[chirp_users] Baofeng BF-C50 & Serial Sniffing
Hi All,
I'm working to discover the cloning protocol for the Baofeng BF-C50. I have the OEM programming software installed in a Win11 VM and I can read/write the memory from the radio. Despite trying several tools, I can't find a solution which allows me to sniff both the RX and TX of a serial connection in Win11 for ARM.
https://github.com/emuehlstein/baofeng_bfc50
Instead, I've started a couple of Python scripts which emulate one side or the other and I've been slowly teasing data out of the radio and programmer. As is, my fake programmer sends the 4 byte initialization string the radio expects, the radio replies with 12 bytes, the programmer ACKs that and the radio sends a bunch more bytes but not enough bytes to be the full memory.
Any recommendations for a serial sniffing tool which will work in a Win11 Parallels VM? Recommendations on how to proceed with the script to discovering the rest of the download routine?
Thanks,
Eric KC9MHE
On Mon, Sep 18, 2023 at 2:40 PM KC9MHE Eric Muehlstein kc9mhe@gmail.com wrote:
Hi All,
I'm working to discover the cloning protocol for the Baofeng BF-C50. I have the OEM programming software installed in a Win11 VM and I can read/write the memory from the radio. Despite trying several tools, I can't find a solution which allows me to sniff both the RX and TX of a serial connection in Win11 for ARM.
https://github.com/emuehlstein/baofeng_bfc50
Instead, I've started a couple of Python scripts which emulate one side or the other and I've been slowly teasing data out of the radio and programmer. As is, my fake programmer sends the 4 byte initialization string the radio expects, the radio replies with 12 bytes, the programmer ACKs that and the radio sends a bunch more bytes but not enough bytes to be the full memory.
Any recommendations for a serial sniffing tool which will work in a Win11 Parallels VM? Recommendations on how to proceed with the script to discovering the rest of the download routine?
Thanks,
Eric KC9MHE
You might ask this question in the [chirp_devel] mailing list to have a more targeted audience.
I use Serial Port Monitor here. I don't know if it will run in Parallels VM, but it runs in my Windows VirtualBox VM. It is a paid program. I bought it when it was only $69. It has a ridiculous price of $199 now! It looks like you can get a "Non-Commercial FREE" copy in exchange for a review. https://www.serial-port-monitor.org/
There is a "free" program that I used before purchasing what I am using now. It provides 5, 20-minute sessions per day. You've got nothing to lose by trying it. https://freeserialanalyzer.com/
I just ordered a BF-C50 from a seller on AliExpress. If they are a legitimate seller, the radio should be delivered around the 2nd week of October. If you haven't gotten yours sorted out by then, I can make some serial captures for you.
Jim KC9HI
Have you tried Wireshark?
On Mon, 2023-09-18 at 13:37 -0500, KC9MHE Eric Muehlstein wrote:
Hi All,
I'm working to discover the cloning protocol for the Baofeng BF-C50. I have the OEM programming software installed in a Win11 VM and I can read/write the memory from the radio. Despite trying several tools, I can't find a solution which allows me to sniff both the RX and TX of a serial connection in Win11 for ARM.
Thanks Jim and Paul.
I did try Wireshark (that'd be my preference) but there's an issue that prohibits me from using it in the Win11 ARM VM and another issue that preventing me from using it on the MacOS host.
I made some more progress yesterday (in my Github). I'm going to keep hacking at it and maybe borrow a friend's Windows laptop to get it done.
Eric
On Mon, Sep 18, 2023, 19:11 Paul L Schmidt k9ps@arrl.net wrote:
Have you tried Wireshark?
On Mon, 2023-09-18 at 13:37 -0500, KC9MHE Eric Muehlstein wrote:
Hi All,
I'm working to discover the cloning protocol for the Baofeng BF-C50. I have the OEM programming software installed in a Win11 VM and I can read/write the memory from the radio. Despite trying several tools, I can't find a solution which allows me to sniff both the RX and TX of a serial connection in Win11 for ARM.
chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users This message was sent to Eric Muehlstein at kc9mhe@gmail.com To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com To report this email as off-topic, please email chirp_users-owner@intrepid.danplanet.com Searchable archive: https://www.mail-archive.com/chirp_users@intrepid.danplanet.com
To close this thread out... after reading through a few other Chirp drivers I noticed some striking similarities with the Retevis RB18. I was able to successfully clone the radio using that driver; however, there are some things that don't quite match (like the number of channels). I'm going to pursue an adaption of the RB18 driver for the Baofeng BF-C50 and will move any follow up questions to the chirp_devel list.
My ongoing tests here: https://github.com/emuehlstein/baofeng_bfc50
Thanks!
On Tue, Sep 19, 2023 at 8:25 AM Eric Muehlstein kc9mhe@arrl.net wrote:
Thanks Jim and Paul.
I did try Wireshark (that'd be my preference) but there's an issue that prohibits me from using it in the Win11 ARM VM and another issue that preventing me from using it on the MacOS host.
I made some more progress yesterday (in my Github). I'm going to keep hacking at it and maybe borrow a friend's Windows laptop to get it done.
Eric
On Mon, Sep 18, 2023, 19:11 Paul L Schmidt k9ps@arrl.net wrote:
Have you tried Wireshark?
On Mon, 2023-09-18 at 13:37 -0500, KC9MHE Eric Muehlstein wrote:
Hi All,
I'm working to discover the cloning protocol for the Baofeng BF-C50. I have the OEM programming software installed in a Win11 VM and I can read/write the memory from the radio. Despite trying several tools, I can't find a solution which allows me to sniff both the RX and TX of a serial connection in Win11 for ARM.
chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users This message was sent to Eric Muehlstein at kc9mhe@gmail.com To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com To report this email as off-topic, please email chirp_users-owner@intrepid.danplanet.com Searchable archive: https://www.mail-archive.com/chirp_users@intrepid.danplanet.com
participants (4)
-
Eric Muehlstein -
Jim Unroe -
KC9MHE Eric Muehlstein -
Paul L Schmidt