HDG2002B AWG Firmware Reverse Engineering

[alex.forencich]

That's interesting.  If the sync DAC isn't there, then how is the sync output being driven?  Also, on my board, the DAC drives an inverter chip, so we could probably just simplify that down to driving just the R2R ladder MSB for the sync output. 

[fremen67]

Well, precisely the R308 to 315 resistors described in the UCF file for the sync DAC are not on my board. Maybe I made a shortcut when I said there is none on my board...

[alex.forencich]

Well, something has to drive the sync output BNC.  Did you figure out what pin that is?

[fremen67]

Well, something has to drive the sync output BNC.  Did you figure out what pin that is?

Yes, just got it with TopJTAG probe: C15.
Edit : It is not a direct connection (output 0->5V) so I could not see it with ftjrev.

[tridentsx]

I have a newbie question!
What tool would I use to flash the hantek with a custom compiled u-boot ? I managed to compile a custom s3c2416 based 15.04 u-boot from the patches I linked before. I have an olimex usb jtag its ftdi based.

I need to start testing on real h/w. As soon as I have something working I will post the patches, maybe we should have a git repository for all of the combined code?

[tridentsx]

Is the TQ2416 and hdg2002b configured the same way when it comes to the boot options on OM0 ... OM4 & GPC5 ... GPC7?
Has anyone traced out what those are set to on the hdg2002b ?
I am just trying to understand the boot sequence on the hdg2002 and if its the same as the TQ2416, and I guess I am lazy to open up my hdg2002b one more time.

[tridentsx]

I managed to get the patches to compile with support for Serial, Nand and DM9000 MAC on u-boot v15.04.

Now I unsure what the next steps are to test the image, there is the small spl image and then the u-boot image, how do I create a combined image to flash on my tq2416 board ? Is it just a matter of concatenate the images with padding to make sure that there is 8k from start of spl to start of u-boot ? Would I use openocd and the config provided in this thread to flash my image ? Sorry I am new to this and not as smart ad you guys I am however quite stubborn.

[lukier]

I managed to get the patches to compile with support for Serial, Nand and DM9000 MAC on u-boot v15.04.

Now I unsure what the next steps are to test the image, there is the small spl image and then the u-boot image, how do I create a combined image to flash on my tq2416 board ? Is it just a matter of concatenate the images with padding to make sure that there is 8k from start of spl to start of u-boot ? Would I use openocd and the config provided in this thread to flash my image ? Sorry I am new to this and not as smart ad you guys I am however quite stubborn.

SPL has to be at the address that S3C (Steppingstone) fetches at boot, I don't remember off the top of my head, but I think you're right, it's first 8K. Then I suppose when you compile SPL it contains hardcoded address of its big brother (main u-boot) as it has to load and execute it. That's just a guess, I haven't tested that as I still use Hantek's u-boot.

[fremen67]

Would I use openocd and the config provided in this thread to flash my image ? Sorry I am new to this and not as smart ad you guys I am however quite stubborn.

If you have access to a windows PC with a parallel port, then I would recommend using H-JTAG with a wiggler JTAG cable like this one:
https://www.olimex.com/Products/ARM/JTAG/ARM-JTAG/
You will find H-JTAG here: http://www.hjtag.com/en/product.asp?typeid=9
It is fast and it just works... as long as you have windows XP or Win7 32bits.
For the rest, I just used the original TQ2416 u-boot and Hantek u-boot (which is based on the TQ2416 one).

[tridentsx]

I finally got the cable to connect to the TQ2416, I also found that I already had a jtag adapter in an old box in my garage. The device I have is the following https://www.olimex.com/Products/ARM/JTAG/ARM-USB-OCD/

But now I am banging my head, because when I use openocd I can write the u-boot to nand, I can verify the nand, but after I reset the board and I dump the nand that I had verified its all 0x00.

>nand probe 0                             
NAND flash device 'NAND 256MiB 3.3V 8-bit (unknown)' found
> nand write 0 "../u-boot-with-spl.bin" 0x00000000
wrote file ../u-boot-with-spl.bin to NAND flash 0 up to offset 0x00038000 in 148.598999s (1.498 KiB/s)
> nand verify 0 "../u-boot-with-spl.bin" 0x00000000
>reset run

Hence I decided to try urjtag but I get some error already when I do the detect

jtag> cable ARM-USB-OCD
Connected to libftdi driver.
jtag> detect
warning: TDO seems to be stuck at 1

I have attached my compiled u-boot had to rename it hex.

Are there any commercial tools both s/w and h/w that are better? Seems to me that openocd is a bit flakey, had to restart many times lower the speed of adapter to 500 kHz to reliably be able to halt the cpu.

[tridentsx]

After doing it all over for the 5th time I was able to write my u-boot spl to flash. Had to set the clock really slow to get the init_2416 procedure to work. I think that was the problem the whole time.

After I rebooted the board I didn't get any output on the serial port which I kind of expected since it was the first time and I still probably have loads of bugs to fix.

However when I dumped the ram (iram)  from 0x400000000 and 8192 bytes it was all 0x00. Even if I put garbage at nand 0x0 to 0x2000 I would expect that that garbage is loaded to SRAM 0x400000000 ? It seems to me either the ram get cleared when I connect the jtag or the irom boot loader isn't loading my BL1 code from nand.

