EmbeddedRelated.com
Forums
Imagine Conference
   Forums    More Forums    comp.arch.embedded  

WLAN card to generate pulsed RF?

Started by Joerg October 26, 2006
Hello Folks,

This would address both electronics and embedded engineers. Is there a 
method to coax a regular built-in WLAN port on a laptop (or a WLAN card) 
  into piping out a simple and slow on/off data stream? Without 
protocols and all that, and without waiting for any receive packets.

The reason behind this idea: Assume you have a small uC based product. 
Every once in a while it needs to be updated with new firmware. The 
usual scenario is to provide a USB connection or an infrared port. Both 
are cumbersome. USB adds a lot of cost to the target device and the 
cable gets in the way (oh drat, forgot to pack the cable...). Infrared 
is tough because many laptops simply don't have it. However, nearly all 
of them have built-in wireless these days.

The scenario I imagine is this:

a. The target device is equipped with a simple and not very sensitive 
receiver and AM detector for 2.45GHz ISM (WLAN range). This runs into a 
comparator port of the uC. Much simpler than Bluetooth and all that, 
plus lots of laptops don't have Bluetooth.

b. The user receives one executable file containing the new firmware, 
code to initialize the WLAN port and code to run that port in a simple 
(but legal) AM on/off mode. This executable would now be started.

c. The user is instructed to press a magic button combination which sets 
the target device into re-flash mode, upon which it waits for a data 
stream from the WLAN card.

d. The user must place the target device within a couple of feet of the 
WLAN equipped laptop until a LED flashes, indicating that it has 
detected the presence of a sufficiently strong pulsed carrier somewhere 
around 2.45GHz.

e. A serial on/off data stream is constantly pouring out of the WLAN 
port of the PC. A bootloader in the target device looks for a passcode 
and when it finds that it loads the data stream that follows.

f. The target device stops at an end-of-file token, does sufficient 
integrity checking on what it has received and then leaves re-flash 
mode. It's now ready to use with the new firmware.

Any idea on how to get point "b." done? Tried Google but pulled numerous 
blanks. Then again, I am not a software guy so maybe I am looking in the 
wrong places.

-- 
Regards, Joerg

http://www.analogconsultants.com
Reply by Arlet October 26, 20062006-10-26
Joerg wrote:


> This would address both electronics and embedded engineers. Is there a
> method to coax a regular built-in WLAN port on a laptop (or a WLAN card)
>   into piping out a simple and slow on/off data stream? Without
> protocols and all that, and without waiting for any receive packets.
>
> The reason behind this idea: Assume you have a small uC based product.
> Every once in a while it needs to be updated with new firmware. The
> usual scenario is to provide a USB connection or an infrared port. Both
> are cumbersome. USB adds a lot of cost to the target device and the
> cable gets in the way (oh drat, forgot to pack the cable...). Infrared
> is tough because many laptops simply don't have it. However, nearly all
> of them have built-in wireless these days.
>
> The scenario I imagine is this:
>
> a. The target device is equipped with a simple and not very sensitive
> receiver and AM detector for 2.45GHz ISM (WLAN range). This runs into a
> comparator port of the uC. Much simpler than Bluetooth and all that,
> plus lots of laptops don't have Bluetooth.
>
> b. The user receives one executable file containing the new firmware,
> code to initialize the WLAN port and code to run that port in a simple
> (but legal) AM on/off mode. This executable would now be started.
>
> c. The user is instructed to press a magic button combination which sets
> the target device into re-flash mode, upon which it waits for a data
> stream from the WLAN card.
>
> d. The user must place the target device within a couple of feet of the
> WLAN equipped laptop until a LED flashes, indicating that it has
> detected the presence of a sufficiently strong pulsed carrier somewhere
> around 2.45GHz.
>
> e. A serial on/off data stream is constantly pouring out of the WLAN
> port of the PC. A bootloader in the target device looks for a passcode
> and when it finds that it loads the data stream that follows.
>
> f. The target device stops at an end-of-file token, does sufficient
> integrity checking on what it has received and then leaves re-flash
> mode. It's now ready to use with the new firmware.
>
> Any idea on how to get point "b." done? Tried Google but pulled numerous
> blanks. Then again, I am not a software guy so maybe I am looking in the
> wrong places.


