Sunday, May 26, 2013

PL-2303 Troubles cannot start device code 10

Having to deal with this issue, again, lately gave me the idea for this post. Ever buy a radio programming cable, or a cheap USB-Serial adapter, only to plug it in and have Windows tell you that there was an error installing the device? Typically, when you go into the device properties it tells you that it "Cannot start device (code 10)".

Prolific is the original manufacturers of the PL-2303 chip. It is a single chip device that plugs into a usb port on one end and gives you a normal RS-232C serial port on the other. The chip got popular enough that other Chinese manufacturers cloned it. I'm not sure if they cloned the exact chip, or if they made one that does the same function but uses the same protocol as the PL-2303 chip and uses the same drivers. At first, when these chips came out the version of drivers which existed would work 100% with these clone chips.

Prolific didn't like this however. They have a good reason I'm sure. Since clone makers tend to ride on the coattails of the authentic chips, the authentic manufacturer gets to deal with people coming to them when things don't work. So it's an issue of supporting chips that you didn't make and you didn't profit off of. What they did, I've read, is add a check into the newer versions of the drivers so that they check for a specific response from the chips. If it responds with 1 code then it's authentic and the drivers work, if it responds with another code then they know it's not authentic and the drivers give you the oblique error message.

It's been awhile since they changed the drivers to add this check in, so it's rather hard to find older drivers that work in Windows for your new serial adapter.

Prolific has a good reason for doing this, but it really only hurts the end user who buys a device that doesn't have an authentic chip in it. It's not like the end user can check to make sure it does, or even knows that it might not have an authentic chip before they buy it. Some locations to buy these are also not receptive to returns either. It's possible that someone could lose some money buying a cable that they don't have the expertise to fix. Moving up the chain, it's even possible for the people who are designing the cables to errantly use unauthentic chips even if they think they are buying the real deal. Some of the older drivers do still exist that work with the clone chips, and I'm willing to bet that the Linux drivers are not hobbled in the same manner.

Given all of the difficulties with these chips, why can't an alternative show up to replace them in designs? I think even if someone could produce an open-source adapter design using an inexpensive PIC chip or similar with USB support then that would benefit a lot of people. If I find a list of alternative chips later, I will append it to this post. Maybe an open-source project has already been accomplished if this page about LUFA is any indication.

Shameless plea to radio manufacturers: Please build USB support into radios. Please? It would be beyond great to have a micro-usb port on one side of the radio that could accept a standard usb cable for programming. (Trickle charging would be a good benefit as well, but I won't push it.) Seriously, I have separate, incompatible, cables for my new Baofeng, my Icom R3, my Yaesu FT-50R, a Puxing PX-2R and I think one or two older radios floating around. In the future, I should be able to get all new radios with a micro-usb port and just use the same cable as I do for my phone to plug into my computer for programming.

Sunday, May 19, 2013

Hamvention 2013

Had some fun at the Hamvention today. Saw a lot of APRS equipment. This was also apparently the year of solar panels.. noticed a fair few of those in the flea market. Got a terrible sunburn on the back of my neck. Also had to cut my visit a little short because of a bad migraine, guess I was overdue for one.

Noteable mentions:

  • Codec2 booth right next to a D-Star booth, nice place! Wish I had asked about the prototype HT of the future but other people were in conversations and I didn't wait around very long.
    • Was talking to someone in the flea market about an Icom 2200H and asking about D-Star (which the radio didn't have that card in it) and had someone stop by to comment on the proprietary nature of D-Star driving the extreme cost. Which I agree with and it's good to see that Codec2 is having a positive impact here by providing a more Ham friendly alternative to the closed, proprietary nature of the AMBE codec that D-Star uses. (And the weird, open/closed protocol too)
  • Yaesu FT-1DR at the Yaesu booth. I see now it has a price on Universal-Radio, $540. It's approved by the FCC with an expected release date of June 15th.
    • GPS is built in.
    • Has a Group Short Message function that I expect should be like cellphone texting
    • Neat sounding Group Monitor function - ARTs on steroids?
  • TinyTrak
  • 2 or 3 portable terminal boxes for backpacking digital modes. Can't remember the names of them now and didn't grab any papers while I was there (sorry!). One could do CW, PSK and RTTY. The ones I saw had the old usual 4 line by 20 character displays
  • Elecraft had some neat things like the K3/0 Mini.. Remote control for a K3 in what looks like the style of a KX3. (So much so that the card next to it said "Yes, this IS the new K3/0 Mini")
  • Neat demonstration at a ATV booth of the differences between analog ATV and Digital ATV (DTV). Output of a DVD player (or Bluray?) run through both types of transmitters at once into a (slightly damaged) Digital TV. Guy giving the demonstration showed both signals with attenuation to show different reception signal strengths. Digital signal stayed perfectly clear down to 80db down, but disappeared at 82 or 83db. Analog was very fuzzy when you could still receive Digital but could be received even when Digital cut out completely. Effective demonstration.
  • Uhm, there was a digital DMR booth somewhere that someone had a digital radio the size and shape of a cellphone, even looked like one a bit. Very cool! Didn't stick around to ask questions because right then there was a group picture. Meant to go back later though.
  • AMSAT and QSO radio show were both showing and talking about nano-satellites. QSO radio show was talking about a dual-band FM cube satellite that had 400mw transmit power which is enough from space, and each side will have a 1w solar panel. It had 10 pcbs stacked on the inside. Kinda neat. AMSAT had one with bits and pieces and one complete (model?). There was a board transmitting a saved voice ID on a timer.
  • Not really related to the show but I want to throw out there: The Internation Space Station recently switched to Linux from Windows.
  • Import Communications had some neat things. Wouxun radios, Baofeng radios (I bought one of those with all the goodies), and the X1M QRP SSB/CW transceiver which I was sorely tempted to buy. (But held off, I have a perfectly fine HF radio.. my problem is I need an antenna for it)
  • SDR goodies here and there.
Didn't really run into anyone I knew. Half the time I was looking at the various wares people were offering (and I'm pretty sure there was some warez too, at least two booths selling DVDs of electronic manuals that had scans of old QST magazines or Elector Electronics magazines that I'm not sure were officially licensed) and half the time I was looking at faces for some that I recognized. Allwell, this year was fun. If I can go next year, things that I want to do different are:
  • Try and get off Friday.. I've never been on a Friday
  • Hope it doesn't rain on the day I go like this year
  • Wear sunscreen, good grief.
  • Go to a forum or two?
Some things that I was looking for but didn't find:
  • Raspberry Pi - Did I miss it?
  • Arduino - should be a slam dunk, I did see someone selling a custom PIC (I think) platform for ham applications and I did see someone selling things that were compatible with the Raspberry Pi or were an Arduino shield.
  • Boatanchors - Just Kidding. It'll probably be Hamvention 2113, most hams on Earth will be using subspace or quantum tunneling or 100 Ghz nanotechnology wifi mesh, and someone will still be selling old Drake and Halicrafters radios.
I could've done without the cloud of poisonous cancer causing chemicals that I got the pleasure of breathing every time I went in or out of a door.

Friday, May 17, 2013

vv-808 Mobile Transceiver update

Found the cheap mobile I saw yesterday even cheaper, by way of someone selling it with a $10.55 shipping cost.

http://www.aliexpress.com/item/VV-808-two-way-radio-mobile-transceiver-walkie-talkie-cheap-price-car-radio-Fujian-China-FM/865228480.html

Here it is on Aliexpress for $68.55 shipped. The seller doesn't have any feedback yet though. The only other seller is doing the thing where shipping is $70. I imagine these are going to start showing up more and more on there with time. If anyone gets one, send me a message about it?

Thursday, May 16, 2013

Hamvention

Just a little warning, I might go a little nuts posting over this weekend. I'm going to the Hamvention on Saturday, like many other people, and I'm probably going to repost some news if anything noteworthy shows up during, before or after the show.

