[ZeROSEro7] Understand USB Keyboard

This week, I worked on Schematics, PCB and USB Keyboard.


We finished first schematic version of each device. I updated some details on schematics before to begin all PCB.
I also added a spreadsheet of the STM32Fxx pin functions. Finally, I added a file in the wiki about the power supply of each component.

USB Keyboard

I started to work on the USB Keyboard Issue. The goal is to plug a PC to an STM32 (Olimex OTG1 port) and to plug the same STM32 (Olimex OTG2 port) to a USB Keyboard. The PC has to detect a keyboard without to see the STM32 between both. The STM32 has to get all USB Keyboard interaction as descriptors and interrupt to send it to the PC.

The first step would be to get USB Keyboard descriptors and show it on the RTT connection. However, I’m still working on this step.

I started to check the Olimex board connection to know jumper position and I updated the file board.h correctly.

USB protocol

I read documentations about the USB standard from the official website, some blogs as site OUAIBE de la BIDOUILLE and some forums. I got knowledge about how USB works. There are four types of communication : control, bulk, interrupt and isochronous. Note that Keyboard works with interrupt.

Each communication is constructed with different packet:

  • Token
8bits 2x4bits 7bits 4bits 5bits 3bits
  • Data
8bits 2x4bits 1024bits 16bits 3bits
  • Handshake
8bits 2x4bits 3bits
  • SOF (Start of Fram)
Sync PID FramNumber CRC5 EOP
8bits 2x4bits 5bits 3bits

Finally, there are four descriptors : devices, configuration, interface and endpoint descriptors. Each descriptors has field contain information about the device. The PID, VID, consumption, type of communication, etc.

USB on ChibiOS

My difficulties are to implement that on the STM32 and more specially with the OS we choose: ChibiOS.

I got back usbcfg from ChibiOS/testhal/STM32/STM32F4xx/USB_CDC_IAD/
This example uses two SerialUSBDriver SDU1 and SDU2 but not as a host.

I found another example at ChibiOS/community/testhal/STM32/STM32F4xx/USB_HOST/ which logically implement what we need. Nevertheless, the code is very hard to understand and is not possible to compile it. I try to debug the Makefile, but there are too many errors. I will continue to read ChibiOS documentation, code and forum to find a solution.

Next week

Next week, I will finished the spy talk PCB and continue to work on the USB Keyboard Issue.

[ZeROSEro7] Schematics

This week, I worked essentially on the USB Sniffer schematics and Spy Talk schematics.

LoRa SX1276

first day of the week, I continued to work on the SX1276. The purpose was to write an SPI interface between the microprocessor (nRF52832) and the LoRa module (SX1276). The difficulty is to well understand the microprocessor SDK (Nordic) and the LoRa SDK (icube) to merge each SPI interface.

We finally choose Enguerrand to manage this issue because of his great knowledge about Nordic and icube SDK. In addition, it was an emergency to start schematics, what I did.


I got back Vincent’s work about USB Sniffer and continued the schematics on the XpeditionPCB software. I finished the first schematic version of this device. We got Mr. Polti A. feedback about it and I’m working to fix errors and update the schematics before start the PCB. I also started the Spy Talk schematics and almost finished the first version.

Next week

Next week, I will finish schematics of USB Sniffer and Spy Talk and start one PCB. We also received two USB OTG cables to plug a keyboard on the Olimex card. So I would like to begin working on the issue about reading keyboard action on the Olimex (STM32).

[ZeROSEro7] Running demo and Fibonacci on the STM32F4xx Dev Kit

I didn’t post last week because I participated in the ATHENS program. I wasn’t in France and I was pretty busy.
Nevertheless, this week, I continued the ZeROSEro7 project and I’m writing about my advancement in the project.

nRF52 dev kit (BLE) to SX1276 dev kit (LoRa)

After finishing the nRF52_DK environment and successfully close the issue “nrf52 dev kit Fibonacci”, I let Enguerrand to continue BLE development on this dev kit.

In addition, I started to manage about the new SX1276 dev kit received last Wednesday. I read the datasheet, schematic, etc. about SX1276 (LoRa). I got back useful documents from the Internet and from Enguerrand’s works to push into a git repository. I obviously spoke with Enguerrand about his works on the previous LoRa dev kit to save all useful information about his works.

