add MDR information and EEPROM encoding

This commit is contained in:
King Kévin 2014-07-20 18:07:53 -07:00
parent 011b6edeab
commit 9f6fc7480e
8 changed files with 16443 additions and 0 deletions

View File

@ -70,3 +70,51 @@ Monarch also adversitve that the code is programmable.
I could not find the software.
The programming header is even present on the board.
But the microcontroller has read protection enabled.
receiver
========
The MDR is a megacode receiver which can activate gate motors if the right code is received.
Codes can be programmed in the receiver by pressing the "learn" button and activating the remote, which will transmit the signal.
The device requires a 24V power source, but it can go down to 17V.
The board uses only trough hole components, and is one-sided.
This makes it very easy to trace path, measure a different points and pin, and exhange parts.
The MDR only has 1 "channel", while the MDR2.
The board is the same,
The only hardware difference is that the MDR has a switch and a relay which are not populated.
The main is that the MDR2 can allow 2x10 codes to be programmed instead of 10.
But this is only an artificial software limitation.
A PIC16C54A microcontroller is used to provide the main function.
The chip can be program in circuit if enough power is provided to the board.
A TLC555CP timer is used as clock to match the 318MHz frequency on which the codes are transmitted.
A LM358N opamp is used to get the pulses out of the received signal.
A 24LC254 I²C EEPROM is used to store which code is allowed.
It can not be programmed in circuit (without the PIC) because a pull-up resistor is missing on SDA.
A LM78L05ACZ voltage regulator will provide 5V for the logic, not including the relay.
The PICkit2 does not provide enough current to power the logic, but a USB port does.
eeprom
======
This folder contains traces from the MDR I²C communication.
The bus pirate was not able to sniff the complete traffic.
I used hardwae version 3.6 sparkfun 2/11/2010 with software version 6.1.
The last byte is probably not detected because the ACK is missing.
I used a Saleae Logic 16 logic analyzer to monitor the traffic.
sigrok-cli --driver saleae-logic16 --output-format hex --channels 0,1 --protocol-decoders i2c:sda=0:scl=1 --config samplerate=1M --continuous | grep ":"
The EEPROM contains the programmed/learned codes which will activate the relay.
It is code in a clever way.
If the code 0xABCDEF is tranmitted, the microcontroller with read the byte at address 0x(B&7)ECD.
The bits in this byte will tell which even value D is authorized (odd values are rounded down).
If the byte = 0x01, only D = 0x0 (and 0x1) is authorized.
If the byte = 0x02, only D = 0x2 (and 0x3) is authorized.
...
If the byte = 0x80, only D = 0xe (and 0xf) is authorized.
If the byte = 0x03, only D = 0x0, 0x1, 0x2, and 0x3 are authorized.
If the byte = 0x07, only D = 0x0, 0x1, 0x2, 0x3, 0x4, 0x5 are authorized.

34
eeprom/add-0x8117c0.txt Normal file
View File

@ -0,0 +1,34 @@
Address write: 50
Data write: 1C
Data write: 17
Address read: 50
Data read: 00
Address write: 50
Data write: 9C
Data write: 17
Address read: 50
Data read: 00
Address write: 50
Data write: 1C
Data write: 17
Address read: 50
Data read: 00
Address write: 50
Data write: 9C
Data write: 17
Address read: 50
Data read: 00
Address write: 50
Data write: 1C
Data write: 17
Address read: 50
Data read: 00
Address write: 50
Data write: 1C
Data write: 17
Data write: 01
Address write: 50
Data write: 1C
Data write: 17
Address read: 50
Data read: 01

14
eeprom/add-0x8117c2.txt Normal file
View File

@ -0,0 +1,14 @@
Address write: 50
Data write: 1C
Data write: 17
Address read: 50
Data read: 01
Address write: 50
Data write: 1C
Data write: 17
Data write: 03
Address write: 50
Data write: 1C
Data write: 17
Address read: 50
Data read: 03

24
eeprom/add-0x8117cf.txt Normal file
View File

@ -0,0 +1,24 @@
Address write: 50
Data write: 1C
Data write: 17
Address read: 50
Data read: 03
Address write: 50
Data write: 9C
Data write: 17
Address read: 50
Data read: 03
Address write: 50
Data write: 1C
Data write: 17
Address read: 50
Data read: 03
Address write: 50
Data write: 1C
Data write: 17
Data write: 83
Address write: 50
Data write: 1C
Data write: 17
Address read: 50
Data read: 83

7454
eeprom/boot.txt Normal file

File diff suppressed because it is too large Load Diff

20
eeprom/not-open.txt Normal file
View File

@ -0,0 +1,20 @@
Address write: 50
Data write: 78
Data write: 21
Address read: 50
Data read: 00
Address write: 50
Data write: F8
Data write: 21
Address read: 50
Data read: 00
Address write: 50
Data write: 78
Data write: 21
Address read: 50
Data read: 00
Address write: 50
Data write: F8
Data write: 21
Address read: 50
Data read: 00

5
eeprom/open.txt Normal file
View File

@ -0,0 +1,5 @@
Address write: 50
Data write: 1C
Data write: 17
Address read: 50
Data read: A0

8844
eeprom/reset.txt Normal file

File diff suppressed because it is too large Load Diff