Parts of the Keyboard

Reverse Engineering Project 2004 The disassembly and analysis of a standard computer keyboard

a.k.a.

“This wuz a k3ybored”

Group Members: Steven Maresca 203-605-9533 [email protected] Justin DeMaris 427-2127 [email protected] Matthew Rice 427-4533 [email protected]

OverviewOverview OfOf PresentationPresentation

 ResearchResearch • LayoutLayout • KeyboardKeyboard VarietiesVarieties • MechanicsMechanics • ElectricalElectrical  DisassemblyDisassembly

 ProbingProbing

 ResultsResults ReseaResearrchch MechanicalMechanical AspectsAspects • Keyboard Layouts and Varieties • Size and Shape • Keyboard Components: - Keycaps - Key Switches - Key Pitch - LED’s KeyboKeyboardard LLayoutsayouts

 ManyMany andand variedvaried  Include:Include: • AlphabeticAlphabetic layoutslayouts • TheThe QWERTYQWERTY layoutlayout • TheThe DvorakDvorak layoutlayout • OtherOther experimentalexperimental layoutslayouts AAlplphahabbeetictic

 ArrangedArranged alphabeticallyalphabetically  AA typewritertypewriter basedbased onon suchsuch aa layoutlayout waswas grantedgranted aa patentpatent inin 1868,1868, toto designersdesigners Scholes,Scholes, Gidden,Gidden, && SouleSoule  DevelopedDeveloped forfor “hunt“hunt andand peck”peck” railwayrailway ticketticket typiststypists asas protectionprotection againstagainst forgeryforgery  Two-rowTwo-row designdesign (A-M(A-M && N-Z)N-Z) QWERTYQWERTY

 Three-rowThree-row designdesign namednamed forfor thethe firstfirst sixsix lettersletters inin thethe toptop rowrow (QWERTYUIOP)(QWERTYUIOP)

 PatentedPatented inin 1878,1878, byby designerdesigner SholesSholes

 ReasonsReasons forfor implementationimplementation ofof QWERTYQWERTY areare manymany andand varied.varied.

 TheThe mostmost commoncommon keyboardkeyboard layoutlayout todaytoday WhyWhy QWERTY?QWERTY?

 PurportedlyPurportedly designeddesigned toto helphelp preventprevent jammingjamming inin sluggish,sluggish, clumsyclumsy mechanicalmechanical typewriterstypewriters byby spacingspacing outout commoncommon keyskeys (and(and therebythereby slowingslowing typetype rate)rate)  TheThe design,design, whilewhile notnot especiallyespecially efficient,efficient, waswas wellwell supported,supported, wellwell marketed,marketed, wellwell known,known, andand mostmost importantly,importantly, widelywidely implemented.implemented. AlternativeAlternative LayoutLayout -- DvorakDvorak

 DesignedDesigned byby Dr.Dr. AugustAugust DvorakDvorak andand WilliamWilliam DealeyDealey inin thethe latelate 1930’s1930’s // 1940’s.1940’s.  DesignedDesigned toto bebe moremore efficientefficient • InIn QWERTYQWERTY keyboard,keyboard, 31%31% ofof allall strikesstrikes areare inin thethe homehome rowrow • InIn Dvorak,Dvorak, 70%70% ofof strikesstrikes areare inin homehome rowrow DDvovorraakk LLaayyooutut DvorakDvorak Analysis:Analysis: AdvantagesAdvantages vs.vs. DiDisasadvantagedvantagess Advantages:Advantages: Problems:Problems:  AfterAfter 22 weeksweeks ofof  RequiresRequires aa completecomplete typing,typing, thethe useruser relearningrelearning ofof typingtyping regainsregains thethe speedspeed ofof becausebecause ofof thethe newnew thethe QWERTYQWERTY layoutlayout (versus(versus thethe keyboard,keyboard, andand thenthen nownow standardstandard QWERTYQWERTY passespasses itit layout)layout)  LessLess workwork forfor thethe  IfIf thethe useruser usesuses hands,hands, meaningmeaning longlong multiplemultiple computers,computers, itit typingtyping atat highhigh speedsspeeds maymay bebe necessarynecessary toto isis lessless strenuousstrenuous bebe ableable toto useuse bothboth QWERTYQWERTY andand Dvorak,Dvorak, whichwhich isis difficultdifficult SettingSetting upup thethe DvorakDvorak LayoutLayout

