: 00000001 00000000 c067c000 c06c8210 c002ce10 c0680354 9002aea0 412fc085
dfa0: 0000001f 00000000 f7ed407c c067dfc4 c0035eb0 c0035eb8 60000013 ffffffff
[<c0034a0c>] (__irq_svc+0x4c/0xc8) from [<c0035eb8>] (default_idle+0x28/0x2c)
[<c0035eb8>] (default_idle+0x28/0x2c) from [<c06d479c>] (0xc06d479c)
handlers:
[<c021608c>] (fsl_otg_isr+0x0/0xd0)
[<c022ec10>] (ehci_fsl_pre_irq+0x0/0xa4)
[<c021cc60>] (usb_hcd_irq+0x0/0xb0)
Disabling IRQ #18
fsl-ehci fsl-ehci.1: Freescale On-Chip EHCI Host Controller
fsl-ehci fsl-ehci.1: new USB bus registered, assigned bus number 2
fsl-ehci fsl-ehci.1: irq 14, io base 0x73f80200
usb 1-1: new full speed USB device using fsl-ehci and address 2
fsl-ehci fsl-ehci.1: USB 2.0 started, EHCI 1.00
usb usb2: configuration #1 chosen from 1 choice
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 1 port detected
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usbcore: registered new interface driver usbserial
USB Serial support registered for generic
usb 1-1: device not accepting address 2, error -110
usb 1-1: new full speed USB device using fsl-ehci and address 3
usb 1-1: device not accepting address 3, error -110
usb 1-1: new full speed USB device using fsl-ehci and address 4
usb 1-1: device not accepting address 4, error -110
usb 1-1: new full speed USB device using fsl-ehci and address 5
usb 1-1: device not accepting address 5, error -110
hub 1-0:1.0: unable to enumerate USB device on port 1
hcd_bus_suspend
ehci_bus_suspend
USB Host suspended
usbcore: registered new interface driver usbserial_generic
usbserial: USB Serial Driver core
USB Serial support registered for GSM modem (1-port)
usbcore: registered new interface driver option
option: v0.7.2:USB Driver for GSM modems
ARC USBOTG Device Controller driver (1 August 2005)
irq 18: nobody cared (try booting with the "irqpoll" option)
[<c00394d8>] (unwind_backtrace+0x0/0xd4) from [<c008e764>] (__report_bad_irq+0x30/0x88)
[<c008e764>] (__report_bad_irq+0x30/0x88) from [<c008e918>] (note_interrupt+0x15c/0x1d0)
[<c008e918>] (note_interrupt+0x15c/0x1d0) from [<c008f7d4>] (handle_level_irq+0xe8/0x158)
[<c008f7d4>] (handle_level_irq+0xe8/0x158) from [<c003406c>] (_text+0x6c/0x8c)
[<c003406c>] (_text+0x6c/0x8c) from [<c0034a0c>] (__irq_svc+0x4c/0xc8)
Exception stack(0xd9025e48 to 0xd9025e90)
5e40:                   00000000 00000012 00040000 00000000 c06947a8 d9175800
5e60: 60000013 d9175514 00000012 c03dc5b0 c06947c8 d930bc00 00000012 d9025e90
5e80: c008ebb0 c008dcb0 80000013 ffffffff                                     
[<c0034a0c>] (__irq_svc+0x4c/0xc8) from [<c008dcb0>] (__setup_irq+0x1ec/0x318)
[<c008dcb0>] (__setup_irq+0x1ec/0x318) from [<c008de88>] (request_threaded_irq+0xac/0xdc)
[<c008de88>] (request_threaded_irq+0xac/0xdc) from [<c0020dec>] (fsl_udc_probe+0x19c/0x648)
[<c0020dec>] (fsl_udc_probe+0x19c/0x648) from [<c01d6dc4>] (platform_drv_probe+0x1c/0x24)
[<c01d6dc4>] (platform_drv_probe+0x1c/0x24) from [<c01d5f24>] (driver_probe_device+0xb8/0x164)
[<c01d5f24>] (driver_probe_device+0xb8/0x164) from [<c01d6030>] (__driver_attach+0x60/0x84)
[<c01d6030>] (__driver_attach+0x60/0x84) from [<c01d5408>] (bus_for_each_dev+0x48/0x80)
[<c01d5408>] (bus_for_each_dev+0x48/0x80) from [<c01d5990>] (bus_add_driver+0x9c/0x220)
[<c01d5990>] (bus_add_driver+0x9c/0x220) from [<c01d6418>] (driver_register+0xac/0x134)
[<c01d6418>] (driver_register+0xac/0x134) from [<c00342ec>] (do_one_initcall+0x5c/0x1a8)
[<c00342ec>] (do_one_initcall+0x5c/0x1a8) from [<c0008710>] (kernel_init+0x8c/0x104)
[<c0008710>] (kernel_init+0x8c/0x104) from [<c00358d4>] (kernel_thread_exit+0x0/0x8)
handlers:
[<c021608c>] (fsl_otg_isr+0x0/0xd0)
[<c022ec10>] (ehci_fsl_pre_irq+0x0/0xa4)
[<c021cc60>] (usb_hcd_irq+0x0/0xb0)
[<c0238f04>] (fsl_udc_irq+0x0/0xb08)
Disabling IRQ #18

