For Christmas, [Lior] received a Baofeng UV5R radio. He didn’t have an amateur radio license, so he decided to use it as a police scanner. Since the schematics were available, he cracked it open and hacked it.
This $40 radio communicates on the 136-174 MHz and 400-480 MHz bands. It uses a one-time programmable microcontroller and the RDA1846 transceiver. With the power traces to the MCU cut, [Lior] was able to send his own signals to the chip over I2C using an Arduino. He also recorded the signals sent by the stock microcontroller during startup, so that he could emulate it with the Arduino.
Once communication was working on an Arduino, [Lior] decided to get rid of the stock microcontroller. He desoldered the chip, leaving exposed pads to solder wires to. Hooking these up to the Arduino gave him a programmable way to control the device. He got his radio license and implemented transmission of Morse Code, and an Arduino sketch is available in the write up.
[Lior] points out that his next step is to make a PCB to connect a different microcontroller to the device. This will give him a $40 radio that is fully programmable. After the break, check out a video of the hacked radio in action.
Subscribe for weekly videos
Excellent hack. _This_ is what hacking is all about.
This is great. I often wonder when some enterprising company will make an “open source” ham radio — with a programmable microcontroller, a display, and a transciever. Design your own radio OS, your own display layout, etc. Nice work!
73, Bill AD8BC
Perhaps type acceptance would be an issue. As hams the FCC does allow us to build or modify our own devices but we aren’t allowed to market them without type acceptance.
I’m thinking you would have to take a two-micro approach. One controls the transmit vfo/power while the other is the user interface. The user-interface one is open and can be hacked at will by the owner. No matter what values it sends on to the transmitter controler micro though it will not do anything outside of certain parameters.
Something I have been thinking about though is an open protocol for controling a radio via computer, micorcontroler, etc… As part of the protocol the radio would ‘tell’ the computer what controls it has, what their ranges are, etc… It wouldn’e exactly define a user interface but it would tell that this control is volume, this one controls a vfo, etc…
If connecting to a computer for example, the user’s application could decide how it wants to implement the control. Maybe volume gets a slider, vfo gets a numeric control, etc… Just plug it in and the computer talks to the device then generates an interface to control it. Users could change those defaults then, what kind of control should the vfo use, etc…
We could use micros, touch panels, rotary encoders etc… to design and build our own head units that speak the protocol and work the same way.
Yeah that was kind of my idea, the “radio board” itself would be fixed as a type-accepted radio. The “control board” for it would be open — and basically would send transmit freq, receive freq, PL/DCS tone, etc to the “Radio Board”. The radio could ship from the manufactuter with a basic operating and display program but the user could re-program, create memory arrays, scan routines, etc. Of course the manufacturer could build in a little TNC unit (a la https://www.argentdata.com/catalog/product_info.php?products_id=136) and it could be enabled/disabled by discrete output and serial data could flow into the processor so one could program it to be a standalone APRS radio too.
I’m imagining a mobile 50W radio with a remote control head, the control head could attach serially and have rotary encoders for volume, tuning, and menu select, a few buttons for user-programmed features and navigation. The LCD display would almost be trivial.
Check out the ghpsdr3-alex fork; control multiple RF backends across a network from anything with a screen that talks IP and runs Qt – supports HPSDR, softrock, RTL-SDR backends, and more…. control the SDR in your shack or on another continent on the LCD TV in your lounge…
NICE!! I got one for Xmas too. I’ll be sure to give you any feedback I may have.
That is really cool. As someone that is scoping out the amateur radio hobby, this is very interesting.
Nice hack. I just picked up a KST V6 220MHz. I love the radio. It’s 5W output on the band which is really nice.
My Yaesu also does the 220MHz band but limits you to 300mW. Has to do with the PA being finicky about it. So the KST V6 fills that void. Plus it’s about 150g lighter than the Yaesu. Granted the Yaesu has a Magnesium case, the KST is plastic.
You know, while he was at it he should have just gone and got his license…
” He got his radio license and implemented transmission of Morse Code,”
He did get his license.
RTFA – He did get his license. XD
Testing times, dates and locations vary, and they’re not always frequent. He got his license after he’d done part of the project.
What I wonder is, why did he stop with a technician license? It looks to me like this project demonstrates that he knows electronics theory well enough to get the General, and probably Extra class license. There are a few regulatory questions on the exams as well, but those shouldn’t be too hard to study up on. True, the additional licenses would not add privileges relevant to this VHF/UHF project, but once you pay your $15 fee for an exam, you can keep taking tests until you either fail one or pass them all. So there’s no advantage to stopping at the technician level.
Anyway, neat hack..
Since I just got into ham, I did not plan/or know about the general or the extra. I was very happy to just be able to transmit. However, when I took the technician, I did try to take the general afterwards but missed it by 2 questions. I did not study for it at all, so I did not know any of the regulations (which seems to be a good portion of the general) as well as when and how to send HF radio signals. However, I am currently studying for both the general and extra, and will take them next month.
Lior
KK6BWA
That’s fantastic! This is pretty much one of the main reasons I got my ham ticket back in November. The guy I share an office with is an old EE / ham so I had all the resources I needed literally staring me in the face.
Seriously, great work. Everything you’ve done here embodies the entire movement of ham radio and the original innovators.
Matt
-KK4NAA
Sounds good, and congrats. It’s true that some of the questions are a bit arcane, especially on the Extra exam. But you obviously have a huge head start with the background for much of the material which many “appliance operators” find difficult. With just a little bit of study, I’m sure you’ll do very well.
