AR-DV10 Internal images and tests

Status
Not open for further replies.

theoldcop

Member
Premium Subscriber
Joined
Dec 19, 2002
Messages
480
Location
Wilmington, NC
Fantastic news!

Icom’s response to my query:

Recently you requested personal assistance from our on-line support center. Below is a summary of your request and our response. We will assume your issue has been resolved if we do not hear from you within 3 business days. Thank you for allowing us to be of service to you. To access your question from our support site, click here
Subject
DMR?

Response By Email (Harry) (08/01/2018 10:38 AM)


Greetings John,
No, we have not heard about this update from Home company yet. All modes that the receiver supports are listed here under specifications: IC-R30 | Products | Icom Inc
 

theoldcop

Member
Premium Subscriber
Joined
Dec 19, 2002
Messages
480
Location
Wilmington, NC
Damn, just paid for the DMR upgrade for my SDS100!
Still, the ic-r30 can't do trunking.

You know if Icom will charge for the upgrade?

Icom has stated that they have no knowledge as to a DMR upgrade. I guess then my question would be, how deep does Mr. TMac20’s contact go in the company? Always possible that his info. is good but the Icom employee just isn’t aware.
 

F5HPE

Member
Joined
Jun 9, 2016
Messages
181
Location
France
I also found it interesting that AOR does not seem to encrypt their firmware, neither for the DV1 and DV10.

Where did you found such info? Any link to give us?

Once the frimware codes are compiled, it is impossible to read or decode the firmware and do any reverse enginring operation.

Even an engineer from Berkeley, MIT or Cambridge who is unemployed could not get away with it.

Once compiled, it is not possible to find the organizational structure of the initial codes or the language used and so.
 

Ubbe

Member
Joined
Sep 8, 2006
Messages
8,944
Location
Stockholm, Sweden
Once compiled, it is not possible to find the organizational structure of the initial codes or the language used and so.

Just check what the Git community have done to the Tytera MD380 DMR radios firmware. It is a lot of work to reverse engineer enough to be able to add new functions like they have with the MD-380 but as long as the firmware are only compiled and not encrypted there are always easy ways to change little things like texts and timers that almost anyone with some computer knowledge can do. Tyteras firmware where actually encrypted but they left the encryption key in open view in the firmware upgrade file so it could be decrypted.

I don't have any higher programming skills, can only do op code programming, and need to have a book in front of me to look up what the op codes means but I still managed to add new functions to some commercial 2-way radios and basestation controllers that didn't had encrypted firmware just by studying the op codes for the CPU and have a Basic program convert the op codes to something I understood like "Load register $54 with #0A". And then try and figure out what $54 are used for and finally find out by trial and error that it is the adress for the display and 0A are the tenth position.

/Ubbe
 

Citywide173

Member
Premium Subscriber
Joined
Feb 18, 2005
Messages
2,151
Location
Attleboro, MA
I have admittedly not paid as much attention to this radio as I could have.

Thank you for the pics, it's a lot more than many of us get to see while researching possible purchases.

Does it do Phase II trunk tracking? There was a discussion in another thread between myself and @ur20v on this subject and I was wondering what the answer was.
 

c0ne

Member
Joined
Jun 8, 2018
Messages
254
pirates are way cooler then ninja's

Where did you found such info? Any link to give us?

Once the frimware codes are compiled, it is impossible to read or decode the firmware and do any reverse enginring operation.

Even an engineer from Berkeley, MIT or Cambridge who is unemployed could not get away with it.

Once compiled, it is not possible to find the organizational structure of the initial codes or the language used and so.

Apparently you think that everything has to be decompiled back to C/C++ code to become readable, That's not true. Since the CPU architecture is known now(Thanks TMac20, I own you some beer) I can disassemble it.

"Even an engineer from Berkeley, MIT or Cambridge who is unemployed could not get away with it." This made me laugh a bit. Ask them if you can reverse engineer a unencrypted firmware once you know its architecture, they will tell you yes... it's easy.

In order to add/modify code you have to rebuild the firmware images including the checksums, If someone just wants to know for example how a particular algorithm works he simply just study's the RX disassembly, Find a string that's interesting and trace it back to where it referenced and analyse the code. If static analysis is not sufficient he can always attach a JTAG and debug it live.
 

c0ne

Member
Joined
Jun 8, 2018
Messages
254
F5HPE, have a look at openscanner his awesome work, he also made the IDA CPU for the RX63 for which i'm so thankful!

https://twitter.com/openscanner

Adding encryption could hide future code, but it can not hide the code that was already introduced into the previous firmwares that aren't encrypted.
 

woodpecker

Member
Joined
Aug 7, 2005
Messages
729
Does it do Phase II trunk tracking? There was a discussion in another thread between myself and @ur20v on this subject and I was wondering what the answer was.

