Thursday, February 8, 2018

Un-Bricking an RTL-SDR Dongle after an EEPROM write

Figure 1:
One of the better general-purpose "RTL-SDR" receiver dongles available,
with a TCXO for better frequency stability and built in filtering/amplification
on the "Direct Sampling" path to allow HF reception - among other
things!  The entire point of this exercise was to give the RTL-SDR
dongle a unique serial number, seen in the picture, so that it could be
uniquely identified if more than one were plugged into the same computer.
The dongle shown above is sold by "RTL-SDR.com".  It seems to be
no more or less susceptible to "bricking" than any other RTL-SDR dongle
using the same chipsets, so this fix may apply to other versions as well.
Click on the image for a larger version.
The other day I was using the "rtl_eeprom" utility to change the serial number of an RTL-SDR dongle (they all ship with serial number "00000001") to make it easier to identify it when it is online with other units - and I "bricked" it.

This seems to be a common occurrence - the causes (possibly) being:
  • Unplugging it too soon after programming it.  Perhaps one should give it a slow "10" count before unplugging it?
  • Changing more than one parameter at a time.
  • Changing something other than the serial number.
Figure 2:
The SOIC-8 to DIP header (no EEPROM) in the
programmer.  This particular carrier came from
"qrpme.com" although many different types
are available for cheap on EvilBay.  The
programmer in this case is the "MiniPro".
Click on the image for a larger version.
I probably was guilty of doing the first two.  The remedies suggested online seem to be limited variations on a theme, such as:
  • On the EEPROM chip, short the SCL and SDA pins (5 and 6) together while plugging it in - then removing the short and programming it.
  • Shorting the SDA pin (pin 5) of the EEPROM to ground (pin 4) while plugging it in - then removing the short and programming it.
Neither of the above worked for me as the device was steadfastly not being recognized on the machine that I was using.  Interestingly, it was still usable on another machine with the "SDR#" program - but it wasn't being properly identified by the operating system.

On a hunch I plugged in a "good" RTL SDR (one that I hadn't bricked) and downloaded the contents (using the "-r" option) and saved it with a .BIN extension as raw data using the same rtl_eeprom program.  In looking at this file with a HEX/ASCII editor (such as the one built into the "PonyProg" program) I could see the data (some ASCII text) which seemed to comprise a device ID and the serial number.

Using a hot-air rework station I removed the 24C02B EEPROM (256x8) chip from the dongle and soldered it to an 8-pin DIP-to-SOIC-8 header and put it into a programmer.  Interestingly, when I looked at the EEPROM's contents after having done this they were all zeroes - clearly something had gone wrong in the write process!

Importing the .BIN file into the programming software I changed the serial number to what I'd originally wanted it to be and programmed it, verifying that it "took".  I then unsoldered the EEPROM from the header and put it back in the RTL-SDR dongle, again with the hot air rework tool.

Success!  The dongle was working again - with the "new" serial number.

Figure 3:
The location of the EEPROM chip within this particular
RTL-SDR.  Using a hot-air rework tool it took only seconds
to remove the chip and plop it onto the header in Figure 2
so that it could be reprogrammed.  Many RTL-SDR
dongles have similar EEPROM chips, but if you happen to
brick yours when changing the EEPROM contents it will
be up to you to find it on the circuit board if you open it up.
Because fewer than 128 bytes are used, the EEPROM may be
of larger or smaller capacity than the 24C02 mentioned
on this page.
Click on the image for a larger version.
For your edification, the .HEX file is included below, with the serial number of "00001234" which visible when editing it in the programmer software.  In addition to this serial number, the IR receiver has been disabled, since it wasn't needed - and isn't used at all with these particular RTL-SDR dongles.  I won't include pictures and details on how to solder and unsolder or use an EEPROM programmer - or tell you which one to use (there are other sites for that) but I hope that it is useful nonetheless.  Having said that, the "PonyProg" programming software is popular and one can homebrew a quick programmer with it.

Anyway, it saved me $20 in not getting another dongle - not counting my time!

* * *

These are the contents of a .HEX file that can be programmed into the EEPROM on an RTL-SDR dongle to "un-brick" it.  As noted above, you will need to be able to program the chip - probably out of circuit - to effect the repair.

Simply copy and past the hex data below into a plain text file and rename it with a .HEX extension:

:100000002832DA0B3828A51402100352006500616B
:10001000006C00740065006B001C03520054004C1F
:1000200000320038003300380055004800490044D1
:10003000004900520012033000300030003000311F
:100040000032003300340000000000000002000015
:1000500000000000000000000000000000000000A0
:100060000000000000000000000000000000000090
:100070000000000000000000000000000000000080
:00000001FF

In the above file, the serial number is in plain ASCII as "00001234" starting at address 0x37 with the last character at 0x45, skipping every other byte with a null (0x00) between each character.  Again, I'd recommend using a .HEX editor with an ASCII pane such as the one in the "PonyProg" program to better-visualize its contents.  There are clearly fewer than 256 bytes used which means the smaller (128x8) 24C01 EEPROM chip could have been used, so be sure to check which device is being used before programming.

[End]

This page stolen from ka7oei.blogspot.com

5 comments:

  1. Had a similar problem. Device was showing under different id so rtl driver did not picked it up.
    I recompiled the drivers and added the bad id, driver was then loaded and I restored oem eeprom

    ReplyDelete
  2. Hi, could this be why some dongles just stop working? I have experienced bit flips on DDR2 and DDR3 chips using the same memory so evidently damage can be done over time.

    ReplyDelete
    Replies
    1. Could be.

      If the dongle suddenly stops being recognized on the USB port, this could be part of the reason.

      If it is still recognized but no signals are being heard it's possible that it got "zapped" with static as the R820T chips is very sensitive in that way - and many cheaper dongles have little protection against such a thing on the RF input ports. The RTL-SDR Blog (V3) dongles seem to be thoughtfully designed in that regard and appear to be more durable than many others.

      Delete
  3. I too bricked an RTL SDR clone (Device ID modified and was not detected by rtl_test anymore) by writing the EEPROM . But was able to restore it without any hardware mod.
    -> Recompiled the rtl-sdr with new device ID
    -> The newly compiled rtl_eeprom binary was able to detect the application
    -> Restored the configuration using 'rtl_eeprom -g realtek_oem'

    ReplyDelete
  4. Update: I found that many of these have the /WP line shorted to Gnd explaining why they can't be changed. Unfortunately this won't prevent them getting crudded due to old age or being exposed to X-rays during shipping.
    Always make a backup!

    ReplyDelete





PLEASE NOTE:


While I DO appreciate comments, those comments that are just vehicles to other web sites without substantial content in their own right WILL NOT be posted!

If you include a link in your comment that simply points to advertisements or a commercial web page, it WILL be rejected as SPAM!