 HardwareHardware solution:solution: • HardwiredHardwired DvorakDvorak keyboardskeyboards areare availableavailable onlineonline fromfrom manymany retailersretailers • ProgrammableProgrammable keyboardskeyboards (also(also availableavailable fromfrom manymany retailers)retailers) cancan bebe easilyeasily programmedprogrammed toto useuse thethe DvorakDvorak layoutlayout  SoftwareSoftware solution:solution: • TellTell you’reyou’re operatingoperating systemsystem toto useuse aa DvorakDvorak layoutlayout StudentStudent ExperienceExperience

All three members of this reverse engineering group have coincidentally attempted to use the alternative Dvorak keyboard layout. Each used a QWERTY keyboard with altered regional settings (a Windows settings adjustment), and in one case a modified QWERTY keyboard. Their experiences found that it was relatively simple to learn the layout and achieve typing speeds at least on par with QWERTY and often in excess. Coinciding with the Dvorak prediction, the students found that many common words such as “the”, “and”, and “said” could be typed exclusively using the home row. It is estimated that with further practice, the Dvorak keyboard could yield results significantly faster than those achievable using QWERTY. Of course, the main obstacle in mastering the Dvorak layout was and remains overcoming the now innate and instinctive QWERTY layout. AlteAlterrnnaativetive KKeeyybboaoarrdd VaVarrietietiesies

 Single-HandedSingle-Handed KeyboardsKeyboards  SplitSplit KeyboardsKeyboards  ChordChord keyboardskeyboards  QWERTYQWERTY VariantVariant KeyboardsKeyboards  ProjectionProjection andand SensorSensor KeyboardsKeyboards Single-HandedSingle-Handed KeyboardsKeyboards

 SinceSince mostmost OS’sOS’s areare graphicalgraphical now,now, thethe mousemouse isis aa majormajor pointingpointing devicedevice  ThisThis leavesleaves oneone handhand leftleft forfor keyboardkeyboard usageusage  AvailableAvailable inin manymany differentdifferent formats,formats, includingincluding DvorakDvorak andand QWERTYQWERTY MALTRONMALTRON Single-HandedSingle-Handed KeyboardKeyboard  AvailableAvailable inin rightright oror left-handedleft-handed versionsversions  CanCan bebe difficultdifficult toto learnlearn becausebecause ofof thethe vastvast numbernumber ofof keyskeys thatthat oneone handhand hashas toto useuse andand aa non-standardnon-standard layoutlayout  NotNot veryvery portableportable http://www.maltron.com FrogPadFrogPad Single-HandedSingle-Handed KeyboardKeyboard

 NotNot veryvery ergonomicergonomic  CompletelyCompletely newnew layoutlayout  VeryVery portableportable keyboard,keyboard, soso onceonce youyou learnlearn it,it, itit cancan bebe transportedtransported easilyeasily toto anyany computercomputer youyou useuse http://www.frogpad.com/ SpSplilitt KeKeybybooaarrdsds

 DevelopedDeveloped toto reducereduce crampingcramping ofof thethe handshands andand minimizeminimize shoulder/armshoulder/arm musclemuscle strainstrain  InIn 19871987 GrandjeanGrandjean suggestedsuggested 25°25° angleangle betweenbetween keykey halves,halves, aa distancedistance ofof 950950 mmmm betweenbetween GG andand H,H, andand aa laterallateral slopeslope ofof 10°10° BATBAT ChordChord KeyboardKeyboard

 UsesUses aa “chord“chord system”system” forfor inputinput • Every letter or character is generated by pressing a certain set of keys  DifficultDifficult toto learnlearn becausebecause therethere areare nono “obvious”“obvious” inputsinputs  RequiresRequires veryvery littlelittle armarm // handhand movementmovement http://www.enablemart.com/ toto useuse HalHalff-Q-QWWERTYERTY KKeeyboardyboard VVaarriiantant