Here's a summary of the DV10

It doesn't support Phase II
It doesn't trunk ANY mode
It doesn't provide any digital info except NAC, CC and RAN
It has a frequency error making it useless for any serious listener
It has a frequency drift
The DMR filter is too wide resulting in poor performance
The automode filter is too wide making automode poor for NXDN48, iDas and DMR
Remote control commands lock the radio solid requiring battery removal
It suffers from image problems at fundamental + IF
Firmware is full of bugs

Its like an unfinished pre-production prototype with a very high price tag.
 

Citywide173

Member
Premium Subscriber
Joined
Feb 18, 2005
Messages
2,151
Location
Attleboro, MA
Thank you, I was hoping my pre-release assessment was wrong, but it in fact was more optimistic than what the final product turned out to be.

Here's a summary of the DV10

It doesn't support Phase II
It doesn't trunk ANY mode
It doesn't provide any digital info except NAC, CC and RAN
It has a frequency error making it useless for any serious listener
It has a frequency drift
The DMR filter is too wide resulting in poor performance
The automode filter is too wide making automode poor for NXDN48, iDas and DMR
Remote control commands lock the radio solid requiring battery removal
It suffers from image problems at fundamental + IF
Firmware is full of bugs

Its like an unfinished pre-production prototype with a very high price tag.
 

TMac20

Member
Joined
Jul 6, 2018
Messages
138
Thank you, I was hoping my pre-release assessment was wrong, but it in fact was more optimistic than what the final product turned out to be.

Hello

More digital info on top of already NAC, CC and RAN is coming soon
Will be updated soon - DMR filter and the automode filter
Will be updated soon - Remote control commands and appropriate driver

New firmware releases out shortly (likely in around 10 days or so)

Support Phase II will be coming soon.
 

TMac20

Member
Joined
Jul 6, 2018
Messages
138
Damn, just paid for the DMR upgrade for my SDS100!
Still, the ic-r30 can't do trunking.

You know if Icom will charge for the upgrade?

Hello - I do not know if they will charge, when I know more I will update everyone. I will have the unit shortly also and can do some comparisons.
 

TMac20

Member
Joined
Jul 6, 2018
Messages
138
Apparently you think that everything has to be decompiled back to C/C++ code to become readable, That's not true. Since the CPU architecture is known now(Thanks TMac20, I own you some beer) I can disassemble it.

"Even an engineer from Berkeley, MIT or Cambridge who is unemployed could not get away with it." This made me laugh a bit. Ask them if you can reverse engineer a unencrypted firmware once you know its architecture, they will tell you yes... it's easy.

In order to add/modify code you have to rebuild the firmware images including the checksums, If someone just wants to know for example how a particular algorithm works he simply just study's the RX disassembly, Find a string that's interesting and trace it back to where it referenced and analyse the code. If static analysis is not sufficient he can always attach a JTAG and debug it live.

Hello,

I don't want to rain on anyone party - but yes, all can be decoded and reverse engineered pretty quickly if solid obfuscation is not used..

I use a product by Pre-Emptive Solutions for this and have done for all .Net software since 2006 - it's very important.

I can't comment on how or if it will work on this unit as that is not my application for software, but certainly there are many ways it can be obfuscated if it's not already.
 

Citywide173

Member
Premium Subscriber
Joined
Feb 18, 2005
Messages
2,151
Location
Attleboro, MA
Hello

More digital info on top of already NAC, CC and RAN is coming soon
Will be updated soon - DMR filter and the automode filter
Will be updated soon - Remote control commands and appropriate driver

New firmware releases out shortly (likely in around 10 days or so)

Support Phase II will be coming soon.

The discussion centered around the Phase II, Since current agreed upon Phase II parameters only address trunking, will the unit track trunking systems (which was their position) or will it only be able to process Phase II on a single voice channel and not follow the trunk (my position?)
 

c0ne

Member
Joined
Jun 8, 2018
Messages
254
Hello

More digital info on top of already NAC, CC and RAN is coming soon
Will be updated soon - DMR filter and the automode filter
Will be updated soon - Remote control commands and appropriate driver

New firmware releases out shortly (likely in around 10 days or so)

Support Phase II will be coming soon.

That sounds good!
 

F5HPE

Member
Joined
Jun 9, 2016
Messages
181
Location
France
F5HPE, have a look at openscanner his awesome work, he also made the IDA CPU for the RX63 for which i'm so thankful!

https://twitter.com/openscanner

Adding encryption could hide future code, but it can not hide the code that was already introduced into the previous firmwares that aren't encrypted.

Hey c0ne, this doesn't concerne DV10 and also it is not applicable to DV10.
This page show hjow the radio add been physicaly modified with some extra wire and connectors.
It doesn't show how to do the same on DV10.
You are simply confusing and not reading the proper topics.
 

F5HPE

Member
Joined
Jun 9, 2016
Messages
181
Location
France
Well, this would explain why AOR doesn't encrypt their firmware - they don't think it can be decompiled and reverse engineered...

That's right. Also in order to start for any reverse it is necesary to have some leaks from the R&D or Software section.
Without leaks..... no way.
 
Status
Not open for further replies.
Top