Per testare se un Bus Pirate funziona, collega +5V con VPU e 3.3V con ADC e accedi al bus pirate (utilizzando ad esempio Tera Term) e utilizza il comando ~:
# Use commandHiZ>~DisconnectanydevicesConnect (Vpu to+5V) and (ADCto+3.3V)Spacetocontinue# Press spaceCtrlAUXOKMODELEDOKPULLUPHOKPULLUPLOKVREGOKADCandsupply5V(4.96) OKVPU(4.96) OK3.3V(3.26) OKADC(3.27) OKBushighMOSIOKCLKOKMISOOKCSOKBusHi-Z0MOSIOKCLKOKMISOOKCSOKBusHi-Z1MOSIOKCLKOKMISOOKCSOKMODEandVREGLEDsshouldbeon!Anykeytoexit#Press spaceFound0errors.
Come puoi vedere nel comando precedente, ha detto che non ha trovato errori. Questo è molto utile per sapere che funziona dopo averlo acquistato o dopo aver flashato un firmware.
Per connettersi con il bus pirate, puoi seguire la documentazione:
In questo caso sto per connettermi a un EPROM: ATMEL901 24C256 PU27:
Per comunicare con il bus pirate ho usato Tera Term collegato alla porta COM del bus pirate con un Setup --> Porta seriale --> Velocità di 115200.
Nella seguente comunicazione puoi trovare come preparare il bus pirate per parlare I2C e come scrivere e leggere dalla memoria (I commenti appaiono usando "#", non aspettarti quella parte nella comunicazione):
# Check communication with buspirateiBusPiratev3.5CommunityFirmwarev7.1-goo.gl/gCzQnW [HiZ 1-WIREUARTI2CSPI2WIRE3WIREKEYBLCDPICDIO]Bootloaderv4.5DEVID:0x0447REVID:0x3046 (24FJ64GA00 2B8)http://dangerousprototypes.com# Check voltagesI2C>vPinstates:1.(BR) 2.(RD) 3.(OR) 4.(YW) 5.(GN) 6.(BL) 7.(PU) 8.(GR) 9.(WT) 0.(Blk)GND3.3V5.0VADCVPUAUXSCLSDA--PPPIIIIIIIGND3.27V4.96V0.00V4.96VLHHLL#Notice how the VPU is in 5V becausethe EPROM needs 5V signals# Get mode optionsHiZ>m1.HiZ2.1-WIRE3.UART4.I2C5.SPI6.2WIRE7.3WIRE8.KEYB9.LCD10.PIC11.DIOx.exit(withoutchange)# Select I2C(1)>4I2Cmode:1.Software2.Hardware# Select Software mode(1)>1Setspeed:1.~5kHz2.~50kHz3.~100kHz4.~240kHz# Select communication spped(1)> 2Clutchdisengaged!!!Tofinishsetup,startupthepowersupplieswithcommand'W'Ready# Start communicationI2C>WPOWERSUPPLIESONClutchengaged!!!# Get macrosI2C>(0)0.Macromenu1.7bitaddresssearch2.I2Csniffer#Get addresses of slaves connectedI2C>(1)SearchingI2Caddressspace.Founddevicesat:0xA0(0x50W) 0xA1(0x50R)# Note that each slave will have a write address and a read address# 0xA0 ad 0xA1 in the previous case# Write "BBB" in address 0x69I2C>[0xA00x000x690x420x420x42]I2CSTARTBITWRITE:0xA0ACKWRITE:0x00ACKWRITE:0x69ACKWRITE:0x42ACKWRITE:0x42ACKWRITE:0x42ACKI2CSTOPBIT# Prepare to read from address 0x69I2C>[0xA00x000x69]I2CSTARTBITWRITE:0xA0ACKWRITE:0x00ACKWRITE:0x69ACKI2CSTOPBIT# Read 20B from address 0x69 configured beforeI2C>[0xA1r:20]I2CSTARTBITWRITE:0xA1ACKREAD: 0x42 ACK 0x42 ACK 0x42 ACK 0x20 ACK 0x48 ACK 0x69 ACK 0x20 ACK 0x44 ACK 0x72 ACK 0x65 ACK 0x67 ACK 0x21 ACK 0x20 ACK 0x41 ACK 0x41 ACK 0x41 ACK 0x00 ACK 0xFF ACK 0xFF ACK 0xFF
NACK
Sniffer
In questo scenario stiamo per intercettare la comunicazione I2C tra l'arduino e il precedente EPROM, è sufficiente comunicare con entrambi i dispositivi e quindi collegare il bus pirate ai pin SCL, SDA e GND:
I2C>m1.HiZ2.1-WIRE3.UART4.I2C5.SPI6.2WIRE7.3WIRE8.KEYB9.LCD10.PIC11.DIOx.exit(withoutchange)(1)>4I2Cmode:1.Software2.Hardware(1)>1Setspeed:1.~5kHz2.~50kHz3.~100kHz4.~240kHz(1)>1Clutchdisengaged!!!Tofinishsetup,startupthepowersupplieswithcommand'W'Ready# EVEN IF YOU ARE GOING TO SNIFF YOU NEED TO POWER ON!I2C>WPOWERSUPPLIESONClutchengaged!!!# Start sniffing, you can see we sniffed a write commandI2C>(2)SnifferAnykeytoexit[0xA0+0x00+0x69+0x41+0x41+0x41+0x20+0x48+0x69+0x20+0x44+0x72+0x65+0x67+0x21+0x20+0x41+0x41+0x41+0x00+]