The above crash appears to cause a number of issues:
  • Failure to boot correctly, or not boot into android at all
  • to corruption of the SD-card, as a result it is generally a good idea to stick with the hack as shown, unless you have the capability to re-write the SD-card image, be aware that a full image is required, rather than just a partition update, since the above appears to cause low level filesystem corruption rather than just corruption of the enclosed files.


Usual disclaimers apply:
  • If you screw up your SD-card it is on YOU.
  • if your dog dies an unexplained death it is on you.
  • if you completely destroy your tablet it is on you.
That  said, if you follow the instructions reasonably closely, then you should have success.

Only TWO rules:
  • Disconnect the battery negative connection during the hack.
    YOU MUST DO THIS, because even if your tablet appears to be  'off' it is not really 'off' since the battery is still supplying standby power to various peripheral circuitry.
    Soldering onto powered CMOS circuitry really is not recommended.
  • Ensure you follow Anti-static procedures, since you could be injecting charge into the CPU USB ports

First thing you will need is a standard BlueTooth dongle(one that does not need drivers)

CAREFULLY Strip the BlueTooth dongle out of its plastic housing, so that you have just the PCB.
try not to finger it too much, unless you are wearing an Anti-static wrist strap.

Locate four lengths of Teflon or PVC coated cable (10 CM should be enough)
Strip and tin both ends of the cable, it would also be a good idea to make the D+ and D- a twisted pair rather than just a pair of straight wires.
Do not twist the  0V and the Pwr into this set, since D+ and D- form a balanced differential pair, also try to keep these two wires exactly the same physical length so as to reduce any large data signal shifts.

Start by soldering the BlueTooth dongle end first:


Connecting to the main APad PCB
Make the connection to the D+ & D-, followed by the Pwr and finally the 0V connection.




Recognition by the  APad Android system
In the following image we can clearly see that the Bluetooth hack seems to be performing admirably, recognizing both my Main OS X system and my Sony Ericsson mobile Phone. (No my name is not bob.... bob is my invisible helper: that in itself it is a very funny story)


This modification obviously opens up the potential for some interesting software hacks and also the option to port over to a Pad computer, one or more of the many Linux penetration testing frameworks and it opens up options to add additional items inside the tablet system including RFID readers, basically things you may need to carry about without being too obvious.


Epilogue
The hack has been tested for about two weeks as regards to stability and not damaging the PCB or battery, and seems to be functioning correctly.
You will notice that I have not yet converted the  D+ & D- cables into a twisted pair, this  is so that I can that the stability of the connection and to see if not making a twisted pair actually effects the functionality of the BlueTooth or the other WI-FI connection.

Once I have made a decision I will then Modify the power connection to the 5V0 power supply to see if the hack is still stable and finally I will tidy up the wires and  BlueTooth PCB location so that the  APad case can be reassembled.
 
« Last Edit: March 09, 2011, 11:48:10 AM by Admin »

leaplae

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
Re: Adding an Internal Bluetooth dongle to the iMX515 APAD
« Reply #1 on: March 10, 2011, 07:45:37 AM »
I presume the black cable (0v) is soldered to the 0v? Its not shown in your picture. 

Destroyer

  • Administrator
  • Jr. Member
  • *****
  • Posts: 60
  • Karma: +2/-0
    • Hardcore forensics
Re: Adding an Internal Bluetooth dongle to the iMX515 APAD
« Reply #2 on: March 11, 2011, 10:04:46 AM »
Dohh........
Yes you can pick up the 0v at either the connection NEXT to the red wire, or via the PCB connection.

Better NOT to use the Battery 0v connection, I will post a picture in a few hours when I have daylight!!

HC.



Destroyer

  • Administrator
  • Jr. Member
  • *****
  • Posts: 60
  • Karma: +2/-0
    • Hardcore forensics
Re: Adding an Internal Bluetooth dongle to the iMX515 APAD
« Reply #3 on: March 12, 2011, 01:48:06 AM »
Here is the missing  0V connection:


Also shown is its position in relation to the other wires. Note that the sound hack has also been relocated off that power connection, this was to aid possible future disassembly of the PCB's.

