This How-To is the first in a series of construction instructions for a project titled The Magic Phone. I was inspired by the Port-O-Rotary from Spark Fun but wanted to take the project to the next level and with hardware I already had on hand. You may be able to extrapolate these instructions to different models of telephones, different telephony protocols, and even different projects.
So what makes up The Magic Phone? Basically, I first wanted to encrust a wireless home phone inside a vintage rotary phone. Here in Europe we have a standard for wireless handsets called DECT which has just been approved by the FCC for the US in April of this year. DECT compatibility is fun in a handset because you can take your phone to a conference or office building phone network which can then assign you a number within their DECT network.
A large DECT network was put in place at What the Hack in the Netherlands this past July. Each person that came equiped with a compatible handset could pick a unique four digit number for the length of the conference. With the What the Hack network one could call another local handset, call outside the conference, call the What the Hack radio to listen in, or even send messages to the computer controlled dance floor at the Blinkenlights section.
Once I decided to house a DECT phone inside a rotary phone, a friend of mine inspired me to also include a cellphone
in the same rotary phone housing. The Magic Phone evolved into a multiprotocol phone made of three torn apart existing
telephones and a circuit board to decode the rotary dial and "push" the buttons on the phones.
This How-To, Part 1, will cover how to decode the button matrix on an existing telephone, be it a DECT wireless
handset or a cellphone. You may ask, why oh why would you not directly control the phone via serial port or the
firmware on the phone? The answer is, you may not have access to the firmware or even to the serial protocol on the
phone. Also, the goal is to have The Magic Phone be an autonomous telephone with no need to plug it into a computer or
computing device. Therefore, we must decode how to push the buttons.
Why would this be useful in your project? Perhaps you don't have access to a cellphone or wireless handset development
board. Perhaps you want your robot to auto dial the pizza service at 8pm on Tuesdays while you are busy doing some much
needed coding. Perhaps you want to...you get the idea, get creative. Allons-y!
What you will need:
- a phone you can take apart brutally (DECT handset or cellphone or other or all of the above)
- soldering iron
- multimeter (preferable with beep for continuity function)
- computer ribbon cable
- screwdrivers (varies with the type of screws in your handsets)
We will be showing the following example with a DECT/GAP compatible handset: the Gigaset C2 by Siemens (this handset
comes with the Gigaset C200 base station). Also, please scrool down to see the same procedure for a cellphone: a Sagem
myX3-2. Please note that you can extrapolate this information to any model handset or cellphone with some ingenuity and
common sense.
Version 1: The Siemens Gigaset C2
The Siemens Gigaset C2 before destroying:
First open your handset to expose the circuit underneath the number pad. This may take some force and prying in the
case of a wireless handset. In these photos you can see the clips you must push back to open most handsets. Siemens
takes the notion of clips to a whole new level. This beast was harder to open than a botulism ridden jar of pasta
sauce. Be patient.
Now remove the number pad to reveal the circuitry underneath. It may look something like this:
You may want to print or draw up an image of your phone's circuit with the traces in a lighter color than the black
you see above. Pull out that multimeter with beep for continuity and start on one of the black traces on the upper
left. Label the first trace 1. Touch one lead of the multimeter to what you have just labelled 1 and touch the next
separate trace on the board to the right with the other lead. Keep your first lead on 1 and work your way across and
down touching each new trace. When you have continuity, mark 1 on your chart to note that the two traces are part of
the same chunk on the matrix. When you have finished every possibility with trace 1, move the first lead of your
multimeter to the first trace that is not labelled 1 and label it 2. Repeat the process above. Continue to the right to
the next unlabelled trace and repeat this "beeping out" of your circuit. Your chart may end up neat and tidy like
mine:
A close up of the chart showing recolored traces to help with labelling.
If this is confusing, remember you just need to understand which buttons on the phone share common leads. When you
have finished beeping out your circuit, make a chart of how the number pad looks on the phone before disassembly with
the two numbers you have assigned that make up each button. Here is an example of how your chart may look:
As you can see in the chart above, the number 1 on the phone pad can be "pushed" by connecting 12 and 10 in my decoded
phone button pad matrix. In the same vein, the number 6 can be pushed by connecting 1 and 2. Your numbers will no doubt
be different with a different manufacturer or model of phone or even a different direction you chose to decode the
keypad circuit.
Next we are going to solder into each unique trace on our circuit. This means, if you have more than one 1 labelled on your chart, you will only need to solder into the first one. To do so on our model of phone we had to scrape a bit of the trace away to reveal copper. Solder doesn't like to stick to strange synthetic stuff. Scrape carefully and chose an area with a large surface area on your trace that isn't too close to another trace so as to avoid short circuits. Prepare these scraped pads by melting a small amount of solder onto them. Strip the ends on your ribbon cable and tin the ends (twist the strands and melt a little solder into them). Solder them in the order you already named when you were beeping out your cable. In other words, solder the first lead to trace 1, the second lead to trace 2, and so on.
The completed phone should look something like this:
Now test your soldering job and your handy little chart by powering up your handset and touching together two of the wires on the loose end of the ribbon cable. Test each button combination to make sure you haven't made any human errors. If your handset displays "st00p1d hum4n" you may have wired up something incorrectly. This concludes the DECT follow-along for reverse engineering the button matrix on your handset. For the cellphone version, read on.
Version 2: The Sagem myX3-2
If you would like to do the same thing with your cellphone, here is the detailed photo follow-along. First open the phone to expose the circuit underneath the keypad. In the case of many cellphones, you may need specialized screwdrivers such as torx.
You may want to print or draw up an image of your phone's circuit with the traces in a lighter color to make them
easier to label. Pull out that multimeter with beep for continuity and start on the upper left of the metal pads. Label
the first pad 1. Touch one lead of the multimeter to 1 and touch each successive separate pad on the circuit board with
the other lead. When you have continuity, mark 1 on your chart to note that the two pads are part of the same chunk on
the matrix. Keep the first lead of the multimeter on 1 as you work your way down the circuit. Next label the first
unlabelled pad 2 and repeat the beeping out process. Continue to the right to the next unlabelled trace and so on until
you finish reverse engineering the button matrix of your circuit. Your finished chart will look something like
this:
If this is confusing, remember you just need to understand which buttons on the phone share common leads. When you
have finished beeping out your circuit, make a chart of how the number pad looks on the phone before disassembly with
the two numbers you assigned that make up each button. Here is an example of how your chart may look:
As you can see in the chart above, the number 1 on the phone pad can be "pushed" by connecting 7 and 10 in my decoded
phone button pad matrix. In the same vein, the number 6 can be pushed by connecting 11 and 3. Your numbers will no
doubt be different with a different manufacturer or model of phone or even a different direction you chose to decode
the keypad circuit.
Next we are going to solder into each unique pad on our circuit. This means, if you have more than one 1 labelled on your chart, you will only need to solder into the first one. Prepare these pads by melting a small amount of solder onto them. Strip the ends on your ribbon cable and tin the ends (twist the strands and melt a little solder into them). Solder them in the order you already named when you were beeping out your cable. In other words, solder the first lead to trace 1, the second lead to trace 2, and so on.
The finished phone pad should look like this:
Now test your soldering job and your handy little chart by powering up your handset and touching together two of the
wires on the loose end of the ribbon cable. Test each button combination to make sure you haven't made any human
errors. If your handset displays "1337 1337 1337357" you may win bonus points. Congrats!
Be sure to tune in for The Magic Phone, Part 2: The Circuit where we show you how to build a custom circuit to decode the rotary phone's clicks and "push" the button matrix you have just decoded in Part 1.