Ten Tec 506 Rebel

http://qrper.com/2013/05/ten-tec-introduces-the-model-506-rebel-an-open-source-qrp-transceiver/
It's a 20/40m QRP CW radio. The neat thing though is that the CPU in it is Arduino powered. The whole thing has standard connectors and all kinds of standard, easy to work with, parts. The complete opposite of ridiculously expensive closed systems like the Icom D-Star radios. I think it would have been more fun if it wasn't just CW only. Even something geared more toward digital modes than voice would have been nice. Still, this is a very good direction to go in after tons of radios that are completely closed off (and really fly against Ham radio tradition) or radios that are otherwise built completely without digital components at all.

Not that there's anything against roughing it with the same functionality as radios had 50 years ago for nostalgia... but there will be no innovation if you just do the same thing you've always done. Without innovation, Ham radio is doomed.

Now I'm waiting for a series of radios that include an empty bay for taking things like a Raspberry Pi or Arduinos or whatever you can squeeze in it.

VV-808 Mobile Transceiver

http://www.dhgate.com/vv-808-mobile-transceiver-10w15w-two-way/p-ff8080813bade0f0013bb685146e05d1.html#s1-1-1


$134 shipped ($65.71 of that is the shipping cost, $68.29 for the radio.)

Found this one talked about in a post on the Baofeng UV5-R mailing list. I'm still not sure if this is single or dual band. The listing says 136-174mhz or 400-470mhz. But the listing also says Dual Reception/Dual Display so that could mean it's dual band or it could mean it monitors two frequencies on one band (by switching between them) and they're counting on the terminology to confuse someone. Anyways, if it is dual band it happens to be the cheapest Chinese radio I've ever seen. If not, it's not that good of a deal. Single band mobiles aren't that expensive.

The radio looks TINY. It's my theory that they put the pcb of a handheld in it and made a beefier amplifier circuit. Not much though, 10W/4W on VHF. Maybe 15W on UHF? Again, ambiguity in the specifications.
Size: 120*85*40mm

Just look at that.

X1M MKII 20W QRP SSB CW Transceiver

http://www.kightradio.com/X1M-MKII-20-Watt-QRP-SSB-CW-Transceiver_p_319.html



Wow, this looks pretty cool actually. They don't have a price listed yet though. Check out the connections on the back:

  • GPS ant.
  • IF out
  • I&Q out
  • ACC1&2 (Hope at least one of these are CAT)
  • VGA(!) Probably goes with the color LCD on the front
  • ATU
  • 12v Power
  • Antenna
Note that the front seems to say "HAM Toy" in the corner, how true. 
HF-6M I read somewhere that it was all the way from 160 meters up. Don't know if it has band limits. Hope so but this is Chinese in origin so probably not.

Sunday, April 14, 2013

MSP430 new post on Morse Code in Energia project

http://blog.jamesrhall.com/2013/04/msp430-morse-code-in-energia-part-2.html
Posted on my other blog on my portfolio website.
Now you can set a callsign, or a sentence up on a String variable and the program will take care of the rest.
Supports letters, numbers, space and a couple of punctuation. @ and !

Wednesday, April 10, 2013

Elecraft K3/0 and Ham Radio As A Service

I was browsing through the May 2013 issue of QST when this article caught my eye. "RemoteHamRadio Station Network" on page 59. Basically it's a subscription service over the Internet where you pay $2999-$6999 a year to access some so-called mega stations somewhere. The article is vague but includes a url to www.remotehamradio.com

The website has more information. There are 3 stations. The lowest priced plan has a per-minute usage charge and the more expensive plans include a set amount of minutes each month after which you pay the per-minute usage charge. I believe this is to discourage someone from hogging a site and not allowing other people to use it.

The big deal is that part of your subscription includes (it's on a lease!) an Elecraft K3/0.
Picture from official website http://www.elecraft.com/K3-Remote/k3_remote.htm

The Elecraft K3/0 is a remote control for an Elecraft K3 transceiver. It doesn't actually have any RF components inside. It's meant to pair with a standard transceiver and give you the feeling of being there. I'm unsure if you can do so without using the RemoteRig box as well. It's the smaller box sitting on top of the two K3s above. The purpose of that box is to pass control signals and audio between the Remote and the Transceiver boxes and it can also work over the Internet as well.

Prices to buy this stuff at Elecraft directly
Elecraft K3/0 price $695.95
RemoteRig price $499.95
Cable Set for each side $49.95/ea
So roughly $1300+shipping+K3 transceiver to set this up yourself.

That doesn't include the price for amplifiers, antennas and the cost of the location and other overhead for things like power, network connectivity, cooling/heat and so on. The yearly price is very expensive (The top end could be a house payment) but once you figure in all of that stuff it quickly becomes obvious why. Trying to figure out if this is worth it to you really comes down to if you can do it cheaper or not, if you can do it at all or not, if you can get by with less of a system (I think most can, really), and if it gets to be too busy to be worth it for you. I can well imagine someone using all of their monthly allotment of time during a busy contest and that putting others out. Frankly, to me, it really feels like the equipment should be a buy and not a lease. You're already paying well over the purchase price for the equipment they send you even if you pick the lowest priced plan. I'd like to see this addressed with a policy for Bring Your Own Devices giving a lower monthly cost at least, if not a lease converting to a purchase depending on the plan and the length you subscribe as with cellphones.

Makes me want to try to put together something similar using Raspberry Pis though.

Just a disclaimer, my views are my own and don't represent the views of any person or company mentioned in this post. Nothing precludes you from having a home base and one of these services. I'm not even advocating for it, just another aspect of the hobby.

Saturday, March 16, 2013

V689U Chinese Digital Radio

I noticed the teaser for this radio on 409shop's website when I was looking up the current prices for the UV-3R radios. I've actually seen a different radio on Alibaba recently too but my inquiries are ignored or responded to by telling me that radio isn't ready yet.
According to these links:
http://www.brickolore.com/2013/03/409shop-teaser-v689u-digital-radio.html
http://www.brickolore.com/2013/03/v689u-kirisun-s760fp460.html
http://hamgear.wordpress.com/2013/03/13/chinese-digital-radios-theyre-here/
It's similar to, or it is actually this radio made by Kirisun:

http://en.kirisun.com/detail.aspx?id=61&zhu=1&Cyrus=1
I'm not sure though because the Frequency list here doesn't seem very useful for Amateur Radio needs. Another link that I've been to lists it as 400-470Mhz which would be useful and fairly standard actually for Chinese radios. It can do analog FM and digital modulation. All the details I can find on the digital is that it is 4FSK and it can create two 6.25Khz channels in a 12.5Khz frequency space which kinda sounds like TDMA?
It'd be cute if these were firmware reprogrammable and you could do codec2 on whatever chip is inside. I have a feeling it's the same old awful IMBE/AMBE type chips that you can only get through DVSI, like on D-Star. Of course this is coming from China, I guess it's possible they've reverse engineered those codecs and put them on a chip that can be reprogrammed to codec2 one day. That would make this radio more valuable. I just read on the hamgear link that they will be software updateable. So you can add more features, but no idea if that would include the codec or not. I'm guessing not, but we can always hope so.

