Lior Elazary KK6BWA

...because this life is yours. Some of it was given to you, the rest you make yourself.

  • Increase font size
  • Default font size
  • Decrease font size
Home Ham Baofeng Radios Hacking the UV3R - DIY instructions for performing this hack

Hacking the UV3R - DIY instructions for performing this hack

E-mail Print PDF
Article Index
Hacking the UV3R
Programmer Protocol
DIY instructions for performing this hack
All Pages

DIY instructions for performing this hack

Disclaimer: This hack is a work in progress. If you perform this hack you might transmit on frequencies outside the allowable amateur bands. For now I am keeping the TX amplifiers off, so the radio will not transmit more then a hundred feet. However, anyone can always go into the code and turn them back on. If you do so, you are responsible to insure that you know what you are doing, and take the necessary precaution when transmitting.  I will not be responsible for any damage cause by the radio or to the radio. Remember, once you erase the original firmware, there is no way of getting it back, so the radio will be a brick until you upload the firmware; but if you got this far, then that is exactly what you want.

For this hack you will need an arduino,  NPN transistor (I used 2n394), 1K and 10K resistors, and a 9 volt battery. You could just use a 9V battery and a 10K resistor, but you would need to manually connect the VPP to 10K -> 9V and GND. If you want to do any kind of development, then the transistor is your option.
Connect everything according to the diagram bellow:

I made a small interface with the transistor and a connector so I can plug and unplug the programmer. When the programmer is plugged in, the radio will not function. You will need to disconnect the GND,VPP and VDD for the radio to boot up normally. A connector would allow you to plug the radio for programming and unplug it for testing.

Once you have everything connected, check out the code from here:

Upload the arduino sketch programmer/chipFlash/chipFlash.ino into the arduino
Go into the programmer directory, connect the programmer and the +5V power supply that came with the radio and run the python script . If you choose not to build the transistor circuit then start with the vpp connect to GND, switch it to +9V, run the command, and switch it back to GND.

./ -p /dev/ttyUSB0 -e

This will erase the chip using the arduino attached to /dev/ttyUSB0. If you are on windows then use COM5 instead of the /dev/ttyUSB0 or whichever com port the arduino is using.

Then you can run

./ -p /dev/ttyUSB0 -w ../firmware/uv3r_firmware.hex

If there are no errors, unplug the programmer, and you should have a brand new firmware on the radio

If something is not working correctly, you can go into the arduino serial monitor program and use the raw commands to see what is going own.

//   CMD      Param               Description
//   S                                        Enter ISP mode
//   C                                        Exit  ISP mode
//   I                                          Get Chip ID
//   F             HH                      Flash config register with hex HH
//   E                                         Erase flash memory
//   P            AAAA LL DDDD...     Program memory with starting at address AAAA length LL and data DDDDDD (2char hex code)
//   R           SSSS EEEE           Read memory from address SSSS to EEEE
//On success return OK
//On failure return ERR

For example typing
SIC <enter>
will start the ISP mode, get the chip id and then close ISP mode. I looks like the chip id is 82, so that is what I am checking in the code. If you are not getting 00 for the id, then something is probably wrong with the connections (check the +5 and vpp).

Good Luck

Last Updated on Friday, 03 January 2014 16:10