 CanCan bebe usedused asas aa standardstandard QWERTYQWERTY keyboard,keyboard, oror inin one-one- handedhanded modemode thatthat usesuses onlyonly thethe leftleft sideside  MuchMuch easiereasier toto learnlearn becausebecause ofof standardizedstandardized layoutlayout andand abilityability toto useuse itit normallynormally whilewhile learninglearning  NoNo sizesize advantageadvantage http://www.half-qwerty.com/ ProjectionProjection andand SensorSensor KeyboardsKeyboards

 FuturisticFuturistic designdesign  ExtremelyExtremely PortablePortable  AllowsAllows “air-typing”“air-typing” –– thethe ultimateultimate inin touchtouch typingtyping  SensesSenses fingerfinger positionposition andand keykey presspress  InterfaceInterface withwith bothboth PDA’sPDA’s andand standardstandard computercomputer SizeSize andand ShapeShape ooff thethe KeybKeybooardard

 StandardStandard Dimensions:Dimensions: • Width:Width: 66 ½½ inchesinches • Length:Length: 1818 inchesinches • FrontFront height:height: 11 inchesinches • BackBack Height:Height: 11 ½½ inchesinches  CanCan differdiffer withwith style,style, layout,layout, type,type, andand makemake ofof keyboardkeyboard KeKeyyboboaarrdd CoCommppoonneentntss KeycapsKeycaps

 TheThe “keycap”“keycap” oror “Key“Key Top”Top” • TheThe partpart ofof thethe keyboardkeyboard thatthat youyou strikestrike withwith youryour fingersfingers whilewhile typingtyping • RemovableRemovable // replaceablereplaceable onon modernmodern keyboardskeyboards KKeeyycacapp SSizeize

 KeycapKeycap sizesize isis fairlyfairly standardstandard  TheThe toptop areaarea thatthat youyou strikestrike isis approximatelyapproximately .5.5 squaresquare inchesinches  TheThe capcap taperstapers downdown toto approximatelyapproximately .75.75 squaresquare inchesinches atat thethe basebase KeycapKeycap SpacingSpacing

 OnOn aa horizontalhorizontal line,line, keycapskeycaps areare approximatelyapproximately .75.75 inchesinches centercenter toto centercenter  EachEach rowrow isis approximatelyapproximately .75.75 inchesinches centercenter toto centercenter KeKeyycapcap spaspacciinngg ((coconnt’dt’d……))

 TheThe keyboardkeyboard rowsrows areare staggeredstaggered • Numbers to qwerty row – 3/4” shift • Qwert to asdfg row – 3/8” shift • Asdfg to zxcvb rowrow – 3/4” shift  SameSame forfor mostmost keyboardskeyboards soso usersusers don’tdon’t havehave toto relearnrelearn everyevery timetime theythey typetype KeycapKeycap ShapeShape

 ShapedShaped likelike aa squaresquare pyramidpyramid withwith thethe toptop cutcut offoff (3D(3D rhombus?)rhombus?)  TopTop surfacesurface isis bentbent andand roughrough // texturedtextured KeycapKeycap TravelTravel

 TheThe distancedistance aa keykey  LongLong traveltravel isis movesmoves whenwhen struckstruck consideredconsidered moremore isis calledcalled thethe desirabledesirable byby typiststypists “travel”.“travel”.  ShortShort traveltravel isis  VariesVaries fromfrom usuallyusually usedused inin keyboardkeyboard toto applicationsapplications wherewhere keyboardkeyboard spacespace isis limitedlimited  OurOur keyboardkeyboard • Laptop keyboards, traveltravel isis Laptop keyboards, etc.etc. approximatelyapproximately 1/101/10th ofof anan inchinch KeyKey SwitchesSwitches

 The mechanical component below the keycap  Initiates electrical contact with each keypress to send a signal to the keyboard processor  Key switch standards vary by keyboard and manufacturer  Most common kind is the membrane-based key switch, consisting of a flexible rubber membrane and two sheets of electrical contact points.  When pressed by the keycap, the membrane closes the two electrical contacts to complete the circuit specific to that keycap and its associated key. KeyKey SwitchSwitch VariationVariation •Membrane (our keyboard)