Word is the pricing is going to be $200. A lot more expensive than other Chinese radios but you have the digital price premium to pay. (And the DVSI tax if it does use the DVSI chips)

Baofeng UV-3R flashed

Lior is at it again, this time he's working on the Baofeng UV-3R radios. The MCU that runs the radio is flash programmable. Unfortunately the security bits are set so you can't read out the existing firmware first, but you can erase it and insert your own. A group is forming on the Yahoo Groups board to work on making a 100% community made firmware for these radios.
http://groups.yahoo.com/group/UV-3R/message/8141 This is the thread talking about the initial experiment. See this Youtube video:


http://groups.yahoo.com/group/UV-3R/message/8158 This is a thread where people are talking about what features they want to have in a community made firmware.
One thing to note, during the tests the PA circuits are turned off so it's outputting very low power. Too bad the radios are FM only, because that would be a good thing for transverters.. Hey, maybe it wouldn't be bad for the SHF stuff?
Could be good for fox hunts too.. Just flash it with a firmware to send the MCW occasionally and then hide it, no extra circuitry required.
These radios are pretty inexpensive at $41 each. I can well imagine quite a few things they could be used for if they are reprogrammed with a new firmware. Of course I have no illusions that the chip is powerful enough to do very complicated things. I am hoping this opens the door to a community who buys these radios for this purpose and then the companies respond to that by making more radios which can be flashed. Especially if they put more powerful chips in them and a few years down the road it's possible to flash codec2 onto one and have a very inexpensive digital radio.
I doubt that's possible with these. Maybe a 1200 baud packet firmware will come out though. Then you'd have a very inexpensive APRS tracker just by adding a GPS.

Thursday, February 21, 2013

Radio hacking: Baofeng UV-5R edition

http://groups.yahoo.com/group/baofeng_uv5r/message/20888
This rather industrious individual has been working on replacing the main CPU in his Baofeng UV-5R transceiver. These are cheap radios of course, but one of the neatest things is that they are cheap partly because they have a lot of functionality integrated. If I understand it correctly, there's a chip that basically handles everything for the radio functionality and then you have a CPU that controls the whole shebang over an SPI interface. The radio chip is an RDA1846.
The RDA1846 is a highly integrated single-chip transceiver for Walkie Talkie applications. It totally realizes the translation from RF carrier to voice in the RX path and from voice to RF carrier in the TX path, requiring only one micro controller.

The RDA1846 has a powerful digital signal processor, which makes it have optimum voice quality, flexible function options, and robust performance under varying reception conditions.
 Cut the power to the main mpu and that frees up the bus to communicate with the radio chip. In Lior's case, the SPI connection became damaged so he was able to enable I2C mode. He is using an Arduino so it actually works out to be easier to interface.


One neat thing he's already discovered is the ability to direct the RDA chip to produce sinewaves at any audio frequency and here his is demonstrating that by transmitting his callsign in morse code. According to him, 1200 baud FSK is even possible. That's just cool.

He has a page available here: http://www.liorelazary.com/index.php?option=com_content&view=article&id=49:hacking-the-baofeng-uv5r&catid=14:baofeng-uv5r&Itemid=17
This has more information and he may also work on the Baofeng UV3R at some point.

Incidentally in the discussion somehow a link to a bluetooth module was posted: http://dx.com/p/pcb-bluetooth-module-blue-140788 It'd be really neat to integrate a bluetooth module into something like this in order to use a cellphone bluetooth headset on a radio, but this one seems to be specifically for stereo bluetooth speakers. I wish someone would make a more universal module that could provide one or two or no serial profiles, one or two or no headset profiles, stereo profile, so on and then you could use whatever you needed in the project.

Tuesday, February 5, 2013

Codec2, wifi and the future of Ham Radio

I've been keeping an eye on the progress of codec2 more recently. There's a modem and mode for using codec2 over the air now. FreeDV is a modem for Windows and Linux that lets you send codec2 voice in a 1.1khz bandwidth that can be sent over FM or SSB. The codec runs at 1400bps in this mode and has room for a callsign ID in the stream. Very neat!
I'm hoping sometime this year I can get one or two Raspberry Pi boards and configure it with one of the Debian distributions as a standalone codec2 digital radio, using standard 2m radios for the RF. Who knows, maybe I can use the GPIO pins with my reverse engineering work from last year to allow it to completely control my TM-241a radio.
Codec2 can, of course, be run at several other bitrates and other modems. Codec2.org suggests that a GMSK or C4FM modem might be developed for FM use.

Last year at the Hamvention a SDR based data radio was announced that could do up to 56K on 440mhz. UDR56K-4, KB9MWR has the press release. What I find interesting is that you could fit many streams of Codec2 audio over a 56K stream. What if you could get 2 pair of these modems, 2 inexpensive duplexers and then have a "wide" (for Ham Radio) bandwidth full-duplex link into a disaster area? You could have some bandwidth set aside for a dozen or more VOIP telephone links, compressed with codec2, for people to call out on. Meanwhile have bandwidth left over for emails, forms, graphics, you name it.

Another interesting thing that is going on are these little pocket sized wifi APs from China sold under the TP-Link name. You can find the TP703N for $20 on eBay practically any time. They have a port of openwrt, there are other devices available if you browse through that page. This particular one has 1 ethernet port, 1 usb port, 1 usb power in (5v 500ma) and of course built in wifi. Probably ideal for a HSMM-Mesh network. Thanks to the openwrt port, it should be possible to make these mesh nodes, or even more easily enough. I don't think they use the full 500ma so a small power source might be enough to keep one running for quite a while depending on what it is.

A lot of work has been put into smartphone technology in the commercial sector over the last decade, it'd be great if we could use some of that. A part15 wifi mesh would be nice in an emergency area. Non-hams could connect to it with their smartphones and get necessary information in several forms. Maybe apps could be developed which would let people send small messages, their GPS location or maybe a compressed picture to people who could use that information to direct personnel. As a part15 network, it wouldn't be necessary to worry about restricting who can use the network or if any traffic might pass over it that would violate part97 rules.

The FCC is trying to free up more spectrum for free wifi usage. http://motherboard.vice.com/blog/the-fcc-wants-to-blanket-the-country-in-free-wi-fi This article has the idea that they want to act as an ISP, but that's not what I understand. From what I understand they just want to open more spectrum up like the 2.4ghz and 5ghz bands for wifi. This is contingent on TV broadcasters giving up some of their spectrum instead. This means it would be much lower frequency (under 900mhz, above 440mhz) which should help the signals cover more distance. I have to wonder what this will eventually mean for the Ham world above 30mhz. Maybe someone will make a 2-way radio that runs on super-wifi?

There are the Ubiquity and other branded* 440mhz wifi modules as well but I have not heard any reports on those. They are not cheap by today's rates. I think they were >$100 per module and then you still had to have something to put them in.

*I can't remember what other manufacturer was making these now and my Internet searches are inconclusive tonight.

Stumbled across this article about Hams using wifi which posits a 2.4ghz digital wifi repeater with a 25mile range. I'm going to read more of it later but that could be interesting. Obviously using pricier equipment than the TP-Link stuff.

Monday, January 21, 2013

TR-9000 frequency problem

Ran into a weird issue the other day on my TR-9000 when turning it on after a long time of being powered down. My band limits were set to 143.800-145.999. Seemed like the lower edge in the United States zone with the higher edge set to the Japan zone. Very weird. Found a PDF talking about mods on boxspringsonline.com though. One of which told how to modify the band limits and step size of the radio. Turns out, when power is applied to the radio, that is when it sets the limits. It's not when you turn the power switch on.

I had accidentally powered off my bench power supply when working in here one day for a short time. It must have been then when this funkiness happened. All I had to do to fix it was turn off the power supply and count out 5 seconds or so. Once I turned it back on and turned the radio on, I had the normal USA band limits of 143.800-148.995.

Don't ask me why that's the band limit. Every other radio I've ever owned has the usual 144-148Mhz. Obviously with those radios if you transmit right up against the limit you are going to have signal outside of the allowed frequencies. I guess Kenwood just trusted people to be honest?

Monday, January 14, 2013

Packet Hailing Channel

Hailing frequencies open captain!


http://nwdigitalradio.com/products/

Kidding, good talk. Skip a few minutes in to avoid an intro. I was skeptical of the UDR56k when it was first announced. When you can get converted wifi modules that can do several megabits in Ham Radio bands, 56K seemed a little slow, and pricy. I guess compared to the common 1200 baud equipment, it's super-fast though. $400 has always seemed a bit much for me.