If you want to stay within the normal WLAN protocols, it's possible to
tell the WLAN card to set up an IBSS or Ad-Hoc network (it can do that
without other WLAN cards present). Then you can send broadcast packets,
and the WLAN card will forward them on the 2.45 GHz band. Broadcast
packets won't need any replies. Be prepared that the OS network stack
will also send out broadcast packets over the same network interface by
default.

For closer control you need access to the firmware of the device, which
isn't going to be available typically. In a hypothetical situation
where you had access to such firmware, you may be able to turn the
transmitter on and off much quicker (although such behaviour may fall
outside the regulatory limits)

Do you intend to send the entire data stream as AM on/off signals ? In
that case, the IBSS method won't be very practical, since each packet
contains considerable overhead. A few thousand packets/second would be
the upper limit. If that's enough, you could conceivable send shorter
and longer broadcast packets to signify 0's and 1's. Keep in mind that
both rate and gaps may vary beyond your control.

Of course, WLAN is quite ubiquitous, so be prepared for plenty of
interference anywhere you are. An error correcting code may be
necessary. Even if you keep your device real close, and only watch a
strong signal, a standard WLAN card will be much more sensitive, and
keep quiet when it hears other traffic, potentially causing big gaps in
its own transmission.
Reply by Joerg October 26, 20062006-10-26
Hello Arlet,


> 
>>This would address both electronics and embedded engineers. Is there a
>>method to coax a regular built-in WLAN port on a laptop (or a WLAN card)
>>  into piping out a simple and slow on/off data stream? Without
>>protocols and all that, and without waiting for any receive packets.
>>
>>The reason behind this idea: Assume you have a small uC based product.
>>Every once in a while it needs to be updated with new firmware. The
>>usual scenario is to provide a USB connection or an infrared port. Both
>>are cumbersome. USB adds a lot of cost to the target device and the
>>cable gets in the way (oh drat, forgot to pack the cable...). Infrared
>>is tough because many laptops simply don't have it. However, nearly all
>>of them have built-in wireless these days.
>>
>>The scenario I imagine is this:
>>
>>a. The target device is equipped with a simple and not very sensitive
>>receiver and AM detector for 2.45GHz ISM (WLAN range). This runs into a
>>comparator port of the uC. Much simpler than Bluetooth and all that,
>>plus lots of laptops don't have Bluetooth.
>>
>>b. The user receives one executable file containing the new firmware,
>>code to initialize the WLAN port and code to run that port in a simple
>>(but legal) AM on/off mode. This executable would now be started.
>>
>>c. The user is instructed to press a magic button combination which sets
>>the target device into re-flash mode, upon which it waits for a data
>>stream from the WLAN card.
>>
>>d. The user must place the target device within a couple of feet of the
>>WLAN equipped laptop until a LED flashes, indicating that it has
>>detected the presence of a sufficiently strong pulsed carrier somewhere
>>around 2.45GHz.
>>
>>e. A serial on/off data stream is constantly pouring out of the WLAN
>>port of the PC. A bootloader in the target device looks for a passcode
>>and when it finds that it loads the data stream that follows.
>>
>>f. The target device stops at an end-of-file token, does sufficient
>>integrity checking on what it has received and then leaves re-flash
>>mode. It's now ready to use with the new firmware.
>>
>>Any idea on how to get point "b." done? Tried Google but pulled numerous
>>blanks. Then again, I am not a software guy so maybe I am looking in the
>>wrong places.
> 
> 
> If you want to stay within the normal WLAN protocols, it's possible to
> tell the WLAN card to set up an IBSS or Ad-Hoc network (it can do that
> without other WLAN cards present). Then you can send broadcast packets,
> and the WLAN card will forward them on the 2.45 GHz band. Broadcast
> packets won't need any replies. Be prepared that the OS network stack
> will also send out broadcast packets over the same network interface by
> default.
> 


Thanks for the pointer. Now I'll know what expressions to look for.



