Armageddon421's Hackingblog

Tag: USB

LTE USB-Stick Samsung GT-B3740 on Ubuntu!

by on Jun.05, 2011, under Projects, quickhack

Yesterday, Onny from project-insanity.org got himself a Vodafone contract for the new LTE-Mobile-Broadband-Connection that came with a Samsung GT-B3740 USB modem. It works on Windows, it works on Mac,…

So now we come to the interesting part: Can we get it to work on linux?

We got us this driver that is for the B3730, did everything the README file told us to and hoped it would work with our device… It didn’t. So we tried to find out why. Our first guess was the chatscript not initializing the modem corectly. It turned out we were right. After analyzing the USB-traffic on windows, we were able to reconstruct the AT-commands that are being sent to the modem in order to initialize it and establish the connection. We sketched it on paper. Here the pictures of it in case someone needs it for debugging. The right column are the replies that the modem sends back.

After having created the corresponding chatscript and executed it, the light turned first blue, then green and it magically connected. Executing dhclient sets everything else up.

This is how our working chatscript looks like:


ABORT 'TIME OUT' ABORT 'ERROR'
'' ATE1
'OK' AT+CSCS="UCS2"
'OK' AT+CMGF=0
'OK' AT+CHANGEALLPATH?
'OK' AT+VERSNAME=1,0
'OK' AT+VERSNAME=1,1
'OK' AT+CMEE=2
'OK' AT+CGREG=2
'OK' AT+CFUN=5
'OK' AT+CPIN?
'OK' AT+CNUM
'OK' AT+MODESELECT=2
'OK' AT+CSQ?
'OK' AT+COPSNAME
'OK' AT+CSQ?
'OK' AT+CGACT?
'OK' AT+CSQ?
'OK' AT+CSQ?
'OK' AT+CSQ?
'OK' AT+CSQ?
'OK' AT+CSQ?
'OK' AT+CSQ?
'OK' AT+CGDCONT=1,"IP","web.vodafone.de"
'OK' AT+CGATT=1

'CGACT:1,1'

For the more unexperienced folks, I have tried to mash up a little tutorial.


git clone https://github.com/mkotsbak/Samsung-GT-B3730-linux-driver.git
cd Samsung-GT-B3730-linux-driver
sh build.sh
cd option
sh build.sh
cd ..

sudo vim /etc/usb_modeswitch.d/04e8:689a
        #make sure the line "NoDriverLoading=1" has no "#" in front of it
        #also make sure that there is no file "04e8:6889" in that folder

vim chatscript.txt
#replace the content of this file with the chatscript from above


#this was the basic setup, it only has to be done once.
#from here, you can make yourself a script because
#this has to be at least executed after each reboot

sudo modprobe option    #load the default option driver to get the dependencies
sudo rmmod option        #unload it again
sudo insmod ./option/option.ko    #load the custom option module
sudo modprobe usbnet
sudo insmod ./kalmia.ko    #load the driver module for the modem

sh chat.sh    #this initializes and connects the modem using out chatscript.txt!
sudo ifconfig wwan0 up    #bring the ethernet device up
sudo dhclient wwan0        #get an ip, gateway and dns

#finally, you have to monitor the connection to prevent the serial
#buffer on the modem from overflowing

sudo minicom -o -D /dev/ttyUSB0    #just leave this open while you are connected

Voila! It should work!

You might have to adjust some values, for example /dev/ttyUSB1 instead of USB0 if you already have another USB-to-serial device. This has to be changed in the chat.sh script and the minicom command.

If you have promlems, you could also try disabling the Ubuntu network-manager and killing the modem-manager by doing


sudo /etc/init.d/network-manager stop
sudo killall modem-manager

Also remember that you might have to install minicom and usb-modechange.

Finally, a picture of me doing a ubuntu upgrade from 10.10 to 11.04.

I hope I could help you out!

Have a nice connection! See ya!

