kopia lustrzana https://github.com/Tunas1337/UV-K5-Modded-Firmwares
Mikhail
GitHub
commit
5c134ec5c4
Plik binarny nie jest wyświetlany.
|
|
@ -0,0 +1,35 @@
|
|||
Same as [k5_v2.01.19_mod.bin](https://github.com/Tunas1337/UV-K5-Modded-Firmwares/blob/main/k5_v2.01.19_mod.md), but allows transmission between 50 and 850 MHz.
|
||||
|
||||
# WARNING WARNING WARNING
|
||||
PLEASE do not blame me if you burn the finals on your radio, or cause a thermonuclear war. This modification is *UNTESTED* and is for *RESEARCH PURPOSES ONLY*, to explore the capabilities of the device and its chipset.
|
||||
DO NOT transmit on illegal frequencies. DO use a dummy load. DO report results, preferably spectrum analyzer screenshots, to this repo for research.
|
||||
|
||||
|
||||
|
||||
#### TX MOD Description
|
||||
`@0x1df2`: `cf 2a` -> `5D e0`
|
||||
|
||||
at address `@0x1DE8` starts function which check current frequency range and check if you can transmit here or not. Function is totally bypassed by inserting jump to end of function at the beginning.
|
||||
|
||||
```asm
|
||||
ROM:00001DE8 F0 B5 PUSH {R4-R7,LR}
|
||||
ROM:00001DEA 01 46 MOV R1, R0
|
||||
ROM:00001DEC 82 7F LDRB R2, [R0,#0x1E]
|
||||
ROM:00001DEE 00 20 MOVS R0, #0
|
||||
ROM:00001DF0 C0 43 MVNS R0, R0
|
||||
ROM:00001DF2 CF 2A CMP R2, #0xCF ; PATCH HERE, 5D E0 opcode result in: B loc_1EB0
|
||||
ROM:00001DF4 2F D2 BCS locret_1E56
|
||||
ROM:00001DF6 2F 4A LDR R2, =byte_20000369
|
||||
ROM:00001DF8 49 69 LDR R1, [R1,#0x14]
|
||||
ROM:00001DFA 12 78 LDRB R2, [R2]
|
||||
ROM:00001DFC 09 68 LDR R1, [R1]
|
||||
ROM:00001DFE 2E 4B LDR R3, =0xFF244600
|
||||
...
|
||||
ROM:00001EA8 17 49 LDR R1, =byte_200003DD
|
||||
ROM:00001EAA 09 78 LDRB R1, [R1]
|
||||
ROM:00001EAC 01 29 CMP R1, #1
|
||||
ROM:00001EAE E4 D1 BNE locret_1E7A
|
||||
ROM:00001EB0 00 20 MOVS R0, #0 ; after patch it jumps directly here
|
||||
ROM:00001EB2 F0 BD POP {R4-R7,PC}
|
||||
```
|
||||
|
||||
Ładowanie…
Reference in New Issue