Minelab CTX 3030 Detecting Forum

Welcome! Log In Register
Re: CTX-3030 Boards battery replacement
Posted by: mypenneys
Date: January 15, 2017 08:59PM
More photos CTX-3030

Re: CTX-3030 Energizer Battery Replacement
Posted by: mypenneys
Date: January 15, 2017 09:14PM
Battery replaced with Energizer Battery on the CTX-3030

Re: Hacking the CTX
Posted by: bklein
Date: January 16, 2017 01:34AM
Are batteries beginning to fail? I just had some weird behavior with audio controls not responding...

Re: Hacking the CTX
Posted by: Brianc
Date: January 16, 2017 08:00AM
You are a brave man just pulled the battery apart and replaced it unfortunately I believe the control board for the battery is the problem it charges but will not power on the detector. I guess I'll be pulling it back apart to check that it has a minelab stamp so I doubt it's anything I can purchase.

Re: Hacking the CTX
Posted by: bklein
Date: January 16, 2017 11:33AM
Measure the voltage across each battery to be sure above it's Vmin. (I don't know what li-ion cell they use).
Could pump up low cell with a bench power supply for a minute or so. Replacement cells should ideally be same part number as original and all new ones - no mix of old/new.
I haven't opened mine yet as the battery has been unbelievably good for few years now.
The battery circuit might use a coulomb counting IC - might have special reset proceedure necessary. Check on TI website. But I thought I had seen threads of others rebuilding their battery with no issue.

Edited 1 time(s). Last edit at 01/16/2017 11:38AM by bklein.

Re: Hacking the CTX
Posted by: bklein
Date: January 16, 2017 11:46AM
Can you get a top-down shot of the white rectangular block thing and its (silver)circuit board?

Edited 1 time(s). Last edit at 01/16/2017 11:50AM by bklein.

Re: Hacking the CTX
Posted by: mypenneys
Date: January 16, 2017 08:22PM
CTX-3030 Memory Battery Replacement.
1. Follow safety precautions with static electricity.
2. Be very careful removing ribbon cable. It has
a pressure connector made of plastic. It only
has to be lifted up about 3/16 of an inch to
release cable. If you attempt to pry it up to
far you will snap or break that little plastic
pressure connector. Then you will be sending
it in to Minelab for repair.
3. I would only replace the memory battery if
your CTX won't turn on.
4. The battery can be removed it will not lose
the Firmware that is the code to operated the
hardware like selecting the pressure sensitive
key pad. The only thing that will be lost is
the saved settings you made changes to.
After replacing the battery and putting it back
together all that you have to do is.
Press and hold the on button and Reset All
5. That's putting back to factory settings.
6. I wanted to replace the 3.3 Volt battery and
see how the electronics was sealed from water
damage. Hearing from other people that have
had to send there detector in for repair from
using it in water. I now no where the problem
area's are and will not use it till satisfie to myself
those area's are addressed. I'm not going into
that right now. There are more pictures under
Battery Replacement CTX 3030
From. mypenneys.

Re: Hacking the CTX
Posted by: treasure_hunter
Date: January 17, 2017 11:44AM
Be careful and keep in mind if there are any signs of owners opening up the 3030 it will void the remaining warranty if there is any when sent in to Minelab Repair.

Re: Hacking the CTX
Posted by: is0-mick
Date: January 22, 2017 06:46PM
Nice pics mypenneys, do you happen to have a pic of the PCB under the shielded part?

It would be interesting to know what actual CPU they are running.

I don't actually have a ctx3030 myself, a friend of mine has just ordered one, and I stumbled across this thread while searching on the internet, and the title caught my eye.

Well here's what I deduced so far......

From the picture you posted of the bottom of the main pcb, I'd hazard a guess at the unpopulated 10 pin header at the top of your picture is a JTAG debug interface.
It also looks like the 3 pins at the bottom could the a serial uart.

I downloaded the firmware from minelabs site:

I haven't spent a huge amount of time looking at this, I only downloaded the file last night.
Here are some initial observations.

System runs linux, uses an arm processor, and it seems to use redboot for the bootloader.

