[chirp_devel] AnyTone AT-D878UV support
Hello!
I've been using CHIRP for a while to program my QYT KT8900D, and recently I became interested in adding support for my handheld radio, the AnyTone AT-D878UV PLUS (and, by extent, the regular version of it). I set up a dev environment on Ubuntu 20.04, used USBPcap to capture its packet data from a Read using its official CPS from Windows, as the Add a Radio guide suggests, and got that to Ubuntu to analyze with WireShark to start working on the driver. I managed to figure out that it has a baud rate of 9600, and which device it is from the .pcap file, also saw that it does a lot of URB_BULK in and out requests, and also figured out there are actually 2 devices in address 1.2 (where my radio is), 1.2.1 and 1.2.3. The communication works like this, if my order is correct:
host to 1.2.1: URB_BULK in, packet data length is 0 host to 1.2.3: URB_BULK out, packet data length is 6 1.2.3 to host: URB_BULK out, packet data length is 0 1.2.1 to host: URB_BULK in, packet data length is 24
Repeat multiple times (my radio has a lot of entries on it. Is it recommended that I try with 1 entry on it, maybe, to get a shorter pcap file that also shows me how it's done per entry? Or doesn't it matter?)
But I also need some help. How can I figure out the memory map? How do I see the actual data sent in the packet and not just its header? How do I check how the radio returns stuff like the version? Also, what are these URB_BULK requests? Does it mean that it just dumps its memory without some specific protocol? I really need help here, I'm very new to this (Haven't worked on this for more than a couple hours, actually, and this is my first time reverse engineering anything and using WireShark or USBPcap, and I have a lot of questions). Thank you for your help!
Hi Kosmas,
I have used the process at https://chirp.danplanet.com/projects/chirp/wiki/DevelopersUSB_Sniffing_in_Li... but this assumes you can get your radio software to work using Linux as your base/host OS, which I think you have done already. I have verified that the process works if your OEM software works under WINE (the Baofeng 888 software does for example) and if not then you can use VirtualBox/VMware and map a serial port to /dev/ttyUSB**
Please note that the start_trace.sh script, line 19 has an extra space between the first dash `-` and the `i`letter, remove that space. Now after you compile and run the tidy program on your capture using *this* method, it will be clearly visible what data is being sent to the radio and what data is being read from the radio.
Not long ago, there was a user here on chirp_devel that had an issue with tidy seg faulting due to very large radio responses, a fix can be found (somewhere) in the chirp_devel archives. I can pull it up if necessary.
You can also install the Microsoft sysinternals suite and run `portmon.exe` in your Windows OS to see the data flowing across the wire without the additional overhead of the USB protocol. I personally prefer to not interact with the USB system if possible but the scripts that Dan Clemmensen has do a great job removing that from the traces it outputs.
From what I have seen, the OEM software always downloads and uploads the entire memory set, so the amount of entries in your radio will probably not affect the size of your "pcaps."
If you need additional help getting started feel free to email me directly, my inbox is open 😉
Tony ________________________________ From: chirp_devel-bounces@intrepid.danplanet.com chirp_devel-bounces@intrepid.danplanet.com on behalf of Kosmas Raptis via chirp_devel chirp_devel@intrepid.danplanet.com Sent: Friday, September 4, 2020 4:16 PM To: chirp_devel@intrepid.danplanet.com chirp_devel@intrepid.danplanet.com Subject: [chirp_devel] AnyTone AT-D878UV support
Hello!
I've been using CHIRP for a while to program my QYT KT8900D, and recently I became interested in adding support for my handheld radio, the AnyTone AT-D878UV PLUS (and, by extent, the regular version of it). I set up a dev environment on Ubuntu 20.04, used USBPcap to capture its packet data from a Read using its official CPS from Windows, as the Add a Radio guide suggests, and got that to Ubuntu to analyze with WireShark to start working on the driver. I managed to figure out that it has a baud rate of 9600, and which device it is from the .pcap file, also saw that it does a lot of URB_BULK in and out requests, and also figured out there are actually 2 devices in address 1.2 (where my radio is), 1.2.1 and 1.2.3. The communication works like this, if my order is correct:
host to 1.2.1: URB_BULK in, packet data length is 0 host to 1.2.3: URB_BULK out, packet data length is 6 1.2.3 to host: URB_BULK out, packet data length is 0 1.2.1 to host: URB_BULK in, packet data length is 24
Repeat multiple times (my radio has a lot of entries on it. Is it recommended that I try with 1 entry on it, maybe, to get a shorter pcap file that also shows me how it's done per entry? Or doesn't it matter?)
