Live Reverse Engineering WiFi Modules

7,648

79

15

About: I am a photographer, a tinker, an electronics technology engineer, and author; I write short stories and poetry for the love of writing. I started writing poetry in high school over thirty years ago where I ...

I like to reuse as many working components I can. Although I am reverse engineering a printers WiFi this method works on many other devices.

Please; don’t just pull apart obsolete electronics, then expect to find the datasheets for salvaged components and modules on line. Beyond proprietary knowledge, the more obsolete the part is, the harder it can be to find a datasheet on that component.

Do what I do; first I find out if the machine runs. It doesn’t need to work like new it just needs to work enough to do diagnostics. Open it and see if you can find the datasheets for the components you want to salvage. And if you cannot find the datasheets for the components, reverse engineer them.

From this printer I wanted to salvage the WiFi module and the COG LCD. Later I will reverse engineer the LCD.

Teacher Notes

Teachers! Did you use this instructable in your classroom?
Add a Teacher Note to share how you incorporated it into your lesson.

Step 1: Tools and Parts

Screwdrivers and pliers for disassembling the printer.

Oscilloscope or Logic Analyzer, a logic analyzer works best however an oscilloscope that saves readings can do the same job.

Multimeter for continuity testing and basic values.

You don’t need the whole printer but you will need the power supply, the main board, the control board, the LCD, cables, and the WiFi module.

Step 2: Disassemble the Printer

Take the printer apart and sort out the parts you will need, the main board, the control board, the LCD, cables, and the WiFi module.

I searched the net and couldn’t find a dattasheet on the K30345 WLAN WiFi module with pinouts. This module has 8 pins and many WiFi modules only needs four pins, + voltage, ground, data +, and data -.

I sorted out enough parts so that the LCD will display error codes.

Not every device will be the same so you may need more components than I did for this printer.

Step 3: Assemble the Parts

Assemble the parts you will be testing and turn on the printer.

When you turn the printer on, it should go into diagnostics mode.

Once it has completed diagnostics it should display error codes this is normal.

Step 4: Test the Main Board Ribbon Connector

Start by testing the WiFi ribbon connector on the main board using the multimeter.

Disconnect the WiFi module and measure the voltage of each pin from the ribbon connector to ground on the main board one at a time. Make a record of the outputs with the printer off.

Next measure the voltage of each pin from the ribbon connector to ground, one at a time turning the printer on and off as you wait for error codes. Make a record of the outputs with the power on.

Compare the pin outputs with the power off and the power on, since pin 7 is a steady 3.4 volts weather the printer is on or off it can be safe to assume pin 7 is VCC.

Step 5: Oscilloscope Test

Since pins 2, 5, and 6, on the main board ribbon connector never changed at 0 volts I suspected they were ground or no connection and I checked them with the oscilloscope power on or off there was no change.

Pin 7 was a steady 3.4 volts so I assumed it is safe to say pin 7 is VCC.

Pins 1, 3, and 4 at 1.5 volts could be a signal showing a lower than normal voltage on the multimeter, however when I checked them with the oscilloscope there was no signal.

Pin 8 starts at 0 volts increases to 3.4 volts when the power is turned on and then drops to 0 volts when the error codes come on the display. I suspect it was Enable or diagnose.

Step 6: Multimeter Test on the WiFi Module

Using the continuity settings of my multimeter, I checked the pins on the ribbon connector with the ground on the WiFi module one pin at a time and made note of the results.

Next I tested the test points on the WiFi module with the pins on the ribbon connector and made note of which test point is which pin.

I got a resistance on pins 1, 2, 5, 6, and 8 at the ribbon connector to ground, and 0 impedance or no resistance at pins 3, 4, and 7 from the ribbon connector to ground. This told me pins 3, 4, and 7 are ground.

Since pins 2, 5, and 6 on the main board ribbon connector were ground or no connection, and pins 3, 4, and 7 went to ground on the WiFi modules ribbon connector. I came to the conclusion the ribbon reverses between the two connectors so that pin 1 on the main board is pin 8 on the WiFi module.

Since pin 7 on the main boards ribbon connector is a steady 3.4 volts that would make pin 2 on the WiFi module VCC. Now we have 4 pins on the WiFi module figured out.