Rich
AG6QR
There is a lot of fun to be had on the HF bands :)
KB1WKI
According to the write up on this site, he did.
Very very cool! Stuff like this is why I read HaD.
The hack I did on this radio was all software based…
It’s nice to see someone doing a hard mod though! I need to get ahold of this guy and see if we can reflash the firmware.
CorrosiveOne,
Do you have info on your software hack somewhere?
hmm nice hack :) but i wonder if the filtering etc would be any good at 220mhz? Like most cheap radio’s from our far eastern cousins I feel they are only roughly on spec for what they quote :)
73′s
G7COG
very cool. I recently picked up one of these radios too. for those interested in more info on the uv-5r there is a yahoo group that hosts tons of info on the radio itself. search for “baofeng uv-5r yahoo group”
nice one!!
wanted to do this to a UV-3R since a year, but no time :(
will give your hack a try on it :)
Makes me wonder if all of the frequency response is handled in the MC, or if it is still in hardware like they used to be. If it is all handled in the MC, then there is the possibility of reprogramming the MC to run the radio on frequencies that were never intended by the manufacturer, essentially, a “universal” radio.
All the of the frequency response and modulations/demodulations happens in the RDA1846, which is basically a SDR with a DSP to do the modulations/demodulations. The RDA1846 has a fixed frequencies and modes that it will RX/TX on, and its controller by the MCU (http://sdr.ipip.cz/datasheets/RDA1846.pdf). I was going to try to mess around with the VCO of the RDA1846 to see if it can handle other frequencies (but its not made to work on frequencies other then the ones its made for). However, the RF amps and filtering on the chips are only made for the 2M/70cm band.
Lior
KK6BWA
There are lots of “open source” radio designs. They’re sold as kits by lots of people. The more ambitious designs don’t often last past one run of kits because of the amount of work it is to prepare the kits. But all the documentation is available.
The chief obstacle is not type acceptance, but lack of market. As for programmable RF sections there are many of those on the market as fully assembled units.
FWIW I don’t recall ever seeing any requirement for type acceptance of amateur equipment. The operator is responsible for the legal operation of the equipment. Other radio services, CB, FMRS, etc do have a type acceptance requirement.
At least here in the UK once you get your Intermediate license the only requirements are: 1- it is in band, 2- lack of interference and 3- power level. Foundation holders need CE marked equipment.
de 2e0reb
Has anyone tried this? I’ trying to determine the pinouts of the microcontroller.
If you look on the bottom of this page:
http://www.liorelazary.com/index.php?option=com_content&view=article&id=49%3Ahacking-the-baofeng-uv5r&catid=14%3Abaofeng-uv5r&Itemid=17&limitstart=2
You will see the pinout of thier microcontroller.
Lior
KK6BWA
I’ve removed the qfp44 (that’s the EM78P568 microcontroller, correct?) but the datasheet linked only shows the pinout for a QFP100.
I did find what I was looking for here, on the last page. http://goo.gl/oOFK6 It’s the service manual for the Wouxon KG-UVD1, which apparently uses the exact same IC.
Ok I see the confusion, I was referencing the uv5r schematics when I was tracing the pins.
I updated the page to be more specific and show the pin numbers as well as the mcu from the schematics.
Hope this helps.
http://www.liorelazary.com/index.php?option=com_content&view=article&id=49%3Ahacking-the-baofeng-uv5r&catid=14%3Abaofeng-uv5r&Itemid=17&limitstart=2
Lior
KK6BWS
Reblogged this on guardian of light and commented:
I’m attempting to replicate this project, and hopefully, I’ll turn it into a neat little software-defined radio for 2m, 1.25m, and 70cm. We shall see shortly.
You may want to check out this other hack I have been working on. I have managed to upload a new firmware to the uv3r using an arduino. For now the firmware is a proof of concept so it only tunes to 145.525 and listens to a signal. When a strong signal is received it will play back 3 dtmf tones. Flashing the chip was accomplished with an arduino and only requires soldering 5 wires to direct pads on the radio (as seen in the video). So its much simpler then removing the cpu. Also, I am working on a firmware, which will allow you to control the radio fully using the serial port. I just finished this hack this weekend, and will need to assemble, clean up the code and post it on my website (www.liorelazary.com) by next week.
You can see a video here:
I will be posting updates here: http://groups.yahoo.com/group/UV-3R/message/8141
Once I have all the documentation, I will submit back to hackaday.
Lior
KK6BWA
Very nice! I am working with a (mostly) destroyed UV5R, and mainly trying to scavenge the internals (case, keypad and screen destroyed.)
I look forward to seeing your next project.
P.S. After changing those registers, were you able to transmit on the 1.25M band?
Yea, if you look on this page:
http://www.liorelazary.com/index.php?option=com_content&view=article&id=49%3Ahacking-the-baofeng-uv5r&catid=14%3Abaofeng-uv5r&Itemid=17&limitstart=7
you can see a video transmitting on 223.5MHz. Unfortunately, I did not have a radio capable of tuning to 223.5MHz, so I used another UV5R tuned to the first harmonic (447MHz) to receive. It seems to work at 400 feet away.
Lior
KK6BWA
This is very cool! For such a cheap radio, the UV5R is one of the best hackable little radios out there. It would be cool to use a UV-5R in something like a data telemetry project, where a sensor gathers data (like temperature) and then streams it back remotely via a microcontroller. Cool project ideas. 73s – Benjamin, KD8POH