Update k5_v2.01.19_mod_TX_50to850mhz.bin.md

k5_v2.01.19_mod_TX_50to850mhz.bin.md

@@ -3,3 +3,33 @@ Same as [k5_v2.01.19_mod.bin](https://github.com/Tunas1337/UV-K5-Modded-Firmware
 # WARNING WARNING WARNING
 PLEASE do not blame me if you burn the finals on your radio, or cause a thermonuclear war. This modification is *UNTESTED* and is for *RESEARCH PURPOSES ONLY*, to explore the capabilities of the device and its chipset.
 DO NOT transmit on illegal frequencies. DO use a dummy load. DO report results, preferably spectrum analyzer screenshots, to this repo for research.
+
+
+
+#### TX MOD
+`@0x1df2`: `cf 2a` -> `5D e0`
+
+at address @1DE8 starts function which check current frequency range and check if you can transmit or not.
+
+```asm
+ROM:00001DE8 F0 B5                   PUSH    {R4-R7,LR}
+ROM:00001DEA 01 46                   MOV     R1, R0
+ROM:00001DEC 82 7F                   LDRB    R2, [R0,#0x1E]
+ROM:00001DEE 00 20                   MOVS    R0, #0
+ROM:00001DF0 C0 43                   MVNS    R0, R0
+ROM:00001DF2 CF 2A                   CMP     R2, #0xCF            ; PATCH HERE, 5D E0 opcode result in:  B  loc_1EB0
+ROM:00001DF4 2F D2                   BCS     locret_1E56
+ROM:00001DF6 2F 4A                   LDR     R2, =byte_20000369
+ROM:00001DF8 49 69                   LDR     R1, [R1,#0x14]
+ROM:00001DFA 12 78                   LDRB    R2, [R2]
+ROM:00001DFC 09 68                   LDR     R1, [R1]
+ROM:00001DFE 2E 4B                   LDR     R3, =0xFF244600
+...
+ROM:00001EA8 17 49                   LDR     R1, =byte_200003DD
+ROM:00001EAA 09 78                   LDRB    R1, [R1]
+ROM:00001EAC 01 29                   CMP     R1, #1
+ROM:00001EAE E4 D1                   BNE     locret_1E7A
+ROM:00001EB0 00 20                   MOVS    R0, #0              ; after patch it jumps directly here
+ROM:00001EB2 F0 BD                   POP     {R4-R7,PC}
+```
+