Post a video on YouTube and it will be featured here!
Do you have a brand new device you want me to hack?
Send it to me!
Are you producing a device and want me to check it's security?
Send me an email!
As of now more than 3500 people unlocked Huawei E585, E5830,
E5832S, E583C and HW-01C successfully!





Thursday, September 24, 2009

Success! :)

Serial Output

I successfully connected the

Uncle Milton's Force Trainer

to my PC..

It was easier than expected.

Here's a sample interface, but

you can also use a cellular cable like the CA-42

And connect it to RX,TX and GND on the base.

Sample TTL/RS232 interface

The serial speed is 57600 8N1 and the data stream

is pretty easy to understand.

I also (lousily) coded a sample application

which gives the two brain 'parameters' the headset

sends to the main game station.

Attention

In the above example I was focusing

on a particular thought very intensely.

Meditation

In this other example I was relaxing

and focusing on my breath with my eyes closed.

Stay tuned for more about this!

43 comments:

elettrofreak said...

Great job as usual, zibri!
According to the pictures on FCC site, there 2 micorcontrollers, a Microchip PIC and an Atmel ATMEGA. I wonder why they didn't use a single microcontreller to do the job...
As far as I can tell the micorcontroller reads through the internal ADC the raw values from the sensors, elaborates them and sends data to the TX module.
I really don't understand the need of another controller.
I can't see any OpAmp, so the signal from the sensors should be high enough to feed the ADCs.
Can you tell the name/brand of the brain sensors???

Saluti
F.

Zibri said...

Nothing, they are just normal dry contact electrodes, on the last page of the headset internal photo on fcc site there is one dissected.
About the block diagram it's even simpler:
The atmega is used (imho) almost only as an ADC. It also cleans the signal from noise and passes the (now) digital signal to the PIC16 microcontroller. The latter does a simple FFT, calculates the 2 values, sends them via an SPI bus to the wireless module.

On the other side (game base) the signal coming from the SPI bus of the wireless module is passed to another PIC16 which handles the real game (yoda voices, fan speed, game code).

That's it.
Much more nice to have it as a PC input device.
At the moment I am using the interface in the picture since I had a few MAX3233 laying around, but I will usa a CA42 cable and make a clean work :)

Pepijn said...

Nice work zibri!

DanExtreme said...

Hand this to Nintendo and you'll get Wii 2! :P nice work as always Mr. Zibri! Can't wait to see how u find use of it! keep it up! and may the force be with you...
Cheers
Qui-Gon Jinn xD

elettrofreak said...

Just read your comments on Hackaday Brain conrtol article... They just showed NOTHING! 2 videos are not an hack :(

Hope they'll publish your discovery.

Have a good day.
Supersonic

Zibri said...

For who is wondering.. no need for my stupid program, the serial output is ASCII !
Here is an example:

Star Wars Force Trainer
(c) 2009 Uncle Milton Industries
(c) 2009 OLogic, Inc.

Rev. 3.3
Unit ID 154
SYNC
0 0 26
0 0 26
0 0 26
0 0 0
0 0 0
0 0 0
0 0 0
0 0 0
0 0 0
0 0 0
0 0 0
40 0 0
40 40 0
40 40 0
50 40 0
50 29 0
50 29 0
30 29 0
30 43 0
30 43 0
40 43 0

hypatia said...

Holy crap. Thanks so much for posting this. I just took mine apart on Tuesday and can't wait to get to hacking it more :)

DanExtreme said...

Thanks 4 the quick reply! how's the RIM phones unlocking going? Excellent job as always!
Cheers from Venezuela
Daniel...

sli said...

I'm going to be watching this blog like a hawk. I've been waiting for an awesome Arduino project to fall into my lap and this one is the one. Until then, I'll concentrate on getting my own Force Trainer and giving this a shot!

ColHarpnick said...

What kind of resolution do these sensors have? My medic friend and I are having a brainstorm on if something like this could be cheaply converted for computer or home automation control. I couldn't find any information on the sensors in 15 minutes of Google. Cheers.

Zibri said...

Maybe you have to learn how to use google then :)
Just kidding..
The sensors are normal dry sensors..
The hardware is from neurosky..
But you can find even better hardware from emotiv.

John said...

Hey, I know ur a smart guy. So why did you stop jailbreaking the iPhone?

Zibri said...

@John:
Believe it or not I got bored.

Stuart said...

Something is different with my rev 01 board (silkscreen say rev 01 next to Q2, and there's a diode between C12 and the motor connector). I'm not getting anything off the TX pin, although there's some sort of signal on the pins just above those, but it's not 57600 8N1 serial. Will post again if I figure anything out...

Stuart said...

No luck getting data out of the programming header. Perhaps they disabled that output in the units currently shipping (mine arrived late last week). The interface to the wireless modules seems to be something other than RS232. Success reading from the NeroSky board in the headset directly using 9600, 8N1, Mindset Communications Protocol (0xAA sync packet).

Zibri said...

recheck everything.. mine is also a rev 01..
and AFAIK they didn't change anything.

Can you post the pinout of the headset? that would be nice..

Zibri said...

The interface to the wireless modules is a SPI interface.

