[ZeROSEro7] Transparent keyboard

This week, I worked on the USB keyboard, the SPI Slave, the read/write in Flash and casing.

USB Keyboard

The USB keyboard is now fully transparent. All input works and LED about Caps lock and NUM lock are managed according to SET REPORT from the computer as well.

I could add a feature to copy directly important descriptor of the keyboard plugged like PID and VID to be more transparent. It will be done if the time allows it.

SPI Slave

Currently, the most important part is the SPI slave. It’s used on two devices (USB Sniffer and Stealth Drop) to communicate between nRF52 (Master) and STM32 (Slave).

The configuration of the STM32 is as follow:

  • 16bit
  • CPHA = 0, CPOL = 0
  • MSB-first
  • NSS Hardware
  • Motorola mode
  • Slave mode
  • Rx interrupt on

I also add SPI_IRQHandler() in the vector table which called every interrupt.

I receive some data from the nRF52 but I got only the first byte of each tram and the Overrun flag turn on. So I fixed it while using mail box to manage received data.


I tried to read and write in the flash of the STM32F407 (Olimex). It’s not the most important features, but there is more storage in the flash memory than RAM and password will be safe in flash memory if the device is unplugged or the host computer is turned off.

First of all, I added a section in the linker script reserved for password data. I choose a lonely sector to be sure to not conflict with other data. In the software, I got back address from this section.

I can easily read in my section with the right address. Nevertheless, to write inside, I have to unlock the flash access with the right code in the right register. Every first write works well when flash is 0xFF value… But to write again, I have to erase the section before. And I have some trouble with the erase instruction because the STM32 crash… And the device become no bootable at all. I have to reload a program to fix it…


With Vincent, we designed the prototype casing of USB Sniffer and Spy Talk. We worked on Autodesk Fusion 360 software. See results on the following pictures:

Spy Talk

USB Sniffer

Last week

I have to fix the SPI slave and code the USB Sniffer demo software.

[ZeROSEro7] Keyboard works !

This week, we made a great improve with the USB keyboard. Indeed, we are able to use it on a computer with the STM32 (Olimex) between both. I also worked with Vincent on the porterage from the STM32F407 (Olimex) to the STM32F205 (USB Sniffer and Stealth Drop). Finally, I started to work on the SPI communication between an STM32 (Olimex) and a nRF52 (BLE).

USB Keyboard

The USB keyboard works on a computer with an STM32 (Olimex) between both. So I’m able to get every input from the keyboard to detect password, email, etc.

First of all, I got back an HID USB connection between the computer and the device. This communication start, the STM32 send its device, configuration, interface, HID and endpoint descriptor. These descriptors are currently hard coded. This will be done dynamically soon.

On the other side, a host USB communication start when a USB keyboard is plugged on the device (Olimex).

All interruptions from the keyboard are directly transferred to the computer, so it’s possible to use the keyboard normally… almost normally!

Input is fluent, every combine of input works except Caps lock and NUM lock! Indeed, all reports from the keyboard are sent to the computer, but no in the other direction. Caps lock and NUM lock input, update the status of LED on the keyboard managed by the computer. Worse, when the computer sends to the keyboard (STM32) the status of LED, the STM32 crash.

Hello World USB Sniffer !

As we received our PCB.

We wrote a code able to test each feature on board. On the USB Sniffer we want to test :

  • STM32F205
    • RGB LED
    • USB A male
    • USB A female
    • SPI communication
  • nRF52832
    • LED
    • BLE communication
    • SPI communication

We got back features from STM32F407 (Olimex) to use one the STM32F205. For that, we needed to manage the board.h and the tool chain compilation. Enguerrand choose the code to flash in the nRF5283.

And the very great news is every thing works !
Now we have to try the SPI communication between STM32 and nRF52

Slave SPI

I started to work on the SPI communication between an STM32 and an nRF52. It’s important that the nRF52 is the master of the communication ! Unfortunately, ChibiOS doesn’t implement a slave communication in SPI…

I got back STM32cubeF4 which is an MCU Package for STM32F4 series (HAL, Low-Layer APIs and CMSIS (CORE, DSP, RTOS), USB, TCP/IP, File system, RTOS, Graphic – coming with examples running on ST boards: STM32 Nucleo, Discovery kits and Evaluation boards). This one implements an example of slave SPI.

I’m trying to merge that with ChibiOS…

Next week

I want to valid the slave SPI communication between STM32 and nRF52 and add this feature to the USB Sniffer. I would like also to upgrade the USB keyboard to copy the dynamically USB descriptor and fix the problem with Caps lock and NUM lock.

