36 replies to this topic

[betrand]

Happy new year



Hi all,

I had been wondering for some time how to have a small lcd screen display output from a computer.
Not wanting to buy an LCD screen just for that, and wanting something cheap and small.

Recently discovered:

The digital photo keyring. (I need more italics! I need a pimp title!) Need lowdown italics for the title!

So, here we go.

Background:

Use a cheap digital photoframe as a second display for your PC
And there: hackaday.com

there also: neophob.
More importantly: Wiki. (ST2205u chip)
Keeping thing alive: Openschemes (Our Turn with the AX206 Digital Photo Frames)

There also is a linux CLI (google) (will add link to Url)

Generally,

Rule of thumb, if the dpf (digital picture frame) appears as cdrom in windows, the hack is not (until further info?) hackable.
If it appears as USB you're ok.

DPF with AppoTech AX203 unsupported.
Ax206 supported.


Wiki DPF with AppoTech AX206

To distinguish from the AX203 types, the rule of thumb (if you are not able to get hold of the USB IDs, shown below) is:

• AX206 based frames are listed with 16 mbit or 32 mbit flash, capable of taking ~107 pictures or more
• Those with 8 mbit and ~130 pictures could be likely AX203

Coby is a brand which comes up.

There is a tool (Dpfmate.exe) which interacts with the DPF. EIther this tool or some code in the Dpf converts your JPG to
128x128 bmp.




More /(ideas)

I bought one. It is Ax203 I think, anyway appears as cd-rom. :/


My main (other) idea was, if one could use it as a VERY small usb stick. (have a bootloader while retaining original Dpf usage)
Ever dreamed of having a very small usb stick! ? (8mb Btw!) imho, 8MB is well sufficient for an OS.

Why on Reboot.pro
The info on the net is disparate.
Here we have people who know VID /PID, Bootloaders, memory mapping, Hex.




Rmmm, Interested?



r.
edit: more info post11

A quick Index:
Post 1: Intro and a few ideas
Post 13: Interaction (drivers) and post 18, U3 sticks idea.(also 29,30,31,32)
Post 27 :Binary dump.
Post 33: Trying to understand the Reverse eng. and find refs to it.
Post 36 : the advert'

If anyone's got any ideas on any of these topics, feel free to post.

[MedEvil]

Sorry, but i fail to see the purpose of this hack. Can you enlighten me?

[betrand]

Hi Medevil,


Any hack is always interesting!.



Something like:
http://jeff.doozan.c...st2205term.html




See you.

r

[MedEvil]

Sure hacks are interesting. But hacking just for hacking, is a waste of time, imo.

I can't even see an useful application for this in a car-pc or similar embedded system.

[betrand]

Yep, just learning, never really looked into output to screen.
I had forgotten there was the in car PC scene. I will look into that too.


Interesting interaction with these DPFs, though.

can provide a terminal interface onto your hacked device

( in last link)


I like command line. It still seems strange that all these years after the first computers came out,
there still wouldn't be small cheap green lcd screens that would be driven by a generic driver
to output a console.
Or maybe there is.

Cheers.

[Wonko the Sane]

Sorry, but i fail to see the purpose of this hack. Can you enlighten me?

Something like this :
http://hackaday.com/.../lcd-mouse-mod/
http://metku.net/ind...inoki/index_eng
http://hackaday.com/...-linux-display/
only cheaper/easier

Basically having a secondary screen somewhere is actually useful, as an example for some server-use type machines, I have (being notoriously cheap) made several years ago one
from an actual 5" B/W CRT I found in the dustbin inserted in a "server" case.

These may also be of interest:
http://picframe.spri...x.php/Main_Page
http://www.bit-tech..../07/psone_lcd/1
http://sites.google....o-frame-display



Wonko

[MedEvil]

Given the fact, how dirt cheap LCD screens are these days, i would rather buy a second screen, than spend a couple of days on retrofitting a picture frame of mobile screen, especialy if size isn't the problem.

Though i have to agree, some 20 years ago, a small LCD screen for 10 bugs, even a terrible slow one, would have been interesting.

[Wonko the Sane]

But that would not be fun

Nowadays a 3.5 LCD TV at around €35 :
http://www.m3-electr...en/tvbt103.html
which can also read micro-SD could be a good target for similar hacks....