> For closer control you need access to the firmware of the device, which
> isn't going to be available typically. In a hypothetical situation
> where you had access to such firmware, you may be able to turn the
> transmitter on and off much quicker (although such behaviour may fall
> outside the regulatory limits)
> 


"... isn't going to be typically available" is exactly what I was 
thinking after finding almost nothing on the web :-(



> Do you intend to send the entire data stream as AM on/off signals ? In
> that case, the IBSS method won't be very practical, since each packet
> contains considerable overhead. A few thousand packets/second would be
> the upper limit. If that's enough, you could conceivable send shorter
> and longer broadcast packets to signify 0's and 1's. Keep in mind that
> both rate and gaps may vary beyond your control.
> 


Yes, the entire stream would be AM on/off. Rate changes and gaps would 
render it quite useless though since a small uC cannot contain much 
intelligence in the bootloader. Those bootloaders typically have to fit 
into 256 or 512 byte sectors. Not a whole lot.



> Of course, WLAN is quite ubiquitous, so be prepared for plenty of
> interference anywhere you are. An error correcting code may be
> necessary. Even if you keep your device real close, and only watch a
> strong signal, a standard WLAN card will be much more sensitive, and
> keep quiet when it hears other traffic, potentially causing big gaps in
> its own transmission.
> 


Well, that's exactly the point. I'd have to uncouple the WLAN card from 
it's habit of halting whenever something else talks. At least for a few 
seconds. However, that might sometimes not be permitted by the 
authorities. A way around that would be burst transmissions as long as 
it is legal. Net data rates as low as 2400bps would be quite acceptable. 
Even less if needed since the user could place the device on the table 
and then go do something else.

The only other option I could think of (and I have done that before) is 
to provide a photodiode and let the LCD screen flash. However, that is 
really slow and can annoy others who have to work close to that laptop.

-- 
Regards, Joerg

http://www.analogconsultants.com
Reply by Arlet October 26, 20062006-10-26
Joerg wrote:


> Well, that's exactly the point. I'd have to uncouple the WLAN card from
> it's habit of halting whenever something else talks. At least for a few
> seconds. However, that might sometimes not be permitted by the
> authorities. A way around that would be burst transmissions as long as
> it is legal. Net data rates as low as 2400bps would be quite acceptable.
> Even less if needed since the user could place the device on the table
> and then go do something else


Yes, and the danger of interfering with regulation or the protocol is
one of the reasons WLAN vendors are not going to let you touch the
firmware.


> The only other option I could think of (and I have done that before) is
> to provide a photodiode and let the LCD screen flash. However, that is
> really slow and can annoy others who have to work close to that laptop.


If you get the photodiode close enough, you only need to flash a small
area, or maybe you can alternate between colors that appear to have
similar brightness for human perception, but still offer enough
contrast for the photodiode.
Reply by Joerg October 26, 20062006-10-26
Hello Arlet,


> 
>>Well, that's exactly the point. I'd have to uncouple the WLAN card from
>>it's habit of halting whenever something else talks. At least for a few
>>seconds. However, that might sometimes not be permitted by the
>>authorities. A way around that would be burst transmissions as long as
>>it is legal. Net data rates as low as 2400bps would be quite acceptable.
>>Even less if needed since the user could place the device on the table
>>and then go do something else
> 
> 
> Yes, and the danger of interfering with regulation or the protocol is
> one of the reasons WLAN vendors are not going to let you touch the
> firmware.
> 


That's what I am afraid might stop this approach dead in the tracks. 
Unless it could at least be (legally) brought into a burst more where 
each burst is interpreted as a bit.