Pin 2 VCC

Pin 3 Gnd

Pin 4 Gnd

Pin 7 Gnd

Step 7: Oscilloscope Testing the Module

Reconnect the WiFi module and using an oscilloscope test the module at the test points.

Turn the printer on and record the responses one pin at a time as you turn the printer on and off, watch the error codes on the LCD.

This time I got a much different response from the 5 pins connected to the test points.

The test point connected to pin 2 on the module was a steady 3.3 volts confirming pin 2 is VCC.

The test point connected to pin 1 on the module went from 0 volts to 3.3 volts back to 0 volts then back to 3.3 volts and stayed there.

At the same time as the signal on pin one dropped from 3.3 to 0 volts and back up to 3.3 volts, the test point connected to pin 8 went from 0 volts to 3 volts and stayed there. Pin 8 only did this when the WiFi module was connected and pin 1 was at 3.3 volts. This made me suspect pin 1 was enable and pin 8 was ready.

The test point connected to pin 5 remained at 0 volts.

The test point connected to pin 6 had a repeating signal that flashed in sync with the error codes. This made me suspect the printer was trying to tell a computer it wasn’t ready to run and waiting for a response from a computer making pin 6 data into the module.

Since there was no computer was trying to communicate with the printer that should make pin 5 data out of the module.

Step 8: The Pinouts

The minimum number of pins on a WiFi module is 4; VCC, Gnd, D+, and D-. they can have extra VCC pins, or they can have extra Ground pins, Enable in, Ready out, Reset, and NC or No Connections.

The K30345 WLAN WiFi module has 8 pins, Enable, VCC, Gnd, Gnd, D-, D+, Gnd, and Ready .

Reuse Contest

This is an entry in the
Reuse Contest

Be the First to Share

    Recommendations

    • Assistive Tech Contest

      Assistive Tech Contest
    • Reuse Contest

      Reuse Contest
    • Made with Math Contest

      Made with Math Contest

    15 Discussions

    4
    None
    squirrelsnuts

    6 days ago

    So awesome! Thank you for the detailed walk through the deductions, I might have to give this a try!

    What would be the next steps to actually start sending data to this module? Maybe that should be part 2! :)
    Good work!

    2 replies
    0
    None
    SerenityB3squirrelsnuts

    Reply 1 day ago

    I totally agree that reading how you deduced the function of each pin on the Wi-Fi board is my favorite part! It models wonderfully how someone could follow your process to reverse engineer other circuits. Thanks! Now I need to resist the impulse to go buy an oscilloscope I DON'T need for my hobby! 😁

    0
    None
    gilliland_jeff

    4 days ago on Step 8

    My hero!

    Sir this is amazing. and I cannot wait to see your repurpose led screen. I scraped 3 printers last year then did a washing machine. The motor from the washing machine was a 3/4 hp 3 phase with its own VFD. It had 5 low voltage wires going from the main board to the VFD which then took 110 single phase main and converted it into DC. Then inverted back to some voltage AC with a variable frequency. When I realize what I had I set it all up (getting all of the safety switches bypassed so the micro controller would send the ready signal) so I could get some readings on the 5 wires.

    But before I could a Power surge let all of the magic smoke out of the main control board.

    I still have the VFD and now I have another opportunity with a different 3 phase controller.

    1 reply
    8
    None
    JemChalweDoPorzygu

    6 days ago

    but... did you make it working with arduino or any other microcontroler?
    How can we talk about reverse engineering if we didn't make it work?

    1 reply
    0
    None
    JeromeS29

    5 days ago

    And then what??? Where the rest of the article you just stopped right in the middle...

    1 reply
    0
    None
    Josehf MurchisonJeromeS29

    Reply 4 days ago

    I didn't stop in the middle, I stopped at the pinouts, which is what reverse engineering is about, not programming.

    0
    None
    throbscottle

    5 days ago

    You put sink instead of sync.
    Very clever analysis. It would be interesting to know how you work out it's command set.

    1 reply
    0
    None

    Thanks; both spellchecks and grammar checks miss homophones, they need to make a homophone check. (Homophones are words that sound the same but are spelled different.) That would be a good one for a programmer to develop.
    The command sets will be part two.

    0
    None
    Alex in NZ

    7 days ago

    Great documentation of your analysis process. Thank you for sharing it :-)

    1 reply