3

I've got this radio communication with an RC helicopter. I found that the RX on the heli is using an AVR MCU and a CYRF6989 2.4Ghz chip to communicate with the controller of the heli and translates it to drive the servos and motors. The MCU and the CYRF chip communicate by SPI. I want to intercept and interpret the signal so I soldered some wires on it. I am able to read the signal (either MOSI or MISO) using an Arduino prototype board. But I am having trouble understanding/interpreting the datastream. So I need a different approach than reading only MOSI OR MISO.

My current situation is that the Arduino is the slave, and it will either read the MOSI or MISO signal, but I can't figure out how I would go about reading the whole 'conversation', so both the MOSI and MISO signal. The only thing I can come up with is to connect MOSI and MISO to 1 wire using a diode (so the MCU and CYRF chip on the RX board aren't getting mixed signals) and read the data flowing over that one wire with the arduino board (using the SPI pins of the Atmega 328P). So MOSI and MISO come in over the same wire, which shouldn't be a problem really, as MOSI and MISO will never occur simultaneously. But the problem with that approach is that I do not have an indication of the origin (MOSI or MISO?) of the signal. It would be the easiest to have to SPI buses on the MCU, but thats against principles of SPI and AtMega2560 doesn't have so either.

Basicly my question is, what is a good approach to intercept the SPI conversation, so I am more able to interpret its meaning?

Mike de Klerk
  • 541
  • 1
  • 4
  • 14
  • Get a "soft" SPI implementation for the Arduino/Atmega, and use that for one direction of the conversation and the hardware SPI for the other? – pjc50 Nov 13 '13 at 14:47
  • Your challenge may actually be the bandwidth of the back end data export, since you will likely need to store more for analysis than the Arduino can hold. – Chris Stratton Nov 13 '13 at 18:58
  • @ChrisStratton Yes you are totally right. I used a buffer of 1024 `bytes` on the AtMega328P (Arduino Uno) before printing it over UART to the computer. Now its not possible to add to the byte buffer when the SS has changed, as all byte values are reserved, so going one up to a buffer of `unsigned short` to be able to add SS changed (value 256) to the buffer, but that reduces buffer size!The 2560 can probably handle a larger buffer. – Mike de Klerk Nov 14 '13 at 06:21
  • I'm trying to do same thing, intercepting spi of rc transmitter. Have you succeeded? Did you need any extra tools other than arduino? – Max Abrahamsson May 21 '14 at 13:01

2 Answers2

2

To fully listen in on a SPI conversation, you need to be watchin all four lines: chip select, clock, MOSI, and MISO. You could possibly do this with two separate SPI peripherals. Both are connected to chip select and clock, with one watching MOSI and the other MISO. The rest is then firmware to interpret the results.

Olin Lathrop
  • 310,974
  • 36
  • 428
  • 915
  • I'll guess I take two atmega's, sync them using an interrupt to start reading until both sampled N bytes. Then one could proxy its read bytes through the other arduino to the computer and then the other arduino would dump its buffer after that. That should indeed be doable! Wow, a multi core arduino hacking device :D – Mike de Klerk Nov 14 '13 at 06:19
2

The Bus Pirate documention for it's SPI Sniffer suggests it can read MOSI and MISO

The SPI sniffer can read all traffic, or filter by the state of the CS pin. The byte sniffed on the MOSI pin is displayed as a HEX formatted value, the byte sniffed on the MISO pin is inside the ().

$30 well-spent?

RedGrittyBrick
  • 14,602
  • 5
  • 37
  • 77