It's probably a good price though. I'm not sure what it costs to produce but it's probably what the market can bear and there are a fair number of Hams out there with big enough toy budgets to afford to buy these. At least they're not $1000 COUGHICOMCOUGH

eBay has a number of listings for wireless modules for Arduinos listed. There are NRF24 (2.4ghz) modules, and 2.4ghz bluetooth modules and modules based on the TI C1100 and similar chips that can do 440 or 900mhz bands for very inexpensive. Obviously it's a completely different purpose than something like the UDR56K. But could be interesting for some short range modes. I wouldn't be surprised to see an APRS mode one day.


http://www.aprs.org/aprs-rfid.html
This is a little old at this point but first I've heard of it.
Using RFID tags to beacon on APRS when participating hams are in areas with the proper equipment.
It could be handy to use to keep track of people inside of a large building, or see when people are in
the club radio station. Tags are really cheap and readers can be very cheap too. (At least, assuming
the readers I have seen for $10 are compatible with the tags you buy into)

I'll try to post other talks I find interesting. I seem to be getting hit with a deluge of them lately.

Sunday, September 2, 2012

TM-241a Remote Control commands

I made a pretty nifty discovery the other night. While I had zero luck trying to talk to my TM-241a with only my Bus Pirate... It can talk to it when I am piggybacking on the RC-10 I bought. There's one other variable here that I don't know if it changed anything or not... I updated the flash on the Bus Pirate since I was working on scanning for codes earlier in the year. I'm not entirely sure if the original firmware was running a serial clock on data out or not. That is absolutely essential for the radio to pay any attention to what you are saying.

Bus Pirate runs at 3.3v but can tolerate 5v logic, measurements seem to suggest to me that the radio uses 5v logic but then again, the measurements I've made were with the Bus Pirate and not a DMM.

Looks like the RC-10 brings RD (pin 6) to logic 1 (low) for about 250ms when the radio first turns on. I'm thinking that must be how it is telling the radio it is there. What I don't know is how the clock works. It doesn't run all the time, only when data is being sent or received. Also, when you adjust a control on the radio itself, it sends the data out on it's own. I'm thinking that the clock is run by whichever device has data to send. It also looks like the RC-10 sends 0xFF for each byte that the radio sends out. Maybe an acknowledgement signal of some sort?

Still working on the list of commands. Found a fair few sniffing the TX from the RC-10, but found even more after I separated those into groups and then sent the missing values from the groups. Seems like only 6 bits matter out of the bytes. There are two commands, VOL UP and VOL DWN, which use 2 bytes. 0x3C B0/0xBC 0xB0. I still haven't mastered these because they seem to continue to affect the volume after I send them. It either maxes out, or drops to 0. Only if the radio is told to use the remote unit's volume control instead of it's own. If it is, it's own volume control no longer does anything until a command is sent to re-enable it.

My progress is a bit hindered by the fact that my unit has the infamous LCD problem. It's full of garbled junk, and most of the time the elements are all faded out. Completely useless, but sometimes it works. Sometimes I can apply pressure and it works. I need to open it up and reseat the cable but I just haven't done it yet.

Ordered some parts on Ebay to make a sort of breakout box. Got some header pins, a jack that can accept a mic plug, and some other things like jumpers. I already have some perfboard with traces on it. I'll make it so I can plug my Bus Pirate into that and quickly disconnect the RC-10 to test things without it helping me. One of my major goals with this project is to make something standalone that can be used without a RC-10/RC-20 unit helping. It'll probably be a month before all of the stuff arrives though.

There are a couple of things I'd like to discover. I've found some things out already, and have a lot of buttons mapped but I can't completely replace direct control with an RC unit just yet. Some functions haven't been discovered yet. One other thing bugs me... When I first started working on this and didn't know what the protocol was I tried several other things with my Bus Pirate, one of which was I2C. Using the scan mode, I was hoping to discover if it was I2C and if so, what address. Somehow I accidentally overwrote the first couple memories in the radio with completely junk data. I may have blogged about that once actually, it's stuff that is impossible to enter in even with a keypad. I'm thinking there must be some mode to directly communicate and control the memory contents. I'd love to figure out how.

Wednesday, August 29, 2012

MSP430 Morse Code



 Just a small project I worked on this past weekend 8/24-8/25. I have several of these cheap MSP430 Launchpad dev kits from TI. What a deal they are too, $4.30 each. I intended on configuring it to further my Kenwood TM241a project, but got sidetracked and made a program to send my callsign in Morse Code. I ended up using Energia, which is a port of the Arduino IDE but this one makes MSP430 programs. It seems most of the same commands are supported, but not all.

I really need to get setup to program in C or even try my hand at ASM. I tried ASM on the PIC microcontrollers a couple of years ago but gave up on it fairly quick. Maybe I'd do better now? I'm not sure the Wiring language would produce code fast enough to bit bang 1200 baud serial with a clock.

Code for my project is below. It would be fairly easy to modify this to make a beacon, or foxhunting cpu, or even an ID for a repeater or standalone rig. If you do something with it, I'd appreciate a link back to my radio blog, n9xlc.blogspot.com and maybe drop me a line to let me know. I'd probably write an entry about it and link to your site.

It's not technically hard to add other characters and I think it's fairly self-explanatory. I'm not 100% happy with using the IF statements to cycle through the letters. I'd be happier with an array and a For loop with an index number but this works. I tried to set up a constant type like an UIntTable to store the characters, but I only received error messages when I tried to use that. It may not be fully supported in Energia yet, or probably I didn't fully understand it.

I know I'm not the first person to do this by a long shot, but it was a fun challenge and it did help me familiarize myself somewhat in Energia, maybe next time I'll rewrite this in C? I see there are videos of others who have written Morse Code projects for the MSP430 on Youtube with a little more pizzazz than mine, such as audio out and a serial terminal for input.
/*
James Hall - N9XLC
Small program to push out my callsign via the red LED on a MSP430 board.
Developed 8/24/2012-8/25/2012

Started off modifying, then totally replacing the code in the 'Blink' example project.
This could probably be wrapped up in a function to send out arbitrary sentences.
Only enough morse code is implemented to get my callsign out, but it would be trivial to add the rest.
Could be used to blink out current temp or maybe short status info in morse code in other projects.

 http://www.arduino.cc/en/Tutorial/BitMask
 http://wiring.org.co/reference/bitwiseAND.html
 http://wiring.org.co/reference/bitwisebitshiftleft.html
 */
 #define output 2 // pin 2 has the red led on a msp430 board, pin 14 is the green led.
 
unsigned int mask = 1;
int dot = 1;
int dash = 3; //dash is equal to 3 dots
int lspace = 1; //spacing in same letter is 1 dot
int llspace = 3; //spacing between two letters in same word is 3 dots
int wspace = 7; //spacing between two words is 7 dots.

