Mobile Transmitter Gets Internal GPS And Bluetooth

While [Selim Olcer] was relatively happy with his Kenwood TM-D710a radio, he didn’t like the fact that it needed a bulky external GPS “backpack” for APRS location data. So he decided to crack open the head unit and see if he couldn’t integrate his own GPS hardware (machine translation). Not only did he succeed, but he even threw in Bluetooth compatibility for good measure.

With the repair manual circuit diagrams in hand, it was no problem to find the GPS RX and TX lines that were being broken out to the external connector. Unfortunately, the radio’s electronics are all 5 volts and the GPS module [Selim] wanted to use was only 3.3 V. So he came up with a small PCB that included not only the voltage regulator to power the GPS module, but also some voltage-dividers to level shift those signals.

Since the Kenwood TM-D710a was already designed to accept a GPS upgrade module, he just needed to change some configuration options in the radio’s menus for it to see the new hardware. Technically the project was done at this point, but since there was still room in the case and he had a GPS module spitting out NMEA sentences, [Selim] tacked on a common Bluetooth serial module so he could see the position information on his smartphone. With an application like APRSdroid, he now has a nice moving map display using the position pulled from the radio’s GPS.

With this modification done it looks like the head unit is ready to go, but that’s only the beginning for a mobile rig. Now we want to see how he integrates the whole thing into the car.

High-End Ham Radio Gives Up Its Firmware Secrets

Amateur radio operators have always been at the top of their game when they’ve been hacking radios. A ham license gives you permission to open up a radio and modify it, or even to build a radio from scratch. True, as technology has advanced the opportunities for old school radio hacking have diminished, but that doesn’t mean that the new computerized radios aren’t vulnerable to the diligent ham’s tender ministrations.

A case in point: the Kenwood TH-D74A’s firmware has been dumped and partially decoded. A somewhat informal collaboration between [Hash (AG5OW)] and [Travis Goodspeed (KK4VCZ)], the process that started with [Hash]’s teardown of his radio, seen in the video below. The radio, a tri-band handy talkie with capabilities miles beyond even the most complex of the cheap imports and with a price tag to match, had a serial port and JTAG connector. A JTAGulator allowed him to probe some of the secrets, but a full exploration required spending $140 on a spare PCB for the radio and some deft work removing the BGA-packaged Flash ROM and dumping its image to disk.

[Travis] picked up the analysis from there. He found three programs within the image, including the radio’s firmware and a bunch of strings used in the radio’s UI, in both English and Japanese. The work is far from complete, but the foundation is there for further exploration and potential future firmware patches to give the radio a different feature set.

This is a great case study in reverse engineering, and it’s really worth a trip down the rabbit hole to learn more. If you’re looking for a more formal exploration of reverse engineering, you could do a lot worse than HackadayU’s “Reverse Engineering with Ghidra” course, which just wrapping up. Watch for the class videos soon. Continue reading “High-End Ham Radio Gives Up Its Firmware Secrets”

Hackaday Links Column Banner

Hackaday Links: February 5, 2017

A lot of people around here got their start in electronics with guitar pedals. This means soldering crappy old transistors to crappy old diodes and fawning over your tonez, d00d.  Prototyping guitar pedals isn’t easy, though, and now there’s a CrowdSupply project to make it easier The FX Development Board is just that — a few 1/4″ jacks, knobs, pots, power supply, and a gigantic footswitch to make prototyping guitar pedals and other musical paraphernalia easy. Think of it as a much more feature-packed Beavis Board that’s still significantly cheaper.

How do Communicators in Star Trek work? Nobody knows. Why don’t the crew always have to tap their badge before using it? Nobody knows. How can the com badge hear, ‘Geordi to Worf’, and have Worf instantly respond? Oh, we’ve argued about this on IRC for years now. Over on Hackaday.io, [Joe] is building a Star Trek com badge. The electronics are certainly possible with modern microcontrollers, but for the enclosure, we’ll have to review a few scenes from Time’s Arrow and The Enemy.

[Alois] was working with an Intel Edison on a breadboard. He was generating a signal, and sending it through a little tiny breadboard wire to an oscilloscope. The expected waveform should have been a nice square wave at 440MHz. What he got out of this wire was a mess. You shouldn’t use long wires when probing circuits. That little breadboard wire was a perfect radiator for 440MHz, and the entire setup turned into an antenna.

[Douglas] is running a Kenwood TM-D710A as his amateur radio rig. This radio does APRS stuff, but it requires an external GPS and power source to do it right. GPS receivers are now very small and very cheap, so [Douglas] just stuffed a GPS module inside his radio. The module itself is a GP-20U7, a tiny GPS module the size of a postage stamp, and wired it up to a few pads on the radio PCB.

Here’s an upcoming Kickstarter that’s going straight to the front page of Boing Boing. It’s Pong, in coffee table format which we first saw last Spring. Instead of racing the beam, this version of Pong is mechanical. The ball is a cube, the paddles are slightly longer cubes, and the entire game is a highly refined CNC machine. Here’s something from seven years ago that’s also Pong in coffee table format. Pongmechanik is electromechanical Pong, built entirely out of switches, relays, and a few motors.