Imagine being asked to copy an electronic product with no circuit diagrams or software listings, this was exactly what our engineers were asked to do! The remit was to reproduce a product for use trackside on the railways but improve its operational time between battery recharges and make it more robust.
The first step was to dismantle the equipment into its major parts then component by component develop the electronic schematic drawings and figure out how it works. Next copy the software from the unit and disassemble back into 8032 instruction mnemonics from machine code. This was the difficult part, having to slice up the code into the main program, subroutines and interrupt routines then add comments back in to describe the various software functions.
Reverse engineering requires very analytical minds.
Once this was achieved the engineers could move forward to replicate the circuits. It was decided early on not to copy the power supply sections that used old inefficient technology to generate power rails from a 12V sealed lead acid battery that took 12 hours to recharge. Instead high efficiency DCDC modules were used to generate 3.3V and 5V power rails from a 7.2V NIMH battery pack that could be recharged in 1 hours using a mains charger but more importantly from a car or van 12V supply.
In the original design from the early 1990’s there was a large amount of glue logic including a 45-stage ripple counter, this was all replaced by a single cPLD.
Two major sub-components were coils used to detect 90kHz and 110kHz signals from a beacon. These devices were sent to a specialist coil manufacturer who stripped the coils identified the ferrite material and air gaps and reproduced equivalent coils.
How do you verify the functionality of a copy of a complex piece equipment against the original and prove that it works in the same way? The answer in this case was to use the same software running on the same 8032 processor family and a surface mount version of the same serial communications controller device. The original design used obsolete devices to read a keypad and drive a 4-line LCD, so in the new design an NXP Cortex M3 processor was used to simulate several obsolete IO devices.
Having a modern co-processor for the 8032 allowed other new functionalities to be added including Bluetooth connectivity to a smartphone to enable the operator to use the test equipment from a safe distance from the railway track by simulating both the keypad and the display.
From a hardware point of view the original test equipment was supplied in a large grey vanity case with a plastic button keypad with the legends worn out and a backlit LCD that drained the battery in 6 hours.
The new design was half the size and weight and used a yellow Pelican 1400 ruggedised case, metal vandal proof IP67 keypad with the legends engraved on the face plate and a low energy backlit LCD that allowed over 12 hours of continuous use before needing to be recharged. All cables and the signal detection unit could be stored in a pocket in the case.
The prototype was tested at a test centre in Bristol and proven to perform in the same way as the original unit. Finally, new operation manuals were written, and the unit EMC tested ready for supply of production units to the customer.
Our engineers are ready for a similar challenge from you, just contact us.
Download our PDF on Automatic Train Protection technology here.