•Mechanical •Rubber Dome •Other types: •Foam and foil •Capacitive KeyKey SwitchSwitch ComparisonComparison  Mechanical: durable but expensive; high tactile response • When key is pressed, key cap depresses spring and closes metal contacts  Foam-&-Foil: inexpensive but not practical for heavy use; soft tactile response • Foil bubble is deformed downward with the action of the keypress to close a metal contact  Membrane: low tactile response; resistant to spills and debris • Rubber membrane providing tactile resistance • Consists of three layers of plastic: upper and lower levels have embedded circuit traces. Middle layer has holes under each key • With keypress, contact on upper level passes through hole in middle level to meet contact in lower level • Most common key switch type  Rubber dome (carbon contact): decent tactile response. • Much like membrane type, but without plastic layers • Carbon on underside of dome closes contact  Capacitive: no tactile response • The capacitive switch runs on the concept that two pieces of metal in very close proximity of each other are able to hold an electrical charge • The processor in these keyboards determines which key is pressed by comparing the capacitances of the connected lines KeKeyy PiPittchch

 KeyKey pitchpitch isis thethe angleangle ofof thethe toptop ofof thethe keykey capcap relativerelative toto thethe surfacesurface uponupon whichwhich thethe keyboardkeyboard restsrests  PitchPitch increasesincreases fromfrom thethe bottombottom rowrow ofof thethe keyboardkeyboard toto thethe toptop row,row, asas illustratedillustrated aboveabove  StandardStandard fullfull sizedsized keyboardskeyboards havehave substantialsubstantial pitch,pitch, whilewhile laptopslaptops typicallytypically lacklack anyany pitchpitch whatsoeverwhatsoever duedue toto theirtheir compactcompact sizesize andand flatflat keyboardskeyboards  PitchPitch aidsaids inin typingtyping comfortcomfort byby enablingenabling thethe typisttypist toto placeplace handshands inin aa positionposition thatthat lessenslessens pressurepressure onon thethe wristswrists KeyboardKeyboard LED’sLED’s

 An LED (Light Emitting Diode) uses electric current through a semi- conductor to generate visible light  Used to indicate the status of the toggle keys • Num Lock • Caps Lock • Scroll Lock  Can be toggled by the computer or by pressing the keys on the keyboard ReseaResearrchch ElectricalElectrical AspectsAspects • Key Contacts • Key Matrix • Keycode Processor • Keyboard Output as Signals: The Clock and Keycodes • Interpretation of Keyboard Output Signals • Make / Break Codes • Port pinouts KeyKey ContactsContacts andand KeyKey MatrixMatrix

Upper layer

Key contacts as pictured are part of a matrix of circuit traces (those lines Middle layer that connect the contact points). This key matrix is connected to the Lower layer Keycode processor; it determines where and which key was pressed in Contacts the matrix, as well as the Keycode to send to the computer. TheThe KeycodeKeycode ProcessorProcessor

 Determines the key pressed in the key matrix  Generates a pair of signals that can be interpreted by the computer  These signals are called the Keycode and the Clock  The computer also sends data to the keyboard. (software can set num lock, etc). Therefore, communication is bi- directional. KeyKey ProcessorProcessor SchematicSchematic TheThe KeycodeKeycode

 EachEach individualindividual keykey hashas itsits ownown uniqueunique codecode associatedassociated withwith itit • ForFor example:example: thethe KeycodeKeycode forfor thethe 11 keykey onon thethe keypadkeypad isis differentdifferent fromfrom thethe 11 keykey aboveabove thethe lettersletters TheThe ClockClock

 WhenWhen aa keykey isis pressedpressed (and(and thethe KeycodeKeycode isis subsequentlysubsequently generatedgenerated byby thethe KeycodeKeycode processor),processor), aa secondsecond partpart ofof thethe circuitcircuit isis activated:activated: thethe timer,timer, oror clock.clock.  TheThe clockclock isis synchronizedsynchronized withwith thethe KeycodeKeycode sentsent toto thethe computercomputer andand providesprovides aa frameframe ofof referencereference forfor interpretinginterpreting it.it. TThhee CClocklock aass aa SSigignanall

 TheThe clockclock outputoutput isis aa digitaldigital signalsignal thatthat isis thethe samesame nono mattermatter whichwhich keykey isis pressedpressed  ItIt consistsconsists ofof “ticks”“ticks” whichwhich coincidecoincide withwith thethe KeycodeKeycode sentsent toto thethe computercomputer fromfrom thethe KeycodeKeycode processorprocessor TheThe KeycodeKeycode asas aa SignalSignal

