N9XLC

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 9 April 2012

TM-241a analyzing

Posted on 20:25 by Unknown
Forgot about the simple logic analyzer mode on the Bus Pirate. Channel 1 is serial out. Channel 2 is clock. Channel 3 is serial in. Channel 0 is RD (Pin 6 on mic connector) This graphic looks a little glitchy. Since this is a digital sample, if you sample at too low of a frequency in relation to what you are sampling then you will end up with strange looking data. This may be at 5khz sample rate. You should have seen it at 1khz. I was playing with 10khz and 20khz sample rates which looked much better but had a shorter sample time. The Bus Pirate only has 4096 bytes of ram to save samples in. It wasn't designed as a logic analyzer, it just happens to be a bonus.

This is in a mode that I am calling RC-10 mode. In this mode the radio will allow you to use any and all of the buttons on the radio itself. It only clocks out data when you operate the controls on the radio or on the remote unit, and then the remote unit acts as the bus master. The radio will only send data out when the clock is running and it is receiving 0xFF on serial in. 1 byte out for each byte in. I'm still not sure how the radio indicates that it has data to send out. I think it may twiddle the serial out line a bit. I am currently unable to emulate even this mode so far. I may have to write some sort of bit bang code in order to get the Bus Pirate to handle UART in/out and also the clock line.

The other mode I am calling RC-20 mode and it's a little more mysterious, to me. If I hold RD high, and keep it high, then send something, anything, down serial in then the radio will start continuously sending display frames out the serial out line. It also clocks the clock line itself. I can't seem to make it see any data that I send after that point. Additionally, in contrast to the other mode of operation, once in this mode the radio completely ignores all operation of the controls on the radio itself. There must be some sort of protocol that I'm missing. Maybe something like pull the serial in line high for 50ms, then clock data in or something. Come to think of it, in this mode there is a one shot chance of changing the frequency. Sometimes it works once and then not again until I reset the radio. I wonder if I sent some 0xFF bytes down the line after that if it would work again. But then again, in the other made that only seems to happen so the radio will send out display packets. It does that anyways in this mode. It bears further experimentation.

Fascinating!
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in TM-241a | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Freescale MC13260 SoC Two-Way Radio IC
    Found this in a mailing-list post the other day. Very neat, it's a System-on-Chip that is almost everything you need to make a radio fro...
  • Packet Hailing Channel
    Hailing frequencies open captain! http://nwdigitalradio.com/products/ Kidding, good talk. Skip a few minutes in to avoid an intro. I was sk...
  • (no title)
    My pixie II kit I built the other day. It's not "Done", I have some work to do on it. I really need a small bit of coax to con...
  • (no title)
    There have been a couple of interesting developments recently that I'd like to highlight. The first one, I'm most excited about it, ...
  • PL-2303 Troubles cannot start device code 10
    Having to deal with this issue, again, lately gave me the idea for this post. Ever buy a radio programming cable, or a cheap USB-Serial adap...
  • IC-9100
    This is a new, very expensive, HF/VHF/SHF tranceiver that Icom is advertising and potentially going to release later this year. It can do HF...
  • Kenwood TR-9000 Service manual
    Found this up on scribd, hopefully it'll help me with my TR-9000 problems. TR9000Ser
  • TR-9000 frequency problem
    Ran into a weird issue the other day on my TR-9000 when turning it on after a long time of being powered down. My band limits were set to 14...
  • "High-Speed" data and digital voice
    It's a sham that faster digital modes haven't really caught on. I've read about 56k packet in the past. Most radios today suppor...
  • Kenwood TM-241a
    I'm working on reverse engineering the remote control interface on my TM-241a. When it was a new radio you could buy options to use it: ...

Categories

  • AMPS
  • AMSAT
  • arg
  • arm
  • cellphone
  • Chinese Radios
  • Codec2
  • D-Star
  • DTV
  • FT-1DR
  • game
  • hsmm
  • neat
  • oddball
  • openbts
  • repair
  • sbc
  • sdr
  • SoC
  • sstv
  • the future
  • TM-241a
  • usrp

Blog Archive

  • ►  2013 (15)
    • ►  May (7)
    • ►  April (2)
    • ►  March (2)
    • ►  February (2)
    • ►  January (2)
  • ▼  2012 (17)
    • ►  September (1)
    • ►  August (3)
    • ►  May (3)
    • ▼  April (6)
      • TM-241a analyzing
      • TM-241a Project update 4-7-12
      • SDR with $20 TV Tuner card.
      • TM241 analysis
      • TM241a Fuzzing
      • April 1st
    • ►  March (2)
    • ►  February (1)
    • ►  January (1)
  • ►  2011 (33)
    • ►  December (1)
    • ►  November (3)
    • ►  October (3)
    • ►  September (4)
    • ►  August (5)
    • ►  May (1)
    • ►  April (1)
    • ►  March (5)
    • ►  February (4)
    • ►  January (6)
  • ►  2010 (23)
    • ►  December (3)
    • ►  October (2)
    • ►  September (1)
    • ►  August (2)
    • ►  July (2)
    • ►  May (8)
    • ►  April (4)
    • ►  March (1)
Powered by Blogger.

About Me

Unknown
View my complete profile