Article 6KNNS The Most Hackable Handheld Ham Radio Yet

The Most Hackable Handheld Ham Radio Yet

by
Stephen Cass
from IEEE Spectrum on (#6KNNS)
a-walkie-talkie-like-radio-displaying-th

All right, confession time. I don't use my handheld ham radio for much more than eavesdropping on the subway dispatcher when my train rumbles to a mysterious halt in a dark tunnel. But even I couldn't help but hear the buzz surrounding a new handheld, Quansheng's UV-K5.

It caught my attention in part because for over a decade, Baofeng has been the name in Chinese handhelds. In 2012 Baofeng made waves with its UV-5R radio, upending the sleepy handheld-transceiver market. Prior to the 5R, the price tag of the cheapest VHF/UHF handheld was a little north of US $100. The 5R sold for a quarter to a third of that. Hams groused about the 5R's so-so technical performance-and then bought a couple anyway, so they'd always have a radio in their car or workplace.

Now it's Quansheng that's making a splash. The UV-K5, released last year, might be the most hackable handheld ever, with a small army of dedicated hams adding a raft of software-based improvements and new features. I had to have one, and $30 later, I did.

Like Baofeng's 5R, Quansheng's K5 as a radio transceiver is fine. (I'm using K5 here to refer to both the original K5 and the new K5(8) model.) The key technical distinction between the 5R and K5 is a seemingly minor design choice. With Baofeng's 5R, the firmware resides in read-only memory. But Quansheng stores the K5's firmware in flash memory and made it possible to rewrite that memory with the same USB programming cable used to assign frequencies to preset channels.

This feature has opened the door for improvements to the K5 that are well beyond what Quansheng offers out of the box. Hopefully, this design will inspire other radio makers to offer more support for modders, in turn bringing more innovation to the VHF and UHF radio bands.

Quansheng probably thought of its design purely in terms of fixing software bugs or adjusting for regulatory changes-it offers a free install tool for uploading official firmware releases to the radio. But the prospect of an updatable radio dangled an irresistible temptation for folks to start reverse engineering the firmware and hardware so they could try writing their own code. Modifications to date have generally taken the form of patches to the official firmware, rather than wholesale rewrites. With the official firmware taking up most of the radio's 64 kilobytes of flash memory, such mods have to fit into less than 3 KB. And the CPU is not brimming with compute power-it's a 48-megahertz, 32-bit ARM-based processor with 8 KB of RAM. Nonetheless, I found the results impressive.

For example, one mod installs a fairly sophisticated graphical spectrum analyzer: You can adjust the bandwidth, set a threshold for tuning into detected peaks automatically, and specify frequencies to ignore, among other things. Another mod allows you to exchange text messages between K5s. Other mods improve the K5's ability to receive AM signals, meaning you can, say, listen in on aviation bands more clearly. And there are plenty of fun little mods that do things like change up the system fonts or replace the start-up message with a line-art image of your choice.

Updatable firmware dangled an irresistible temptation for folks to start reverse engineering...

Installing many of these mods is ridiculously easy. Normally at this point in a Hands On article that involves hacking some consumer electronics, things get pretty heroic as I futz with the hardware or unravel a software-installation enigma. But not this time.

A modder known as whosmatt has created a Web-based patcher/flasher for the K5 that lets you pick a selection of mods from a menu. It then combines them with the official firmware to create a custom image for uploading (as long as you don't exceed the total amount of memory).

In fact, if you're using Chrome, Edge, or Opera, you don't even need to use Quansheng's installer to upload the firmware: You can update the radio's flash memory directly from the browser via the built-in Web Serial API and the USB programming cable. (The instructions say this will work only on Linux and Windows, but I was able to do it using a Mac as well.) Web Serial could do with some improved error handling, though. The first USB programming cable I used was a bit flaky, but where Quansheng's installer would halt and flag a communications error with a failed upload, Web Serial would silently crash and take the whole Windows operating system with it.

There are even more K5 mods available than are in whosmatt's online patcher. If you want to play with those or start writing your own mods, Python-based toolchains exist to assist you.

an-illustration-showing-the-arrangement-This block diagram of the UV-K5 is based on the work of Phil McAllen. Hams have reverse engineered many details of the radio's hardware and software.James Provost

Of course, allowing unfettered modding of the K5's transceiver does raise the possibility of abuse. For example, the Quansheng firmware blocks transmitting on the aviation band, to prevent illegal and hazardous interference. But this block can be removed by a patch (although to be a significant threat, you'd likely need an amplifier to boost the K5's 5-watt signal).

However, hams have always had the ability to behave badly, with or without firmware blocks. Such blocks are convenient for guarding against accidental abuse, but the truth is that unless problematic signals are persistent enough to allow a transmitter's location to be triangulated, amateur radio must continue to rely on an honor system, whether that means not jamming a neighbor's TV or transmitting on forbidden frequencies.

Many of the most exciting uses of ham radio today involve digital processing, and that processing is normally done using a computer connected to a transceiver. With embedded controllers becoming ever more powerful, the K5 modding scene points toward a future where more processing happens in-radio and where you can add new functions the way apps are added to smartphones. Here's hoping manufacturers embrace that future!

External Content
Source RSS or Atom Feed
Feed Location http://feeds.feedburner.com/IeeeSpectrum
Feed Title IEEE Spectrum
Feed Link https://spectrum.ieee.org/
Reply 0 comments