[ZeROSEro7] USB Keyboard detected !

This week, we have finished schematics and PCB. We finally ordered PCB of USB Sniffer, Spy Talk and Stealth Drop devices. I also worked on the USB Keyboard and the SD card.

USB Keyboard

I created a macro to change usbDbgPrintf by rtt_printf. Therefor, all debug functions are usable on the RTT connection.
I listened M. Tardieu advice and I tried to use the USB_FS (OTG1) instead the USB_HS (OTG2). And it’s worked ! The card detects the keyboard and generates interrupt. It’s even possible to print the key pressed on the keyboard thank to the HID USB.
The next step will be sending keyboard descriptors to the computer to be a man in the middle device.

SD card

I started to work on the SD card. I just got back an example from ChibiOS to read and write SD card by the RTT connection.
The software is able to detect the SD card and report information about it but the read command fails.

After Christmas Holiday

I will continue to work on these two issues.

[ZeROSEro7] Host USB still get no descriptor…

This week, as last week, I worked on schematics and USB Keyboard.

Schematics and PCB

We almost finished schematics ! The second review on the USB Sniffer and the Stealth Drop was valid and few details have to be updated on the Spy Talk. PCB will be updated very soon.

USB Keyboard

I continued to work on the USB Keyboard issue. I updated the Makefile to compile with the ChibiOS_Contrib to use hal_usbh.h library.

In this file, there are some interesting typedefs:

  • USBHDriver
  • usbh_status
  • usbh_device
  • usbh_port
  • usbh_ep

…and some interesting functions:

  • usbhStart(USBHDriver *usbh);
  • usbhMainLoop(USBHDriver *usbh);
  • usbhDevicePrintInfo(usbh_device_t *dev);
  • usbhDevicePrintConfiguration(const uint8_t *descriptor, uint16_t rem);

I also found a very nice post on the ChibiOS forum which explain USB Host stack and driver for STM32. The contributor said he is still in development but he did it with some device like a Keyboard. It was 2 years ago, but I found some //TODO comment in the last ChibiOS version.

I got back files from HOST_USB example to integrate it in my project. I’m able to compile it and I added code in the main.c to use it. I configured OTG_HS (OTG2) pad correctly. I even verified the 5V tension on the USB_VBUS with a multi-meter and some device like a mouse where I can see LED turn on.

I used usbhDevicePrintInfo and usbhDevicePrintConfiguration on the USBHDriver USBHD2 to observe on the RTT connection all device information. Nevertheless, nothing happens and I only can see :

----- Device info -----
Device descriptor:
USBSpec=0000, #configurations=0, langID0=0000
Class=00, Subclass=00, Protocol=00
VID=0000, PID=0000, Release=0000
----- End Device info -----

----- Configuration info -----
Configuration descriptor:
Configuration 101, #IFs=104
----- End Configuration info -----

I’m still working on the step to get back USB Keyboard descriptor…

Next Week

Next week, I will command all PCB before Christmas and I will continue to work on the USB Keyboard.

[ZeROSEro7] Understand USB Keyboard

This week, I worked on Schematics, PCB and USB Keyboard.


We finished first schematic version of each device. I updated some details on schematics before to begin all PCB.
I also added a spreadsheet of the STM32Fxx pin functions. Finally, I added a file in the wiki about the power supply of each component.

USB Keyboard

I started to work on the USB Keyboard Issue. The goal is to plug a PC to an STM32 (Olimex OTG1 port) and to plug the same STM32 (Olimex OTG2 port) to a USB Keyboard. The PC has to detect a keyboard without to see the STM32 between both. The STM32 has to get all USB Keyboard interaction as descriptors and interrupt to send it to the PC.

The first step would be to get USB Keyboard descriptors and show it on the RTT connection. However, I’m still working on this step.

I started to check the Olimex board connection to know jumper position and I updated the file board.h correctly.

USB protocol

I read documentations about the USB standard from the official website, some blogs as site OUAIBE de la BIDOUILLE and some forums. I got knowledge about how USB works. There are four types of communication : control, bulk, interrupt and isochronous. Note that Keyboard works with interrupt.

Each communication is constructed with different packet:

  • Token
8bits 2x4bits 7bits 4bits 5bits 3bits
  • Data
8bits 2x4bits 1024bits 16bits 3bits
  • Handshake
8bits 2x4bits 3bits
  • SOF (Start of Fram)
Sync PID FramNumber CRC5 EOP
8bits 2x4bits 5bits 3bits

Finally, there are four descriptors : devices, configuration, interface and endpoint descriptors. Each descriptors has field contain information about the device. The PID, VID, consumption, type of communication, etc.