Wonko

[betrand]

Hi

Yep, these 3.5 lcd tvs were the previous step on my quest. Same model, 39 pounds. These tvs are quite closed in that there is no
input, ie no usb, even Hdmi. The only input is antenna. While I was very ready to buy one, before xmas, I was not ready to do a hack to add
usb or whatever to it, and have it not work.

But that would not be fun

What wouldn't?

Something like this :
only cheaper/easier

I still like the idea of something which should cost 5pounds display something from USB.
5 pounds (what, like 8dollars or something?) I like to take appart, solder /unsolder.

[Wonko the Sane]

I meant "go and buy a second display" would not be as fun as hacking some el-cheapo device .

Let's fix some change rates, right now:
http://www.oanda.com/

USD GBP EUR

USD 1.0000 1.5442 1.2742

GBP 0.6476 1.0000 0.8251

EUR 0.7848 1.2119 1.0000

39 pounds=1.21*39=47,19 €

I meant 35 €:
http://www.redcoon.i...VB-T-103_TV-LCD
http://www.amazon.it...e/dp/B003KTFWHE

with some approximation from the 33.99 €.....

Of course hardware hacking is a "state of mind" more than anything else


Wonko

[betrand]

Additional Info, links.

(rule of thumb number 3)
When buying make sure the model /product comes with a drivers cd. This means that
the DPF will appear as USB and not CDrom. Therefore Hackable.

Link to dos(?) dumper.
http://openschemes.c...0xDump_Tool.zip
edit: on http://openschemes.c...photo-frames/2/

Dpf sends a virtual cd drive to windows. This drive contains the software to upload the pictures to the dpf.
I am wondering if this drive is mapped to memory (probably), or if it is the one stored on the Dpf.Ie used directly as a drive.

I am wondering if using a different virtual cd driver (the one used is gearsomething, which appears to
cause trouble.) Google Itunes GEARAspiWDM virtual driver. here. Cd is not writable.
If one used a different gearaspiwdm.sys which would define the drive as USB.


@Wonko
Yeah, i know E>£>$
Was just saying I'd Seen one in real . Thanks for the info though, I thought it was
GBP EUR
1.0000 0.6251 So I learned something.

Cheers

2edits:
I will look at the ram after plugging in the Dpf see if it resides there.
THe drivers thing is Upperfilters /lowerfilters.

[betrand]

Of course hardware hacking is a "state of mind" more than anything else


Wonko

Yeah, then going back to the keychain models, these are more software hacks, if you consider
the bootloader etc as software.

[betrand]

Hi

We'll need some help on that one.

Posted here are the driver details and info.
The drivers for the Usb part of the DPF are generic XP ones.
The drivers for the CDRom parts are emulated drive ones. This is done by Xp.
Helped in any way, by XP.
Forget the gearaspi.sys mentioned before.

Concentrating on the emulated part.

In a prev post I said I was wondering if it is stored in Ram, or used directly (from usb).
I still am. I checked quickly in HXD (hex editor) which shows ram contents. I didn't see any reference.
But it might just be hidden. Hxd only showing processes, programs. I would need to see the raw ram.

Upperfilters.
These sort of limit what devices can do.

Registry
Checked references to the storage part and emulated Cdroms in registry.
Storage (usb drive) has got its own Usb drivers (normal generic). Emulated drive appears as Cdrom.

Can't remember Current Control Set /Enum/ USB for usb, nothing strange.
Can't remember the key for the cdrom. Usbstor

Anyway, the code in the usb calls windows drivers to build the emulated cdrom.


In services find the REDBOOK. Google it. It's an upperfilter. It gives the emulated Cdrom its .. I don't know what.

Other info, cant remember.


SO.
The emulated drive uses certain Windows drivers to do its emulation.

THe idea would be with a single .reg file for eg to have it use another driver (which one)
making the drive writable. I ment the emulated drive, writable. No point if it's in mem.
Or istead of aspi.sysimapi.sys/redbook, using usb drivers.

Let us iconize, now.

, and .


