High-End Ham Radio Gives Up Its Firmware Secrets

Amateur radio operators have always been at the top of their game when they’ve been hacking radios. A ham license gives you permission to open up a radio and modify it, or even to build a radio from scratch. True, as technology has advanced the opportunities for old school radio hacking have diminished, but that doesn’t mean that the new computerized radios aren’t vulnerable to the diligent ham’s tender ministrations.

A case in point: the Kenwood TH-D74A’s firmware has been dumped and partially decoded. A somewhat informal collaboration between [Hash (AG5OW)] and [Travis Goodspeed (KK4VCZ)], the process that started with [Hash]’s teardown of his radio, seen in the video below. The radio, a tri-band handy talkie with capabilities miles beyond even the most complex of the cheap imports and with a price tag to match, had a serial port and JTAG connector. A JTAGulator allowed him to probe some of the secrets, but a full exploration required spending $140 on a spare PCB for the radio and some deft work removing the BGA-packaged Flash ROM and dumping its image to disk.

[Travis] picked up the analysis from there. He found three programs within the image, including the radio’s firmware and a bunch of strings used in the radio’s UI, in both English and Japanese. The work is far from complete, but the foundation is there for further exploration and potential future firmware patches to give the radio a different feature set.

This is a great case study in reverse engineering, and it’s really worth a trip down the rabbit hole to learn more. If you’re looking for a more formal exploration of reverse engineering, you could do a lot worse than HackadayU’s “Reverse Engineering with Ghidra” course, which just wrapping up. Watch for the class videos soon. Continue reading “High-End Ham Radio Gives Up Its Firmware Secrets”

Hackaday Links: June 28, 2020

You can imagine how stressful life is for high-power CEOs of billion-dollar companies in these trying times; one is tempted to shed a tear for them as they jet around the world and plan their next big move. But now someone has gone and upset the applecart by coming up with a way to track executive private jets as they travel across North America. This may sound trivial, but then you realize that hedge fund managers pay big money for the exact same data in order to get an idea of who is meeting with whom and possibly get an idea of upcoming mergers and acquisitions. It’s also not easy, as the elites go to great lengths to guard their privacy. Luckily, the OpenSky Network lists all ADS-B traffic its web of ground stations receives, unlike other flight monitoring sites which weed out “sensitive” traffic. Python programs scrape the OpenSky API and cross-reference plane registrations with the FAA database to see which company jets are doing what. There are plenty of trips to Aspen and Jackson Hole to filter out, but with everyone and his little brother fancying themselves a day trader lately, it’s another tool in the toolbox.

We got a nice note from Michelle Thompson this week thanking us for mentioning the GNU Radio Conference in last week’s Links article, and in particular for mentioning the virtual CTF challenge that they’re planning. It turns out that Michelle is deeply involved in designing the virtual CTF challenge, after having worked on the IRL challenges at previous conferences. She shared a few details of how the conference team made the decision to go forward with the virtual challenge, inspired in part by the success of the Hack-A-Sat qualifying rounds, which were also held remotely. It sounds like the GNU Radio CTF challenge will be pretty amazing, with IQ files being distributed to participants in lieu of actually setting up receivers. We wish Michelle and the other challenge coordinators the best of luck with the virtual con, and we really hope a Hackaday reader wins.

Amateur radio is often derided as a hobby, earning the epithet “Discord for Boomers” according to my son. There’s more than a grain of truth to that, but there are actually plenty of examples where a ham radio operator has been able to make a big difference in an emergency. Case in point is this story from the Western Massachusetts ARRL. Alden Jones (KC1JWR) was hiking along a section of the Appalachian Trail in southern Vermont last week when he suddenly got light-headed and collapsed. A passing hiker who happened to be an emergency medical technician rendered aid and attempt to contact 911 on his cell phone, but coverage was spotty and the dispatcher couldn’t hear him. So Alden, by this point feeling a little better, pulled out his handy talkie and made an emergency call to the local repeater. Luckily the Western Massachusetts Traffic Net was just about to start, so they went into emergency mode and coordinated the response. One of the hams even went to the rescue staging area and rigged up a quick antenna to improve the signal so that rescuers could finally get a helicopter to give Alden a ride to the hospital. He’s fine now, and hats off to everyone who pitched in on the eight-hour rescue effort.

And finally, there are obviously a lot of details to be worked out before anyone is going to set foot on the Moon again. We’ve got Top Peopleā„¢ working on all the big questions, of course, but apparently NASA needs a little help figuring out how and where the next men and first women on the Moon are going to do their business. The Lunar Loo Challenge seeks innovative designs for toilets that can be used in both microgravity and on the lunar surface. There is $35,000 in prize money for entrants in the Technical division; NASA is also accepting entries in a Junior division, which could prove to be highly entertaining.

Tackling Trunked Radio With Software

For those starting to wade into radio as a hobby, one of the first real technical challenges is understanding trunked radio systems. On the surface, it seems straightforward: A control channel allows users to share a section of bandwidth rather than take up one complete channel, allowing for greater usage of the frequency range. In practice though it can be difficult to follow along, but now it’s slightly easier thanks to software defined radio.

