Port To CS800D

Post Reply
IU2KIN
Posts: 17
Joined: Mon Mar 23, 2020 11:10 am

Port To CS800D

Post by IU2KIN » Thu May 21, 2020 9:26 pm

Hi everybody,
I wanted to let you know that KC3AWN started experimenting with his Connect Systems CS800D radio,
he discovered that it is fairly similar to the MD380, same MCU (STM32F405) and same baseband (HR_C5000).
Therefore, me, IU2KWO, KC3AWN and KG5RKI teamed up to port OpenGD77 to this radio too.
We managed to jailbreak the bootloader (removing read protection) and dump the entire firmware, and we'll be gradually
porting the existing MD380 port of OpenGD77 to this radio.
This radio, together with MD380, MD-UV380 and RT3s will be part of a new core of STM32-based radios which will be
hopefully supported soon by our lovely OpenGD77 firmware.
To anyone which is in possession of the CS800D and wants to lend a hand, your support is welcome!

73 de IU2KIN

VK3KYY
Posts: 2417
Joined: Sat Nov 16, 2019 3:25 am
Location: Melbourne, Australia
Contact:

Re: Port To CS800D

Post by VK3KYY » Thu May 21, 2020 9:42 pm

Thanks Niccolo

I ordered a RT3S a few weeks ago, but the delivery time is 2 months.

This radio has the C6000 and AT1846S like the GD77 but uses the STM32 processor.


Also, if any developers have a Aliance HD1. This radio is the same as the GD77 etc because it uses the MK22 CPU, but it uses a colour display.
I don’t own one of these and no one seems to know if it uses the same encryption as the GD77 etc.

If I have time, I may try to find a firmware update file for this radio and see if it appears to be crackable

VK3KYY
Posts: 2417
Joined: Sat Nov 16, 2019 3:25 am
Location: Melbourne, Australia
Contact:

Re: Port To CS800D

Post by VK3KYY » Thu May 21, 2020 11:57 pm

FYI. I had a look at the Ailuance HD1 firmware update and the firmware file is embedded inside an exe, so its difficult to know whether its in the same format as the GD-77 or not.

It probably depends on whether this is really a TYT radio which is rebranded by Ailuance, and they wrote their own firmware updater program, or whether its completely different company and the use different encryption.

At the moment, unless there is a developer with one of these radio who has the necessary skills to investigate the firmware loader and the encryption, I think it would not be possible to port to this radio

IU2KIN
Posts: 17
Joined: Mon Mar 23, 2020 11:10 am

Re: Port To CS800D

Post by IU2KIN » Mon May 25, 2020 9:02 pm

VK3KYY wrote:
Thu May 21, 2020 11:57 pm
FYI. I had a look at the Ailuance HD1 firmware update and the firmware file is embedded inside an exe, so its difficult to know whether its in the same format as the GD-77 or not.

It probably depends on whether this is really a TYT radio which is rebranded by Ailuance, and they wrote their own firmware updater program, or whether its completely different company and the use different encryption.

At the moment, unless there is a developer with one of these radio who has the necessary skills to investigate the firmware loader and the encryption, I think it would not be possible to port to this radio
Good to know, that could be added to list of the radio whose porting is feasible, although not in the immediate.
Quick update on the CS800, the firmware encryption actually has a checksum in it, so right now it's not possible to patch code, re-encrypt
and flash it back.
However we are working on a PoC to fix the checksum bytes on the encryption/decryption code, and the PoC is working!
Hopefully we'll integrate that code in Ty's repo soon. Now we can remove read protection even to the CS800 firmware, and dump it freely.

Can't wait for you to get your hands on the RT3s! ;)

sfoto
Posts: 45
Joined: Sat Apr 18, 2020 10:48 am
Location: KO85

Re: Port To CS800D

Post by sfoto » Tue May 26, 2020 2:40 am

IU2KIN wrote:
Mon May 25, 2020 9:02 pm
VK3KYY wrote:
Thu May 21, 2020 11:57 pm
FYI. I had a look at the Ailuance HD1 firmware update and the firmware file is embedded inside an exe, so its difficult to know whether its in the same format as the GD-77 or not.

It probably depends on whether this is really a TYT radio which is rebranded by Ailuance, and they wrote their own firmware updater program, or whether its completely different company and the use different encryption.

At the moment, unless there is a developer with one of these radio who has the necessary skills to investigate the firmware loader and the encryption, I think it would not be possible to port to this radio
Good to know, that could be added to list of the radio whose porting is feasible, although not in the immediate.
Quick update on the CS800, the firmware encryption actually has a checksum in it, so right now it's not possible to patch code, re-encrypt
and flash it back.
However we are working on a PoC to fix the checksum bytes on the encryption/decryption code, and the PoC is working!
Hopefully we'll integrate that code in Ty's repo soon. Now we can remove read protection even to the CS800 firmware, and dump it freely.

Can't wait for you to get your hands on the RT3s! ;)
speaking of 380 repo, can i ask for a small patch, i think all color-screen radios could use it? to stop refreshing display if the backlight is off so they wont generate noise to nearby analog radios?
(or if there's a more appropriate feature request spot?)

AE7GQ
Posts: 4
Joined: Sun Mar 29, 2020 4:37 am

Re: Port To CS800D

Post by AE7GQ » Tue May 26, 2020 5:03 am

Porting to the CS800D would be awesome. I have 2 laying around since I got 2 AT578UVs.
The Open GD77 firmware on the CS800D would make it more useful.
73
AE7GQ

IU2KIN
Posts: 17
Joined: Mon Mar 23, 2020 11:10 am

Re: Port To CS800D

Post by IU2KIN » Tue May 26, 2020 3:32 pm

speaking of 380 repo, can i ask for a small patch, i think all color-screen radios could use it? to stop refreshing display if the backlight is off so they wont generate noise to nearby analog radios?
(or if there's a more appropriate feature request spot?)
Sure, we are already aware of the noise issues of the MD380 and similar radios displays.
However, I still haven't been able to reproduce the issue myself, so if you could tell me on which frequencies you can hear the noise,
maybe I'll be able to keep this in better consideration while writing the UI code.
By the way as soon as we'll have at least analog FM working, we could use some beta testers;
and you could verify this issue in particular.

sfoto
Posts: 45
Joined: Sat Apr 18, 2020 10:48 am
Location: KO85

Re: Port To CS800D

Post by sfoto » Fri May 29, 2020 11:49 am

IU2KIN wrote:
Tue May 26, 2020 3:32 pm
Sure, we are already aware of the noise issues of the MD380 and similar radios displays.
However, I still haven't been able to reproduce the issue myself, so if you could tell me on which frequencies you can hear the noise,
maybe I'll be able to keep this in better consideration while writing the UI code.
By the way as soon as we'll have at least analog FM working, we could use some beta testers;
and you could verify this issue in particular.
any frequency really, its more about distance between radios. also unfortunately i cant test anything now as LCD on my 380 died and im waiting for a replacement one.

Post Reply