[chirp_devel] Wouxun Mobile Radios

Dan Smith
Sun Jun 8 18:57:34 PDT 2014 

Hi Jim,

Sorry for taking so long to get back to you on this.

> So I have attached the logs from both radios in the hope that a few
> might be able to assist me (or at least guide me) with getting started.
> Thanks in advance.

Here are some ideas based on patterns I see in the logs. Hopefully it 
will help you get your bearings on things. At the end of the day, it 
takes a *lot* of study and experimentation. Trying to replicate the 
behaviors you see the program taking and verifying that you get the same 
result is an important step, and then you can start guessing what the 
messages mean.

 From the UV920 log:

> 17	0.00767192	KG-UV920P.exe	IOCTL_SERIAL_PURGE	Silabser0	SUCCESS	Purge: TXCLEAR RXCLEAR	
> 18	0.00097331	KG-UV920P.exe	IRP_MJ_WRITE	Silabser0	SUCCESS	Length 5: 7E 80 FF 00 0F 	
> 19	0.53000758	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 10: 7E 80 00 1A 1B 17 5D 25 26 09 	
> 20	0.00000726	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 10: 02 00 22 42 00 51 90 13 60 17 	
> 21	0.00000251	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 11: 40 42 00 51 90 13 60 17 40 01 0C 	
> 22	0.00284142	KG-UV920P.exe	IOCTL_SERIAL_PURGE	Silabser0	SUCCESS	Purge: TXCLEAR RXCLEAR	

> 23	0.00097582	KG-UV920P.exe	IRP_MJ_WRITE	Silabser0	SUCCESS	Length 8: 7E 82 FF 03 00 64 03 0B 	

I think 7E is a start-of-block, 82 is a bus address. It looks like 82 is 
the radio, 80 is the PC. So when the PC says "hey 82 here is a message", 
it is saying "hey radio, here is a message". This looks a lot like 
Icom's CIV protocol and 80/82 are common addresses.

I think 03 is the length, but I'm not sure if the three bytes are "00 64 
03" or "64 03 0B". I would think maybe the last byte would be a 
checksum, but 0+64+3 != 0B, so I'm not sure.

So, I think the above is broken down as:

7E 82: Message to address 82
FF: ?
03: Three bytes
00: Maybe nothing? Maybe a message type?
64 03 0B: The data

> 26	0.00098141	KG-UV920P.exe	IRP_MJ_WRITE	Silabser0	SUCCESS	Length 8: 7E 82 FF 03 02 50 20 06 	
> 27	0.02699421	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 39: 7E 82 00 22 02 50 14 50 25 00 00 00 00 00 00 00 00 00 08 3B 00 	

Line 26 is the PC asking the radio something, perhaps for model 
identification.

> 29	0.00098057	KG-UV920P.exe	IRP_MJ_WRITE	Silabser0	SUCCESS	Length 8: 7E 82 FF 03 02 70 58 0E 	
> 30	0.05701646	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 38: 7E 82 00 5A 02 70 00 02 02 05 00 03 01 01 03 00 00 01 00 00 00 	
> 31	0.00000335	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 34: 01 00 10 01 00 20 00 00 01 00 00 10 E7 03 03 01 00 00 00 00 00 	
> 32	0.00000251	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 23: CC 00 00 00 00 00 00 00 00 00 00 0C CC 00 E1 23 FF FF E4 56 FF 	

This looks like a data block. 5A is the length (90 bytes). Nothing in 
the request looks like an early address, so maybe this is pulling out 
some config from somewhere in the middle of the memory.

> 64	0.00097163	KG-UV920P.exe	IRP_MJ_WRITE	Silabser0	SUCCESS	Length 8: 7E 84 FF 03 08 00 60 0E 	
> 65	0.06203749	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 11: 7E 84 00 62 08 00 14 50 25 00 14 	
> 66	0.00000643	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 11: 50 25 00 00 00 00 00 08 7B 00 00 	
> 67	0.00000251	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 16: 44 00 25 00 44 00 25 00 00 00 00 00 08 7B 00 00 	
> 68	0.00000251	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 	
> 69	0.00000223	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 	
> 70	0.00000223	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 	
> 71	0.00000223	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 08 	
> 72	0.00273610	KG-UV920P.exe	IOCTL_SERIAL_PURGE	Silabser0	SUCCESS	Purge: TXCLEAR RXCLEAR	
> 73	0.00096269	KG-UV920P.exe	IRP_MJ_WRITE	Silabser0	SUCCESS	Length 8: 7E 84 FF 03 08 40 60 0E 	
> 74	0.06201431	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 11: 7E 84 00 62 08 40 FF FF FF FF FF 	
> 75	0.00000335	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 11: FF FF FF FF FF FF FF FF FF FF FF 	
> 76	0.00000251	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 	
> 77	0.00000223	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 	
> 78	0.00000251	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 	
> 79	0.00000223	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 16: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 	
> 80	0.00000251	KG-UV920P.exe	IRP_MJ_READ	Silabser0	SUCCESS	Length 17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0E 	
> 81	0.00279142	KG-UV920P.exe	IOCTL_SERIAL_PURGE	Silabser0	SUCCESS	Purge: TXCLEAR RXCLEAR	
> 82	0.00097917	KG-UV920P.exe	IRP_MJ_WRITE	Silabser0	SUCCESS	Length 8: 7E 84 FF 03 08 80 60 0E 	

This looks like it's starting to pull data from the memory sequentially. 
If you look at each subsequent request, it's asking for an increasing 
memory address: 00, 40, 80, or maybe it's 0800, 0840, 0880? Anyway, this 
is the program sucking the memory out of the radio 0x40 bytes at a time 
(0x0800 + 0x0040 = 0x0840, etc).

This is definitely the less-fun part of writing a radio driver, and the 
harder part for sure as you try to figure out what is going on before 
you can get consistent dumps of memory out of the radio. Not for the 
faint of heart! :)

--Dan

More information about the chirp_devel mailing list