Stuart said...

I rechecked everything. Both my scope and logic analyzer show nothing on those header pins. I can listen to the SPI bus off the wireless module, and have written a decoder to that can pull the two channels out of it. There is a header byte (dec=83, iirc), a 'type' byte, and then a data byte for each channel. Current setup is listening to the NeuroSky board with an Arduino then broadcasting UDP packets with current state over WiFi from the Arduino. This gets around the annoying range issues with the stock wireless module.

Zibri said...

It's so strange you have nothing on the base header...
About the decoder.. what does it use? I have some max 3233 and 3111 around ;)

PlastBox said...

Nice work!

In your hacker opinion though, does it seem to work? I mean, confirmation-bias and wishful thinking aside?

If so, this seems like something that should be fairly easy for a competent hacker to build! Perhaps experiement with adding more frequency-ranges to the FFT-chip or something? Emotiv and OCZ NIA both have more than 2 brain-related outputs, so..

Zibri said...

IMHO this thing records mainly muscular impulses and eye movements..
And some alfa and beta waves along the ride :)

obrigado said...

Any chance that you've found similar serial output from the Mindflex?

obrigado said...

Stuart, we are having the same issue you had with the lack of serial from the header pins.

Is there any way you could provide more info on your SPI work-around? Do I understand correctly that you're connected directly to the circuit inside the headset, cutting the base station out of the equation. How and where do you read the bytes off of the SPI bus, is it just generic serial to the TX and RX pins on the Arduino?

Thanks so much for your help.

Karl said...

Hey thanks for a great hack! I got mine working via the base unit, using a MAX232E RS232 chip. Works a treat :-)
Regards, Karl

Zibri said...

@Karl

As I told you :)

Zibri said...

Any news? Nobody posted anything here.
Any experiments?
Thoughts?
New challenges?

Gustav said...

your sample output lists 3 sets of numbers.
0 0 26
0 0 26
0 0 26

can you tell me what each col represents.

Zibri said...

it's easy to figure out :)

Attention - Meditation - LINK quality.

Gustav said...

Thanks, I am trying to write an arduino interface without actually have the force trainer device to help some H.S. students with a project. Does any one have some code to read the serial data into variables? If I don't get a response I will post a link to what I come up with in a couple days.

Gustav said...

As I said above. I wrote a (very poorly coded but it works) Arduino converter. It will read the 3 sets of numbers and return int(s). http://www.vonroth.com/code/JKTrainer/

you will want jKTrainer.pde

craig said...

how are you connecting the force trainer to your arduino, Gustav? are you attaching the TX from the base station into the soft serial RX? I'm not getting any data, as such.

Gustav said...

I am just using wire. FT gnd to arduino ground and FT TX to arduino pin 6. It is all TTL logic levels so I don't need the max232. Connecting the ground of both units is necessary when doing serial communication. Email me off list and I will try to help you resolve. My address is in the pde file

adog said...

Hi Zibri, I am an student in South Africa and am very intrigues by this toy! Please can you provide me with more info/code relating to connecting the device to your PC. I am an engineering student but have a very limited coding background, I would love to develop this into a little project or something if I just had the skills! Thanks very much, all the way from far flung South Africa*

Laura Elvira said...

Can anyone help? what are the readings for when you are falling asleep?
If you are in a state similar to real meditation, do you still get readings in the concentration bit?

Kevin said...

Forgive a newbie comment (software is more my background than electronics), but where exactly on the CA-42 cable would you attach the RX, TX, and GND?

Zibri said...

It depends on your cable.. there are different types..

Usually GND is black, VCC is red, and rx and tx are white and blue. But many cables have different colors.

clockworkrobot said...

Thanks for the data. I cooked up a more graphical version of the brainwave detector. It plots a graph over time so you can see if there are any changes. Can't say I'm getting the nice clear distinction you describe but maybe it's because I'm a flake. Anyway do take a look:
http://www.clockworkrobot.com/jedi/

Zibri said...

nicely done, hmm no.. you're not a flake. The force trainer is. Anyhow.. good work!

Eric Trautmann said...

I just cracked mine open and I'm reading the serial data correctly, but off of the pin you've labeled RX. Is there a possibility you swapped the labels in the diagram?

Zibri said...

I did that post a long ago... everything is possible.. it's strange you're the first one to report this...
If cross-checked I will modify the schematics..

itallis said...

Zibri,
You have come close as I can see to where I want to be!
I'm wanting to arrive at a point that we don't need to open the Force Trainer and/or Mindflex- instead simply plug in a RF dongle that captures at their frequency / protocol.

Why the need for the ARDUINO (beyond RANGE question)? Can't I just tune a RF receiver to pick up the data stream?

I'm already playing games and controlling brightness and volume using the NSky Mindset. Help me understand how WE can build a USB RF receiver to capture what is already in "the air".
Thanks for your GREAT STRIDES. Keep walking!

Zibri said...

Write me an email about this. My email van be found clicking on the donate button on my site. A donation is welcome too ;)

Zibri said...

On a CA-42 cable I just got off ebay:

White = cable RX
Blue = GND
Red (slightly orange) = TX

Post a Comment