Whirlybird
[EXPERIMENTAL] Direction Finding (DF)
This is an exercise that started with up-cycling some e-waste that contains 32 RGBW LEDs and an ESP32-S3-WROOM2. There is a myriad of other components presumably intended to interface with other control circuits.
The primary objective here is not to reverse engineer its previously intended purpose, rather invent a new purpose. The objective is to utilize the outer ring of 24 blinkies as a 360 degree direction indicator. The ESP32 module, which appears to never have been flashed with functioning firmware, is erased and flashed with a current Octal SPI build of Micropython.
For the most part the components on the PCB are not directly connected to the ESP32. Rather there is a number of connectors they are wired to for an alternative "main" processor. This includes the addressable RGBWs that are some variant of SK6812RGBW. Additionally for some reason even though these are individually addressable in series of over a hundred, they are broken in to two independent chains of 24 spaced in an outer circular pattern and 8 more arranged inside that circle.
The board is likely designed as some sort of prototype of an evolution of a production product. It is unknown if it was intended to be a technical evaluation of various features, in ongoing development or a one off experiment. I have ended up with several dozen of these, there are many unknown and some number of issues. The majority of them have thus far had an issue with enabling "Boot Mode" and power on only to continually restart themselves.
Also used for Singing "QSV" Toaster
BOM
# Whirlybird "ECPB-00011-000 1/18/2024" # Top RGBW Side U10 "ZMYC" 6 pin U13 "16248" 16 pin (2x8) no lead package U15 "AKK 7YW +" 16 pin (4x4) no lead package U43 "R5 0401 235" SOIC-8 # RGBW 5050 Inner U46 0 center right U47 1 center left U48 2 far left U49 3 lower left U50 4 lower center U51 5 lower right U44 6 far right U45 7 top center # RGBW 5050 Outer U24 0 top right of center U23 1 U22 2 U21 3 U20 4 U19 5 3 O'clock furthest right middle U30 6 U29 7 U28 8 U27 9 U26 10 U25 11 6 O'clock lowest center U36 12 U35 13 U34 14 U33 15 U32 16 U31 17 9 O'clock furthest left middle U42 18 U41 19 U40 20 U39 21 U38 22 U37 23 12 O'clock highest center J3 Vcc Rx Tx GND RST 0 TP1 TP3 TP5 TP7 TP85-92 Top right to M5 pins TP50 GPIO46 & U18 CAP_WIRE capacitive touch wire connection # Bottom ESP32 Side C18,19 "47 HFT S73" Electrolytic D1 "TV7 J9" 6 lead D2 "B5 J" (next to RST1) D3 "S8 D0" J3 header power input D4 "S8 D0" USB power input D5 USB Connection ESD 6 pin (top/left) D6 USB Connection ESD 6 pin (left side) D7 "S8 D0" USB power input J1 2x8 Connector J4,J7 Micro USB Connector J5 MicroSD slot J8 "2272N50" 40-Pin Flat Flex Connector J9 6 pin flat flex L1 "5R6" L2 "100 2229" M5 "Amphenol E" M3B 12-pin flat flex P1 10 pin JTAG pads R2,3,6,7 0 Ohm R27 "01C" (next to RST1) RST1 Tacticle momentary switch U1 "2NMT" 6 lead U2 "2NMT" 6 lead U3 "2NMT" 6 lead U4 "2NMT" 6 lead U6 "WXM" 5 lead 2x3 U7 "L5144S TI 328 AGCS" U8 "LN8B" 5 lead 2x3 U9 "4202" 6 lead U16 "PI410E5V 6416ZDE 2341GG" U17 "22-Biw" Capacitice Touch U52 "JE3h4" 3 lead U53 "F9 NZ" 8 pin lead U54 "GEC" U55 "9632 78 05 D335" 2x4 no lead package U56 "1C7H 358 AFF 5" 6 pin no lead package
ESP32-S3-WROOM2
Pin Layout
Firmware
When connecting to a linux machine, the following can be seen via dmesg | tail.
new full-speed USB device number 99 using xhci_hcd New USB device found, idVendor=303a, idProduct=1001, bcdDevice= 1.01 New USB device strings: Mfr=1, Product=2, SerialNumber=3 Product: USB JTAG/serial debug unit Manufacturer: Espressif SerialNumber: 68:B6:B3:##:##:## cdc_acm 3-2:1.0: ttyACM0: USB ACM device
While the device enumerates with USB connected and has the capacity to facilitate serial communications, it is not really feasible with the constant reboot cycle. There are two slight variations of the board, the ones with a populated micro SD slot mostly have this issue, and the others do not. However connecting to the TXD0 pin to the Rx of a USB/Serial UART converter the following can be captured. Additionally holding the ESP32 in reset and monitoring the UART you can capture the following by briefly releasing the reset and then re-enabling reset, otherwise you will get a continuous flood of the same messages at 115200 baud.
ESP-ROM:esp32s3-20210327 Build:Mar 27 2021 rst:0x1 (POWERON),boot:0x8 (SPI_FAST_FLASH_BOOT) invalid header: 0xa5ff005a invalid header: 0xa5ff005a invalid header: 0xa5ff005a invalid header: 0xa5ff005a
Further experimentation is indicating it may be related to a fault in the thru-hole GPI0 as directly shorting GPIO0 (Pin 27) to ground can result in the following.
ESP-ROM:esp32s3-20210327 Build:Mar 27 2021 rst:0x1 (POWERON),boot:0x36 (SPI_DOWNLOAD_BOOT) wait spi download ESP-ROM:esp32s3-20210327 Build:Mar 27 2021 rst:0x15 (USB_UART_CHIP_RESET),boot:0x36 (SPI_DOWNLOAD_BOOT) Saved PC:0x400507ae wait spi download
Attempting to use esptool.py generates a Connecting... message and then the serial output generates and updated message.
