At ToorCon 11, Joshua Wright handed out a pre-release version of his KillerBee framework, a set of tools for analysis of 802.15.4 and ZigBee wireless networks.
KillerBee requires a particular hardware device, Atmel's AVR RZUSBSTICK, an inexpensive USB dongle with a programmable microcontroller. Many of the KillerBee functions require custom firmware (written by Joshua) to be flashed onto the stick. While most Atmel products feature In-System Programming (ISP) which can be done with a low-cost programming device, the RZUSBSTICK unfortunately only provides a JTAG header for programming, and the JTAG debugger/programmer costs about $300.
The good news is that ISP can be used to program the RZUSBSTICK. The bad news is that it requires some tricky soldering to get it working. With a little guidance from those who have gone before me and SparkFun's excellent surface mount soldering tutorials under my belt, I was able to attach a 10-pin ISP header to my RZUSBSTICK and successfully flash it with the KillerBee firmware.
There are two kinds of AVR ISP headers, a 6-pin and a 10-pin version. I chose the 10-pin variety because my programmer has a 10-pin connector, but a simple adapter can allow you to use either. Both varieties use the same 6 signals: GND, VCC, RESET, SCK, MISO, and MOSI. I connected them with colored wire (28 or 30 AWG wirewrap wire) as follows:
| signal | color | header pin | source |
|---|---|---|---|
| GND | black | 4,6,8,10 | JTAG header pin 2 |
| VCC | red | 2 | JTAG header pin 4 |
| RESET | white | 5 | JTAG header pin 6 |
| SCK | purple | 7 | AT90USB1287 pin 11 |
| MISO | brown | 9 | AT90USB1287 pin 13 |
| MOSI | orange | 1 | AT86RF230 pin 22 |
I ran all six wires through the unused holes of the (unpopulated) JTAG header in order to provide some strain relief. Those connections to the individual chip pins are fragile! From there I ran them across the back of the board to a 10-pin header glued to the end of the stick.
My serial programmer works great when connected to an on-board serial port on an old PC, but its bit-banging technique is incredibly slow (about 3 bits per second) and unreliable when connected to a USB/serial adapter. I believe that trying to use it via USB was the cause of death of an ATtiny85 while working on a previous project. Anyway, with a good serial port, AVRDUDE does a fine job programming the RZUSBSTICK over ISP:
avrdude -c ponyser -p usb1287 -P /dev/ttyS0 -U flash:w:kb-rzusbstick1.hex
Now to find some target devices. . .
Hey :)
ReplyDeleteThe BusPirate just got added to the list of hardware usable by OpenOCD, the open source jtag flashing program. It should be possible for pretty much anyone to flash JTAG now :)
See also: http://michaldemin.wordpress.com/2010/02/27/how-to-buspirate-and-openocd/
The BusPirate supports OpenOCD, yes. But OpenOCD doesn't support the AVR. So, no.
ReplyDeleteIs it possible to program these devices using a parallel cable?
ReplyDeletegood work, I'd soldered the jtag an now I need the hex file to program the rzusbstick. can you please help me out.
ReplyDeleteavrdude currently supports the BusPirate and can be used to flash the chip.
ReplyDeleteExtremely helpful. thanks much :)
ReplyDeleteThank you, my rzusbstick accessable again it works... I used my JTAG MKII with 10 pin ISP adapter
ReplyDeleteThank you!!!
ReplyDeleteEasier places to solder:
ReplyDeleteThe stick in the post has a sticker but mine didn't. Under the sticker in the pictures, by the AT86RF230 you'll find 3 vias in a straight line. they are the SCLK, MOSI, and MISO signals. scrape the solder mask off and it should be a lot easier to solder to than the QFN pads.
Thank you!
ReplyDeleteBut you should not use the pictures. On my RZUSB the JTAG header is different.
To determine were pin 1 is look for pin 57 (TCK) on the AT90USB1287 and follow the wire (under the solder mask) to the JTAG header. This is pin 1.
1 Soldered pins and connected to my USBasp and it shows error as
ReplyDeleteavrdude: warning: cannot set sck period. please check for usbasp firmware update.
avrdude: error: program enable: target doesn't answer. 1
avrdude: initialization failed, rc=-1
Double check connections and try again, or use -F to override
this check.
avrdude done. Thank you.
Help me