Software defined radio and widespread software-controlled PLL synthesis for RF has been a game changer. Things like the RTL-SDR can be any kind of radio you like on almost any frequency you like. But not every SDR or PLL system opens the configuration doors to you, the end user. That was the problem [vgnotepad] faced when trying to connect a Sennheiser wireless microphone to some receivers. They didn’t use the same frequencies, even though the transmitter was programmable. The solution to that is obvious — hack the transmitter!
The post is only part one of several parts and if you read to the end, you’ll learn a lot about what’s inside the device and how to crack it. Luckily, the device uses a PIC processor, so getting to the software wasn’t a big issue.
The PIC uses I2C to communicate with the configuration EEPROM, so a little snooping on the bus went a long way. Dumping things out led to finding the frequency settings. By part six of the post, things were all working great.
If you need a primer on PLLs, start here. Or build your own with an Arduino.
At the end there’s a link to a great article on how to reverse engineer a microcontroller. :)