int didot = 2;
int didash = 3;
int spacems = 100; //100ms is a little slower than 20wpm (60ms) so maybe 13-15wpm?
// 10 dot, 11 dash, 00 end
// unsigned int is 16 bits
unsigned int cwN = 11; //0000 0000 0000 1011 <-read right-to-left
unsigned int cw9 = 767; //0000 0010 1111 1111
unsigned int cwX = 235; //0000 0000 1110 1011
unsigned int cwL = 174; //0000 0000 1010 1110
unsigned int cwC = 187; //0000 0000 1011 1011
byte testbyte;
  
void setup() {                
  // initialize the digital pin as an output.
  // Pin 14 has an LED connected on most Arduino boards:
  pinMode(output, OUTPUT);     
  pinMode(14, OUTPUT);
 // pinMode(5, INPUT);
}

void loop() {
  digitalWrite(14, LOW);
  digitalWrite(output, LOW);
  unsigned int cwout;
  unsigned int mask = 3;
  int callsign = 1;
  
while(callsign) {
 if (callsign == 1) {cwout = cwN;}
 if (callsign == 2) {cwout = cw9;}
 if (callsign == 3) {cwout = cwX;}
 if (callsign == 4) {cwout = cwL;}
 if (callsign == 5) {cwout = cwC; callsign = 0;}
 callsign++;

    while (cwout) {
     testbyte = cwout & mask;
       if (testbyte == 2 ) {
          digitalWrite(output, HIGH);
          delay(dot * spacems);
          digitalWrite(output, LOW);
         } 
           if (testbyte == 3 ) {
            digitalWrite(output, HIGH);
            delay(dash * spacems);
            digitalWrite(output, LOW);
           }
       delay(spacems * dot); //inner letter spacing 
    
     cwout >>= 2; 
    }
 delay (spacems * dash); //outer letter spacing

}

delay (spacems * wspace); //word spacing
}

Thursday, August 23, 2012

Modding old radios

I'm kind of curious if there's any activity around modifying older radios. I have a couple of HTX-202's that I'm eyeing for some work one day. My favorite one is actually the first Ham Radio I ever owned, it was new in box from Radio Shack circa 1993/1994. Probably 1994, but I'm not sure how long I had it before I officially had my ticket. The other one is a Hamvention special some guy in the flea market was apparently desperate to get rid of.

My original is exhibiting the ER-1 code, for a dead/dying memory backup battery. The Hamvention one has some weird squelch problem where it won't always open squelch when it receives a signal. It also had ER-2 when I first turned it on, but that was easily cleared. It also is in seriously bad need of being disassembled so I can spit and polish the case some. This Hamvention 202 was really beat up in it's former life.

According to the service manual, these radios are split up into two main PCBs, an RF board and a CPU board. I wonder if I can figure out how to control the RF board with a homebrew CPU board. Then flash, or some other non-volatile memory could be used to store the programming. Other features could be added as well. DCS maybe?

I remember finding a page about EF Johnson radios for 900mhz where someone made an external control system for one that made it frequency agile. Of course, now that I want to link to it, it's nowhere to be found.

Here are a couple of relevant links but talking about FRS radios:
http://w9hq.blogspot.com/2011/02/hacking-cobra-microtalk-frs-radios.html
http://ratnethome.blogspot.com/2011/11/hacking-frs-walkie-talkies.html

Thursday, August 2, 2012

TP-Link TL-WR703N


I know this isn't strictly Ham Radio but it could be useful for HSMM.

These units are around $24 on ebay, shipped from China.

Found this on Hackaday not too long ago. Basically this device is meant to be a little 3g travel router. You can plug in a 3g USB adapter and share that Internet connection to multiple devices over wifi. It also supports ethernet. Of course, the unit I bought had a Chinese GUI so that might have been a bit hard.

Fortunately, OpenWRT has been ported to this. Here are the instructions to install it: http://wiki.openwrt.org/toh/tp-link/tl-wr703n

You are looking for squashfs-factory.bin. I wish I could remember where I read how to flash this with the Chinese GUI. Here's where you need to go. Login to the GUI at 192.168.1.1 with admin/admin as username and password. Then on the left-hand side, scroll to the bottom and pick the last link. Then when the sub-menu appears, pick the 3rd link down. There's a long textbox area with a button next to it, if you click that button then you can pick the image you want to flash it with. Then click the other button on the screen to start the flash. It will take several minutes. Once it is done you won't get a webpage back. Plug into the unit with an ethernet cable and then telnet to the default IP address of 192.168.1.1 and set a password for root. Once you do that it automatically disables telnet and enables ssh. You can still use telnet until you log out though.

Here are some links that I'm reading about this so far:
http://wiki.openwrt.org/doc/howto/firstlogin
http://wiki.openwrt.org/doc/howto/basic.config
http://wiki.openwrt.org/doc/uci/wireless
http://wiki.openwrt.org/doc/howto/internet.connection
http://wiki.openwrt.org/doc/howto/clientmode#problem.using.standard.client.mode

You can install a web interface again, I haven't made mine work since I got it installed yet. I will be making another blog post on this. It defaults to Access Point mode when it first comes back up. I set mine up to run in client mode connected to my existing Wifi in order to give it access to the Internet so I could download packages on it.

There are people tapping into the GPIO (general purpose input/output) lines built into this device. So for $24 you can get a 400mhz linux computer, with Ethernet, Wifi and USB ports and several GPIO that is about the size of a new package of Post-It notes. It also uses only about 100ma as well. Beyond HSMM, this could also be handy for use in remotely controlling radios, maybe with a usb sound card you could even do something like echolink on it.

I hope to read about what others are doing with it. My focus is more on using it to setup home automation sort of things. I'm waiting on some solid-state relays and I plan on using one to control the lights in my garage, as well as giving me a real-time readout of the garage door's status.

Tuesday, May 29, 2012

Alinco DX-SDR

Not my video

Alinco is bringing out a new HF radio that uses SDR technology. I have received a brochure in PDF form (not posted here due to not knowing if I'm allowed) with a few details on it, subject to change. It appears to be a 10-160 all-mode radio. According to the above video it doesn't come with a head but you will be able to get one for it. It is meant to plug into a PC which will be running SDR software, I'm guessing much like the Flexradios do?
  • TX 10-160m
  • RX .15-30Mhz looks like
  • FM/SSB/CW 100W
  • AM 40W
  • looks like SDR bandwidth is either 15khz or 20.5khz? Very odd.
The specs say the receiver is a double conversion superhet and lists modulation methods for the transmitter side. This is very confusing to me because I expect SDRs to have direct conversion receivers. It may be that the radio is fairly conventional and the SDR is an IF type. There is an SDR entry in their table with the associated text being "3rd IQ", I suppose that could be a typo and really mean "3rd IF". One bullet point says that the receive and transmit audio is through the PC's mic/speakers. But then the table lists SSB as balanced modulation and FM as DSP modulated. I would hope the TX could be modulated by the SDR software on the computer but time will tell.

No indication has been made to me at this time on how the radio connects to the PC. I would hope that one USB cable is all you would need for CAT control and also an audio device for the IQ TX/RX to the computer so people could use their usual soundcard device for the TX/RX audio. This would also reduce the necessary cabling which is always a positive thing. Plus you could add a small single-board-computer such as the Raspberry Pi to enable such a device for Ethernet and then find new applications for it. Mount the radio remotely at the antenna to minimize line losses. Stick it on a mountain, establish a wifi link and allow shared access with your Amateur Radio Club. Network it and operate from anywhere in your house or property with wifi or ethernet connections.

As said earlier, I believe a head is going to be released that will allow standalone operation without a PC. 

This, along with Yaesu's new digital HT, seems to be the start of exciting times in Ham Radio. It's a good sign if more manufacturers are going to enter the marketplace with products based on these non-traditional technologies.

Sunday, May 20, 2012

Yeasu FT-1D redux

http://blog.radioworld.ca/?p=2941
Found a copy of the brochure on the FT-1D radio at the above website. No real surprises for me. It's fairly thin but really looks a lot like some of their newer handies. VX7R comes to mind.

