Difference between revisions of "Victor protocol"

From sigrok
Jump to navigation Jump to search
m
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[File:Victor 70C PCB bottom.jpg|thumb|right|[[Victor 70C]] chip]]
[[File:Victor 86c usb cable open.jpg|thumb|right|[[Victor 86C]] cable chip]]
Many digital multimeters made by [http://www.china-victor.com/ Victor] share the same protocol. At least the [[Victor 70C]] and [[Victor 86C]] support this protocol. In the 70C this is generated by a chip [http://sigrok.org/wiki/File:Victor_70C_PCB_bottom.jpg inside the device], on the 86C it's [http://sigrok.org/wiki/File:Victor_86c_usb_cable_open.jpg in the cable].
Many digital multimeters made by [http://www.china-victor.com/ Victor] share the same protocol. At least the [[Victor 70C]] and [[Victor 86C]] support this protocol. In the 70C this is generated by a chip [http://sigrok.org/wiki/File:Victor_70C_PCB_bottom.jpg inside the device], on the 86C it's [http://sigrok.org/wiki/File:Victor_86c_usb_cable_open.jpg in the cable].


Line 10: Line 13:
<th>The chip in the [[Victor 70C]]</th>
<th>The chip in the [[Victor 70C]]</th>
</tr>
</tr>
 
<tr>
<tr><td>
  <td>
{| border="0" cellspacing="0"
    {{chip_20pin|1=RXD|7=GND|11=~6MHz clock (?)|13=D+/-|14=D+/-|17=5V}}
|-
  </td>
| style="width: 10em; font-weight: bold;" align="right" | RXD
  <td>
| style="width: 2em;" align="right"  | 1-
    {{chip_20pin|1=GND|2=RXD|3=GND|4=GND|5=+3.4V|6=+3.4V|7=GND|8=+3.4V|9=+3.3V|10=+3.4V|11=+5V|12=D+/-|13=D+/-|14=+3.4V|15=+3.4V|16=+3.4V|17=GND|18=GND|19=+3.4V|20=+3.4V}}
| rowspan="10" valign="top" style="width: 10em; background-color: #333333; color: white;font-weight: bold;" | &nbsp;&nbsp;O
  </td>
| style="width: 2em;" | -20
</tr>
| style="width: 10em; font-weight: bold;" |
</table>
 
|-
| style="width: 10em; font-weight: bold;" align="right" |
| style="width: 2em;" align="right"  | 2-
| style="width: 2em;" | -19
| style="width: 10em; font-weight: bold;" |
 
|-
| style="width: 10em; font-weight: bold;" align="right" |
| style="width: 2em;" align="right"  | 3-
| style="width: 2em;" | -18
| style="width: 10em; font-weight: bold;" |
 
|-
| style="width: 10em; font-weight: bold;" align="right" |
| style="width: 2em;" align="right"  | 4-
| style="width: 2em;" | -17
| style="width: 10em; font-weight: bold;" | 5V
 
|-
| style="width: 10em; font-weight: bold;" align="right" |
| style="width: 2em;" align="right"  | 5-
| style="width: 2em;" | -16
| style="width: 10em; font-weight: bold;" |
 
|-
| style="width: 10em; font-weight: bold;" align="right" |
| style="width: 2em;" align="right"  | 6-
| style="width: 2em;" | -15
| style="width: 10em; font-weight: bold;" |
 
|-
| style="width: 10em; font-weight: bold;" align="right" | GND
| style="width: 2em;" align="right"  | 7-
| style="width: 2em;" | -14
| style="width: 10em; font-weight: bold;" | D+/-
 
|-
| style="width: 10em; font-weight: bold;" align="right" |
| style="width: 2em;" align="right"  | 8-
| style="width: 2em;" | -13
| style="width: 10em; font-weight: bold;" | D+/-
 
|-
| style="width: 10em; font-weight: bold;" align="right" |
| style="width: 2em;" align="right"  | 9-
| style="width: 2em;" | -12
| style="width: 10em; font-weight: bold;" |
 
|-
| style="width: 10em; font-weight: bold;" align="right" |
| style="width: 2em;" align="right"  | 10-
| style="width: 2em;" | -11
| style="width: 10em; font-weight: bold;" | ~6MHz clock (?)
 
|}
</td>
 
<td>
{| border="0" cellspacing="0"
|-
| style="width: 10em; font-weight: bold;" align="right" | GND
| style="width: 2em;" align="right"  | 1-
| rowspan="10" valign="top" style="width: 10em; background-color: #333333; color: white;font-weight: bold;" | &nbsp;&nbsp;O
| style="width: 2em;" | -20
| style="width: 10em; font-weight: bold;" | +3.4V
 
|-
| style="width: 10em; font-weight: bold;" align="right" | RXD
| style="width: 2em;" align="right"  | 2-
| style="width: 2em;" | -19
| style="width: 10em; font-weight: bold;" | +3.4V
 
|-
| style="width: 10em; font-weight: bold;" align="right" | GND
| style="width: 2em;" align="right"  | 3-
| style="width: 2em;" | -18
| style="width: 10em; font-weight: bold;" | GND
 
|-
| style="width: 10em; font-weight: bold;" align="right" | GND
| style="width: 2em;" align="right"  | 4-
| style="width: 2em;" | -17
| style="width: 10em; font-weight: bold;" | GND
 
|-
| style="width: 10em; font-weight: bold;" align="right" | +3.4V
| style="width: 2em;" align="right"  | 5-
| style="width: 2em;" | -16
| style="width: 10em; font-weight: bold;" | +3.4V
 