Edits:

(yeah, already)
#In the jpg, read (1st part) CDrom drivers as redbook.sys for CDRom.
#The key for CDRom (emulated) is, funnily, under USBstor. That's why I couldnt remember.
It's a standard CDrom (device decription) &class, Classguid {4D36E965-E325-11CE-BFC1-08002BE10318},
Compatible IDs USBSTORCdRom USBSTORRAW,
HarwareID:
USBSTORCdRombuildwin_Photo_Frame____1.01
USBSTORCdRombuildwin_Photo_Frame____
USBSTORCdRombuildwin
USBSTORbuildwin_Photo_Frame____1
buildwin_Photo_Frame____1
USBSTORGenCdRom
GenCdRom

Upperfilter Rewdbook, lowerfilter imapi.sys


So, even if I never Evah! use all this, I'll know it's possible under win to 'ave that.

Attached Thumbnails

• 

[betrand]

Hi,

I need help.

The emulated CDRom uses four drivers, 2 of which are upper and lower filters.

The filters are apparently not essential.

Anyone knows if, as it is an emulated drive, could one rename a for example Rramdisk (gavotte).sys driver to the name
of the driver(s) which is called on insertion (*sorry, edit: which normally builds a CDRom). Or some other driver, I don't know.

Stupid question really, but thanks .

The cdrom drivers are
Cdrom.sys
Storprop.sys
Imapi.sys
Redbook.sys.

[Wonko the Sane]

betrand,
you are IMHO on the "wrong" path.
If the device "exposes itself" as CD, it will get CD drivers (and this is "right" and should NOT be changed).
Normally you need some other kind of software that either bypasses the drivers or changes the way the device is seen (manufacturer's tool).
From what you posted that device resembles a lot any USB stick with U3 or however with two LUN's (one CD and read only and one disk like and R/W).

What does Chipgenius say when you run it on that thingy?

But IF as hinted here the firmware is not erasable/changeable:
http://picframe.spri..._AppoTech_AX203
http://picframe.spri..._AppoTech_AX203
you are stuck anyway.

See this also:
http://asdfasdf.debi...03/README.ax203


Wonko

[betrand]

Hi Wonko,

I bet I probably am on the wrong path for it.
While I'm on the go,
Can one use the cdrom emulation to call an img at boot to be seen as cdrom in windows, using the same scheme?

Then I'll read again your post and let it sink in :/

Thanks,


Chipgenius 177F 0004.
Russian site, chip not in database.

[Wonko the Sane]

While I'm on the go,
Can one use the cdrom emulation to call an img at boot to be seen as cdrom in windows, using the same scheme?

I don't understand the question, can you expand on it?


Wonko

[betrand]

Yep,

my general idea was if that device can expose a few bytes and these be used as cdrom, how would one do it manually?
(using the drivers prev. mentioned)
But the case might just be that quote you

the device "exposes itself" as CD

,
maybe it does so in some different way than what I think.

(reads better as
Can one use the cdrom emulation system to call an img at boot to be seen as cdrom in windows, using the same scheme?)

Edit. Yeah forget it! I got your point. If the firmware says it's a cd, then it is. Heh!

So, even if the cdrom key in registry is at USBSTOR, it does not mean one can use a driver to define it as a Usb or ram.
It is, let us say, like a USB-CDRom.






The "emulated drive" wording comes from the USBInfo tool.
Usbinfo Knows it's emulated.

[Wonko the Sane]

(reads better as
Can one use the cdrom emulation system to call an img at boot to be seen as cdrom in windows, using the same scheme?)

Edit. Yeah forget it! I got your point. If the firmware says it's a cd, then it is. Heh!

I still don't get it , but I presume that you can use a filter driver to "mask" anything or almost anything.


Wonko

[MedEvil]

Eventhough i'm just as lost as Wonko as what you're actually wanting to do, a few things about devices and drivers.

The device itself, let's call it hardware, has certain abilities.
The firmware exposes certain commands towards the driver, while having sole access to the hardware itself.
The driver is a 'go between' between the OS and the firmware. So that a device may work on Win7 and MacOS without needing different firmware.

So you basicly have a chain of elements, with are designed to fit eachother.

If you want anyone of the 3 elements to behave differently. It can be done. But just within the limits, the other not changed elements allow.

