SMSL HV-50 Amplifier, anyone?

Does anyone know anything about the SMSL HV-50 amplifier?

s-l1600

SMSL HV-50

I’m asking, but I think I already know the answer: No, no one knows anything about the SMSL HV-50 audio amplifier, or if they do, they aren’t talking (not in english, anyway). I found a recent reddit thread asking about it, but no one knew much, and I haven’t found much else.

What I do know are some basic details:

  • 50W per channel (stereo)
  • RCA inputs
  • 5-way binding posts for outputs.
  • Based on the TDA7492 Class D Amplifier IC from ST Microelectronics.
  • Aluminum case.

The TDA7492 chip is used in a lot of compact, inexpensive audio amps made by various Chinese manufacturers and sold under various names on Amazon, Ebay, AliExpress, etc.

41ZJRL36sHL

SMSL SA-50

It is also used in the older, almost identically specced 50 Watt/channel SMSL SA-50 amplifier, pictured above. The chip and specs aren’t the only thing the two have in common. As you can see, the case is the same. The only outward difference is slightly different markings and detailing.

The insides are a different story. Both use the same TDA7492 amplifier chip, but as you can see, the PCB and components are quite different.

Last night I noticed that one seller was offering the HV-50 for just $35 with free shipping, so I ordered one. At that price, it was a no-brainer. I’d have easily spent $25 and several hours getting one of the cheap TPA3116 boards I’ve ordered mounted in a suitable case.

I’ll follow up with a new post in a few weeks, once I have the HV-50 in-hand.

 

AirMobi iReceiver Preliminary Software Hacking

I recently discovered and purchased an inexpensive, unofficial WiFi-enabled AirPlay and DNLA audio receiver called the AirMobi iReceiver. I couldn’t find much information on the device, but for $12, I thought it was worth buying and trying.

It works reasonably well, but that’s not really why I bought it. I bought it with the intention of taking it apart and seeing what makes it tick. And now, having done that, I plan to hack it to run OpenWRT so I can secure it, customize it, and update the software.

IMG_9667

It is based on a Ralink RT5305T WiFi SoC which suggests to me that it is running linux, and probably has a serial console exposed via some test points on the mother board. I only found handful of candidates during my teardown. My guess was that the Tx and Rx lines were available on the unpopulated 4-pin header at the edge of the circuit board. From visual inspection I could tell that the second pin from the left was a ground pin. A little continuity probing with a multimeter suggested the first pin provided power, a fact confirmed when I check its voltage when I powered up the device.

I hooked a logic analyzer up to the other two pins to see which one toggled on and off at boot, but that was really overkill. I could have done just as well figuring out which one was pulled high when I powered up the device.

Once I had the pins worked out, I hooked up a TTL level USB/serial converter to my laptop, connected the ground pins and cross connected the Tx and Rx pins between the adapter and the board. Once I powered everything up, my screen started to fill with garbage. I guessed that 115.2Kbps was too fast, and tried 57.6Kbps instead. Bingo!

After booting up, I hit return and was presented with a login prompt. I tried the password for the webui and was pleased to find that it worked. I poked around the filesystem, looking at various config files, the various files for the web UI, and checking what binaries were installed on the system.

One of them is a telnet daemon (implemented as part of busybox). So, I started it, connected to the WiFi, and was able to log in over the network.

From there, I gathered more information. I was dissapointed that there wasn’t really anything like zip, or tar, or an ftp or ssh server that would make it easy to pull a bunch of files off at once, so I dumped the web UI files to the terminal one at a time and then saved them for further inspection.

Hidden ate_test.asp page

Hidden test_ate.asp page

Once I did, I found hidden functions in the firmware update page for uploading the bootloader over the webui. Exposing it required tweaking the page using web developer tools, which is kind of tedious. Then I hit the jackpot, I found an unlinked file called test_ate.asp. When loaded, it has a button to fire up the telnet daemon, making a command line available with just a WiFI connection, no serial console necessary. It also has an option to update the boot loader and a mysterious ATE function. This discovery made it easier to return and poke at the device at my leisure.

From what I learned in my poking and prodding, it appears to be based on the Ralink provided SDK with some modifications. With any luck, the modifications will be minor, and it will be easy to load an OpenWRT firmware over the webUI.

Before I do that though, I’ll need to take special care since this device doesn’t have an ethernet port, and so recovering from non-working firmware will be more difficult.

A lot of details follow…

Continue reading