ESP-ROM:esp32s3-20210327 Build:Mar 27 2021 rst:0x15 (USB_UART_CHIP_RESET),boot:0x36 (SPI_DOWNLOAD_BOOT) Saved PC:0x400507ae wait spi download
However this seems to hang the USB connection and nothing further happens until it times out.
Some of the boards do properly enter "Boot Mode" which is done by connecting GPIO0 to ground. This can easily be done by using a jumper wire from a through hole header that exposes both GPIO0 and ground and pressing a reset button immediately below it. Alternatively this can be achieved by using a wire pressed to the bottom right most module pin and the metal RF shield on top of the module while connecting USB to power on.
Successfully resetting with GPIO0 low and monitoring the Tx pin output, the device will send the following when properly configured and enabled to work with esptool.py.
Build:Mar 27 2021 rst:0x1 (POWERON),boot:0x0 (DOWNLOAD(USB/UART0)) waiting for download
For first time use with Micropython a complete erase of flash should first be performed with the following,
esptool.py -p /dev/ttyACM0 -b 115200 erase_flash esptool.py v4.8.0 Serial port /dev/ttyACM0 Connecting... Detecting chip type... ESP32-S3 Chip is ESP32-S3 (QFN56) (revision v0.1) Features: WiFi, BLE, Embedded PSRAM 8MB (AP_1v8) Crystal is 40MHz MAC: 68:b6:b3:3c:f4:24 Uploading stub... Running stub... Stub running... Erasing flash (this may take a while)... Chip erase completed successfully in 70.8s Hard resetting via RTS pin...
Note in this instance RTS is not connected, however the device remains in "Boot Mode" and the following action can be performed.
esptool.py -p /dev/ttyACM0 -b 1500000 write_flash -z 0 ESP32_GENERIC_S3-SPIRAM_OCT-20240920-v1.24.0-preview.335.gb08ddbba5.bin esptool.py v4.8.0 Serial port /dev/ttyACM0 Connecting... Detecting chip type... ESP32-S3 Chip is ESP32-S3 (QFN56) (revision v0.1) Features: WiFi, BLE, Embedded PSRAM 8MB (AP_1v8) Crystal is 40MHz MAC: 68:b6:b3:3c:f4:24 Uploading stub... Running stub... Stub running... Changing baud rate to 1500000 Changed. Configuring flash size... Flash will be erased from 0x00000000 to 0x00197fff... Compressed 1668096 bytes to 1089606... Wrote 1668096 bytes (1089606 compressed) at 0x00000000 in 18.7 seconds (effective 714.0 kbit/s)... Hash of data verified. Leaving... Hard resetting via RTS pin...
Note that in this case without RTS the device must be manually power cycled or reset to load the new firmware. Now you should see a different enumeration via dmesg.
new full-speed USB device number 41 using xhci_hcd New USB device found, idVendor=303a, idProduct=4001, bcdDevice= 1.00 New USB device strings: Mfr=1, Product=2, SerialNumber=3 Product: Espressif Device Manufacturer: Espressif Systems SerialNumber: 123456 cdc_acm 3-2:1.0: ttyACM0: USB ACM device
Monitoring TXD0 the following is received.
ESP-ROM:esp32s3-20210327 Build:Mar 27 2021 rst:0x1 (POWERON),boot:0x2a (SPI_FAST_FLASH_BOOT) SPIWP:0xee Octal Flash Mode Enabled For OPI Flash, Use Default Flash Boot Mode mode:SLOW_RD, clock div:1 load:0x3fce3820,len:0x105c load:0x403c9700,len:0x4 load:0x403c9704,len:0xbd8 load:0x403cc700,len:0x2e34 entry 0x403c989c MicroPython v1.24.0-preview.335.gb08ddbba5 on 2024-09-20; Generic ESP32S3 module with Octal-SPIRAM with ESP32S3 Type "help()" for more information. >>>
You can also now use the USB interface, with something like screen /dev/ttyACM0 115200. If successful you should be greeted with blank output. Pressing Enter should generate a Micropython prompt >>> and pressing Ctrl+D generates the following.
MPY: soft reboot MicroPython v1.24.0-preview.335.gb08ddbba5 on 2024-09-20; Generic ESP32S3 module with Octal-SPIRAM with ESP32S3 Type "help()" for more information. >>>
There's various ways you can now access the device, including over WiFi once configured. I highly recommend rshell which provides the ability to copy and move files as well as directly write and debug code using REPL. If you don't pass any arguments it will automatically attempt to connect, if you have multiple devices you can also specify the connection parameters. Here the built in USB/Serial interface is connected via D+/D- pins.
rshell -p /dev/ttyACM0 -b 115200 Using buffer-size of 256 Connecting to /dev/ttyACM0 (buffer-size 256)... Trying to connect to REPL connected Retrieving sysname ... esp32 Testing if ubinascii.unhexlify exists ... Y Retrieving root directories ... /boot.py/ /main.py/ Setting time ... Sep 26, 2024 09:42:01 Evaluating board_name ... pyboard Retrieving time epoch ... Jan 01, 2000 Welcome to rshell. Use Control-D (or the exit command) to exit rshell.
Once launched, any running code may be halted, entering repl will give an interactive Micropython prompt. Entering Ctrl+D will do a soft reset and any code configured to automatically start such as main.py will then run and you will see any output such as from print() in the terminal.
IMU
BNO080
https://learn.sparkfun.com/tutorials/qwiic-vr-imu-bno080-hookup-guide/all