> 
>>The only other option I could think of (and I have done that before) is
>>to provide a photodiode and let the LCD screen flash. However, that is
>>really slow and can annoy others who have to work close to that laptop.
> 
> 
> If you get the photodiode close enough, you only need to flash a small
> area, or maybe you can alternate between colors that appear to have
> similar brightness for human perception, but still offer enough
> contrast for the photodiode.
> 


That would require filtering but could be done. At least it's better 
than using audio because that would be really annoying to others.

-- 
Regards, Joerg

http://www.analogconsultants.com
Reply by Arlet October 26, 20062006-10-26
Joerg wrote:


> That's what I am afraid might stop this approach dead in the tracks.
> Unless it could at least be (legally) brought into a burst more where
> each burst is interpreted as a bit.


Within the 802.11 protocol as implemented by these WLAN cards, there's
no legal burst mode that would be useful for your purpose. I've been
involved in the design of WLAN firmware, and on the devices I'm
familiar with it would require a firmware change to get detailed
control over the transmitter function. Some vendors or devices may have
a hidden test mode for low-level transmitter tests, but I expect those
to be undocumented at best.
Reply by Nico Coesel October 26, 20062006-10-26
Joerg <notthisjoergsch@removethispacbell.net> wrote:


>Hello Folks,
>
>This would address both electronics and embedded engineers. Is there a 
>method to coax a regular built-in WLAN port on a laptop (or a WLAN card) 
>  into piping out a simple and slow on/off data stream? Without 
>protocols and all that, and without waiting for any receive packets.
>
>The reason behind this idea: Assume you have a small uC based product. 
>Every once in a while it needs to be updated with new firmware. The 
>usual scenario is to provide a USB connection or an infrared port. Both 
>are cumbersome. USB adds a lot of cost to the target device and the 
>cable gets in the way (oh drat, forgot to pack the cable...). Infrared 
>is tough because many laptops simply don't have it. However, nearly all 
>of them have built-in wireless these days.
>
>The scenario I imagine is this:
>
>a. The target device is equipped with a simple and not very sensitive 
>receiver and AM detector for 2.45GHz ISM (WLAN range). This runs into a 
>comparator port of the uC. Much simpler than Bluetooth and all that, 
>plus lots of laptops don't have Bluetooth.


That won't work reliable because WLAN frequencies are shared amongst
different networks. Consider a frequency being an ethernet cable
shared with your neighbours. If your neighbours are transmitting on
the cable, you can't transmit. If you re-program your WLAN adapter to
output other patterns that usual, you'll be building a WLAN jammer.

-- 
Reply to nico@nctdevpuntnl (punt=.)
Bedrijven en winkels vindt U op www.adresboekje.nl
Reply by Joerg October 26, 20062006-10-26
Hello Arlet,


> 
>>That's what I am afraid might stop this approach dead in the tracks.
>>Unless it could at least be (legally) brought into a burst more where
>>each burst is interpreted as a bit.
> 
> Within the 802.11 protocol as implemented by these WLAN cards, there's
> no legal burst mode that would be useful for your purpose. I've been
> involved in the design of WLAN firmware, and on the devices I'm
> familiar with it would require a firmware change to get detailed
> control over the transmitter function. Some vendors or devices may have
> a hidden test mode for low-level transmitter tests, but I expect those
> to be undocumented at best.
> 


That would make this a no-go. Especially when, as you wrote, a firmware 
change would be the only way to cause a WLAN port to do CW. I guess that 
enabling/disabling WLAN couldn't be done fast enough to effect a 
meaningful data rate either.

It surprises me though that it wouldn't be legal at least around 
2.450GHz. That's where microwave ovens blast off hundreds of watts, some 
of which leak out. They don't adhere to any modulation scheme, it's more 
or less filtered DC plus 60/120Hz drooping picket fences to each side (a 
whole lot wider for the ones with switcher supplies). On the spectrum 
analyzer these can swamp whatever WLAN is in the room.