Any pointers in how to troubleshoot ?

[fremen67]

Some updates about the UI development.

It's always a matter of finding time but things are moving on. I am working with Qt 4.8.7 Embedded. The HDG keyboard and leds handling are functionnal and I am now working on a simplified UI (reduced set of menus) to finalise main classes development.
It is working directly on the hdg with only few modifications (had only a problem with a shared Library that needed to be updated). That means that the application should be able to be installed simply via the standard update procedure of the HDG.
At the moment I launch it from the NFS drive I have attached to the HDG as it is more convenient for development.

There is still a lot of work to do on the hidden part of the iceberg but I hope I could post some kind of "preview" in the next weeks. This could run from a SD or USB stick without modifying the HDG.

The next step would be the interface with the FPGA and to be able to see a least something going out...
I will keep you updated.

@Alex
Any progress on the FPGA configuration via file transfer?
If I could have some information on the SPI protocol you foresee for the communication, I could start working on it from the UI side...

[timofonic]

Is this alive? Any interest in this project?

I'm more interested as it may become the future of a OSHW oscilloscope

https://github.com/MParygin/v.scope80
https://github.com/Razer6/welecw2000a
https://github.com/baldengineer/Mixed-Signal-Oscilloscope-Demo-Board
https://github.com/mdebski/oscilloscope
https://github.com/agural/FPGA-Oscilloscope
https://github.com/analogdevicesinc/iio-oscilloscope
https://github.com/gabonator/DS203

[fremen67]

Is this alive? Any interest in this project?

I'm more interested as it may become the future of a OSHW oscilloscope

https://github.com/MParygin/v.scope80
https://github.com/Razer6/welecw2000a
https://github.com/baldengineer/Mixed-Signal-Oscilloscope-Demo-Board
https://github.com/mdebski/oscilloscope
https://github.com/agural/FPGA-Oscilloscope
https://github.com/analogdevicesinc/iio-oscilloscope
https://github.com/gabonator/DS203

Yes still alive. I am back from holidays so I will keep on working on the GUI on my spare time. Standard waveforms, modulations, sweep and burst are almost over. I am now working on the utility menu. Next part will be the ARB part but I am not sure wether I will do it on the HDG or directly on the PC.

I have upgraded my HDG with a touch screen and the GUI can use it

No link at the moment between the GUI and the FPGA.

[tridentsx]

Do you have any details on how you did that upgrade to support touch screen?

[fremen67]

Do you have any details on how you did that upgrade to support touch screen?

Sorry I missed your post.
The touch screen modification is straight forward. You need:
- a 7" touchscreen (165mmx100mm, active area 154mmx86mm at least)
- a connector for the mainboard (solder on J800), 4 pos 1mm (649-SFW4S-2STE1LF @ mouser for example)
- a FCC cable extension

The touch screen I used has an active area which is 2 mm too short horizontally and 1 mm too short vertically.
I bought it here http://www.aliexpress.com/item/Free-shipping-7-inch-new-touch-screen-digitizer-for-AT070TN90-AT070TN92-AT070TN93-AT070TN94-quality-100-guarranty/585764980.html

The kernel already includes drivers for the touchscreen. You just have to add TsLib and modify /etc/profile and you are good to go.
Of course you will only be able to use it with a program that handles a mouse ...

[smgvbest]

Yes still alive. I am back from holidays so I will keep on working on the GUI on my spare time. Standard waveforms, modulations, sweep and burst are almost over. I am now working on the utility menu. Next part will be the ARB part but I am not sure wether I will do it on the HDG or directly on the PC.

I have upgraded my HDG with a touch screen and the GUI can use it

No link at the moment between the GUI and the FPGA.

I realize this might be a bit soon but would love to see images on your gui work if you felt like sharing???

[tridentsx]

Will this alternative s/w be open source ? Is there a repo where the source will be available ?

[timofonic]

Will this alternative s/w be open source ? Is there a repo where the source will be available ?

It would be great if the firmware goes FOSS and published in GitHub! Please consider it!.

Also, it can be an interesting software for a possible future lab grade OSHW oscilloscope. I hope OSHW goes to collaborative projects like in FOSS, making possible to have complex projects.

I would be more interested in a good managed and community reviewed OSHW oscilloscope than buying a chinese one with buggy software of hardware. If the design is open and interesting enough, I'm sure there will be manufacturers selling it over ebay and such. That would be a big slap to most low end oscilloscopes and become a disruptive change

[tridentsx]

Is this effort dead ? I hope not seemed like so much progress was made.

[tridentsx]

I found a page online with the SMDK software kit and exampoles for s3c2416 and s3c2450 which is almost identical to s3c2416.
Thought it could be helpful. Maybe this whole alternative Firmware is stale.

http://latlon.org/~jek/samsung/627451S3C2450_SMDK_Base_Codes.zip
http://latlon.org/~jek/samsung/smdk2416/

[Scratch.HTF]

I wish to revive this topic since I am in need for improved firmware; see my topic https://www.eevblog.com/forum/testgear/hantek-hdg2000-series-firmware-enhancements/ for more details.