UART

Creativity 9th August

What is UART ?

A UART, also known as a Universal Asynchronous Receiver/Transmitter, is a semiconductor device programmed to oversee the connection between a computer and its serial peripherals. Its primary function is to facilitate communication between the computer and devices like modems.This enables the exchange of data between the computer and various serial devices.

How to Identify UART ?

UART Identification Method involves utilizing Digital Multimeter (DMM) tests to measure conductivity and voltage at specific pin outs on the board in order to identify the UART.

Description

This laboratory session aims to provide participants with foundational knowledge on the process of identifying UART pinouts and pin designations on a circuit board. This will be achieved by employing Digital Multimeter (DMM) measurements to analyze the voltage levels present at various points on the board.

Steps:

1. Utilize the appropriate tools to open the TP-Link AC750 Mbps Wireless Portable Mini Travel router (TL-WR902AC).


2. Perform a visual inspection of the Printed Circuit Board (PCB) to identify potential UART ports, typically characterized by a series of four or more pins.


UART Communication
UART Communication

3. Employ a Digital Multimeter (DMM) to systematically test each pin for identification, beginning with Ground (GND), Voltage supply (Vcc), Transmit (Tx), and Receive (Rx).


4. To confirm the presence of Ground (GND), follow the subsequent procedure. [Note: Hereafter, Ground will be referred to as GND]


a) Utilize the Digital Multimeter's continuity test function to ascertain connectivity.


-->

  • Set the rotary switch of the multimeter to the continuity test mode.
  • Select the option represented by the symbol -> o)))
  • Locate a metallic sheet area or identify the Ground (GND) pin of the input DC supply.
  • Position the red probe of the multimeter on the pin under test.
  • Place the black probe of the multimeter on the metallic sheet or the GND of the input DC supply.
  • If the multimeter emits a continuous beep, it indicates a connection, confirming the pin as a GND pin.
  • If no beep is heard, repeat the procedure with other pins until a connection is established.

    • 5. To confirm the presence of VCC (Voltage Common Collector), follow the subsequent procedure.


    NOTE: Vcc is not used when connecting to serial interface, but identifying it helps in narrowing our search for Tx and Rx


    1. Power on the device.
    2. Multimeter Voltage test.

  • Point the rotary switch to V (20) (Assuming voltage under 20).
  • Put the red probe on the pin to be tested.
  • Put the black probe on the identified GND pin or GND of input DC supply.
  • If the multimeter displays fairly constant voltage (for ex. 3.3) it is Vcc.
  • If not, repeat with other pins till you find one.
  • If not, try other pins until you find it.
  • If two pins show 3.3V constantly, one might be Tx and the other Vcc. To confirm, turn off and on the device and check both pins quickly. If unsure, use an oscilloscope.

    • 6. To confirm the presence of Transmit (Tx) pin, follow the subsequent procedure.

  • Turn on the device and test immediately with the multimeter.
  • Set the multimeter to voltage mode (V) and place the red probe on the pin.
  • Put the black probe on the known Ground (GND) pin.
  • If the voltage varies, it's likely the Transmit (Tx) pin.
  • If not, try other pins until you find it.
  • If two pins show 3.3V constantly, one might be Tx and the other Vcc. To confirm, turn off and on the device and check both pins quickly. If unsure, use an oscilloscope.

    • 7. To confirm the presence of Receiver(Rx) pin, follow the subsequent procedure.

    Identifying the Receive (Rx) pin can be a bit tricky since it doesn't have obvious traits.

    Here's what to do:

  • Turn on the device and quickly test it with the multimeter.
  • Set the multimeter to voltage mode (V) and put the red probe on the pin.
  • Put the black probe on the known Ground (GND) pin.
  • Sometimes, the voltage will stay constant, either low or high.
  • Other times, it might change.
  • From our experience, we often see a constant low voltage.
  • If you can't find it right away, try other pins. If there are only four pins and you've already identified three, the remaining one should be Rx.

    • Utilizing UART for Device Shell Access


    Objective:

    The objective is to establish access to the device shell through UART pins and subsequently locate credentials stored within the file system.


    Description:

    This laboratory session involves accessing the UART pins on the TP-Link AC750 Mbps Wireless Portable Mini Travel router (TL-WR902AC) utilizing a USB-TTL interface, with the aim of locating credentials within the file system.


    Steps:

    1. Establishing connection between identified UART pinouts and USB to TTL converter:

    1. Use wires and breakaway headers to connect the USB-TTL converter with the UART pins on the board.
    2. Solder wires or headers if necessary.
    3. Connect USB-TTL Tx to UART Rx pin on the board.
    4. Connect USB-TTL Rx to UART Tx pin on the board.
    5. Connect USB-TTL GND to GND pin on the board.
    6. NOTE: DO NOT connect Vcc.

    NOTE: The illustration depicts connections between a DIVA board and USB-TTL; similar connections can be established between an TP-Link AC750 Mbps Wireless Portable Mini Travel router (TL-WR902AC) and USB-TTL.



    2. Shell Access:

    1. Once the physical connections are established, connect the USB-TTL to the USB port of your laptop.
    2. Access the port through the path /dev/ttyUSB0.
    3. Power on the device and promptly initiate a serial console utility.
    4. Available utilities for serial console access include:
      1. Picocom
      2. Screen
    5. Command: sudo picocom -b -D

    3. Baudrate Identification:

    1. The default baudrate for most devices is typically set to 115200.
    2. If binary garbage data is observed, it is highly probable that the specified baudrate is incorrect.

    4. Upon observing log messages appearing on the screen, shell access is established provided that the wires are properly connected. Input any command, such as "ls", to verify functionality.

    5. Identify and extract any significant credentials from the filesystem.

    6. NOTE: In the event of encountering numerous "sending discover" messages.

    7. These messages can be disruptive while operating within the shell; terminate the processes generating the messages if desired.