Saturday 22 November 2014

MTK (Mediatek) debug cable

Reverse engineering crappy Android Linux hardware/platforms is much easier with a serial console when you have a working kernel, but no source (of course first attempt being GPL request, then when that fails, github/google). Many (most?) cheap smartphones at the moment are made using Mediatek SoCs like the MT6582, MT6589, or older MT6572. An interesting feature I found in these is that after the preloader stage, the LK bootloader and also the main kernel provides a 921600 baud TTL UART console port on the USB data lines, providing that it "sees" it during startup (else you get normal USB).

A "Prolific" PL2303HX cable will cost you about £2 from ebay. A CP210x might be a better choice, but they were just open boards so didn't look as nice.

The "2 minute" version is just swap the cable for a micro USB cable. The phone will charge if you connect the 5v wire, but the safe approach would be just connect the other 3 and leave 5v disconnected. Note that I put the green and white TX/RX the wrong way around here, on purpose to demonstrate what not to do *ahem*

That's the easy way... but the 5v input meant the phone boots up as soon as the cable is plugged in, which wasn't ideal. The few hours battery was no use really. I could have just put a switch on the cable - but that would have looked a mess. I opted for switching this using the DTR signal (ctrl-T in picocom). You might get lucky and find that DTR (pin 2 on the PL2303) is already connected up to a spare track or pad, but if not, SSOP isn't too small:

Take some switching parts from an old PC motherboard or something, I used a P-Channel MOSFET, NPN and a 10k & a 1k resistor, as shown in this non-standard & badly labelled diagram:

I tested it before compacting it! (also added an LED to show charging on/off). The phone is on the other end of the cable here... the LED isn't drawing 700mA :)

There's plenty of space to fit it inside the USB plug. If you can't use SMD parts, it'd probably sit above the PCB without issue.

The finished cable. "Why that horrible green?" - stops me thinking it's just a normal micro usb cable and plugging it in to something else and exploding it