The  'dandruff' all over the PCB is actually dust, In china you cannot leave anything out in the open for more than a few days before it is covered in dust even in the countryside. You can imagine that this play havoc with any sort of uncovered electrical appliances and food.

siscor

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
Re: Adding an Internal Bluetooth dongle to the iMX515 APAD
« Reply #4 on: May 18, 2011, 05:41:12 PM »
After double checking all connections and re-soldered the data ones and the bluetooth came to life for a moment :(
After the reset when Turning on, apparently tries to activate it but after 5 secs goes to off.

Did you need to install any drivers or do something? The BT used was the one in the following picture:



Thank you so much for such a good mod and the pictured guide ;)

Thanks again!!!
« Last Edit: May 20, 2011, 10:16:15 AM by Admin »

Destroyer

  • Administrator
  • Jr. Member
  • *****
  • Posts: 60
  • Karma: +2/-0
    • Hardcore forensics
Re: Adding an Internal Bluetooth dongle to the iMX515 APAD
« Reply #5 on: May 20, 2011, 10:15:14 AM »
Absolutely NO software mods were made...
But you may need to enable bluetooth in Android from within the  configuration utility.
If the  bluetooth device is connected correctly, then it should work, or at the very least show up in the  Linux kernel log.

Unfortunately even using your picture cannot identify the  chip inside the Bluetooth dongle, because that is a standard case, the PCB & internal chip varies depending on where & from whome you bought the blue-tooth dongle

Maybe its power requirements are too high?

HC.


« Last Edit: May 20, 2011, 10:17:19 AM by Admin »

siscor

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
Re: Adding an Internal Bluetooth dongle to the iMX515 APAD
« Reply #6 on: May 20, 2011, 11:22:48 AM »
At some point it showed and it was active but not discoverable, but after a reset didn't show again.
Is any debug I can run or see in the terminal to try to find out what's going on?

The blueetooth is the following:





Thanks again!!!!
« Last Edit: May 20, 2011, 04:17:46 PM by siscor »

Destroyer

  • Administrator
  • Jr. Member
  • *****
  • Posts: 60
  • Karma: +2/-0
    • Hardcore forensics
Re: Adding an Internal Bluetooth dongle to the iMX515 APAD
« Reply #7 on: May 20, 2011, 11:48:08 PM »
Yep,
 Try taking a look in the Kernel startup logs, basically when linux boots up, it writes the information into a log file as well as to the RS232 port.
In that boot file you will find all the devices identified by linux, if you cannot see the Blue tooth device , then it means a driver is required (normally this is very rare, since the USB bluetooth is supposed to be standard)


But........
Having said that I see, if we do a Google search on the chip  'as3620qa' there are a number of people complaining this chip does not work, with..... Windows, Vista and that it needs a driver.
See if the device packaging had a small disk with a driver on it, if so ... you need a bluetooth device that does not require a driver.
Alternatively you can try and find a driver for 'arm-Linux' or source code. (personally I would go for a driverless bluetooth device)


So the plan of action:
1. Find out the requirements of Blue-tooth chip.
2  Decide if to proceed (go to 3 )or try another bluetooth adaptor(goto 1) this was my initial plan, I just went out and bought 3 different types.

3. Find the linux Boot log file
4. Make an RS232 terminal connection to the board.
5. Try to debug the system


P.S...

pls show your connections at the  CPU board end, I just need to see if you have the connections in the right order.

« Last Edit: May 20, 2011, 11:51:14 PM by Admin »

newbee

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
Re: Adding an Internal Bluetooth dongle to the iMX515 APAD
« Reply #8 on: May 31, 2012, 01:55:13 PM »
Destroyer,

Thank you for posting this informative tutorial..

I am trying to connect a Bluetooth dongle to my Android 2.2 tablet like you did. Same problem as siscor, Bluetooth appeared only once and then never again.

I think it has something to do with the type of Bluetooth chip. Can you share the chip number.brand of the BT module you used.


Destroyer

  • Administrator
  • Jr. Member
  • *****
  • Posts: 60
  • Karma: +2/-0
    • Hardcore forensics
Re: Adding an Internal Bluetooth dongle to the iMX515 APAD
« Reply #9 on: July 21, 2012, 02:35:33 AM »
Basically,
 It is down to the Bluetooth chipset and the drivers, and the make of the tablet.
Since the Chinese suppliers do not share the code or changes they make to the kernel and as a result getting this stuff to work can be flakey at best.........