For fun I have taken it upon myself to try to reverse engineer a consumer blood pressure device. The device uses a C8051F007 32 pin MCU. I am trying to figure out how I can eavesdrop on the communication between the MCU and the various sensors so I can obtain blood pressure readings. From the documents I have read the chip supports in system JTAG debugging. I don't know enough yet to utilize this knowledge.
What am I trying to do is identify the UART pins or any kind of serial communication pins. I have an oscilloscope and am hoping I will be able to identify some values in the communication.I need some tips on figuring out how to get data off this chip
Here is the pinout (notice no TX or RX)
Any information or tips will be welcomed.
Best Answer
Fig 1.1 page 9 shown that there is an internal crossbar switch between the 24 pins of Ports 0, 1 & 2 and most peripherals. ie any of the functions shown can possibly be mapped at compile time to any of those pins. The data sheet may elsewhere limit that flexibility but from fig 1.1 it seems that it may not.
If the peripherals are fully flexibly mappable then sniffing the pins in some way is the only option if you cannot find implementation information.
If you can tell us brand and model one of us may have some luck turning up information.
It should be "easy enough" TM to determine which pins are inputs from whatever is used as a pressure sensor.
IF the UART is continually transmitting during operation )(and it may well not be) then setting your scope to about one division per bit time for various standard com rates may give you a screen of properly timed pulses when you look at the UART TX pin when transmitting. eg if the TX rate is 9600 baud then setting the scope to say 100 or 200 uS/division ~+ 1 to 2 bit times per division may show bits at about 1 or 2 per division when the UART TX pin is observed. This will probably not sync without fiddling but should let you know when/if you find an operating UART TX line.