  • data transfer speed of 9.6kbps - I would ask if it's compatible with packet but then I realize it doesn't really matter because there's no really a lot of the 9600baud packet stuff out there and it's surely not.
  • 1 button switch between digital and analog modes
  • Wide-band RX .5-999Mhz
  • micro SD slot seems to provide:
    • GPS log - location and tracking
    • picture image data
    • memory backup/clone
    • potentially other uses not listed in the brochure "and other useful information is stored on the micro SD card"
  • USB connector - this surprised me a bit. It seems the optional microphone plugs in here.
    • There's reference to a firmware update function available by plugging the PC into there.
    • I wonder if it's a USB2GO type of device. If the optional microphone plugs in there then I'd bet that it is actually using USB protocols to communicate.
  • optional microphone - I really saw this one coming.
    • NOT included
    • 320x240 or 160x120 modes
    • Image can not be viewed on FT1D, LCD limitation of course
    • Image is time and date stamped, has geotag from GPS
    • 20 seconds TX for 320x240, 4s TX 160x120
    • Jpeg format
    • I wonder how much this mediocre accessory will add to the cost of the radio?
  • Digital ARTS
    • Auto-Range Transponding System
    • A technology that lets you know when you move out of range of a sister station. I'm guessing it has a watchdog timer and sends a ping out every so often. If you get a ping, the watchdog is reset. If the watchdog runs out, you're alerted. Just a guess.
    • Does anyone use this? I have a FT-50R with the older ARTS and I've never once used it.
  • GPS
  • "E-GPS" a way to transmit GPS data to other users. Sounds like a proprietary version of APRS to me. There's a distinct lack of reference to APRS in this document.
  • GSM - Group Short Message
    • Texting for Ham Radio. But it looks like it has two major limitations: Your message goes to everyone in the vicinity/group and it's 80 characters. SMS is 160.
    • At least you can request a receipt response.
    • Maybe, maybe you can limit who is notified of a message. I know due to the nature of Ham Radio there's no expectation of privacy so you can't block other people from reading messages, but they could at least let you choose who is notified of a new message.
The last piece of the puzzle that I'm still waiting to learn is price. As of May 20 2012, universal-radio has yet to publish anything about MSRP: http://www.universal-radio.com/catalog/ht/0111.html
I would note, one of their bullet points is APRS but I think that was an assumption on their part, there's no reference to it in the brochure.

Thursday, May 17, 2012

Yaesu FT1D

I caught the gibgab about this today. Looking forward to more details coming out of the Hamvention. (I'm probably not going, water heater going out on me)

radioreference.com seems to have the most information about it currently:
http://forums.radioreference.com/amateur-radio-equipment/238995-yaesu-ft1d-c4fm-digital.html
FT1D
Price undecided
Silver color
144/430MHz5W
The end of March or in the shortest
■ Compatible with dual communication mode analog / digital
■ common with the option VX8G
■ APRS function
■ featured wide-band receiver
■ Built-in AM bar antenna capable of receiving AM / FM
■ listening quietly vibrator function, valid at large noise!
■ Equipped with GPS logger
Digital-related
■ GSM (group message function)
Send and receive messages in katakana / up to 80 characters in the alphabet
of about 0.15 seconds
■ Snapshot Snapshot (image data transfer)
In the display screen of the machine about 20 seconds Handy time display
can not be sent in digital mode] [FDMA. Set (320 × 240) QVGA size
■ Convenient, etc. / clone image data storage backup / the contents of
memory equipped with a micro SD card slot
■ Connecting the camera microphone (terminal MiniUSB) USB data, the
connection between an external device such as a PC. Useful, for example, a
firmware update.
■ Easy! E20 support (Itsuo / Easy to Operation)
Redesigned the system operation as easy to use, multi-functional. Enables
one-touch operation of frequently used functions
• The one-touch button digital mode in the D
Wires X corresponding key button key, but also what features a digital
future
· GM GSM (group message) key
■ E-GPS (GPS data transmission feature easy)
GPS data can be exchanged easily with fellow ham. One-touch display at the
same time as the direction and distance of transmission.

Some of the later text is badly translated and I don't know what it's getting at but it's talking about the price. There's also this leaked ad in Japanese:

It almost seems like someone has been listening when I've been ranting about amateur radio being at least 20 years behind cellphones. My thoughts from this information:
  • 1200/9600bps - D-star handhelds (and mobiles outside of ID-1) top out at 4800baud, but even then you can only use 791byte/s, I like
  • SD card - though I don't know the purpose yet. I see GPS in the same block so it may only be to save your GPS tracks. I would hope that it would serve other purposes as well.
  • GSM texting - If I'm reading the text from the forum post right. This is a big one that Ham Radio could've been doing since the early 90's with APRS but never got right. Even D-Star didn't get this right and it handles data all the time!
  • GPS built in - Look, if I can buy tiny usb dongles for $20 or less with GPS there's no imaginable reason why this feature should be rare OR expensive besides stealing money from your customers.
  • USB - I'm hoping for a lot here. It may only be so you can read the SD card on the computer. But there's a lot that can be done here. Data link to the radio for digital-modes, memory read/write, radio control, GPS, SD card, etc. Maybe audio modes would be too much to ask but I will anyways. Then they can make it charge the radio too.
  • Camera Mic - I am not hot on this. One of the things cellphones do that Ham Radio is sadly behind on is pictures. Sure, we had SSTV years before cellphones were invented. No one has ever put it in a handheld radio. And they still haven't. It's in a mic that is probably optional, and expensive. I see no way that you will be able to view the pictures on that display which rules out two way pictures. Even an old Nokia color display might've fit the bill here. I'm not going to complain about the resolution, anything is better than nothing I guess. 320x240 even.
  • Eh, it probably uses an AMBE codec from DVSI to compress the audio which is pretty much encryption. Encryption is encryption, even if the decryption key isn't a password but dollar bills $$$$. I'd give Yaesu a pass on this if it turns out they are going to open this radio up to third party development (which has really blown the smartphone market wide open. Remember when the Iphone was going to be locked down and the only way to run programs on it was going to be via web apps? Yeah, what happened when people hacked it to run native apps on it? Billions of dollars for Apple. Learn a lesson here Yaesu!) If they opened it up then maybe one day Codec2 could run on it and people would be more inclined to buy a radio that isn't under the constant threat of not catching on and dying off.
Yaesu better watch the price on this thing too. I think they will be smart enough to be competitive (cheaper) than D-Star radios at least. They are starting out at a natural disadvantage. In my opinion the best route to go would be to emulate the Chinese radio model as much as possible. Drastically undercut the competition in order to give more reasons to buy your product over theirs.
$500-600 will buy you a brand new, top of the line cellphone running Android, with a large high-resolution color touch-screen, built in GPS, Wifi, Bluetooth, MicroSD card slot, 5 MegaPixel camera,maybe a front facing camera for video conferencing, accelerometer, magnetometer, 6-32GB built in flash, USB charge, USB mass media (Flash and SD card access), USB data, etc

Yes, some of that stuff is possible because of mass production and the ability of manufacturers to make stuff cheaper the more they produce, I'm sure I'll remember the phrase for that after I publish. But we can benefit from that as well by using incredibly cheap components originally produced for cellphones. CPUs, flash, ram, even chips that integrate GPS, WiFi and Bluetooth.

I hope the traditional manufacturers are feeling pressure from the flood of cheap Chinese radios. Decades of little to no innovation should backfire as China moves into the market and undercuts Yaesu, Kenwood, Icom and even Alinco with radios that do the exact same functions for significantly less. Now the big manufacturers will either have to innovate or die. You know they're not feeling any pressure to innovate from most of their customers.

I'm glad to see someone trying to bring out a 21st century Ham Radio, but I'm feeling it's more akin to 1999 technology. To be honest, it's underwhelming. If the price is sweet then I'll consider buying one. I doubt it will be any less than a top of the line 2012 smartphone though. Maybe something will come out at the Hamvention that I can't glean from this information which will blow me away but I'm not expecting much.

Monday, April 9, 2012

TM-241a analyzing

Forgot about the simple logic analyzer mode on the Bus Pirate. Channel 1 is serial out. Channel 2 is clock. Channel 3 is serial in. Channel 0 is RD (Pin 6 on mic connector) This graphic looks a little glitchy. Since this is a digital sample, if you sample at too low of a frequency in relation to what you are sampling then you will end up with strange looking data. This may be at 5khz sample rate. You should have seen it at 1khz. I was playing with 10khz and 20khz sample rates which looked much better but had a shorter sample time. The Bus Pirate only has 4096 bytes of ram to save samples in. It wasn't designed as a logic analyzer, it just happens to be a bonus.