 TheThe KeycodeKeycode isis anan analoganalog signalsignal thatthat cancan bebe brokenbroken downdown intointo aa streamstream ofof bitsbits byby thethe computercomputer byby comparingcomparing itit toto thethe “ticks”“ticks” ofof thethe clockclock signalsignal KeyboardKeyboard OutputOutput asas aa CombinationCombination ofof SignalsSignals

 The keyboard signals are transmitted to the computer as pulses of electricity to be converted into a binary number • The Keycode signal ranges from Key +4.8vDC to +5.5vDC Code • The Clock signal ranges from +2vDC to +5.5vDC  One tick of the clock consists of a drop in signal and a jump back to its Clock original value; 11 evenly spaced ticks occur per keypress  The Keycode signal is less regular and its up or down state is determined only by its voltage in comparison to +5vDC  The keycode is divided into 11 sections, each corresponding to one tick of the clock KeyboardKeyboard OutputOutput asas aa CombinationCombination ofof Signals,Signals, cont’dcont’d  ForFor everyevery ticktick ofof thethe clock,clock, thethe computercomputer readsreads thethe voltagevoltage ofof thethe Key Code keycodekeycode • IfIf thethe voltagevoltage isis aboveabove Clock +5vDC,+5vDC, thethe computercomputer readsreads aa binarybinary 11 • IfIf thethe voltagevoltage isis belowbelow +5vDC,+5vDC, thethe computercomputer readsreads aa 00 KeyboardKeyboard OutputOutput asas aa CombinationCombination ofof Signals,Signals, cont’dcont’d

 InIn thethe exampleexample shownshown atat right,right, thethe redred lineslines areare alignedaligned withwith eacheach ofof thethe 1111 ticksticks ofof thethe clockclock  TheThe blueblue lineline onon thethe datadata signalsignal signifiessignifies +5vDC+5vDC  LookingLooking atat eacheach ofof thethe 1111 subsequentsubsequent divisionsdivisions ofof thethe datadata signal,signal, thethe followingfollowing binarybinary numbernumber isis translated:translated: 0110110001101101100011 InterpretingInterpreting thethe BinaryBinary TranslationTranslation ofof thethe KeycodeKeycode

 InIn thethe previousprevious example,example, thethe binarybinary numbernumber 0110110001101101100011 representsrepresents aa packetpacket ofof informationinformation sentsent toto thethe computercomputer forfor thatthat keypresskeypress  ThisThis packetpacket consistsconsists ofof 1111 binarybinary bits,bits, includingincluding aa leadingleading “start“start bit”bit” whichwhich isis alwaysalways 0,0, aa “stop“stop bit”bit” whichwhich isis alwaysalways 1,1, andand aa “parity“parity bit”bit” whichwhich correspondscorresponds toto thethe numbernumber ofof 1’s1’s inin thethe binarybinary data,data, andand isis usedused forfor errorerror checkingchecking • The parity bit is the bit just prior to the stop bit • A parity bit of 1 implies that there are an even number of 1’s in the binary data, while a 0 implies an odd number of 1’s  TheThe remainingremaining 88 bitsbits representrepresent thethe charactercharacter ofof thethe keykey pressedpressed andand areare enteredentered backwardsbackwards InterpretingInterpreting thethe BinaryBinary TranslationTranslation ofof thethe Keycode,Keycode, cont’dcont’d

 Further continuing the previous example, the binary number 01101100011 can be broken down into the following four parts: • Leading 0 (start bit) • Ending 1 (stop bit) • Parity bit 1 implying an even number of 1’s in the data  Subtracting the start, stop, and parity bits from the binary data, the remaining number is 11011000 • These 8 bits is a backwards representation of the keycode • The actual binary number for the keycode is 00011011  Keycodes are usually read in hexadecimal notation  Converting this binary keycode 00011011 into hex, we obtain the number 1B  This hexadecimal keycode can now be converted via “scan codes” by the computer into an actual useable character, displayed as pure text ScanScan CodesCodes  Binary keycodes converted into hex are considered “scan codes”  For each keyboard, there are several scan code charts that can be used to translate the scan codes into characters • Scan code charts are specific to language, geographical location, and keyboard layout • They are interchangeable • They may be accessed and used by an Operating System as required  There is a subset of scan codes considered to contain “make codes” and “break codes” • Make codes are simply the scan code hex value and imply that a key has been pressed down • Break codes are generally the scan code hex value plus 80 (in hex, not decimal • Make and Break codes are especially used for handling multiple- keypresses to determine which keys have been pressed and which have been released  An example: pressing Ctrl+Alt+Del would result in the transmission of the make codes for all three, but only the break code for Del  The computer then interprets the break code for Del, and the lack of break codes for Ctrl and Alt to mean that all three were pressed in combination ScanScan CodeCode ExamplesExamples