I also connected the SX1276 dev kit to the STM32 dev kit (Olimex) with breadboard jumper cables in SPI communication:

Tab 1 : Connexion Olimex – SX1276
VCC UEXT – 1 J3 – 4
GND UEXT – 2 J2 – 7
NSS J3 – 6 (SX1276) J2 – 3
MOSI UEXT – 8 J2 – 4
MISO UEXT – 7 J2 – 5
SCK UEXT – 9 J2 – 6



I have to verify the right connexion between olimex and sx1276 with example program to flash in the STM32.

Fibonacci on the STM32F4xx Dev Kit

like with nRF52 dev kit (Nordic), I made an environment for the STM32 dev kit (Olimex).
I added ChibiOS in our git repository and to the usb_dev_kit directory, there is the environment to develop on the STM32 dev kit.
With the Makefile, it’s possible to format the code, compile and debug with gdb.
I updated CI tests to use adapted docker image to compile with the last version of arm-none-eabi-gdb.
All CI tests pass, I merged with dev branch and I closed the issue Fibonacci runs on STM32 dev kit.

Schematics and PCB

I’m improving on the mentor software to draw schematic and I have to start a schematic about one device before next week.

Next week

So for the next week, I will continue about SX1276 (LoRa) with Enguerrand’s help and I will start schematic of one device.

[ZeROSEro7] Running demo and Fibonacci on the nRF52 Dev Kit

This week was consecrated to development boards. We received all of it and we started to create environments to develop, compile and debug programs on it.

I continued my work on the nRF52 Development Kit and I finally finished the environment for this board. I made a Makefile which compiles the main.c file with the SDK directory, sdk_config.h and the linker script. It’s possible to  load the program in flash with make flash which used a Nordic command line tool called nrfjprog. Finally I can debug codes with make startgdbserver which open a JLinkGDBServer and make debug which called arm-none-eabi-gdb function.


I wrote 2 functions in C Language to compute the Fibonacci sequence. The first function is a linear algorithm and the second is a recursive algorithm. I loaded these functions in the nRF52 Dev Kit to valid an Issue and we added some tests in the gitlab-ci.yml file to test every push with GitLab if the code is correct.

Install software

Finally, I installed on my computer Clang-format to be able to format my code according the coding style, I installed stlink to use the LoRa Development Kit and I installed XpeditionPCB to design schematic and PCB.

Next week is the Athens program I participate it. So, I won’t be able to work on Development Kit and I will try to begin the schematic of the spy talk.

[ZeROSEro7] Nordic nRF52 getting started

This week, we have continued to research component for our devices. We analyzed more precisely features and made the decision to keep the following items:

Tab 1 : Components
 µC  STM32F215RG
 BLE  nRF52832-QFAA
 LoRa  SX1276IMLTR

For each component, we chose a microprocessor development board to begin the software part of each device. We ordered all microprocessor development board Friday and we will receive them on Monday. We ordered the following items:

Tab 2 : microprocessor development board
 µC  OLIMEX STM32-E407
 BLE  Nordic nRF52 DK
 Wifi  Texas Instrument CC3220SF-LAUNCHXL

Nordic nRF52

I got the BLE development Kit from Nordic last Friday and I began to use it. I read a lot of information about this board on Nordic website.

I read, more specifically, information about the nRF52_DK PCA10040 v1.1.1 which contain a nRF52832 component. I got back useful files like datasheets, SDK, examples, etc.

I started to set up the environment to this development board. I got back a linker script and wrote a gdbinit to load and debug a program on the nRF52_DV. I’m editing a Makefile able to compile, load and debug a program.

Next week I will finish the environment and start to reorder useful file to push in our git repository. I would like also to discover the PCB software Xpedition PCB to start to design schematics.

[ZeROSEro7] Specifications

This week, we started making specification for our 3 spy weapons, and chose many of the key components. This specification file is reachable on the Wiki page of our project.

According to the features of each device, we managed to find fitting component to optimize our spy gadgets. We tried to find common components whenever possible between devices to be more efficient during development time. Indeed, the more different components we have , the more time it will take to understand how it works, to develop on it, to add it to our PCB, etc.

