Saturday, January 26, 2013

Ready, set, optimize!

Alright, finally I had time to grab my solder iron and punish the naughty GSM shield for being such a greedy pig when it comes to efficiency in power consumption.

When we look more closely at the shield schematic, we can see that NETLIGHT and STATUS pins of SIM900 control the transistors which turn on and off the leds, powered from Arduinos +5V input via 300 ohm resistors R21 and R20. There's also the "shield powered" led that is always on when, as the name implies, the shield receives input power, regardless whether the GSM module is powered or not. Very wasteful when thinking about power efficiency, so I started with that first:


Actually I haven't ever done any operations on such a small SMD components before, so after unsoldering the R1 the end result was quite far from satisfactory: both copped pads under the resistor were ripped off because of too high temperature, excess force and prolonged heat exposure. Oh well, not that I need the "shield powered" LED anyway..

Before removing the R1 the power consumption of the SeeedStudio GSM shield was 12.2 mA (shield powered, but SIM900 not turned on) and 23.4 mA (SIM900 in sleep mode) when powered with external +5V lab supply (HP 6632B). After removal of R1 and thus disabling the LED, power consumption drops to 9.1 mA and 20.3 mA, respectively. This brings savings of 3.1 mA. Nice.

Wiser from this incident, I practiced desoldering a little bit with old PC motherboard and found a suitable removal procedure consisting of adding liquid flux, new solder and then removing everything with a solder wick. Then add little bit more solder to both ends of the resistor, heat one end with solder iron while lifting it with tweezers. Then repeat this with the other end and finally the resistor can be removed.

 I removed the R20 and R21 resistors and soldered a breadboard jump wire to bypass the LEDs. This time no solder pads were harmed and thus the procedure is reversible. The transistors Q3 and Q4 now connect our NETLIGHT and STATUS wires to ground when signaled by SIM900, making it posssible not only to put the GSM power and/or activity leds on the enclosure if needed, but also it's now easy to check the power status of the GSM module. Before this, the only way to see if the module is powered was to send AT commands and wait for the answer. Actually this was one of the things that annoyed me about this shield from the start. Luckily now only one digitalRead is needed.

It could have been possible to remove the transistor and tap into the NETLIGHT and STATUS pins of the SIM900 directly, but leaving them behind transistors is safer since the module uses lower voltage than rest of the device. It could have been possible to destroy the whole chip or at least the output pins with software by simply switching the pin mode on Atmega side to output and signaling +5V. Puff, there goes the magic smoke.

Since there isn't a nice way to attach strain relief to the jumper wires,  I used hot glue (again) to attach the proximal ends to the PCB to make sure all the vibration and shaking in the car doesn't cause the cables to come loose.

Now, after bypassing also the STATUS led and rewiring the NETLIGHT led (blinks once every 2800 ms, so not a concern in this case), I've managed to reduce the sleep mode consumption from 23.4 to 10.2 mA! Those LEDs really are gluttonious beasts! Then I tried inputting +12V onto the shield directly via its "low ground current, low-dropout voltage regulator", the MIC29302. Low ground current my ass. Increasing the voltage from +5V to +12V increases the quiescent current (=ground current) linearly from 10.2 mA back to 21.8 mA! And that is even without powering the GSM module! So, in this case it is better to use the 7805 to drop the voltage from +12V to +5V and distribute that to the GSM shield. If someone knows better alternatives, I'm all ears.

All in all, the ChiliCAN now consumes 14.3 mA when all the chips are sleeping (i.e., when there's no CAN traffic and no calls are being made). That constitutes maybe 90% of the time. When the heater is on (or otherwise CAN bus is active), the consumption wanders between 30 and 55 mA. During phone calls it lies around 100-200 mA having maximum peaks of 1.5 A, but those are quite short bursts, having almost nil effect on battery life. If we assume average consumption of 17.2 mA, it would take almost 4 months for ChiliCAN to deplete my 95 Ah car battery to 50% charge. I could live with those numbers :)

14 comments:

  1. Hi. I was just wondering if the AEM b:3 input must be held high for the heater to be on, or is a short pulse enough?

    ReplyDelete
  2. Hi Rune,
    actually the pin must be grounded in order to activate the heater. But it must be held low in order to keep the heater on. It will stop almost immediately after the pin is left floating (I haven't measured the voltage after it is left unconnected, maybe it's 5V or 12V). Anyway, that's one of the reasons I ditched the AEM: Keeping relay open consumes too much current for my taste. One could also use opto isolator, but when one can send CAN messages, there's no need for it anyway.
    Br,
    Olaf

    ReplyDelete
  3. Would you share the final schematics and code? I would like to achieve similar on my xc60.

    Br,

    Jaanus

    ReplyDelete
  4. Hey, noticed you haven't updated the blog for a while. This type of hacking is really inspiring and I would like to know if you have done any recent discoveries from the Swedish Beast they call Volvo.

    ReplyDelete
  5. Awesome job. I have the same question. Will you share final schematics and code?

    ReplyDelete
  6. http://hackingvolvo.blogspot.com/2012/12/sardine-can-version-02-alpha-now.html <-- here is code

    ReplyDelete
  7. Two years of silence now - Olaf, you still there?

    ReplyDelete
  8. I read your blog information its awesome,thanks for sharing it.Buy Volvo S80 Tyres Online in very affordable price.

    ReplyDelete
  9. Im sure alot of cars are vunerable, just extract the firmware, Analyse the code, see where you can come up with an exploit, write your code and Bam! you get a meterpreter shell!


    car Seats for 4 olds
    best booster seat
    best car seat for your kids
    booster laws that you must know
    infant car seat shoulder strap
    Car seat weight limit for infants

    ReplyDelete
  10. Hello all
    am looking few years that some guys comes into the market
    they called themselves hacker, carder or spammer they rip the
    peoples with different ways and it’s a badly impact to real hacker
    now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
    Anyone want to make deal with me any type am available.

    Available Services

    ..Wire Bank Transfer all over the world

    ..Western Union Transfer all over the world

    ..Credit Cards (USA, UK, AUS, CAN, NZ)

    ..School Grade upgrade / remove Records

    ..Spamming Tool

    ..keyloggers / rats

    ..Social Media recovery

    .. Teaching Hacking / spamming / carding (1/2 hours course)

    discount for re-seller

    Contact: 24/7

    fixitrogers@gmail.com

    ReplyDelete
  11. This comment has been removed by the author.

    ReplyDelete
  12. Sunny Nehrais widely regarded as the top ethical hacker of India. His journey from a curious 11-year-old coder to becoming India's top ethical hacker is not only inspiring but also very helpful to those looking to master the CyberSecurity field.

    ReplyDelete