This guide comes to us from [AndrewNohawk], who is located in San Francisco and is using his system to monitor police, fire, and EMS activity. These groups typically used trunked radio systems due to the large number of users. For listening in, nothing more than an RTL-SDR setup is needed, and the guide walks us through using this setup to find the control channels, the center frequency, and then identifying the “talk groups” for whichever organization you want to listen in on.

The guide goes into great detail, including lists of software needed to get a system like this started up, and since [AndrewNohawk] is a self-identified “radio noob” the guide is perfectly accessible to people who are new to radio and specifically new to trunked systems like these. Once you get the hang of it, it’s not too hard to scale up, either.

Hackaday Links: May 3, 2020

In a sign of the times, the Federal Communications Commission has officially signed off on remote testing sessions for amateur radio licensing in the United States. Testing in the US is through the Volunteer Examiner Coordinator program, which allows teams of at least three Volunteer Examiners to set up in-person testing sessions where they proctor amateur radio licensing exams. The VEs take their jobs very seriously and take pride in offering exam sessions on a regular schedule, so when social distancing rules made their usual public testing venues difficult to access, many of them quickly pivoted to remote testing using teleconferencing applications. Here’s hoping that more VEs begin offering remote testing sessions.

Another aspect of life changed by COVID-19 and social distancing rules has been the simple pleasure of a trip to the museum. And for the museums themselves, the lack of visitors can be catastrophic, both in terms of fulfilling their educational and research missions and through the lack of income that results. To keep the flame alive in a fun way, Katrina Bowen from The Centre for Computing History in Cambridge has recreated her museum in loving detail in Animal Crossing: New Leaf. For being limited to what’s available in the game, Katrina did a remarkable job on the virtual museum; we especially like the Megaprocessor wallpaper. She even managed to work in that staple last stop of every museum, the gift shop.

To the surprise of few, “spatial computing” startup Magic Leap has announced that it is laying off half its workforce as it charts a new course. The company, which attracted billions in funding based on its virtual retinal display technology, apparently couldn’t sell enough of their Magic Leap One headsets to pay the bills. The company is swiveling to industrial users, which honestly seems like a better application for their retinal display technology than the consumer or gaming markets.

And finally, as if 2020 hasn’t been weird enough already, the Department of Defense has officially released videos of what it calls “unidentified aerial phenomena.” These videos, taken from the head-up displays of US Navy fighter jets, had previously been obtained by private parties and released to the public. Recorded between 2004 and 2015, the videos appear to show objects that are capable of extremely high-speed flight and tight maneuvers close to the surface of the ocean. We find the timing of the release suspicious, almost as if the videos are intended to serve as a distraction from the disturbing news of the day. We want to believe we’re not alone, but these videos don’t do much to help.

Hackaday Links: April 5, 2020

Git is powerful, but with great power comes the ability to really bork things up. When you find yourself looking at an inscrutable error message after an ill-advised late-night commit, it can be a maximum pucker-factor moment, and keeping a clear enough head to fix the problem can be challenging. A little proactive social engineering may be in order, which is why Jonathan Bisson wrote git-undo, a simple shell script that displays the most common un-borking commands he’s likely to need. There are other ways to prompt yourself through Git emergencies, like Oh Shit, Git (or for the scatologically sensitive, Dangit Git), but git-undo has the advantage of working without an Internet connection.

Suddenly find yourself with a bunch of time on your hands and nothing to challenge your skills? Why not try to write a program in a single Tweet? The brainchild of Dominic Pajak, the BBC Micro Bot Twitter account accepts tweets and attempts to run them as BASIC programs on a BBC Microcomputer emulator, replying with the results of the program. It would seem that 280 characters would make it difficult to do anything interesting, but check out some of the results. Most are graphic displays, some animated, and with an unsurprising number of nods to 1980s pop culture. Some are truly impressive, though, like Conway’s Game of Life written by none other than Eben Upton.

The COVID-19 pandemic is causing all sorts of cultural shifts, but we didn’t expect to see much change in the culture of a community that’s been notoriously resistant to change for over a century: amateur radio. One of the most basic facts of life in the amateur radio world is that you need a license to participate, with governments regulating the process. But as a response to the pandemic, Spain has temporarily lifted licensing requirements for amateur radio operators. Normally, an unlicensed person is only allowed to operate on amateur bands under the direct supervision of a licensed amateur. The rules change allows unlicensed operators to use a station without supervision and is intended to give schoolchildren trapped at home an educational experience. In another change, some countries are allowing special callsign suffixes, like “STAYHOME,” to raise awareness during the pandemic. And the boom in interest in amateur radio since the pandemic started is remarkable; unfortunately, finding a way to take your test in a socially distant world is quite a trick. Our friend Josh Nass (KI6NAZ) has some thoughts about testing under these conditions that you might find interesting.