Key Number Scan Code Key

1 0E `

2 16 1

3 1E 2

4 26 3

5 25 4

6 2E 5

7 6 6 8 3D 7

9 3E 8

10 46 9

11 45 0

12 4E -

13 55 = PortPort PinoutPinout

 MostMost modernmodern keyboardskeyboards useuse aa PS/2PS/2 oror “mini-DIN”“mini-DIN” connectionconnection  EachEach pinpin inin thisthis portport isis associatedassociated withwith aa number,number, 1-1- 6,6, fromfrom leftleft toto rightright PoPorrtt LayLayooutut ((coconntintinuued…)ed…)

PINPIN Signals:Signals:  11 –– KeyboardKeyboard DataData  22 -- notnot connectedconnected 5 6  33 –– GroundGround 3 4  44 –– PowerPower (+5V)(+5V) 1 2  55 -- KeyboardKeyboard ClockClock  66 –– notnot connectedconnected TheThe FunFun Begins:Begins: DDisisassassememblybly DisasDisassesemmbblyly ProceProceddureure

 RemoveRemove keycapskeycaps withwith simplesimple leverlever  RemoveRemove screwsscrews belowbelow keyboardkeyboard andand underunder keyskeys  RemoveRemove toptop halfhalf ofof keyboardkeyboard  RemoveRemove membranemembrane TheThe KeyboardKeyboard IIttselfself

Handy, Dandy Phillips Screwdriver

One of several Keycap removal has annoying begun [hidden] screws Keycap Fun

Wouldn’t you? UnderUnder thethe HoodHood

PS/2 Terminated Cable Common Ground Key Code Membrane Processor

Where those annoying screws were hiding RevisitingRevisiting TheThe Membrane:Membrane: WhatWhat LiesLies BeneathBeneath

Upper layer

Middle layer

Lower layer

Contacts LikeLike aa VViissiitt toto tthehe Proctologist,Proctologist, TheThe ProbingProbing BeginsBegins ProbingProbing ProcedureProcedure

 Using a lovely Fluke Multimeter and its lovelier continuity feature, trace PS/2 port pins to the connector on the key code processor PCB  Solder probe extension wires to connector pins • Be careful not to short out the wires or melt the board that the pins are connected too • Be ESPECIALLY CAREFUL not to damage the chip  Referring to PS/2 pinout, label each wire with an appropriate tag  Replace keyboard cover, screw back in, reattach keycaps, and get to work with an oscilloscope That was painful. You’d think dorm lounges would be better lit. Nicely labeled and soldered

What better use for 40 watt soldering irons than melting holes through plastic for probe wiring! SignalSignal ProbingProbing AndAnd AnalysisAnalysis withwith thethe OscilloscopeOscilloscope TheThe OscilloscopeOscilloscope

 WeWe usedused FlukeFluke 123123 “Industrial“Industrial Scopemeter”Scopemeter” oscilloscopeoscilloscope forfor signalsignal scanningscanning inin thisthis projectproject PPS/S/22 pipinsns 33 anandd 44 (G(Grouroundnd && Power)Power)  TheThe groundground lineline isis simplysimply aa groundground connectionconnection forfor thethe keyboardkeyboard andand isis thethe basisbasis forfor allall signalsignal technologytechnology • ThinkThink ofof itit asas aa basebase referencereference toto whichwhich allall otherother signalsignal datadata cancan bebe comparedcompared toto  PowerPower lineline (+5vDC)(+5vDC) isis thethe wirewire thatthat thethe computercomputer usesuses toto provideprovide thethe keyboardkeyboard withwith electricityelectricity toto operateoperate • ItIt isis +5vDC+5vDC becausebecause itit carriescarries aa signalsignal 55 voltsvolts aboveabove thethe truetrue groundground line,line, 0vDC0vDC TheThe GroundGround

