Ham radio is well worth getting into if you come from a software background but want to get more hands-on with embedded electronics. Radios are ubiquitous in modern technology, and getting a deeper understanding of how they work can have surprising career benefits too!
The RF fundamentals stay the same, but the gulf between ham radio and modern RF comms is truly vast.
Those TDM'd bands 40MHz wide, with digital data and modulation past the limits of sanity, and the entire RF system being integrated into one die somehow? Oh boy.
What really blows me away is the range that you can achieve with almost no power on tiny little antennas. For instance, ELRS uses a transmitter/receiver that is less than a gram, that can keep a link with a drone alive across 30 km or even more. And the antenna is so small you might toss it away with the packaging if you're not paying attention.
Wow, that's an even better example. I already have a hard time finding the radio sometimes, and need to put on my glasses, with that one you need tweezers to mount it :)
I ran into your tuning tips page the other day by way of a random search!
I'm having a devilish time tuning a drone using Inav, I've read through a mountain of documentation and tried a whole pile of things but so far it has not led to a breakthrough, just gradually increasing insight. Oh well, better to keep plugging away at it :)
I used to follow the balloon projects that hams would launch. A mylar balloon with a tiny 50 milliwatt transmitter and GPS, solar powered on the 10Mhz band tracked thousands of miles away.
> the gulf between ham radio and modern RF comms is truly vast
Especially if you consider modern cellular radios. Your phone has a completely separate powerful computer just for handling the radio (we still call this a modem for some reason), with a large software stack running.
As for modulation, starting with LTE and turbo coding, we are now near the maximum theoretical channel capacity (Shannon limit), which is mind-blowing.
Learning the basics of radio is still worth the effort (and great fun!), but the gap is indeed huge.
I don't think most people really understand the compute complexity required for LTE and 5G terminals. It's telling that pretty much every discrete-ish full-speed LTE or 5G modem I've lain eyes upon is actually an embedded SBC running its own OS, with attendant power requirements.
When I flip through the ham radio outlet catalog and see what people pay for a bog standard class A amplifier I realize how I am in the wrong line of work.
The coolest modern ham stuff is happening on SDRs like hackRF.
> Radios are ubiquitous in modern technology, and getting a deeper understanding of how they work can have surprising career benefits too!
Indeed.
The problem with many modern ham radios of any sufficiently complex feature set - especially when it comes to cheap hackable radios or digital radios - is that a lot of the functionality is hidden away in blackbox ASIC hardware blocks that have no public datasheets (e.g. BK4819 powering Quansheng's radios, Si4732, or for anything DMR, the AMBE-2020 vocoder).
It's truly a miracle what the hacker community has gotten out particularly out of the Quansheng chipset.
Job well done! I tried reverse engineering the encryption on Yamaha's midi files. I thought it would be super complex but it turned out to be ridiculously easy. It's funny when you're preparing mentally for some long slog and turns out to be an hour at best. In case you're interested: they used a fixed block of 256 bytes that they xor'd the data with in a cyclic fashion.
I've reverse engineered lots of things, but the one time I actually got paid for it (this is more a hobby to me), I got the exact opposite of what happened to you.
I quoted some small amount to document the protocol to configure some embedded device that I thought would take a day or so, and it turned into a two-week nightmare. Turned out there was no configuration protocol, it was firmware updates always -- and internal parameters were just overwritten along with the code. So I ended up having to disassemble a big chunk of the firmware before I could configure the device.
Pro-tip, state your assumptions baked into the estimate. If one of them is wrong you can renegotiate price, although depending on the client, you may not always want to do that to show good will and whatnot.
since you love reverse engineering a lot from your blog posts it seems, if it isn't too much to ask, can you look into this .unr file which is basically an unreal map that was made with an internal tool at Ubi HQ for a 15 yr old game (splinter cell conviction) . It won't load inside UEExplorer or any of the openly available UE tools. Perhaps it could be a topic of your next post in addition to being tremendous help for the gaming community as only basic mods can be made for this game currently unless someone can figure out how to load its maps somehow
Another day another hardware manufacturer rolling their own encryption. We are lucky these companies don't really know what they are doing or they could actually make it close to impossible to hack the firmware.
Ham radio is well worth getting into if you come from a software background but want to get more hands-on with embedded electronics. Radios are ubiquitous in modern technology, and getting a deeper understanding of how they work can have surprising career benefits too!
The RF fundamentals stay the same, but the gulf between ham radio and modern RF comms is truly vast.
Those TDM'd bands 40MHz wide, with digital data and modulation past the limits of sanity, and the entire RF system being integrated into one die somehow? Oh boy.