This is in a mode that I am calling RC-10 mode. In this mode the radio will allow you to use any and all of the buttons on the radio itself. It only clocks out data when you operate the controls on the radio or on the remote unit, and then the remote unit acts as the bus master. The radio will only send data out when the clock is running and it is receiving 0xFF on serial in. 1 byte out for each byte in. I'm still not sure how the radio indicates that it has data to send out. I think it may twiddle the serial out line a bit. I am currently unable to emulate even this mode so far. I may have to write some sort of bit bang code in order to get the Bus Pirate to handle UART in/out and also the clock line.

The other mode I am calling RC-20 mode and it's a little more mysterious, to me. If I hold RD high, and keep it high, then send something, anything, down serial in then the radio will start continuously sending display frames out the serial out line. It also clocks the clock line itself. I can't seem to make it see any data that I send after that point. Additionally, in contrast to the other mode of operation, once in this mode the radio completely ignores all operation of the controls on the radio itself. There must be some sort of protocol that I'm missing. Maybe something like pull the serial in line high for 50ms, then clock data in or something. Come to think of it, in this mode there is a one shot chance of changing the frequency. Sometimes it works once and then not again until I reset the radio. I wonder if I sent some 0xFF bytes down the line after that if it would work again. But then again, in the other made that only seems to happen so the radio will send out display packets. It does that anyways in this mode. It bears further experimentation.

Fascinating!

Saturday, April 7, 2012

TM-241a Project update 4-7-12

Doh, I feel like such an idiot. Looking over the schematics for the TM241a and RC-20 manuals I see something I dismissed a long time ago. There's Serial In and Serial Out pins, but there's also a Serial CLK pin. Well, I was receiving data just fine without the clock, but apparently I've been spinning my wheels this whole time sending data to the transceiver. You have to clock the clock pin when sending data TO it. Unfortunately the Bus Pirate is apparently completely unable to clock it's clock pin in UART mode. Only in other modes like SPI and I2C. That sucks since I already have these nice probe cables for it and everything. I don't know if any generic FTDI type usb-serial chip does it. I think that's a pretty much dead part of the standard these days. I'd love to be proven wrong though.

Not even the latest v6.1 Bus Pirate firmware has support for this. You can see some commands in the help menu to twiddle the clock pin manually, but you get an error message in UART mode. :/

Tuesday, April 3, 2012

SDR with $20 TV Tuner card.

http://hackaday.com/2012/03/30/working-software-defined-radio-with-a-tv-tuner-card/
I was going to hold off posting about this until I got mine and could try it out, but I ordered 2 weeks ago and it hasn't shipped yet so I'll drop a line now. There's been some developments on this story since then anyways. Here's a video where someone is showing this running in real time in GNU Radio.



There's also suppose to be support in Windows now too.

Basically, these are $20 laptop TV Tuner dongles from China. USB connections and they are for DVB-T which is the European digital broadcast TV standard. The US uses ATSC for broadcast and QAM64, QAM128, QAM256 for cable typically. There's a fair bit of satellite stuff that uses DVB-S/S2 though. Someone did some sniffing of the card and discovered that the FM radio portion of it was actually a SDR. It's only 8-bit but the possible frequency range is 64-1700mhz.

I'm giddy over this for a couple of reasons. If it can be made to work cheaply, hello cheap receivers to stick in other places. Yeah, the downer is the processing power required for it to actually work. Processing power is cheap these days. Also, what a neat platform for a potentially automated receiver. No interface cables needed either, plug into USB and play.

Neat!

TM241 analysis

Thought it'd be fun to post a picture of my radio with the probes on the mic jack. I'm using a plug I bought in a pack to make interface cables. The antenna behind the radio is actually the rubberducky for a handheld scanner. My TM-241a is sitting on a wood block to separate it from the Alinco DR-600 below it. (My next target? Heh) These probes connect to a Bus Pirate out of the picture. The one alligator clip stands in for a particularly weak probe clip that kept falling off.

As I write this, I'm almost done rescanning the 2 byte block. 0000-FFFF unless something happens between 00FB and 00FF then I don't think there's going to be anything here. :(

I think my next target will be trying to ape the kind of stream the radio sends out. (Maybe I'll even rig up something to spit it back to it, see what it thinks of that)

Of course, one possible application when I figure this out maybe making my own remote head. Others might use it to make a D-Star homebrew head that can control the radio as well as do the digital voice. Or maybe I'll eventually figure out multiple radios and make a protocol droid to translate from one control head to a different radio. RC-D710 maybe? As I posted before, It's possible to use that head with other radios, as an APRS tnc. But without control.

One thing I'd love to inspire is some sort of USB for radios. Or some sort of multivendor connection standard. It'd be great to connect multiple radios into a bus along with a control head that can operate all of them. I'm not talking just Ham Radios either.

Update: Scan finished. No hits in 0000-FFFF. :(

Sunday, April 1, 2012

TM241a Fuzzing

Okay, here are all of the possible combinations of data that I've tried:
(where I have "x" that's where I've stepped through 0-F in hex)
x0x2x1FF
x0x1FF
xxxx (Yes, every combination from 0000-FFFF)
That last one includes xxFF in the possibilities.

Nada. Nothing. Zilch. Zippo.

Like I've said before, the radio seems to follow a pattern for the second nibbles. Without the bitorder switched, the patterns are like this:
00 - Start
22622a1 Frequency
0222221 LCD elements
021 Mem Channel
01 Unknown (always 10 01)
FF - End

Sometimes S-Meter data shows up. It's the one element that breaks the pattern of the second nibble. But, the last 3 bits of it seems to always be 101. First 5 bits seems to be the S-meter bargraph length, or similar.
My thoughts have been on mimicing the patterns when trying to fuzz the data out.

I would also like to try to figure out what the I2C address search mode on the Bus Pirate looks like to a 1200 baud UART port. That may be my biggest clue because that's the one time I've really had an effect on the radio and it was completely junk data.

It could also be that the actual legit communications is so complex that it's not really possible to suss it out by searching a sequential pattern. I wouldn't think so, but there's got to be some sort of a memory access mode or I couldn't have entered corrupt data into Ch1 and 2 with the I2C search mode. The values were impossible to set by key entry alone. Heh, maybe the RC units communicate by writing to live memory. I wouldn't think so. I'd think a simple pattern of keycodes would be more than enough, but who knows what Kenwood was thinking when they designed these units.

I'd sure love to get my hands on one.

EDIT: Sigh, just noticed a rather glaring bug in my serial port TX in my program which probably resulted in me not sending out the values that I thought I was. In short, I have to run all of the above tests again. This time, sending the byte values out instead of the decimal representation of them. Snort. At least I didn't test 17 million values before discovering this tomfoolery.

April 1st

I'd like to officially register my annoyance of all of the fake news stories that every tech site, and some stores, seem to love to post on April 1st every year. It was tired in the 90s. It's over 10 years later. I need some sort of filter for this stuff.

TM241a Reverse Engineering Project Update

After a fairly long hiatus and a hard drive crash, I'm back at it working on this project. I am attempting to reverse engineer the remote control protocol in older Kenwood mobile radios. I'm using my TM241a but I understand that the RC-10 and RC-20 addons Kenwood used to make worked with a whole series of model numbers from TM-x21 through TM-x41 at least.

This was a secret from me until I found documentation and links talking about the RC10 and RC20 addons a year or two ago. I got my hands on operating manuals and service manuals for my radio, the RC-20 and the IF-20 addon. The IF-20 allowed you to connect up to 4 radios to a single RC-20. You could have 2,220,440 and 1.2 at your command if you were one of the lucky ones.

