One of the best things about having your amateur radio license is that it allows you to legally build and operate transmitters. If you want to build a full-featured single-sideband rig with digital modes, have at it. But there’s a lot of fun to be had and a lot to learn from minimalist builds like this Michigan Mighty-Mite one-transistor 80-meter band transmitter.
If the MMM moniker sounds familiar, it may be because of this recent post. And in fact, [W2AEW]’s build was inspired by the same SolderSmoke blog posts that started [Paul Hodges] on the road to his breadboard and beer can build. [W2AEW]’s build is a bit sleeker, to be sure, but where the video really shines is in the exploration and improvement of the signal quality. The basic Mighty-Mite outputs a pretty dirty signal – [W2AEW]’s scope revealed 5 major harmonic spikes, and what was supposed to be a nice sine wave was full of divots and potholes. There’s only so much one transistor, a colorburst crystal and a couple of capacitors can do, so the video treats us to an explanation of the design of the low-pass filter needed to get rid of the harmonics and clean up the output into a nice solid sine wave.
If your Morse skills aren’t where they should be to take advantage of the Might-Mite’s CW-only mode, then you’ll need to look at other modulations. Maybe a tiny FM transmitter would suit your needs better?
Sometimes words just have to be spelled for others. I’ve been on phone conversations where the person on the other end is spelling for me and it’s painful. “Was that a ‘b’ or a ‘p’?” Sometimes they’ll try on the fly to use words with the beginning letter trying to convey the letter: “B as in boy”. Then they’ll get stumped mumbling while they think desperately for ‘k’ words… ‘ketchup’. Okay, but is that really ketchup or catsup? Now think how much easier spelling is on a phone than over a poor quality radio channel. What we say, and how we say it is the key to our brain’s ability to error correct human speech. It’s a solved problem that was built into radio etiquette long ago.
What happens when part of a radio transmitting service listened to by over half the country needs to be replaced? That was a recent challenge for the BBC’s Research and Development team last year, and if you’re from the UK — you wouldn’t have noticed a single thing.
[Justin Mitchell] is a principle engineer in R&D at BBC, and just this past year had to transition the audio coding system installed in 1983 to new hardware due to failing circuit boards and obsolete components. The encoding is used to get audio from a central source to broadcasting towers all over the country. The team had to design and build a replacement module that would essentially replace an entire server rack of ancient hardware — and make it plug-and-play. Easy, right? Continue reading “35 Million People Didn’t Notice When Zynq Took Over Their Radio”→
Every once in a great while, a piece of radio gear catches the attention of a prolific hardware guru and is reverse engineered. A few years ago, it was the RTL-SDR, and since then, software defined radios became the next big thing. Last weekend at Shmoocon, [Travis Goodspeed] presented his reverse engineering of the Tytera MD380 digital handheld radio. The hack has since been published in PoC||GTFO 0x10 (56MB PDF, mirrored) with all the gory details that turn a $140 radio into the first hardware scanner for digital mobile radio.
The Tytera MD-380 digital radio
The Tytera MD380 is a fairly basic radio with two main chips: an STM32F405 with a megabyte of Flash and 192k of RAM, and an HR C5000 baseband. The STM32 has both JTAG and a ROM bootloader, but both of these are protected by the Readout Device Protection (RDP). Getting around the RDP is the very definition of a jailbreak, and thanks to a few forgetful or lazy Chinese engineers, it is most certainly possible.
The STM32 in the radio implements a USB Device Firmware Upgrade (DFU), probably because of some example code from ST. Dumping the memory from the standard DFU protocol just repeated the same binary string, but with a little bit of coaxing and investigating the terrible Windows-only official client application, [Travis] was able to find non-standard DFU commands, write a custom DFU client, and read and write the ‘codeplug’, an SPI Flash chip that stores radio settings, frequencies, and talk groups.
Further efforts to dump all the firmware on the radio were a success, and with that began the actual reverse engineering of the radio. It runs an ARM port of MicroC/OS-II, a real-time embedded operating system. This OS is very well documented, with slightly more effort new functions and patches can be written.
In Digital Mobile Radio, audio is sent through either a public talk group or a private contact. The radio is usually set to only one talk group, and so it’s not really possible to listen in on other talk groups without changing settings. A patch for promiscuous mode – a mode that puts all talk groups through the speaker – is just setting one JNE in the firmware to a NOP.
The Tytera MD-380 ships with a terrible Windows app used for programming the radio
With the help of [DD4CR] and [W7PCH], the entire radio has been reverse engineered with rewritten firmware that works with the official tools, the first attempts of scratch-built firmware built around FreeRTOS, and the beginnings of a very active development community for a $140 radio. [Travis] is looking for people who can add support for P25, D-Star, System Fusion, a proper scanner, or the ability to send and receive DMR frames over USB. All these things are possible, making this one of the most exciting radio hacks in recent memory.