Edit:

In case you have usb-modeswitch installed and the file in /etc/usb_modeswitch.d/ is still empty or missing, you may create it with the following content:



#######################################################
# Samsung GT-B3730

DefaultVendor= 0x04e8
DefaultProduct=0x689a

TargetVendor=  0x04e8
TargetProduct= 0x6889

MessageContent="55534243785634120100000080000601000000000000000000000000000000"

CheckSuccess=20

NoDriverLoading=1

Update:

Onny from Project-Insanity.org got the new driver version running on Arch Linux x64, Kernel 2.6.39 using the following method


git clone https://github.com/mkotsbak/Samsung-GT-B3730-linux-driver.git
cd Samsung-GT-B3730-linux-driver
wget https://raw.github.com/mkotsbak/linux-2.6/Samsung_kalmia_driver-3.0/drivers/net/usb/kalmia.c
wget -O option/option.c “http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.38.y.git;a=blob_plain;f=drivers/usb/serial/option.c;hb=HEAD”
sh build.sh && sh option/build.sh
* if not grep NoDriver /etc/usb_modeswitch.conf; sudo echo “NoDriverLoading=1″ >> /etc/usb_modeswitch.conf; fi;
sudo modprobe option && sudo rmmod option (to get module deps)
sudo insmod ./option/option.ko
sudo modprobe usbnet
sudo insmod ./kalmia.ko
wget -O chatscript.txt http://onny.project-insanity.org/files/chatscript_vodafone.txt
sudo sh chat.sh
sudo dhcpcd wwan0
minicom -o -D /dev/ttyUSB0

15 Comments :, , , , , , , , , , , , , , , , , , , more...

My car.

by on Jan.15, 2011, under Projects

Well, first of all I have a 1995 Mercedes C200. 136PS. Nothing special about that.

Then I added some things, like for example a computer. And speakers. The cockpit looks like this:

The display is capable of a 640×480 resolution and is equipped with a touchscreen. I removed it from its original enclosure and built a custom wooden frame that fits exactly in-place. The screws are just there to attach the display to the frame, the whole contraption is just pressed in there. The radio above the display is mostly just for volume control. Additionally it has a bluetooth module which lets me use it as a hands-free phone system. Not even the internal amplifiers are used. Instead, I got two amplifiers in the rear, one for the subwoofer and another one for the four front speakers. The speakers were about 40€ per piece and came with the right frames for my car. I bought the subwoofer for a very low prive from a relative of mine.

Now to the really interesting part: The computer.

On the right hand side of the above picture you can see my EeeBox. It is just like those netbooks, the eeePcs from Asus, just without display, battery, keyboard and mouse. It is directly attached to the 12V from the car power supply. To controll it, I am using the touchscreen and a USB-Numpad.

The box is running on ArchLinux, I am using awesome as a window manager and XBMC is my media center.

Another cool feature are the webcams. At the moment only the front view is working. It is taking a picture every ten seconds and storing it into one folder for every journey. At home, I can create cool movies from those pictures. This is one of them:

At the moment, I am working at the second camera. There are some issues regarging USB-bandwidth limitations and missing MJPEG-compression. The goal is to take one picture per second per camera and have it directly saved as a movie. Another feature would be live-streaming into the internet via my cell phone’s broadband connection.

One of the most recent changes include adding a triple power outlet because the original one in the ashtray was covered up by the display. Since I could not quite reach the screws that were holding the ashtray, I just used some force to remove it. After a few seconds I was holding it in my hands. Now I could reach the wires I was after.

That’s all I have to say for now. I will post pictures of the subwoofer and amplifiers in the trunk as soon as I managed to clean up the wiring there.

Ideas and suggestions are always welcome. Have a wonderful day!

Leave a Comment :, , , , , , , , , , more...

Homemade wooden portal-CNC-mill

by on Jan.15, 2011, under Projects

About one and a half years ago I started a project together with a friend. Our goal was to be able to directly drill PCBs. The result was a relatively big portal-CNC-mill.

CNC from behind

The workpiece is moved along the X- and Y-Axis and the tool is providing the remaining Z-Axis. The three stepper-motors are controlled by an atmega32 microcontroller. All PCB’s on the rear of the device are made by the device itself. This was possible because at that time, most of the parts were just hacked together mid-air or on breadboards.

The mill is communicating with the PC via a simple USB-to-RS232 converter and is talking some strange custom protocol. On the PC-side I am running a very crude python-script that can basically just parse HPGL. I plan to rewrite everything in Java. This allows me to have a nice GUI and it makes keeping the code clean much easier.

Here you can see the mill in action. It is drilling the shackspace logo in acrylic glass.

Since we used stepper motors and stepper motors make noise, we can also have fun with them.

On those two pictures you can see the the device painting on a PCB with permanent ink. Notice the high precision of the drawn lines.

This is a snapshot while drilling the holes in a PCB.

This was one of our first attempts in two-sided PCB’s. As you can see, the alignment worked quite well. However, some of the signals lines dissolved during the etching process.

Feel free to comment and ask for more details. It is always hard to explain everything at once, so if you want to know something specific, just ask.

You will find more blogposts about the mill over at http://project-insanity.org

Leave a Comment :, , , , , , , , , , more...