[HN Gopher] Beyond BLE: Cracking Open the Black-Box of RF Microc...
___________________________________________________________________
Beyond BLE: Cracking Open the Black-Box of RF Microcontrollers
[video]
Author : hcadam
Score : 85 points
Date : 2024-12-30 13:44 UTC (9 hours ago)
(HTM) web link (media.ccc.de)
(TXT) w3m dump (media.ccc.de)
| nimish wrote:
| Some microcontrollers have much better documented rf subsystems.
| Onsemi has a well documented RSL15 radio. Nordic has docs and
| there's an open source ble implementation from apache too.
| andoma wrote:
| Yup, Rolled my own BLE Peripheral stack on NRF52 relying on
| nothing but Nordic's docs and the BLE specification. It's not
| fully feature complete but works well enough for me to
| communicate with the mcu from my MacBook using l2cap
| connections.
| BertoldVdb wrote:
| The people in these talks go quite a bit further than just
| BLE packet TX/RX (which you can do with the documentation on
| most chips). In theory this work allows implementing a
| totally different protocol.
| DannyBee wrote:
| Nordic supports this explicitly I thought. (Others I agree
| but they often have crappy stuff anyway)
| tjoff wrote:
| Anyone have experience with NimBLE (the mentioned open source
| BLE implementation https://github.com/apache/mynewt-nimble ),
| how it compares to nordics implementation?
| DannyBee wrote:
| Me. I've used both heavily. Both are great.
|
| NimBLE is the only sane stack I found that can handle
| multiple threads and periodic advertising.
|
| I use PA in my machine sensors to avoid having to use high
| advertising rates on primary channels and still get usable
| latency from turning the machine off and the dust collection
| system noticing
| bri3d wrote:
| I don't think you're talking about the same thing as this talk
| when you discuss "documented."
|
| For example, NimBLE (the Apache BLE implementation for Nordic)
| interfaces with the radio using a high-level, documented
| register interface to the PHY. It basically constructs a BLE
| frame and passes a pointer to it into some registers (which
| trigger DMA). Then a magic black box modulates and transmits
| that frame.
|
| This talk goes one level deeper, into the magic black box.
| These are sometimes traditional fixed-function hardware but
| usually they are some kind of obscure DSP architecture which is
| ROM-coded with a patch capability (or just has blob firmware).
| nimish wrote:
| No, I mean rf mcus that let you do all the way down to IQ
| sampling or pulse shaping. It's up to the developer to decide
| what level you let the hardware handle.
|
| This is how those proprietary rf protocols work for mice and
| such.
| bri3d wrote:
| > This is how those proprietary rf protocols work for mice
| and such.
|
| In my experience these usually use Cypress/TI chips and
| FSK, rather than going all the way down to IQ.
|
| > No, I mean rf mcus that let you do all the way down to IQ
| sampling or pulse shaping.
|
| Do Nordic chips let you do this? I've never seen it
| documented.
| mikewarot wrote:
| It's unfortunate that there's no analog (I/Q) transmission built
| into the TI chips. They could make fairly useful SDR transceivers
| otherwise.
___________________________________________________________________
(page generated 2024-12-30 23:00 UTC)