I've spent the last couple days poking around in the free Microsoft Visual Basic 2010 Express Edition writing a program to help me. My hardware interface consists of a Bus Pirate connected to the Mic plug on the radio using a spare plug I bought when working on a TNC project. I am running the Bus Pirate in transparent UART passthrough mode. Why not just use a usb-serial adapter? The Bus Pirate is already at the correct levels (TTL, not RS232) and I can program it to hold a pin HIGH, which is what the radio expects to enable it's remote control mode on the mic port.

Now, I can enter all of the Bus Pirate settings with a single button press on my program. I can read the display output continuously (though I still can't make sense of all of it yet). I can have a window with an active comparison going, output that is different is logged automatically. Right now, I'm running one of many routines to generate data and push it out the port. I'm trying to elicit a response from the radio by pretending to be an RC-20, or at least trying to guess what kinda of data one might send to it.

This would be unnecessary if I had access to either an RC-10 or RC-20, but alas they elude me. My fuzzing efforts are time consuming though. I've already ruled out 1 byte commands, sadly. That only took 255 guesses. I tried a 4 byte command guess with most of it filled in except for 3 nibbles. That took 4095 guesses. Nada. Now I'm sending 2 byte command strings, all guesses. That's 65535 guesses. Sadly, if I go up to 3 bytes then that's 16,777,215 combinations. Yes, almost 17 million!

BTW, I'm guessing about 40 times a second, so that's almost 30 minutes to run through 65535 guesses. 17 million isn't going to happen. There's a command for power on/off and transmit at least. Not to mention that while I was trying to figure out what protocol it used in the first place I accidentally entered junk data into it. Using the I2C address scan mode on my Bus Pirate somehow did it. That means there's a chance of a raw memory access mode. That could result in dangerous effects on my beloved radio, such as entering something that would cause the PLL to unlock permanently or TX at some weird frequency causing my finals to blow. I can't just let a fuzzing routine run all night while I'm asleep. A meltdown from excessive keydown is the least problem that could happen.

This is an example of the binary data the radio send out. It runs at 1200 baud 8,n,1 (ahh, bbs days)
00 82 22 A6 02 92 AA F1 40 42 02 12 02 22 01 E0 82 41 10 01 FF
The oddball part of this is that the bit order is reversed. ie 1100 would be 0011 actually.
If you reversed the bitorder and re-wrote the line:
00 14 44 56 04 94 55 F8 20 24 04 84 04 44 08 70 14 28 80 08 FF

The radio seems to use the first nibble for data, with the second nibble acting as some sort of checksum, or maybe even frame marker/address.
00 14 44 56 04 94 55 F8
0 1 4 5 0 9 5 F <- First nibbles only -- I'm on 145.095
0 4 4 6 4 4 5 8 <- Second nibbles only
Second nibbles of 0 and 8 seem to mark the beginning and end of subframes within the frame.

Second part of the frame from 20 through 08 seem to be fixed LCD elements (T +- BUSY etc)
70 - x8 are memory channels if you are in the MEM. This happens to be Memory Ch 12 for me.
70 14 28
7 1 2 <- ch 12.. Channels under 10 are 7 F x (where x is the channel #) so 7 F 9 is Ch. 09
0 4 8
...If I remember right, if you are in VFO or Call the Mem info is different, or missing entirely. That was in my notes that were lost forever in my hard drive crash a little while back.
80 08 are currently unknown for me.
00 and FF always mark the beginning and end of one whole frame.

Once you get the radio started, and all you need to do is send 1 byte of any sort at the right speed to it, then it continually sends display frames out at 1200 baud.
If you receive a signal, the S-meter data is sent out as well, in the form of setting one of the bits in the LCD element section and 2 additional bytes before the 80 08 pattern. It seems to have a hold pattern, if it's not changing then the radio stops sending the extra 2 bytes until it does change and then the radio will send out the changes again. I believe they resolve into the number of S-meter bargraph elements that should be lit up.

I'll keep plucking away at it. I do love a puzzle.

Sunday, March 11, 2012

Ubuntu liveUSB

A couple of weeks ago disaster struck! I went into my office to compute a bit only to get an omnious message from Windows to back up my hard drive as it was about to die. I don't know how it devined that though. I downloaded a SMART utility which told me that there were some dead spots but I though the drive would work around those. I quickly saved some of my more precious data, which was mostly digital camera pictures and movies. I also managed to save my browser data, a couple of VMs I was experimenting with and some other stuff but not everything. I left that afternoon and when we came back, the drive was dead. I felt a little like I lost an old friend too. I managed to order some new parts from Amazon, I usually use Newegg but Amazon was cheaper in this case. Got a new 500GB hard drive, as well as a Bluray burner and some media. The whole kit was a little pricy but I needed the hard drive to bring my computer back to life and I'm hoping to use the bluray stuff to make it easier to do backups.

While I was waiting on all of that stuff though, I went to Best Buy the next day and bought a couple of 16GB flash drives for around $13/each. What a deal! I used one to have another copy of pictures, etc. Before that, the only copy was on my Ubuntu fileserver where I had copied it to in a hurry when my main drive was dying. The other drive I installed Ubuntu to. I was running a LiveCD version of Ubuntu but annoyed with installing packages every time I rebooted. Wish I had the URL for the guide I followed, but it was very easy to put on USB flash drive. It setup a 4gb partition for user files, I resized the main partition and the user partition to give me more like 12gb of space. I ran like that for several days before my new components came in. I was actually kinda sad to go back to Windows after using it too. I've always liked Linux, really most of the reason I use Windows still is because of gaming and very few other applications. 99% of what I do is more than possible on Linux though. It was also nice to not have a hard drive chugging because Windows somehow needs to use swap space even though it has 6GB of ram.

As an aside, I'm working at a computer place in town now that has a nifty setup with Xen running multiple virtual machines for networking services. Some of those machines have at least 16GB of ram. I setup a machine to run Windows Server with SQL Server that could do 2 Xeon cpus and 18 sticks of ram. It had 5 sticks for 16GB (3x4GB, 2x2GB iirc). I guess if you put a bunch of 4GB sticks in it, you could run 72GB of ram! That's pretty spiffy! Of course, there's 9 slots per processor, and you can't run ram in 9 of them unless you have the 2nd processor also.

Moving forward, I'd like to maintain my Ubuntu LiveUSB and maybe even run from it some more. I'd also like to see if I can get my virtual machines to run in it. One of them is an old XP licensed from a computer I don't use anymore. I have that setup to run my old HP ScanJet that won't ever have Windows 7 drivers. That could possibly do some of my applications that I like to run. I'm sure I can use WINE, but maybe not? Plus I'm not sure stuff like PDF printers work under WINE.

I'm also thinking about running My Documents style directory from a USB flash drive. This isn't the first time I've lost documents, some of the fairly important, in a hard drive crash. I do need some sort of backup regimen also. If I can set things up right, I'd like to just go ahead and buy a new hard drive every year or 2 and transfer the contents of my operational drive to the new one to keep away from having a crash related to wear and tear. The question then is what to do with the used drives? Maybe I'll set them up to have online storage of stuff I have backed up on disc, but never original copies of data.

I also do need to concentrate data in one place. I'm fairly sure I lost a large archive of Ham Radio info because it was stored in some random place on my hard drive and I forgot to grab it when I could. Mostly cached copies of homebrew pages, so it's not original data but still there was a lot of it.

It is nice to boot up my VM with Windows XP on it and see the stuff there is untouched by my latest catastrophe. I might put more of my necessary programs into a VM like that, or that one at least, just to speed recovery from future crashes. It's very easy to save a copy of the hard drive image the VM programs use.

Man, this turned out longer than I thought it would be. Sorry for rambling.