Example:
The driver may tell the OS that a USB-CD-ROM is actually a USB-Stick. But not only writing to it will fail, but also reading, because the firmware will not understand the USB-Stick commands, it only understands CD-ROM commands.

So simply telling the OS to use different drivers will do you no good.
You will need a driver specificly designed to trick the OS and the firmware.

[betrand]

Woow, thanks, Medevil !

If you're lost about

Can one use the cdrom emulation system to call an img at boot to be seen as cdrom in windows, using the same scheme?

, no worries. That was OT a bit from the main. It basically meant having a virtual drive from the said drivers.

For clarity: the main goal being (or having been, at least):
-hack the device in order to either display something direct from usb, or use the device 'as storage'.

This being restricted, so:
-trying to figure how said device interacts with computer. (partly as in Jpg)

-Researching drivers capabilities, how they define something (hardware), rather, interact and /or limit hardware.
Trying to see where the system references the original USB, at what point was the breakage into virtualisation.
The last post by Medevil, and post 15 by Wonko, being, it has to be said, a clarification of sorts. .


Gaaa, :/ :/

that device resembles a lot any USB stick with U3 or however with two LUN's (one CD and read only and one disk like and R/W).

Therefore, if there are two LUNs (I will read at some point what it means, though I tried ), the virtualised drive image is not stored on the actual 'storage' (pictures, code) area. So trying to make the virtual drive writable wouldn't even be great..

Hrmm.

Guys,

[MedEvil]

Can't tell you how your Pictutre frame works, but a U3 USB-Stick.

A U3 USB-Stick splits the available storage space virtually into two parts, which can be accessed as different devices.

One as CDVD-ROM and one as generic USB-Stick.

The really interesting part about this is, that there are no 2 seperate physical storage spaces on the Stick , but just one continues one.
So on a 4000MB Stick for instance, one can have a 500MB CD + 3500MB flash or 3500MB DVD + 500MB flash ... , whatever one wants.

To write an CDVD image to the U3 Stick however requires a special tool from the manufacturer.

[Wonko the Sane]

Yep , here:
http://en.wikipedia....cal_Unit_Number
From what I have read the device has a single LUN and that LUN is a .iso (CD-ROM like device).
The original software behaves much like the LPinstaller, it simply "delivers" the .iso:
http://usb.smithtech...sandiskinst.php
As said it seems like the issue with the AX203 is the firmware, that LUN is CD-ROM like and cannot be changed.


Wonko

[betrand]

TA -DAAAAAAAAA.

Well tada not 100%, but tada.
(didnt read your posts yet, except quickly Medevil's U3 usb stick explanation.)

SO, the tada bit.

I wanted to see the program which interacts with the picture frame, in an hex editor or other resource hacker.
This program translates the jpgs to its own size etc, and does the write.

On the way, I saw the file in the CDrom, StartInfoUnicode.ini.
About 20 lines, of which:

FirmwareVer=EDPF1.1_STANDARD_V2.0.0
FlashType=Pm25LV040
FlashSize=512
PID=0x1315

Google,
PDF


Pm25LV512A / 010A / 020 / 040
512 Kbit /1 Mbit / 2 Mbit / 4 Mbit 3.0 Volt-only,
Serial Flash Memory With 100 MHz SPI Bus Interface
• Software Write Protection
- The Block Protect (BP2, BP1, BP0) bits allow partial
or entire memory to be configured as read-only
Hardware Write Protection
- Protect and unprotect the device from write operation
by Write Protect (WP#) Pin




So, mine would be an http://picframe.spri..._AppoTech_AX206 .

[betrand]

Though I have read and understood your posts,
it will still take some time to appreciate them at their own worth, and in a more general setting than this Dpf topic.

-Can one buy u3s easily? Would be interesting to try out.
- Cool to know how these work

I should have taken the device apart and tried to see the Chip number. Still on the way I learned stuff.

For my defense,
The fact it appeared as CDRom made me assume it was a ax203.
The lack of Windows use/ info / users and testers scared me a bit.


It is still strange that in registry, the VID and PID are different (177f 0004), from the quoted ini file.

For info I bought my Dpf @ Maplin (UK). The brand is Sweex.