viernes, 26 de octubre de 2018

Reverse Engineering a rs485 rs232 converter

Out of another reverse engineering exercise, which I hope I will be able to publish something later on, I required a way to inspect a rs485 bus.

It was a great feeling when you find out that the communication bus you are actually trying to hack is a simple rs485. Additionally, if you do remember having kept a converter long, long ago in the past, and you go to the supposed place where you should have stored such kind of things (a box labeled "serial and parallel cables"), and it is in fact there, the feeling is even greater.

So it was the moment to use for first time that rs232 rs485 converter.The first symptoms were not as expected. The documentation was still available on the net so I could be more or less sure the settings were correct. As the manufacturer and a more experienced friend recommended, there is a way to put this devices in loopback. By this way you can connect to a PC and just check that the characters you are sending are coming back.


Unfortunately, this confirmed the converter, no longer worked. However, by checking with the oscilloscope I could see that at least the characters sent were being converted to rs485 and reaching the loop.

The situation was not so bad, I decided to make a try. Time to open, check internally, get the probes and start searching for datasheets.



My findings were that rs232 TX part was working, reaching the rs485 side, but the conversion broke when going back to the RX rs232. The IC which performs this is a SN75188 from TI(depicted as Rx Side), such IC receives +VCC and -VCC (the device is powered by a 9V DC adapter).

Although the +9V were there, it was not the case for the -9V. The -9V DC are provided with a simple circuit(depicted with "-9V DC" in the picture) with a typical 555 (NE555). Providing this -9V as can be seen in the picture takes a considerable amount of space in the PCB. Such circuit is similar to this:


In my case the pin 3 of the 555 had not the expected signal. So after checking that all the discrete components around were ok, I think the focus of the problem is the NE555.

I hoped the problem to be something more simple to replace like a diode or a capacitor, but I lack the welding skills to replace such ICs. Fortunately a friend lent me another converter to be able to go on with my initial exercise.

No hay comentarios: