BPv3 is the latest hacking multi-tool from the Bus Pirate project. It connects to a USB port and interacts with electronics through a simple terminal interface.
Use it to see how much of your private information is stored on smartcard SIM chips. Explore the Wii Nunchuck over the I2C bus like Johnny Lee. Read and write EEPROM chips in consumer electronics at any voltage. Check out all the existing chip demonstrations.
BPv3 has features an intrepid hardware hacker might need to prototype their next great creation:
This article introduces BPv3, the latest hardware from the Bus Pirate project. We’ll look at the history of the design, share our experience organizing the production of Bus Pirate v2go, and talk about issues that influenced hardware version 3.
History of the Bus Pirate universal serial interface
We made the first Bus Pirate to deal with a particularly difficult chip that didn’t behave as expected. We wanted to send SPI commands through a serial terminal so we could test the chip without compiling a firmware to implement each small change.
Bus Pirate V0 was based on an USB-enabled PIC 18F2550 microcontroller. It operated at 5volts only, and didn’t have on-board power supplies. V0 was published on a personal blog under the GPL, sometime around 2004. Along with some very poor soldering, you can see the first use of the Bus Pirate name etched into the copper.
Bus Pirate V0a upgraded to a 16bit PIC 24FJ64GA002, but traded USB for a serial interface. This version also added 3.3volt and 5volt power supplies, and two 3.3volt software-controlled pull-up resistors.
Microchip’s new low-pincount PICs are perfect for the Bus Pirate because of a feature called peripheral pin select. Many microcontrollers have hard-wired pin assignments, but PPS assigns some features to any pins we like. The PIC 24FJ is a better choice than the dsPIC33-series because the pins can source/sink more current (20mA vs 4mA).
We used a rare and expensive RS232 transceiver from our parts box in this design because it was intended for ‘in house’ use. We released this design into the public domain, and Hack a Day later published an article about it as a stop-gap when other content wasn’t ready.
Bus Pirate V1a was another serial interface design, but this version used mostly surface mount parts. We replaced the expensive RS232 transceiver with a cheap, common SMD version. The power supplies were upgraded to 800mA switchable regulators that can be reset from within the terminal. V1a ditched the software controlled pull-up resistors, and used jumpers to connect pull-ups to the four bus pins. This version added voltage monitoring probes using extra analog to digital converter pins on the PIC.
The v1a Bus Pirate was also released into the public domain, and we wrote an article about it that was published on Hack a Day. Fundamental logic revised the v1 design and released a through-hole serial port Bus Pirate kit (also public domain). You might still be able to buy the kit for $20.
Bus Pirate V2 is the current king of the Bus Pirate designs, it’s the first of the modern 16bit designs to have a USB interface (via an FTDI serial->USB chip). V2a was an early revision (left), v2go was the final version of the V2 family (right). V2 swaps in smaller, cheaper, and awesomer power supplies (MIC5205) recommended by Nate at SparkFun. We finally brought software switchable pull-up resistors to all four main bus pins via a CD4066 IC.
The Bus Pirate project was approached by a company that wanted to sell the v2 design, but complications and time constraints got in the way. Instead, we ran a group preorder as a fundraiser for Hack a Day, and got some experience with the manufacturing process.
Almost 1000 Bus Pirates sold in 10 days, with all proceeds going to Mahalo, the company that operates Hack a Day. So many sold that we had supply problems, Seeed Studio couldn’t find enough PIC 24FJ64GA002-SO to fill the order.
BPv3 is designed to address supply and manufacturing problems encountered during the v2go preorder. v2go would have been the final Bus Pirate, but we learned so much during manufacturing that we wanted to apply it to an updated design. For V3 we did a full, scratch redesign of the PCB that went through two revisions.
If you’ve got a Bus Pirate v2go, don’t worry because it’s functionally equivalent to v3. V2go and V3 will even bootload and run the same firmware. In retrospect, v2go was a cute-but-poor version choice. Where do you go from there? v2go+1=? We chose V3.
Updates to BPv3
Resolve manufacturing issues
Hack a Day’s Bus Pirate preorder had to be split due to a shortage of SOIC-size PIC microcontrollers. BPv3 uses the smaller, more common SSOP-size (IC1). The smaller chip also allowed a reduction in PCB size and a few other tweaks.
The programming pins on v2 were swapped from the normal PICkit2 order. Seeed had to use an adapter to program the v2go Bus Pirates, BPv3 has the correct pin order for easier manufacturing. Bootloaders for V2go and v3 are not interchangeable because of this modification.