USB on ChibiOS

My difficulties are to implement that on the STM32 and more specially with the OS we choose: ChibiOS.

I got back usbcfg from ChibiOS/testhal/STM32/STM32F4xx/USB_CDC_IAD/
This example uses two SerialUSBDriver SDU1 and SDU2 but not as a host.

I found another example at ChibiOS/community/testhal/STM32/STM32F4xx/USB_HOST/ which logically implement what we need. Nevertheless, the code is very hard to understand and is not possible to compile it. I try to debug the Makefile, but there are too many errors. I will continue to read ChibiOS documentation, code and forum to find a solution.

Next week

Next week, I will finished the spy talk PCB and continue to work on the USB Keyboard Issue.

[ZeROSEro7] Schematics

This week, I worked essentially on the USB Sniffer schematics and Spy Talk schematics.

LoRa SX1276

first day of the week, I continued to work on the SX1276. The purpose was to write an SPI interface between the microprocessor (nRF52832) and the LoRa module (SX1276). The difficulty is to well understand the microprocessor SDK (Nordic) and the LoRa SDK (icube) to merge each SPI interface.

We finally choose Enguerrand to manage this issue because of his great knowledge about Nordic and icube SDK. In addition, it was an emergency to start schematics, what I did.


I got back Vincent’s work about USB Sniffer and continued the schematics on the XpeditionPCB software. I finished the first schematic version of this device. We got Mr. Polti A. feedback about it and I’m working to fix errors and update the schematics before start the PCB. I also started the Spy Talk schematics and almost finished the first version.

Next week

Next week, I will finish schematics of USB Sniffer and Spy Talk and start one PCB. We also received two USB OTG cables to plug a keyboard on the Olimex card. So I would like to begin working on the issue about reading keyboard action on the Olimex (STM32).

[ZeROSEro7] Running demo and Fibonacci on the STM32F4xx Dev Kit

I didn’t post last week because I participated in the ATHENS program. I wasn’t in France and I was pretty busy.
Nevertheless, this week, I continued the ZeROSEro7 project and I’m writing about my advancement in the project.

nRF52 dev kit (BLE) to SX1276 dev kit (LoRa)

After finishing the nRF52_DK environment and successfully close the issue “nrf52 dev kit Fibonacci”, I let Enguerrand to continue BLE development on this dev kit.

In addition, I started to manage about the new SX1276 dev kit received last Wednesday. I read the datasheet, schematic, etc. about SX1276 (LoRa). I got back useful documents from the Internet and from Enguerrand’s works to push into a git repository. I obviously spoke with Enguerrand about his works on the previous LoRa dev kit to save all useful information about his works.

I also connected the SX1276 dev kit to the STM32 dev kit (Olimex) with breadboard jumper cables in SPI communication:

Tab 1 : Connexion Olimex – SX1276
VCC UEXT – 1 J3 – 4
GND UEXT – 2 J2 – 7
NSS J3 – 6 (SX1276) J2 – 3
MOSI UEXT – 8 J2 – 4
MISO UEXT – 7 J2 – 5
SCK UEXT – 9 J2 – 6



I have to verify the right connexion between olimex and sx1276 with example program to flash in the STM32.

Fibonacci on the STM32F4xx Dev Kit

like with nRF52 dev kit (Nordic), I made an environment for the STM32 dev kit (Olimex).
I added ChibiOS in our git repository and to the usb_dev_kit directory, there is the environment to develop on the STM32 dev kit.
With the Makefile, it’s possible to format the code, compile and debug with gdb.
I updated CI tests to use adapted docker image to compile with the last version of arm-none-eabi-gdb.
All CI tests pass, I merged with dev branch and I closed the issue Fibonacci runs on STM32 dev kit.

Schematics and PCB

I’m improving on the mentor software to draw schematic and I have to start a schematic about one device before next week.

Next week

So for the next week, I will continue about SX1276 (LoRa) with Enguerrand’s help and I will start schematic of one device.

[ZeROSEro7] Running demo and Fibonacci on the nRF52 Dev Kit

This week was consecrated to development boards. We received all of it and we started to create environments to develop, compile and debug programs on it.

I continued my work on the nRF52 Development Kit and I finally finished the environment for this board. I made a Makefile which compiles the main.c file with the SDK directory, sdk_config.h and the linker script. It’s possible to  load the program in flash with make flash which used a Nordic command line tool called nrfjprog. Finally I can debug codes with make startgdbserver which open a JLinkGDBServer and make debug which called arm-none-eabi-gdb function.