But I also need some help. How can I figure out the memory map? How do I see the actual data sent in the packet and not just its header? How do I check how the radio returns stuff like the version? Also, what are these URB_BULK requests? Does it mean that it just dumps its memory without some specific protocol? I really need help here, I'm very new to this (Haven't worked on this for more than a couple hours, actually, and this is my first time reverse engineering anything and using WireShark or USBPcap, and I have a lot of questions). Thank you for your help!
On Fri, Sep 4, 2020 at 12:17 PM Kosmas Raptis via chirp_devel chirp_devel@intrepid.danplanet.com wrote:
Hello!
I've been using CHIRP for a while to program my QYT KT8900D, and recently I became interested in adding support for my handheld radio, the AnyTone AT-D878UV PLUS (and, by extent, the regular version of it). I set up a dev environment on Ubuntu 20.04, used USBPcap to capture its packet data from a Read using its official CPS from Windows, as the Add a Radio guide suggests, and got that to Ubuntu to analyze with WireShark to start working on the driver. I managed to figure out that it has a baud rate of 9600, and which device it is from the .pcap file, also saw that it does a lot of URB_BULK in and out requests, and also figured out there are actually 2 devices in address 1.2 (where my radio is), 1.2.1 and 1.2.3. The communication works like this, if my order is correct:
host to 1.2.1: URB_BULK in, packet data length is 0 host to 1.2.3: URB_BULK out, packet data length is 6 1.2.3 to host: URB_BULK out, packet data length is 0 1.2.1 to host: URB_BULK in, packet data length is 24
Repeat multiple times (my radio has a lot of entries on it. Is it recommended that I try with 1 entry on it, maybe, to get a shorter pcap file that also shows me how it's done per entry? Or doesn't it matter?)
But I also need some help. How can I figure out the memory map? How do I see the actual data sent in the packet and not just its header? How do I check how the radio returns stuff like the version? Also, what are these URB_BULK requests? Does it mean that it just dumps its memory without some specific protocol? I really need help here, I'm very new to this (Haven't worked on this for more than a couple hours, actually, and this is my first time reverse engineering anything and using WireShark or USBPcap, and I have a lot of questions). Thank you for your help!
Hi Kosmas,
I think that you will find that the way CHIRP is currently written, it will not readily be able to support digital radios.
Jim KC9HI
Hello!
Thank you for clarifying that CHIRP doesn't support Digital radios. I was really looking forward to the project to be honest, but it's OK. I'll see what else O can do. Again thank you!
Kosmas SY1DKC
Στις Σάβ, 5 Σεπ 2020, 03:32 ο χρήστης Jim Unroe rock.unroe@gmail.com έγραψε:
On Fri, Sep 4, 2020 at 12:17 PM Kosmas Raptis via chirp_devel chirp_devel@intrepid.danplanet.com wrote:
Hello!
I've been using CHIRP for a while to program my QYT KT8900D, and
recently I became interested in adding support for my handheld radio, the AnyTone AT-D878UV PLUS (and, by extent, the regular version of it). I set up a dev environment on Ubuntu 20.04, used USBPcap to capture its packet data from a Read using its official CPS from Windows, as the Add a Radio guide suggests, and got that to Ubuntu to analyze with WireShark to start working on the driver. I managed to figure out that it has a baud rate of 9600, and which device it is from the .pcap file, also saw that it does a lot of URB_BULK in and out requests, and also figured out there are actually 2 devices in address 1.2 (where my radio is), 1.2.1 and 1.2.3. The communication works like this, if my order is correct:
host to 1.2.1: URB_BULK in, packet data length is 0 host to 1.2.3: URB_BULK out, packet data length is 6 1.2.3 to host: URB_BULK out, packet data length is 0 1.2.1 to host: URB_BULK in, packet data length is 24
Repeat multiple times (my radio has a lot of entries on it. Is it
recommended that I try with 1 entry on it, maybe, to get a shorter pcap file that also shows me how it's done per entry? Or doesn't it matter?)
But I also need some help. How can I figure out the memory map? How do I
see the actual data sent in the packet and not just its header? How do I check how the radio returns stuff like the version? Also, what are these URB_BULK requests? Does it mean that it just dumps its memory without some specific protocol? I really need help here, I'm very new to this (Haven't worked on this for more than a couple hours, actually, and this is my first time reverse engineering anything and using WireShark or USBPcap, and I have a lot of questions). Thank you for your help!
Hi Kosmas,
I think that you will find that the way CHIRP is currently written, it will not readily be able to support digital radios.
Jim KC9HI
participants (3)
-
Jim Unroe -
Kosmas Raptis -
Tony Fuller