New Model #1489

Wouxun KG-UV950P Quad Band

Added by Matthew Poertner almost 5 years ago. Updated 4 months ago.

Status:In Progress Start date:03/11/2014
Priority:Normal Due date:
Assignee:Ron Wellsted % Done:

0%

Category:-
Target version:0.5.0
Chirp Version:daily Equipment Loan Offered:No

Description

I would love to be able to use CHIRP on this new radio. I definitely would loan it out to help. Thanks!

kg-uv950pl_protocol.txt (490 Bytes) Ron Wellsted, 01/26/2016 05:51 am

download.txt - Wouxun software downloading from radio (278.2 kB) Ron Wellsted, 01/29/2016 12:21 pm

upload.txt - Wouxun software uploading to radio (538.2 kB) Ron Wellsted, 01/29/2016 12:21 pm

test.py - Test python script. (5.3 kB) Pavel Milanes, 01/25/2018 06:39 am

data_down_clean.txt - Cleaned data extracted from the download.txt (86.1 kB) Pavel Milanes, 01/25/2018 06:39 am

History

Updated by Ian Beeby about 4 years ago

I am in UK and have just bought one of these radios - the Wouxun software is lamentable and anything would be a significant improvement. I would be delighted to help and in particular testing would be easy for me. I have OS-X, Ubuntu 12.04LTS and Win8.1 machines available (although the latter belongs to another).

There is a clear bug with the Wouxun interface cable which is that the version of the Prolific PL2303 device used is not supported in Win8.1 - you have to roll back the driver to an earlier version before the cable will actually work - users and testers beware.

I can lend my radio although shipping/insurance is a concern. I am based in DE4 and HA8 postcode areas from time to time and can also be found in WC2A.

Regards,

Ian, G8OGJ

Matthew Poertner wrote:

I would love to be able to use CHIRP on this new radio. I definitely would loan it out to help. Thanks!

Updated by Stefano Sbarzagli over 3 years ago

Me also waiting for this model supported. I can loan a radio.

Updated by Ron Wellsted almost 3 years ago

  • File kg-uv950pl_protocol.txt added
  • Assignee set to Ron Wellsted
  • Target version set to 0.4.1
  • Equipment Loan Offered changed from Yes to No

I have recently purchased the KG-UV950PL (European version with 6m/4m/2m/70cm) and have started work on the driver. Currently trying to understand the protocol used. It is similar to (but sufficiently different from) the KG-UV8D.

Updated by Ron Wellsted almost 3 years ago

This proving difficult as it appears that the serial protocol is encrypted.

Updated by Pavel Milanes almost 3 years ago

I don't want to say "encrypted" but "encoded", the same that I suspected for the KG-UV9D one in #2671.

I have kind of characterized the KG-UV9D comm protocol and I bet it will be similar to this, and the data in the download/upload don't have any logic at a glance, so I suspected about an encoded (encrypted?) data transfer.

I tried to contact Wouxun about this but no luck yet.

Updated by Ron Wellsted almost 3 years ago

Attached are my captures of the download/upload from the Wouxun software. The encoding does show a pattern for the memory slots (\xda \x85 records on the upload). There is a similarity with the KG-UV9D as in #2671
Based on the number of packets sent, it looks like the radio/software transfers 4 memory slots at a time and seems to use 16 or 18 bytes per slot.

Updated by Ron Wellsted almost 3 years ago

  • Target version changed from 0.4.1 to 0.5.0

Analysing the dumps, and looking at the 4th packet from download.txt (DA 82 00 06 57 1B 1B 1B 1B 1B 1F) and the 3rd packet from upload.txt (DA 83 FF 06 57 1B 1B 1B 1B 1B 1F), the "checksum" (1F) is the same even though 2 bytes in the header (DA 82 00 06 vs DA 83 FF 06) are different. This indicates that the 4 header bytes are not used in the calculation of the "checksum".

Since the initialisation packet (1st packet sent to the radio) seems to always provoke a reply with a 100 byte payload, I am beginning to suspect that the encoding/encryption key is buried in that first packet. The initialisation packet (DA 80 FF 00 58) does use the same checksum algorithm as the KG-UV8D. i.e. Start with -1 then add in the first four bytes using modulo 256.

Updated by Pavel Milanes 11 months ago

  • Chirp Version changed from 0.3.0 to daily

Hi Ron et all.

I did some tinkering with the serial logs and the crypt protocol is similar to the used by the KG-UV8D Plus, but the checksum of each packet is unknown yet.

It has some different approach but I did manage to decode packet data, so there is an advance, notes and sample code are at home, so tomorrow will upload all of them.

Just need to give the good news to the group, we have an advance on this one.

73 Pavel CO7WT.

Updated by Pavel Milanes 11 months ago

Hi to all.

As promised here comes the scripts with the tests, the test.py script will read the data_down_clean (this is the transfer data extracted from the download.txt file of this issue) and will output the decoded data stream payload.

As you will see the crypt trick is almost the same but the checsum algorithm is unknown yet and need more work.

Some example output:

===================================================%<-------------------------------------------------
pavel@agatha-lt:~/Chirp/KG-UV950P$ python test.py
Ident record
Decrypted payload [100][100]
000: 4b 47 2d 55 56 39 35 30 52 32 43 10 80 17 90 42 KG-UV950R2C....B
016: 00 46 90 05 00 05 40 07 00 07 60 32 00 39 90 70 .F.......`2.9.p
032: 00 98 50 14 00 17 30 42 00 46 90 05 00 05 40 07 ..P...0B.F....
.
048: 00 07 60 14 00 17 30 00 10 80 17 90 42 00 46 90 ..`...0.....B.F.
064: 05 00 05 40 07 00 07 60 32 00 39 90 70 00 98 50 ......`2.9.p..P
080: 14 00 17 30 42 00 46 90 05 00 05 40 07 00 07 60 ...0B.F....
...`
096: 14 00 17 30 00 00 00 00 00 00 00 00 00 00 00 00 ...0............

Invalid packet
Decrypted payload [3][3]
000: 00 4c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 .L..............

Invalid packet
Decrypted payload [6][6]
000: 00 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .L..............

Invalid packet
Decrypted payload [3][3]
000: 08 10 10 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
===================================================%<-------------------------------------------------

You can at a glance see the ident string and some of the bad edges in the first packet, yet the checksum is invalid [Invalid packet]

73 Pavel CO7WT.

Updated by Jim Neel 4 months ago

Are we getting any closer to a solution with this radio?
I'm mostly interested in being able to open the frequency
above 480mhz into the T-Band 510mhz

Also available in: Atom PDF