Ham Radio Traffic Logger Using A Bug In Baofeng Electronics

A Baofeng radio is often one of the first purchases a new ham radio operator makes these days due to the decent features and low price tag. They are far from perfect, but with a bit of creative inspiration, it’s possible to make the quirks work in your favor. By taking advantage of a loud pop on the earphone outputs whenever the LCD backlight turns on, [WhiskeyTangoHotel] built a radio traffic counter using an ESP8266.

Whenever there is a transmission on one of the frequencies the radio is tuned to, the backlight turns on. Connecting the audio output to an oscilloscope, [WhiskeyTangoHotel] measured a 5V spike whenever this happens. Using a pair of diodes in series to drop the voltage to a safe level, the ESP8266 detects the voltage spike and updates a Google spreadsheet with the timestamp via IFTTT.

This gave [WhiskeyTangoHotel] empirical data on how much traffic passes through the local VHF repeater, but we wouldn’t blame them if the hack itself was the real motivator.

Of course, this would also be a perfect application for the RTL-SDR, which should allow you to do the above and much more, all in software. Add a bit of AI and you can even extract the call signs. The RTL-SDR is also a good tool for learning about RF modulation.

UV5-R image via PE1RQM

20 thoughts on “Ham Radio Traffic Logger Using A Bug In Baofeng Electronics

  1. Uhm. Sound comes out of the audio jack when a received signal breaks squelch.
    That’s what it’s supposed to do. A feature, even. Not a bug.
    Though I suppose you could say it’s a poorly-engineered audio amplifier turn-on pop.
    Backlight has diddly to do with it.

    Darn. Since I have one of these, I was kinda hoping for an actual bug exploit hack here.

    1. From the description here, I thought I was missing something. There’s nothing magical. Time was a rig might have an output on an auxiliary socket that went active when the squelch opened. Useful for a variety of things. A better squelch might not be as noisy.I

      And no computer needed, just a couple of transistors off the squelch circuit. Here I guess you need a vox to be triggered by the squelch glitch, no computer needed. A 555 might help.

      So it’s just counting the times the squelch opens. A vague idea of activity, but not much since it can’t keep track of frequency. Someone might trigger one repeater a lot, but it’s just click counting.

      I still don’t know why this article mentions SDR, it won’t help count squelch clicks.

      Sometimes it helps to have a wide overview when writing, to sort tge good and bad.

  2. Interesting start.. but not that useful at this stage.
    The IFTTT Webhook was the most interesting part of this project. Nice tool!

    But the recv logging hack is an interesting start.. but not that useful by itself.. Especially since the data will 1) not be that useful without the frequency data and 2) the data will be flawed (monitoring both the A and B band) unless you force both bands to the same frequency. A more interesting application would have been to use a RPi to do a video capture to a python or tensor flow OCR setup to read and decode the active frequency from the LCD and include that in the IFTTT Google sheet logging.

    Will still bookmark for later use.. see where this leads.

    T.weeks

  3. I do the same thing with an sdr and radio scanner app. It records time stamp and duration and it also records the conversation. So I can use it just for the data or the data and voice.

  4. The audio output from Baofeng is not coupled with a capacitor and there’s a DC component in the output when the audio RX is on. This is great, since this DC offset is not dependent on the volume level and can be used for automating receiving/transmitting. That means that if you need a reliable COR/COS (carrier operated switch) for detecting the RX, this can be taken directly from the speaker output without disassembling the radio and making connections inside. Nothing to do with a loud pop or backlight turning on.

  5. I suppose it depends on whether or not Whiskey Tango Hotel is the repeater owner or not. Most repeater receivers already output a digital level signal called carrier operated squelch (COS) that is used to tell the system controller when valid input is being received. The limitation could be that there might not be physical space for a computer and/or lack of Internet access where the repeater is located – hence off-site monitoring of the repeater may be more convenient. Off-site monitoring also provides the ability to judge whether or not the transmitter and antenna are performing correctly.

  6. Its unclear what the model of the radio is. The link on the author’s site to “Baofeng” links to a external page discussing the FCC stance on Baofeng radios.

    The radio looks very much like a Baofeng DM-5R mk2, aka RD-5R.
    If so, the firmware encryption key got cracked years ago, and the OpenRTX firmware could be modified to run on this radio, and log data via its USB cable

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.