Why This Post Exists I wanted to learn practical fault injection on low-cost MCUs like WCH CH32V003 and Puya PY32. The usual recommendation is ChipWhisperer, and yes, it is excellent. But in my reality, it is also expensive and often hard to source (sometimes effectively unobtanium in my region). Pico Glitcher V2 (now V3) was the lifesaver. Affordable, available, hackable, and excellent enough to do real work. ...
We are working on reversing the Huidu HD-R712 LED Display Full Color Receiving Card - a very cost-effective (~1000 INR) and widely available FPGA board. We draw inspiration from the https://github.com/q3k/chubby75 work. FPGA Blink Project Files 1 Random brain dump $ sudo openFPGALoader --cable dirtyJtag --freq 10000 --detect Jtag frequency : requested 10000Hz -> real 10000Hz index 0: idcode 0x4014c35 manufacturer anlogic family eagle d20 model EG4D20EG176 irlength 8 $ sudo openFPGALoader --cable dirtyJtag --detect Jtag frequency : requested 6000000Hz -> real 6000000Hz index 0: idcode 0x4014c35 manufacturer anlogic family eagle d20 model EG4D20EG176 irlength 8 JTAG pinout: V ┌───────────────────┐ │ 1 3 5 7 9 │ │ 2 4 6 8 10 │ └───────────────────┘ 9 => TCK 7 => TDO 5 => TMS 3 => NC (Not Connected) 1 => TDI The pin mapping work was done using a DMM, the datasheet, and an optical magnifier. ...
Polar Modulation for Everyone We have been working on SSB generation using polar modulation. Hardware stack: RP2350-Zero MCU board + Fast Si5351 module + AP63301 buck regulator (for 5W mode). See https://github.com/kholia/PolarModulationSSB for details. Audio fidelity is acceptable at the moment and should improve further. We still need to hook up the amplitude ("envelope") restoration stage. Motivation Why should Guido, Hans, and FlexRadio folks have all the fun? ;) ...
I recently worked on a PA0FRI active antenna redesign using fast BFR93A, BFR106, and BFR193 transistors. Design 3D render: Schematic: Previous Next / [pdf] View the PDF file here. Simulation Results ...
Description We have built the simplest, power efficient and 'ready-for-solar' APRS Digipeater and iGate on a MCU (RPi Pico 2 W)! Our existing KISSLink v1 BLE KISS TNC device is capable of running in standalone mode with an alternate firmware! Goal(s): Our design prioritizes low power, reliability, and unattended deployment over flexibility. And yes, we want to do this with cheap, widely available BaoFeng radios. This means a couple of things: ...
Description We have built a Bluetooth-enabled and APRSdroid-compatible digital interface (KISS TNC) for less than 15 USD (for the fully-loaded make including cables). We call it the KISSLink v1. This digital interface can be powered from the USB 5V or the inbuilt battery. Schematic Previous Next / [pdf] View the PDF file here. RX path simulation (AF front-end) ...
Design Here is a "safe" APRS interface for BaoFeng and other radios. Sample schematic: Previous Next / [pdf] View the PDF file here. Render ...
Idea Ismo recently shared the https://github.com/CoolNamesAllTaken/adsbee project, which is very interesting. Challenges The ADS-B (Automatic Dependent Surveillance-Broadcast) system uses a data rate of 1 Mbit/s (1 megabit per second) for aircraft position and identification transmissions on 1090 MHz. Unfortunately, this is too fast for HOPERF CMT2300A and related transceiver chips. This led us to consider the following VFM ADS-B RX chain. Architecture Here is a simple ADS-B receiver chain. Antenna (a simple dipole / ground-plane antenna / PCB antenna) ➔ Zeenko LNA ➔ ADS-B Bandpass SAW Filter ➔ 100 pF (DC block) ➔ (Optional digitally controlled RF attenuator for AGC loop) ➔ Fast Schottky detector diode (BAT68 SOT-23) ➔ RC filter (10 kΩ, 10-33 pF) ➔ MCP6567 SOIC-8 comparator with output pull-up ➔ MCU GPIO (RP2350 PIO controlled). ...
Ismo (OH2FTG) has praised the STM32's ADC quality multiple times, and I finally decided to give it a go. I usually stick with Waveshare RP2350-Zero boards, but the RP2350 ADC performance is limited to under 10 ENOB. With the STM32H562RGT6, we're able to achieve ~13 ENOB using 16× hardware ADC oversampling, with potential headroom to push this even further. By sampling the Si4732's SSB output using the STM32H562RGT6 ADC and exposing the audio samples to the host via a "virtual" USB UAC-2 device, we get the following RX results: ...
The PE4312 is a 50Ω, 6-bit RF digital step attenuator available for around 2 USD. Pretty neat for implementing real digital AGC! For half-the-price we can get the alternate Archiwave ARW637 or ARW621A ICs which work very similarly to PE4312! References: Archiwave ARW637 Archiwave ARW621A