Here are the architectures we have designed this week :

USB Sniffer

We chose the STM32F215RG processor mainly because it has two USB OTG interfaces. We decided to use a STM processor because we already worked with one of them and few brands are low power products.

Among STM processors, only STM32F2, STM32F4, STM32H7, and STM32F7 have two USB OTG. We only focused our research on F2 serie because we don’t need powerful processors and Cortex-M4/M7 need too much current (over 37mA in run mode instead of 22mA for F2). We need 1 MB FLASH (higher size for F2 serie). We choose the smallest processor in LQFP: STM32F215RG.

We mainly choose the nRF52832 BLE module because it has a programmable module with complete architecture; 512 kB flash (rare), 64 kB RAM, Cortex-M4, several interfaces (UART, I2S, 2 I2C, 3 SPI). Therefore, we can use it for the Spy Talk device.

Moreover, it’s transmission/reception power/sensitivity are great (up to +4dBm/ -96dBm) and current consumption is very low (~5mA in TX and RX, 1.9µA in sleep mode).

Spy Talk

We chose the same BLE component as USB Sniffer because it’s easier. Even if this time, the component will have an interface with LoRa, we do not have to develop the same code for two BLE modules. Hardware side doesn’t need to be handled two times as well.

Stealth Drop

Finally, we are thinking to use only Wifi communication and to leave BLE idea. Indeed, the Wifi consumption in listening mode is not so big and it simplified the device architecture. We chose the CC3220MODASF12MONR Wifi because the antenna is integrated, FLASH is 1MB and there is several bus communications (SPI, I2C, UART, I2S, SD).

We want to have several gigabytes of storable data in Stealth Drop. The biggest Nand Flash we found was the TH58NVG5S0F which offers only 4GB of storage and takes up a 20x12mm space.That’s why we thought to use a micro-SD card that can go up to 128GB of storage , takes no more place than the Nand Flash and has the possibility of being removed or exchanged at any time by the user. This one will use SPI and SDIO communication.

Next Week

Next week, we will determine which batteries we will use and maybe start the schematics for our PCBs. By then, all components and how they communicate will be settled.

[ZeROSEro7] Spy factory since 1962

Our ROSE project – RObotic and Embedded Systems – called ZeROSEro7 will upgrade the spy world! A panoply for Secret agent with several spy weapons the most miniaturized and discreet possible. A small informer which tells you where your target is. A device plug on a computer which send to you important data inside the laptop. And more ideas…

This project includes a team of  Enguerrand, Vincent and Erwan, who will design, produce and valid the viability and performance of our smart devices.

First of all, we had to choose only 3 spy weapons among several gadget ideas we had. We considered our interest in each device and took into account some technical difficulties in order to choose the best ones.

Each device description is following:

  • USB Sniffer
  • Spy Talk
  • Stealth Drop

Then, we will think about technical solutions to design them. We will be able to write a specification for each spy weapon we decided to develop.

After that, we will be able to evaluate more precisely each device difficulty. Considering time and cost constraints, we will modify expectations to make them more or less challenging.

USB Sniffer

Need to know the passwords used on that computer? Or do you want to know email contacts of your targets ? Well, all of this could be retrieved with a keylogger but maybe their security is too high. We have another solution for you !

This would be a small usb2usb device that you plug in between the computer and it’s keyboard. While for the user it will remain transparent and forward all traffic, it will log all the typing in the background and communicate it on demand through some wireless mean. It could even do some pre-sorting and mark susceptible passwords and emails. This gadget should be as small and discreet as possible so that no one notices the little man in the middle.

Spy Talk

Even during a mission, the MI6 agents have to communicate to one another. Still, there might be someone tracking the public network activity and detect them. Hence, they need to have their own private and stealthy communication network. Our goal would be to make some easily concealable relay stations that could be planted across the city. The agents would then be able to communicate using their phones without using any sort of public service.

Stealth Drop

To transfer big amounts of data without being noticed, you can use a USB key. The sender can hide it in a dead drop and the receiver can come and pick it up in the following days. That way they can’t be spotted in the same place at the same time. Yet, they do have to go to the same place.

Our dead drop would add some range to that process so that the agents no longer have to be at the same rendez-vous place. Instead of a USB key, the sender would place a device which will send the data up to a range of a few blocks.The receiver can then activate it and transfer the data with a huge rate and in an even less noticeable way.