Manufactured BPv3s will be programmed with the latest bootloader and firmware, which contains a self-test for better quality control.
The FTDI 232R USB->serial converter’s (IC2) IO pins are now driven by the main supply regulator, which is probably better than running it from the internal regulator as in v2go. The FTDI enable pin could be connected to the 3.3volt supply regulator (VR2) enable to make a fully USB sleep compliant device, but we didn’t because the routing was too complicated.
We added a 0.1uF capacitor (C6) to decouple the VCCIO supply pin, the datasheet wasn’t clear if this is required but it’s probably best practice.
The header (ST) that taps the serial connection between the FTDI232R (IC2) and the PIC (IC1) was removed. A poll of developers found that none had ever used it, and the routing is cleaner without it.
The interior connection between two adjacent ground pins on IC3 was removed because so many people thought it was a solder bridge. (It’s not.)
We tweaked part placement during the PCB redesign. The USB jack (J1) is centered. The CD4066 (IC3) is rotated for better clearance around the IO header.
We moved the USB activity LED to the top of the PCB. LED labels are bolder, easier to read.
Traces that carry power are fatter, and have bigger vias. We used wider 12mil trace/space wherever possible to improve PCB yield. The ground plane is reinforced with more and larger vias in important areas.
The tighter placement required us to swap the 3.3volt and ADC pins on the I/O header. This is easier to route, and the ribbon cable pinout is more logical: ADC-5.0-3.3-GND.
The PCB is small and tightly packed. It’s a challenging board that takes us an hour to solder from memory. Seeed Studio sells the extra PCBs from our order.
|IC1||PIC24J64GA002-SS (SSOP)||Changed to SSOP|
|C1-6||0.1uF capacitor (0805)||Added C6|
|C20-24||10uF tantalum capacitor (SMC-A)|
|ICSP, IO||0.1″ pin header (3×05)|
|J1||USB MINI-B (SMD)||J2 renamed J1|
|L1||1000ma+ ferrite bead (0805)|
|R1||2000 ohm resistor (0805)|
|R2,3||1100 ohm resistor (0805)||R30 renamed R2|
|R10-17, 19-23||10000 ohm resistor (0805)||Removed R18|
|R31,32||390 ohm resistor (0805)|
|VR2,3||MIC5205 3.3volt regulator (SOT23-5)|
|VR4||MIC5205 5volt regulator (SOT23-5)|
Taking it further
Check the Bus Pirate manual for usage examples, pin diagrams, connection tables, syntax guides, and more.
We’re happy with the current hardware features. Future updates will focus on improving the firmware, and adding features via the firmware and break-out boards.
Producing the Bus Pirate
To manufacture a project, you need to submit design files, a part list, and a firmware file.
We design circuit boards in Cadsoft Eagle and create gerber design files, but many board houses now accept Eagle .brd files too. We send the gerbers to a board house and test the PCB. We order revisions and test again, if required.
Assembling a part list can be fairly involved. At minimum, we specify part type, value, and size. Elaborate as much as possible on critical values or custom parts. For a 10uF capacitor, what type and how many volts max? If a 1% tolerance resistor is required, it needs to be specified.
Our best advise is to design with common parts. Check DigiKey and Mouser (or better, Octopart), be sure you can get a few hundred of your critical part from several suppliers. Check the supply of any specific microcontroller or IC that could hold up production.
Seeed was able to locate 300 PIC 24FJ64GA002-SO microcontrollers prior to the Hack a Day preorder. When orders took off, the initial 300 were gone within 48 hours. In the end, nearly 1000 Bus Pirates were sold. The extra 700 PICs took almost 2 months to source.
It’s important to plan for production programming. The Bus Pirate uses a two part firmware, a bootloader and a main program. The normal programing method is to burn the bootloader and then upload a main program over USB. This is too slow for manufacturing, so we created a complete, bootloaded PIC firmware dump that combines both parts into a single image.
When manufacturing starts, be prepared for issues that hardly ever happen in a single chip, but occur quite frequently in 1000. Around 15% of v2gos failed initial quality control tests. They wouldn’t connect to the bootloader at the default speed (115200bps). The bug turned out to be a baud rate setting that wasn’t precise enough due to the inaccuracy of the internal crystal. The remaining boards worked after reducing the bootloader speed on the PC to 9600bps.
The members of the Bus Pirate project team learned a lot producing v2go with Seeed Studio. It wasn’t without problems, but we used that experience to refine the hardware design. We hope this background information helps you produce your first widget, be sure to let us know when it debuts.