Before [Travis] presented this hack at the Shmoocon fire talks, intuition guided me to look up this radio on Amazon. It was $140 with Prime, and the top vendor had 18 in stock. Immediately after the talk – 20 minutes later – the same vendor had 14 in stock. [Travis] sold four radios to members of the audience, and there weren’t that many people in attendance. Two hours later, the same vendor had four in stock. If you’re looking for the best hardware hack of the con, this is the one.
“Hi! I’m Rud, Kilo Five Romeo Uniform Delta.” That’s me introducing myself at a ham meeting. Ham radio operators kid that we don’t have last names, we have call signs.
Becoming an Amateur Radio Operator (ARO), our more formal name, is not difficult and opens a world of interesting activities, including hacking. As with anything new, becoming actively involved with an existing club can be daunting. The other hams at a meeting are catching up with their buddies and often seem uninterested in the new guy standing nearby. Some groups will invite new members to stand and introduce themselves early in the meeting, which helps break the ice.
Regardless of how anyone else acts at the meeting there is one ham who is always looking for someone new – the ham who manages public service events, where amateur radio operators help establish communications for large public gatherings. These can be local bike rides, walks, or runs; I’ve even seen hams working an art show. In the nomenclature adopted since 9/11, these are “planned incidents” in contrast to “unplanned incidents” like hurricanes, tornadoes, forest fires, snow storms, and other natural or man made disasters. Working planned incidents is training for unplanned incidents when that need arises. The basic activities for AROs are the same.
Here in the Houston there are two very big events that enlist hundreds of hams. The big one in January is the Houston Marathon. The other large event is the Houston to Austin Multiple Sclerosis 150 (MS 150) mile bike ride in April. That event starts on Saturday morning, takes a break mid-way on Saturday evening, and finally wraps up late on Sunday evening. Starting in the fall there are warm-up events for the Marathon and in the late winter bike rides to prepare riders for the MS-150. There are also other marathons, Iron Man races, walks, runs, and races throughout the year. Wherever your are, there are probably events nearby and they can always make use of your radio capability.
1986: The US and Russia signed arms agreements, Argentina won the world cup, and Star Trek IV: The Voyage Home hit the theaters. Trekkies and the general public alike enjoyed the film. Some astute hams though, noticed a strange phenomenon about halfway through the film. During a pivotal scene, Scotty attempts to beam Chekov and Uhura off the Enterprise, but has trouble with interference. The interference can be heard over the ubiquitous Star Trek comm link. To many it may sound like random radio noise. To the trained ear of a [Harold Price, NK6K] though, it sounded a heck of a lot like packet radio transmissions.
[Bob] didn’t own his own Cray 2 of course, this particular computer was property of the National Security Agency (NSA). He received permission to test Frequency Shift Keyed (FSK) decoder algorithms. Can you guess what his test dataset was?
The signal required a lot of cleanup: The original receiver was tuned 900 Hz below the transmission frequency. There also was a ton of noise. To make matters worse, Scotty kept speaking over the audio. Thankfully, AX.25 is a forgiving protocol. [Bob] persevered and was able to obtain some usable data. The signal turned out to be [Bill Harrigill, WA8ZCN] sending a Receive Ready (RR) packet to N6AEZ on 20 meters. An RR packet indicates that [Bill’s] station had received all previous packets and was ready for more. [Bob] called to [Bill], who was able to verify that it was probably him transmitting in the 1985 or 1986, around the time the sound editors would have been looking for effects.
That’s a pretty amazing accomplishment, especially considering it was 1989. Today, we carry supercomputers around in our pockets. The Cray 2 is roughly equivalent to an iPhone 4 in processing power. Modern laptop and desktop machines easily out class Seymour Cray’s machine. We also have software like GNU Radio, which is designed to decode data. Our challenge to you, the best readers in the world, is to replicate [Bob McGwier’s] work, and share your results.
The design is based on a MAX2606 voltage-controlled oscillator (VCO) chip that can do 70-150MHz. [Afroman] sets it up to oscillate at about 100MHz using a 390nH inductor. He also put a potentiometer voltage divider on the 2606’s tuning pin. Voltage changes issued through the pot alter the transmitting frequency in small increments, making it easy to dial in a suitable channel for your broadcast. Add an electret mic and about a meter’s worth of solid-core wire and you have yourself an FM transmitter that is good for around 20 meters.
There are plenty of ways to build a small FM transmitter that allow for some experimentation and don’t involve placing SMD components. We covered a build last summer that uses a couple of 3904s and rides a 9V connector salvaged from a dead battery. The downside is that transistor-based transmitters tend to be less frequency-stable than a VCO chip.
By 1989, the film was out on VHS and laser disc. With high quality audio available, 
