4.1 C1-600-RT (Sprint) and DPH153-AT (AT&T) Microcells (teardown to find out what is good for).
I do this only out of curiosity. Many call it reverse engineering, but it is very far from that. Curiosity is rather the main thing for which it is done. And, share, of course.
I do this only out of curiosity. Many call it reverse engineering, but it is very far from that. Curiosity is rather the main thing for which it is done. And, share, of course.
"Airave 2.5", at the moment, does not supported by Sprint, and well AT&T has difficulties doing this for DPH153-AT. In any case, the devices are useless for traditional intended use.
Both are hack-able. That means you can make your short distance network, for your phones or IoT devices.
How to do this is out of scope. But you have, in your hands, a cell-phone cell, which differs from the real one only in that it can serve a smaller number of subscribers (usually 4 to 8). If you consider it as an addition to the PBX (IP phone), then everything will work. Not many people can do this (none, at the moment:), but it is possible.
How to do this is out of scope. But you have, in your hands, a cell-phone cell, which differs from the real one only in that it can serve a smaller number of subscribers (usually 4 to 8). If you consider it as an addition to the PBX (IP phone), then everything will work. Not many people can do this (none, at the moment:), but it is possible.
OK. Under the hood of Airave is the only motherboard on which magic happens.
3 network connectors, 7 power supply (1 to 3.4V), and 5 antennas, which are connected to the top module. GPS - small box on the top-left. CPUs and rest - under heat sink. The back of the board does not contain anything interesting.
But on right corner we have we have something useful. This is a serial connection and monitor output.
It is very hard to believe in the existence of an HDMI port on the board. But unique pin out of this connector, and signals matching to HDMI - yes, it is a connector for external monitor.
Finally, perhaps like me, you decide to install in addition to the serial, HDMI connector too, but ...
... do not do it. The video output is disabled by BIOS and it is difficult to get it run.
At the moment, it is more interesting what we can get through the serial port. 115200 and we have it.
If you click on this photo, another window will open, with full log of boot process.
I will not remove the heat sink to see what is under. This is boring, and we already know what's there. For me, it’s much more interesting how the signal is encoded in the air. And, for CDMA it was not so difficult.
AT&T device much more interesting. It was made by another designer, that's for sure. Everything on the board, separated, like on a Google map.
GPS with an additional connector for an external GPS antenna, in the upper right corner. It has a separate serial port where we can connect.
Unusually only baud rate - 38400. Output - like from regular GPS.
In the log I moved to the vicinity of London, but it does not matter.
Next router based on RT2150 (10/100MHz 5PORT AP/ROUTER), which serves the connection to the network. LAN, WAN and RF unit, which is the same as additional network device.
The same, RS-232 port, but with different pin out. Baud rate - 57600, log file under the picture.
Run's under the Linux. After reading the log, it looks like the most time device works like a network bridge, where RF unit is the third network device.
OK. And this is where I accidentally burned the unit.
If you look in the lower left corner of the motherboard (in the photo), then we have several connectors and none of them are serial ports. This means that the only way to talk to RF part of the unit is through the Ethernet (separate 10/100 transformer, in the red circle - it is).
Sniffing traffic from WAN/LAN with WireShark , showed that the internal router/switch/bridge (on RT2150) eliminates all direct communications with RF unit. SSH, Telnet, or so - cut off. It looks like it waiting to open VPN channel to AT&T server... This is certainly a shame, but I would do exactly the same : )
And I decided to use RF unit as a stand-alone network device to skip the limitations. Removing the transformer required preheating the entire motherboard to 100'C, and this (which was done many times before), for unknown reasons, killed the board. ...
My experiment is over. But I finally figured out how CDMA coding works(was very interesting, for me), and this is a good result. If you are going to do similar but deep, then the memory is reprogrammed very simply. All images are in the middle of compressed files. The only thing you need to do is add a pause/branch the boot loader (GRUB or so).
Then everything depends on your abilities and desire. So nothing is impossible: )
For me, it looks like I have two MB for parts. And I know what to do with them, believe me or not.
*** My address is below, in case if you have ideas & want to share them (or something else). Always happy to communicate with people who do something unusual. Whatever it is : )))