There's a PK (zip) header (bytes 50 4B 03 04 14) in the mlb file at offset 0x2f700, removing the bytes prior to this, and rename to .zip will allow you to extract the rootfs and uImage.

If you use binwalk under linux you can extract the rootfs, and uImage from the file.

Extracting the rootfs was a little bit of a challenge as it uses ubifs, so I had to find an extractor.
I used ubireader written by jrspruitt which is available on github.

Kernel build line:
Linux version 2.6.28-317-g208065e-g391fcf2-dirty (jenkins@linux-6cu5) (gcc version 4.1.2) #1 PREEMPT Fri Aug 12 16:49:18 CST 2016

The kernel bootline seems to be
noinitrd console=ttymxc0 root=/dev/mtdblock2 rw ip=off

Which is why I mentioned the uart looking port on the main pcb, hooking this up to a ttl serial converter may give you a shell on the device...

Inside the rootfs, the system runs busybox, and uses QT for the display driver.
There are four main executable files which run the whole detector.

22/01/2017 01:11 1,259,692 pod
22/01/2017 01:11 32,648 audio
22/01/2017 01:11 60,208 debug
22/01/2017 01:11 37,176 detector

All of these are standard elf files.
I recommend IDA (disassembler) if you want to have a look at the files / disassemble them.

The pod file which appears to be the main program also holds the icons for the system as embedded png's
I managed to extract them (see below).

So, that's pretty much what I did last night :)

Edited 1 time(s). Last edit at 01/22/2017 07:05PM by is0-mick.

Re: Hacking the CTX
Posted by: bklein
Date: January 23, 2017 12:07AM
Hi is0-mick,
This is great stuff! Love the details.
What is your locality? You know I've never read how someone can make sense out of such a file like you just have...

Re: Hacking the CTX
Posted by: is0-mick
Date: January 23, 2017 06:28AM
Hi bklein, Thanks.

I'm in the UK. I've messed with different kinds of electronic stuff for ages, on a side note I do own a detector which a minelab explorer II.

I saw a few people comment about how could anyone improve the detector? which seemed to come across in a quite negative way...

Well they obviously haven't came across projects such as chdk, which adds a whole host of new features to canon cameras, or ddwrt which adds a whole host of new features to an array of routers.

I myself have hacked other devices to add extra functionality such as the vtech innotab, and the leapfrog tv.
I even added wifi to a unit that didn't have it previously.

Edited 2 time(s). Last edit at 01/23/2017 06:38AM by is0-mick.

Re: Hacking the CTX
Posted by: mypenneys
Date: January 23, 2017 07:45PM
There is no ARM 2 processor in the CTX3030 I've had all the boards out. I've Posted photos of each board.
Now the only area I haven't taken apart is the behind the Display could there be a processor in the Control
panel very possible. But in the box they are all small chips none of which resemble a processor.
If anyone can provide information on its location would appreciate it. The biggest chip in the unit is the
GPS Module that's it.

Re: Hacking the CTX
Posted by: is0-mick
Date: January 23, 2017 08:51PM
Hi mypenneys,
What is underneath this part where the GPS aerial goes? It looks like you would need to de-solder about 5 points to remove the shielding PCB.

I think that's where the processor / ram / spi flash probably live.

Re: Hacking the CTX
Posted by: is0-mick
Date: January 28, 2017 12:51PM
Managed to get hold of the minelab open source iso, and noticed this file u-boot-2009.01/cpu/arm926ejs/mx25/serial.c

it seems the processor chip used belongs to the i.MX25 family of chips. arm926ejs processor?

The code also looks like the Uboot Uart is set up, which is similar to what I saw in the kernel when I pulled the firmware image apart.
bootargs=lpj=32896 mem=64M console=ttymxc1,115200

So someone should be able to hook up a usb to serial ttl converter to possibly those 3 points I mentioned, and be able to interact with bootloader / linux on the thing.

The main stumbling block would be reverse engineering the minelab pod software and building your own, as with that not being open source, you'd pretty much have to re-write it from scratch.

Re: Hacking the CTX
Posted by: robinb
Date: January 29, 2017 10:58AM
Interesting photos.

What is the seal like when you open up the box ?

Sorry, only registered users may post in this forum.

Click here to login