|-
| style="width: 10em; font-weight: bold;" align="right" | +3.4V
| style="width: 2em;" align="right"  | 6-
| style="width: 2em;" | -15
| style="width: 10em; font-weight: bold;" | +3.4V
 
|-
| style="width: 10em; font-weight: bold;" align="right" | GND
| style="width: 2em;" align="right"  | 7-
| style="width: 2em;" | -14
| style="width: 10em; font-weight: bold;" | +3.4V
 
|-
| style="width: 10em; font-weight: bold;" align="right" | +3.4V
| style="width: 2em;" align="right"  | 8-
| style="width: 2em;" | -13
| style="width: 10em; font-weight: bold;" | D+/-
 
|-
| style="width: 10em; font-weight: bold;" align="right" | +3.3V
| style="width: 2em;" align="right"  | 9-
| style="width: 2em;" | -12
| style="width: 10em; font-weight: bold;" | D+/-
 
|-
| style="width: 10em; font-weight: bold;" align="right" | +3.4V
| style="width: 2em;" align="right"  | 10-
| style="width: 2em;" | -11
| style="width: 10em; font-weight: bold;" |  +5V
 
|}
</td></tr></table>


== Protocol ==
== Protocol ==
Line 186: Line 66:
|}
|}


The deobfuscated payload is then structured as follows:
The (still slightly obfuscated, see the comment below the table) payload is then structured as follows:


{| border="0" width="95%" style="font-size: smaller" class="alternategrey sigroktable"
{| border="0" width="95%" style="font-size: smaller" class="alternategrey sigroktable"
Line 435: Line 315:


|}
|}
After this, reversing each bit in a byte, and each byte in the packet yields the original DMM packet that entered the Victor cable. For [[Victor 70]] and [[Victor 86]] meters the layout is that of the [[Multimeter_ICs#Fortune_Semiconductor_FS9922-DMM4|Fortune Semiconductor FS9922-DMM4]], a common digital multimeter chip with its own protocol.

Latest revision as of 19:25, 15 June 2019

Victor 86C cable chip

Many digital multimeters made by Victor share the same protocol. At least the Victor 70C and Victor 86C support this protocol. In the 70C this is generated by a chip inside the device, on the 86C it's in the cable.

USB interface chip

Reverse engineered pinouts of the unknown USB/HID chips:

The chip in the Victor 86C USB cable The chip in the Victor 70C
RXD 1-   O -20
2- -19
3- -18
4- -17 5V
5- -16
6- -15
GND 7- -14 D+/-
8- -13 D+/-
9- -12
10- -11 ~6MHz clock (?)
GND 1-   O -20 +3.4V
RXD 2- -19 +3.4V
GND 3- -18 GND
GND 4- -17 GND
+3.4V 5- -16 +3.4V
+3.4V 6- -15 +3.4V
GND 7- -14 +3.4V
+3.4V 8- -13 D+/-
+3.3V 9- -12 D+/-
+3.4V 10- -11 +5V

Protocol

The device registers on the USB host as a HID-class device ("Boot Interface" subclass), see lsusb.

The protocol payload is 14 bytes of data which can be read from endpoint 1, at no more than 1 Hz. The 14-byte chunk is somewhat obfuscated. To deobfuscate, subtract the ASCII value of the following string from each of the 14 bytes in turn: jodenxunickxia. Then reshuffle the bytes into different positions, according to the following table:

Original position  0  1  2  3  4  5  6  7  8  9 10 11 12 13
Final position  6 13  5 11  2  7  9  8  3 10 12  0  4  1

The (still slightly obfuscated, see the comment below the table) payload is then structured as follows:

Byte Bit Value
0 Unused (always contains 0x50).
1 Unused (always contains 0xb0).
2 Flags.
0 Minus.
1-7 Unused.
3 Major measurement modes.
0 Voltage measurement mode, combined with AC or DC flags in byte 6. In combination with the Diode flag in byte 4, signifies diode testing mode.
1 Current measurement mode, combined with AC or DC flags in byte 6.
2 Resistance measurement mode. In combination with the Continuity flag in byte 4, signifies continuity testing mode.
3 Unused.
4 Frequency measurement mode.
5 Capacitance measurement mode.
6 Temperature measurement mode, in degrees Celcius.
7 Temperature measurement mode, in Fahrenheit.
4 Value factors and extra measurement modes.
0 µ (Micro).
1 m (Milli).
2 k (Kilo).
3 M (Mega).
4 Continuity (in combination with resistance mode in byte 3).
5 Diode (in combination with voltage mode in byte 3).
6 Duty cycle measurement mode.
7 Unused.
5 Extra flags and value factors.
0 Unused.
1 Unused.
2 Max measurement mode.
3 Min measurement mode.
4 Unused.
5 Unused.
6 n (Nano).
7 Unused.
6 Flags.
0 Unused.
1 Unused.
2 Auto-ranging mode.
3 DC measurement.
4 AC measurement.
5 Relative measurement.
6 Hold mode.
7 Unused.
7 Decimal point position.
0 No decimal point.
1 Rightmost (1 digit after point).
2 Middle (2 digits after point).
3 Leftmost (3 digits after point).
4 Unused.
5 Unused.
6 Unused.
7 Unused.
8 Unused (always contains 0x04).
9 Least significant digit on display.
10 Second digit from right.
11 Second digit from left.
12 Most significant digit.
13 Unused (always contains 0xd4).

After this, reversing each bit in a byte, and each byte in the packet yields the original DMM packet that entered the Victor cable. For Victor 70 and Victor 86 meters the layout is that of the Fortune Semiconductor FS9922-DMM4, a common digital multimeter chip with its own protocol.