 ConnectConnect thethe “common“common ground”ground” (center)(center) wirewire ofof thethe oscilloscopeoscilloscope toto thethe +5vDC+5vDC wirewire onon thethe keyboardkeyboard • WeWe usedused thethe +5vDC+5vDC lineline asas thethe basisbasis forfor allall ourour measurementsmeasurements (the(the “ground”)“ground”) becausebecause itit waswas closestclosest toto thethe referencereference voltagesvoltages onon thethe keyboardkeyboard datadata lineline TheThe KeyboardKeyboard DataData

 Connect the signal A input on the oscilloscope to the “Keyboard data” line on the keyboard:  +4.8 volts to +5 volts = a 0 bit  +5 volts to + 5.5 volts = a 1 bit  Adjust the oscilloscope voltage trigger so that the “A” signal is shown near the top of the screen when the key is pressed  Connect the Fluke 123 Scopemeter to the test-bed computer using the special serial-port adapter. Then, fire up the FlukeView software package and take this picture  Pretty isn’t it? TheThe ImportanceImportance ofof aa SteveSteve

 In order to properly read the signal from the clock on the keyboard, it is necessary to place a strongly resisting Steve between the oscilloscope and the keyboard clock wire.  The electrical resistance of the needed Steve (or wire as the case may be when one lacks a Steve) is about 1 megohm.  (The Fluke was throwing back some residual voltage back into the system and messing with the signal..wish it hadn’t taken so long to figure that out) TheThe ClockClock

 ConnectConnect signalsignal BB inputinput toto aa 11 megohmmegohm resistorresistor (or(or resistiveresistive wire)wire) andand thethe otherother endend ofof thethe resistorresistor toto thethe “Clock”“Clock” lineline • YouYou needneed thethe resistorresistor inin therethere toto dulldull downdown thethe signalsignal beingbeing carriedcarried throughthrough thethe wires,wires, oror elseelse whenwhen youyou connectconnect thethe oscilloscopeoscilloscope toto thethe circuit,circuit, thethe feedbackfeedback betweenbetween “clock”“clock” andand “+5”“+5” (the(the ground)ground) willwill messmess upup thethe keyboard’skeyboard’s datadata signalsignal OscilloscopeOscilloscope SettingsSettings

 InputInput fromfrom bothboth probesprobes isis onon andand setset toto readread pulsespulses  TheThe voltagevoltage amplitudeamplitude isis setset toto 4040 voltsvolts DCDC onon inputinput AA andand 55 voltsvolts DCDC onon inputinput BB  TheThe timetime widthwidth onon thethe graphgraph isis setset toto 200200 µ-secondsµ-seconds GeGetttintingg ththee scascann ccoodedess

 PressPress thethe keykey onon thethe testtest keyboardkeyboard ofof whichwhich oneone desiresdesires thethe scanscan codecode  HoldHold itit downdown untiluntil thethe signalsignal stabilizesstabilizes onon thethe oscilloscopeoscilloscope screenscreen  PressPress thethe “Hold”“Hold” buttonbutton onon thethe scopescope  TakeTake aa screenscreen shotshot ofof thethe scopescope usingusing thethe FlukeViewFlukeView softwaresoftware  SaveSave thethe screenshotscreenshot  OverlayOverlay screenshotscreenshot withwith gridgrid toto helphelp interpretinterpret thethe signalssignals WeWe Invaded!Invaded! FlukeView Scope rig (those Hey.. we newer laptops don’t even needed bother with serial ports, alas) music The lovely machine Test Rat’s nets that made it all bed of Probe possible, the Fluke 123 tablet wires ScopeMeter RReesultsultss

