Reverse Engineering The Quansheng Hardware

April 23, 2024 by Dan Maloney 11 Comments

In the world of cheap amateur radio transceivers, the Quansheng UV-K5 can’t be beaten for hackability. But pretty much every hack we’ve seen so far focuses on the firmware. What about the hardware?

To answer that question, [mentalDetector] enlisted the help of a few compatriots and vivisected a UV-K5 to find out what makes it tick. The result is a complete hardware description of the radio, including schematics, PCB design files, and 3D renders. The radio was a malfunctioning unit that was donated by collaborator [Manuel], who desoldered all the components and measured which ones he could to determine specific values. The parts that resisted his investigations got bundled up along with the stripped PCB to [mentalDetector], who used a NanoVNA to characterize them as well as possible. Documentation was up to collaborator [Ludwich], who also made tweaks to the schematic as it developed.

PCB reverse engineering was pretty intense. The front and back of the PCB — rev 1.4, for those playing along at home — were carefully photographed before getting the sandpaper treatment to reveal the inner two layers. The result was a series of high-resolution photos that were aligned to show which traces connected to which components or vias, which led to the finished schematics. ~~There are still a few unknown components~~, The schematic has a few components crossed out, mostly capacitors by the look of it, representing unpopulated pads on the PCB.

Hats off to the team for the work here, which should make hardware hacks on the radio much easier. We’re looking forward to what’ll come from this effort. If you want to check out some of the firmware exploits that have already been accomplished on this radio, check out the Trojan Pong upgrade, or the possibilities of band expansion. We’ve also seen a mixed hardware-firmware upgrade that really shines.

Open HT Surgery Gives Cheap Transceiver All-Band Capabilities

March 22, 2024 by Dan Maloney 32 Comments

Watch out, Baofeng; there’s a new kid on the cheap handy talkie market, and judging by this hardware and firmware upgrade to the Quansheng UV-K5, the radio’s hackability is going to keep amateur radio operators busy for quite a while.

Like the ubiquitous Baofeng line of cheap transceivers, the Quansheng UV-K5 is designed to be a dual-band portable for hams to use on the 2-meter VHF and 70-centimeter UHF bands. While certainly a useful capability, these bands are usually quite range-limited, and generally require fixed repeaters to cover a decent geographic area. For long-range comms you want to be on the high-frequency (HF) bands, and you want modulations other than the FM-only offered by most of the cheap HT radios.

Luckily, there’s a fix for both problems, as [Paul (OM0ET)] outlines in the video below. It’s a two-step process that starts with installing a hardware kit to replace the radio’s stock receiver chip with the much more capable Si4732. The kit includes the chip mounted on a small PCB, a new RF choke, and a bunch of nearly invisible capacitors. The mods are straightforward but would certainly benefit from the help of a microscope, and perhaps a little hot air rework. Once the hardware is installed and the new firmware flashed, you have an HT that can receive signals down to the 20-meter band, with AM and SSB modulations, and a completely redesigned display with all kinds of goodies.

It’s important to note that this is a receive-only modification — you won’t be transmitting on the HF bands with this thing. However, it appears that the firmware allows you to switch back and forth between HF receive and VHF/UHF transceive, so the radio’s stock functionality is still there if you need it. But at $30 for the radio and $12 for the kit, who cares? Having a portable HF receiver could be pretty handy in some situations. This looks like yet another fun hack for this radio; we’ve seen a few recently, including a firmware-only band expansion and even a Trojan that adds a waterfall display and a game of Pong. Continue reading “Open HT Surgery Gives Cheap Transceiver All-Band Capabilities” →

Inexpensive Ham Radio Gets Upgrades Thanks To A Trojan

July 6, 2023 by Dan Maloney 21 Comments

Love them or hate them, the crop of cheap hand-held amateur radio transceivers is here to stay. They’re generally horrible radios, often smearing spurious emissions across the spectrum, but they’re cheap enough to throw in a glove box for emergencies, and they invite experimentation — for instance, modifying the firmware to add functionality the OEM didn’t think to offer.

The new hotness in this class of radios is the Quansheng UV-K5, a two-band transceiver you can pick up for about $40, and we suspect it’ll get hotter still with this firmware trojan by [Piotr (SQ9P)]. We’ve already seen a firmware hack for these radios, one that aimed at unlocking the full frequency range of the RF chip at the heart of the radio. Honestly, we’re not huge fans of these mods, which potentially interfere with other allocations across multiple bands. But [Piotr]’s hacks seem a bit more innocuous, focusing mainly on modifying the radio’s display and adding useful features, such as a calibrated received signal strength bar graph and a numerical RSSI display. The really neat new feature, though, is the spectrum display, which shows activity across a 2-MHz slice of spectrum centered on the currently set frequency. And just because he could, [Piotr] put in a game of Pong.

[Piotr]’s description of the mod as a trojan seems apt since his new programs run in parallel to the OEM firmware by wrapping its vector table. We’d imagine other mods are possible, and we’re keen to see what people come up with for these hackable little units. Just make sure you’re staying within the law, especially in the United States — the FCC does not play games (third item).

Hackaday Links: June 25, 2023

June 25, 2023 by Dan Maloney 15 Comments

Is it really a dystopian future if the robots are radio-controlled? That’s what came to mind reading this article on a police robot out of Singapore, complete with a breathless headline invoking Black Mirror, which is now apparently the standard by which all dystopias are to be judged. Granted, the episode with the robo-dogs was pretty terrifying, but it seems like the Singapore Police Force has a way to go before getting to that level. The bot, which has been fielded at Changi Airport after extensive testing and seems to be completely remote-controlled, is little more than a beefy telepresence robot. At 5.5 feet (1.7 meters) tall, the bot isn’t terribly imposing, although it apparently has a mast that can be jacked up another couple of feet, plus there are lights, sirens, and speakers that can get the message across. Plus cameras, of course; there are always cameras. The idea is to provide extra eyes to supplement foot patrols, plus the potential to cordon off an incident until meatspace officers arrive. The buzzword game here is weak, though; there’s no mention of AI or machine learning at all. We have a feeling that when the robots finally rise up, ones like this will be left serving the drinks.

Continue reading “Hackaday Links: June 25, 2023” →

Easy Modifications For Inexpensive Radios

June 23, 2023 by Bryan Cockfield 65 Comments

Over the past decade or so, amateur radio operators have benefited from an influx of inexpensive radios based around a much simpler design than what was typically commercially available, bringing the price of handheld dual-band or GMRS radios to around $20. This makes the hobby much more accessible, but they have generated some controversy as they tend to not perform as well and can generate spurious emissions and other RF interference that a higher quality radio might not create. But one major benefit besides cost is that they’re great for tinkering around, as their simplified design is excellent for modifying. This experimental firmware upgrade changes a lot about this Quansheng model.

With the obligatory warning out of the way that modifying a radio may violate various laws or regulations of some localities, it looks like this modified firmware really expands the capabilities of the radio. The chip that is the basis of the radio, the BK4819, has a frequency range of 18-660 MHz and 840-1300 MHz but not all of these frequencies will be allowed with a standard firmware in order to comply with various regulations. However, there’s typically no technical reason that a radio can’t operate on any arbitrary frequency within this range, so opening up the firmware can add a lot of functionality to a radio that might not otherwise be capable.

Some of the other capabilities this modified firmware opens up is the ability to receive in various other modes, such as FM and AM within the range of allowable frequencies. To take a more deep dive on what this firmware allows be sure to check out the original GitHub project page as well, and if you’re curious as to why these inexpensive radios often run afoul of radio purists and regulators alike, take a look at some of the problems others have had in Europe.