-- 
Regards, Joerg

http://www.analogconsultants.com
Reply by Nico Coesel October 26, 20062006-10-26
Joerg <notthisjoergsch@removethispacbell.net> wrote:


>
>The only other option I could think of (and I have done that before) is 
>to provide a photodiode and let the LCD screen flash. However, that is 
>really slow and can annoy others who have to work close to that laptop.


Why not use the audio output of the laptop? Every laptop has one and
it is very easy to program. If you get really nifty, you can
distribute your firmware as an mp3 file.

Still, I think USB really is the sensible way to go for these sort of
things. USB to serial adapter chips are commonly available and small
(like the CP2101). Cabling is not an issue if you use standard
(miniature) USB sockets. Drivers can be made available from your
website.

-- 
Reply to nico@nctdevpuntnl (punt=.)
Bedrijven en winkels vindt U op www.adresboekje.nl
Reply by Joerg October 26, 20062006-10-26
Hello Nico,


>>
>>This would address both electronics and embedded engineers. Is there a 
>>method to coax a regular built-in WLAN port on a laptop (or a WLAN card) 
>> into piping out a simple and slow on/off data stream? Without 
>>protocols and all that, and without waiting for any receive packets.
>>
>>The reason behind this idea: Assume you have a small uC based product. 
>>Every once in a while it needs to be updated with new firmware. The 
>>usual scenario is to provide a USB connection or an infrared port. Both 
>>are cumbersome. USB adds a lot of cost to the target device and the 
>>cable gets in the way (oh drat, forgot to pack the cable...). Infrared 
>>is tough because many laptops simply don't have it. However, nearly all 
>>of them have built-in wireless these days.
>>
>>The scenario I imagine is this:
>>
>>a. The target device is equipped with a simple and not very sensitive 
>>receiver and AM detector for 2.45GHz ISM (WLAN range). This runs into a 
>>comparator port of the uC. Much simpler than Bluetooth and all that, 
>>plus lots of laptops don't have Bluetooth.
> 
> 
> That won't work reliable because WLAN frequencies are shared amongst
> different networks. Consider a frequency being an ethernet cable
> shared with your neighbours. If your neighbours are transmitting on
> the cable, you can't transmit. ...



Not really since the field strength two feet from a laptop will be 
vastly higher than even a router in the next room. Unless it happens to 
be right behind the wall but then the user would know that or have to be 
educated about stuff like that. For an AM protocol to work quite well 
you wouldn't need much more than 6dB of SNR above other WLAN participants.



>               ... If you re-program your WLAN adapter to
> output other patterns that usual, you'll be building a WLAN jammer.
> 


Definitely not. Even if legal it would be unethical. First, there are 
about ten WLAN "channels" in most countries and you'd only block one. 
Second, you don't even have to block that one channel. The card could 
send really brief bursts and the duty cycle could be kept to a few 
percent. Then you would be less of a burden to other users than a kid 
that downloads the latest and greatest iTunes song or YouTube movie. 
Whatever they find funny about those movies...

Keep in mind that the typical uC in a small target device contains only 
1-2k of code. It doesn't take a whole lot of channel capacity to scoot 
that over. You could be done in under one second if needed. That's 
hardly a jammer ;-)

-- 
Regards, Joerg

http://www.analogconsultants.com
You might also like... (promoted content)
Upcoming In-Person Course: Hands-On with Embedded Linux and Yocto - SAVE $150 with Promo Code ER25
Upcoming In-Person Course: Hands-On with Embedded Linux and Yocto - SAVE $150 with Promo Code ER25
Upcoming In-Person Course: Hands-On with Embedded Linux and Yocto - SAVE $150 with Promo Code ER25
Imagine Conference