 FollowingFollowing thethe aboveabove procedureprocedure (the(the probeprobe setup,setup, thethe useuse ofof Steve,Steve, thethe screenscreen capturecapture andand overlayoverlay ofof thethe signal,signal, thethe imageimage toto rightright ofof thethe letterletter AA waswas generated.generated. Results:Results: MeaningfulMeaningful InformationInformation fromfrom OscilloscopeOscilloscope ReadingsReadings andand BiBinarynary  The image shown to right depicts the signal for the letter A.  Data signals below the +5vDC (top blue) line are binary 0’s; above, 1’s.  Using the clock as reference, one can determine the scan code of A to be: 0| 00111000|0|1 (where |’s separate start, stop, and parity bits from the scan code itself)  0 – Start Bit  1 – Stop Bit  0 – Parity Bit  What remains: 8 bits of data – 00111000 0 0011 1 00 0 01  Following PS/2 specifications, reversing the 8 data bits – 00111000  Converted to hex: 1C  Referring to the scan code, chart 2 for our 101/102 key keyboard, this does indeed produce the correct character interpretation  Thus: A=00111000=1C AdditionalAdditional Results:Results: SignalSignal AnalysisAnalysis ofof thethe HomeHome RowRow andand OtherOther OftOft UsedUsed KeysKeys S=0|11011000|1|1 =000110=1B=S

D=0|11000100|0|1 =00100011=23=D

F=0|11010100|1|1 =00101011=2B=F

G=0|00101100|0|1 =00110100=34=G AdditionalAdditional Results,Results, cont’dcont’d

H=0|11001100|1|1 =00110011=33=H

J=0|11011100|0|1 =11011100=3B=J

K=0|01000010|1|1 =01000010=42=K

L=0|11010010|1|1 =01001011=4B=L AdditionalAdditional Results,Results, cont’dcont’d

Esc=0|01101110|0|1 =01110110=76=Esc

Entr=0|01011010|1|1 =01011010=5A=Entr

Bkspc=0|01100110|1|1 =01100110=66=Bkspc

Left Alt=0|10001000|1|1 =00010001=11=Left Alt SummarySummary

 InIn thethe probingprobing ofof otherother signals,signals, ourour resultsresults directlydirectly concurredconcurred withwith scanscan codescodes publishedpublished forfor ourour varietyvariety ofof keyboardkeyboard  FromFrom thethe sourcesource wewe usedused atat http://cma.zdnet.com/book/upgradehttp://cma.zdnet.com/book/upgrade repair/ch09/ch09.htm;repair/ch09/ch09.htm; wewe usedused SetSet IIII SuSurrpprrises!ises!

 There were screws located under keys  Very dirty under keys  Projection keyboards are cool (not really a surprise but still cool…)  Mix up with PS/2 cable wiring pattern (numbering sequence isn’t intuitive)  When we connected the keyboard and oscilloscope to the computer in one of our first arrangements, we could press keys on the keyboard and they wouldn’t show up on the screen. Then when we disconnected the oscilloscope, all of the characters we pressed were sent to the computer • This implies that the chip on the keyboard contains a buffer to hold characters as they are being sent. • After testing we discovered that the buffer holds up to eight characters at once. InIn ConclusionConclusion

InIn thethe makingmaking ofof thisthis reportreport thethe entireentire processprocess ofof convertingconverting keykey pressespresses toto signals,signals, binarybinary data,data, andand backback toto texttext occurredoccurred 10’s10’s ofof thousandsthousands ofof timestimes inin aa processprocess thatthat isis wonderfullywonderfully automatedautomated andand wewe nevernever havehave toto handlehandle ourselves,ourselves, butbut nownow understandunderstand anyway…anyway… Aren’tAren’t computer’scomputer’s wonderful?wonderful? SSoouurrcecess

 www.pcguide.com  Kroemer, K.H.Eberhard “Human Engineering the Keyboard” Human Factors vol. 14 1972  Baber, Christopher Beyond the Desktop Academic Press. San Diego, California 1997 pp. (25-46)  http://www.maltron.com  http://www.frogpad.com/  http://www.enablemart.com/  http://www.half-qwerty.com/  http://www.alpern.org/weblog/stories/2003/01/09/projectionKeyb oards.html  http://www.soc.staffs.ac.uk/wf1/FCS/5peripheralsLectureNotes.pp t  IBM PS/2 A Reference Guide, TJ Byers, Intertext Publications, McGraw-Hill Book Company, 1221 Avenue of the Americas, NY, NY 10020, 1989 ISBN: 0-07-009527-2