I wrote 2 functions in C Language to compute the Fibonacci sequence. The first function is a linear algorithm and the second is a recursive algorithm. I loaded these functions in the nRF52 Dev Kit to valid an Issue and we added some tests in the gitlab-ci.yml file to test every push with GitLab if the code is correct.

Install software

Finally, I installed on my computer Clang-format to be able to format my code according the coding style, I installed stlink to use the LoRa Development Kit and I installed XpeditionPCB to design schematic and PCB.

Next week is the Athens program I participate it. So, I won’t be able to work on Development Kit and I will try to begin the schematic of the spy talk.

[ZeROSEro7] Nordic nRF52 getting started

This week, we have continued to research component for our devices. We analyzed more precisely features and made the decision to keep the following items:

Tab 1 : Components
 µC  STM32F215RG
 BLE  nRF52832-QFAA
 LoRa  SX1276IMLTR

For each component, we chose a microprocessor development board to begin the software part of each device. We ordered all microprocessor development board Friday and we will receive them on Monday. We ordered the following items:

Tab 2 : microprocessor development board
 µC  OLIMEX STM32-E407
 BLE  Nordic nRF52 DK
 Wifi  Texas Instrument CC3220SF-LAUNCHXL

Nordic nRF52

I got the BLE development Kit from Nordic last Friday and I began to use it. I read a lot of information about this board on Nordic website.

I read, more specifically, information about the nRF52_DK PCA10040 v1.1.1 which contain a nRF52832 component. I got back useful files like datasheets, SDK, examples, etc.

I started to set up the environment to this development board. I got back a linker script and wrote a gdbinit to load and debug a program on the nRF52_DV. I’m editing a Makefile able to compile, load and debug a program.

Next week I will finish the environment and start to reorder useful file to push in our git repository. I would like also to discover the PCB software Xpedition PCB to start to design schematics.

[ZeROSEro7] Specifications

This week, we started making specification for our 3 spy weapons, and chose many of the key components. This specification file is reachable on the Wiki page of our project.

According to the features of each device, we managed to find fitting component to optimize our spy gadgets. We tried to find common components whenever possible between devices to be more efficient during development time. Indeed, the more different components we have , the more time it will take to understand how it works, to develop on it, to add it to our PCB, etc.

Here are the architectures we have designed this week :

USB Sniffer

We chose the STM32F215RG processor mainly because it has two USB OTG interfaces. We decided to use a STM processor because we already worked with one of them and few brands are low power products.

Among STM processors, only STM32F2, STM32F4, STM32H7, and STM32F7 have two USB OTG. We only focused our research on F2 serie because we don’t need powerful processors and Cortex-M4/M7 need too much current (over 37mA in run mode instead of 22mA for F2). We need 1 MB FLASH (higher size for F2 serie). We choose the smallest processor in LQFP: STM32F215RG.

We mainly choose the nRF52832 BLE module because it has a programmable module with complete architecture; 512 kB flash (rare), 64 kB RAM, Cortex-M4, several interfaces (UART, I2S, 2 I2C, 3 SPI). Therefore, we can use it for the Spy Talk device.

Moreover, it’s transmission/reception power/sensitivity are great (up to +4dBm/ -96dBm) and current consumption is very low (~5mA in TX and RX, 1.9µA in sleep mode).

Spy Talk

We chose the same BLE component as USB Sniffer because it’s easier. Even if this time, the component will have an interface with LoRa, we do not have to develop the same code for two BLE modules. Hardware side doesn’t need to be handled two times as well.

Stealth Drop

Finally, we are thinking to use only Wifi communication and to leave BLE idea. Indeed, the Wifi consumption in listening mode is not so big and it simplified the device architecture. We chose the CC3220MODASF12MONR Wifi because the antenna is integrated, FLASH is 1MB and there is several bus communications (SPI, I2C, UART, I2S, SD).

We want to have several gigabytes of storable data in Stealth Drop. The biggest Nand Flash we found was the TH58NVG5S0F which offers only 4GB of storage and takes up a 20x12mm space.That’s why we thought to use a micro-SD card that can go up to 128GB of storage , takes no more place than the Nand Flash and has the possibility of being removed or exchanged at any time by the user. This one will use SPI and SDIO communication.

Next Week

Next week, we will determine which batteries we will use and maybe start the schematics for our PCBs. By then, all components and how they communicate will be settled.