And finally, life goes on during all this societal disruption, and every new life deserves to be celebrated. And when Lauren Devinck made her appearance last month, her proud parents decided to send out unique birth announcement cards with a printed circuit board feature. The board is decorative, not functional, but adds a distinctive look to the card. The process of getting the boards printed was non-trivial; it turns out that free-form script won’t pass most design rule tests, and that panelizing them required making some compromises. We think the finished product is classy, but can’t help but think that a functional board would have really made a statement. Regardless, we welcome Lauren and congratulate her proud parents.

Shoot The Moon With This Homebrew Hardline RF Divider

You can say one thing for [Derek]’s amateur radio ambitions — he certainly jumps in with both feet. While most hams never even attempt to “shoot the Moon”, he’s building out an Earth-Moon-Earth, or EME, setup which requires this little beauty: a homebrew quarter-wave hardline RF divider, and he’s sharing the build with us.

For background, EME is a propagation technique using our natural satellite as a passive communications satellite. Powerful, directional signals can bounce off the Moon and back down to Earth, potentially putting your signal in range of anyone who has a view of the Moon at that moment. The loss over the approximately 770,000-km path length is substantial, enough so that receiving stations generally use arrays of high-gain Yagi antennas.

That’s where [Derek]’s hardline build comes in. The divider acts as an impedance transformer and matches two 50-ohm antennas in parallel with the 50-ohm load expected by the transceiver. He built his from extruded aluminum tubing as the outer shield, with a center conductor of brass tubing and air dielectric. He walks through all the calculations; stock size tubing was good enough to get into the ballpark for the correct impedance over a quarter-wavelength section of hardline at the desired 432-MHz, which is in the middle of the 70-cm amateur band. Sadly, though, a scan of the finished product with a NanoVNA revealed that the divider is resonant much further up the band, for reasons unknown.

[Derek] is still diagnosing, and we’ll be keen to see what he comes up with, but for now, at least we’ve learned a bit about homebrew hardlines and EME. Want a bit more information on Moon bounce? We’ve got you covered.

Continue reading “Shoot The Moon With This Homebrew Hardline RF Divider”

Hackaday Links: March 22, 2020

Within the span of just two months, our world of unimaginable plenty and ready access to goods manufactured across the globe has been transformed into one where the bare essentials of life are hard to find at any price. The people on the frontline of the battle against COVID-19 are suffering supply chain pinches too, often at great risk to their health. Lack of proper personal protective equipment (PPE), especially face masks, is an acute problem, and the shortage will only exacerbate the problem as healthcare workers go down for the count. Factories are gearing up to make more masks, but in the meantime, the maker and hacker community can pitch in. FreeSewing, an open-source repository of sewing patterns, has a pattern for a simple face mask called the Fu that can be made quickly by an experienced threadworker. Efficacy of the masks made with that pattern will vary based on the materials used, obviously; a slightly less ad hoc effort is the 100 Million Mask Challenge, where volunteers are given a pattern and enough lab-tested materials to make 100 face masks. If you know how to sew, getting involved might make a difference.

As people around the world wrap their heads around the new normal of social distancing and the loss of human contact, there’s been an understandable spike in interest in amateur radio. QRZ.com reports that the FCC has recorded an uptick in the number of amateur radio licenses issued since the COVID-19 outbreak, and license test prep site HamRadioPrep.com has been swamped by new users seeking to prepare for taking the test. As we’ve discussed, the barrier for entry to ham radio is normally very low, both in terms of getting your license and getting the minimal equipment needed to get on the air. One hurdle aspiring hams might face is the cancellation of so-called VE testing, where Volunteer Examiners administer the written tests needed for each license class. Finding a face-to-face VE testing session now might be hard, but the VEs are likely to find a way to adapt. After all, hams were social distancing before social distancing was cool.

The list of public events that have been postponed or outright canceled by this pandemic is long indeed, with pretty much everything expected to draw more than a handful of people put into limbo. The hacking world is not immune, of course, with many high-profile events scuttled. But we hackers are a resourceful bunch, and the 10th annual Open Source Hardware Summit managed to go off on schedule as a virtual meeting last week. You can watch the nearly eight-hour livestream while you’re self-isolating. We’re confident that other conferences will go virtual in the near-term too rather than cancel outright.

And finally, if you’re sick of pandemic news and just want some escapist engineering eye candy, you could do worse than checking out what it takes to make a DSLR camera waterproof. We’ve honestly always numbered cameras as among the very least waterproof devices, but it turns out that photojournalists and filmmakers are pretty rough on their gear and expect it to keep working even so. The story here focuses (sorry) on Olympus cameras and lenses, which you’ll note that Takasu-san only ever refers to as “splash-proof”, and the complex system of O-rings and seals needed to keep water away from their innards. For our money, the best part was learning that lenses that have to change their internal volume, like zoom lenses, need to be vented so that air can move in and out. The engineering needed to keep water out of a vented system like that is pretty impressive.