What really blows me away is the range that you can achieve with almost no power on tiny little antennas. For instance, ELRS uses a transmitter/receiver that is less than a gram, that can keep a link with a drone alive across 30 km or even more. And the antenna is so small you might toss it away with the packaging if you're not paying attention.
One example:
https://rcmaniak.pl/userdata/public/assets/images/SpeedyBee/...
Oh, and it also speaks WiFi, just in case and it has its own little onboard computer and a web server.
I use this one, with an onboard antenna:
https://imgaz.staticbg.com/thumb/large/oaupload/banggood/ima...
It's a centimeter on a side, and easily goes more than 10km. It's just mind-blowing that this exists. 0.9 grams, IIRC.
Wow, that's an even better example. I already have a hard time finding the radio sometimes, and need to put on my glasses, with that one you need tweezers to mount it :)
I ran into your tuning tips page the other day by way of a random search!
Oh nice, I was hoping they'd be useful to someone!
With that radio, I just use a drop of hot glue on the fuselage, and it works great! Plus, it's easy to find then :P
I'm having a devilish time tuning a drone using Inav, I've read through a mountain of documentation and tried a whole pile of things but so far it has not led to a breakthrough, just gradually increasing insight. Oh well, better to keep plugging away at it :)
Let me know if you need help, I've done it a few times.
I used to follow the balloon projects that hams would launch. A mylar balloon with a tiny 50 milliwatt transmitter and GPS, solar powered on the 10Mhz band tracked thousands of miles away.
Yep, its called LoRa.
Ive been able to decode as low as -26 SNR.
Theres LoRa chips for 2.4GHz, 900MHz, 868MHz, 433MHz, and 144MHz.
> the gulf between ham radio and modern RF comms is truly vast
Especially if you consider modern cellular radios. Your phone has a completely separate powerful computer just for handling the radio (we still call this a modem for some reason), with a large software stack running.
As for modulation, starting with LTE and turbo coding, we are now near the maximum theoretical channel capacity (Shannon limit), which is mind-blowing.
Learning the basics of radio is still worth the effort (and great fun!), but the gap is indeed huge.
I did some LTE work. Nasty stuff. And 5G is even worse.
I don't think most people really understand the compute complexity required for LTE and 5G terminals. It's telling that pretty much every discrete-ish full-speed LTE or 5G modem I've lain eyes upon is actually an embedded SBC running its own OS, with attendant power requirements.
When I flip through the ham radio outlet catalog and see what people pay for a bog standard class A amplifier I realize how I am in the wrong line of work.
The coolest modern ham stuff is happening on SDRs like hackRF.
> Radios are ubiquitous in modern technology, and getting a deeper understanding of how they work can have surprising career benefits too!
Indeed.
The problem with many modern ham radios of any sufficiently complex feature set - especially when it comes to cheap hackable radios or digital radios - is that a lot of the functionality is hidden away in blackbox ASIC hardware blocks that have no public datasheets (e.g. BK4819 powering Quansheng's radios, Si4732, or for anything DMR, the AMBE-2020 vocoder).
It's truly a miracle what the hacker community has gotten out particularly out of the Quansheng chipset.
Get the appropriate licence and build your own :) Either from the kit or from scratch :)
It's not that easy. AMBE is patent encumbered and SDRs are black magic on their own.
Job well done! I tried reverse engineering the encryption on Yamaha's midi files. I thought it would be super complex but it turned out to be ridiculously easy. It's funny when you're preparing mentally for some long slog and turns out to be an hour at best. In case you're interested: they used a fixed block of 256 bytes that they xor'd the data with in a cyclic fashion.
That's more like obfuscaton, you got lucky there!
I've reverse engineered lots of things, but the one time I actually got paid for it (this is more a hobby to me), I got the exact opposite of what happened to you.
I quoted some small amount to document the protocol to configure some embedded device that I thought would take a day or so, and it turned into a two-week nightmare. Turned out there was no configuration protocol, it was firmware updates always -- and internal parameters were just overwritten along with the code. So I ended up having to disassemble a big chunk of the firmware before I could configure the device.
Pro-tip, state your assumptions baked into the estimate. If one of them is wrong you can renegotiate price, although depending on the client, you may not always want to do that to show good will and whatnot.
since you love reverse engineering a lot from your blog posts it seems, if it isn't too much to ask, can you look into this .unr file which is basically an unreal map that was made with an internal tool at Ubi HQ for a 15 yr old game (splinter cell conviction) . It won't load inside UEExplorer or any of the openly available UE tools. Perhaps it could be a topic of your next post in addition to being tremendous help for the gaming community as only basic mods can be made for this game currently unless someone can figure out how to load its maps somehow
Another day another hardware manufacturer rolling their own encryption. We are lucky these companies don't really know what they are doing or they could actually make it close to impossible to hack the firmware.
[dead]