The following information was taken off the ALT.RADIO.SCANNER newsgroup of
the UseNet. I cannot attest to its validity, but it sure seems worth a
repost.
Bill Cheek | bcheek@san.rr.com
Windows 95 Juggernaut Team | Microsoft MVP
=====================================================================
Path: newsfeed.san.rr.com!news-out.internetmci.com!newsfeed.internetmci.com!
howland.erols.net!news-peer.sprintlink.net!sprint!
news-pull.sprintlink.ne!news.sprintlink.net!news-chi-13.sprintlink.net!
gergs_bane.org!anon
From: DrQuack@intergate.bc.ca
Newsgroups: alt.radio.scanner
Subject: Unauthorized WINRADIO Hack
Date: 19 Apr 1997 09:27:50
Sender: DrQuack@intergate.bc.ca
Message-ID:
NNTP-Posting-Host: pm22s7.intergate.bc.ca
Lines: 179
Dear Hackers and Crackers!
This document is a purely UNAUTHORIZED WINRADIO SDK (software developers kit)
brought to you by an escapee of the Legion Of Doom, or perhaps a liberated
asylum inmate. This is not manufacturer-provided info. They do not supply
this information even if you beg for it (believe me, I tried). But there are
other means of getting what you want... What you do with this is strictly
your business. Warning: don't go to Rosetta Laboratories for support,
clarification, interpretation, or other help. If you do, they might go into
spasmic shock and could even call a lawyer in... :-)))
With the below information, you can get right to the heart of matters - the
original Windows user interface is no longer between you and the WiNRADiO
card. You can control it directly from your own software: use your
imagination. No guarantees, no claims, no bullshit, no nothing is attached
to this information.
===============================================================
Directly Communicating with WiNRADiO
Port addresses
==============
The card occupies eight consecutive I/O addresses.
The base address may be one of:
180h, 188h, 190h, 198h, 1A0h, 1A8h, 1B0h, 1B8h
The eight ports are used as follows:
Offset Read Write
====== ============= ==============
0 Read MCU data Write MCU data
1 Read status Reset MCU (1)
2-7 reserved reserved
Note 1. Write 0 then 1 to BASE+1 to force a hardware reset
of the MCU. This will re-initialize the receiver card.
The status port (at BASE+1) is configured as follows:
Bit Name Function
======= ======== =================================
0 IBF High if Read-MCU port is full
1 OBF High if Write-MCU port is full
2 -XLD Inverse of PLL lock detect signal
from radio card
3-7 reserved Reserved
MCU commands
============
The MCU responds to the following commands:
* Some commands are followed by one or more data bytes,
noted in the WR# column. Some commands return one or
more bytes of data, noted in the RD# column.
* Before sending a byte, wait until bit 1 of the status
port is clear.
* To read a byte, wait until bit 0 of the status port is set.
Group Cmd Name Function WR# RD#
======= === ===== =================================== === ===
MCU 00 NOP No operation - -
fnctns 01 RESET Reset all outputs to startup values - -
00-1F 02 SETHARD On MCU reset, reset receiver card also - -
03 SETSOFT On MCU reset, do NOT reset receiver card - -
04 SOFT? Return 0/1 if hard/soft reset enabled - 1
05 CLRINIT Clear "initialized" flag
06 SETINIT Set "initialized" flag - -
07 INIT? Return 0/1 if "initialized" flag is
clear/set - 1
08 PWRON Turn power on - -
09 PWROFF Turn power off - -
0A PWR? 1 if power is on - 1
0B SETBFO Set BFO voltage (MSB/LSB) 2 -
0C BFO? Return current BFO setting - 2
0D HELLO Returns $55, $AA (diagnostics) - 2
0E VERS? Returns MCU S/W version as a NULL
terminated string - ?
Read 40 Rsrvd Reserved for future use - 1
analog 41 RDRSSI Read current RSSI voltage - 1
voltages 42 RDAGC Read current AGC voltage - 1
40-4F 43 RDAUD Read current audio sample - 1
45 RDVBFO Read VBFO feedback level - 1
High 50 MUTEOFF Turn mute off - -
level 51 MUTEON Turn mute on - -
Fnctns 56 ATTENON Turn attenuator on - -
50-6F 57 ATTENOFF Turn attenuator off - -
5A BAND1 Select BAND 1: 0.5 to 50 MHz - -
5B BAND2 Select BAND 2: 50 to 513 MHz - -
5C BAND3 Select BAND 3: 513 to 1300 MHz - -
5E SSB Select SSB - -
5F AM AM - -
60 FM-N FMN - -
61 FM-W FMW - -
66 SETMXAB Enable both mixers: 513 - 798 MHz - -
67 SETMXA Enable mixer A: 300 - 513, 798 - 1106 MHz - -
68 SETMXB Enable mixer B: .5 - 300, 1106 - 1300 MHz - -
69 SETVOL Set volume 0-31 1 -
6A WRTVOL Write to current volume register 1 -
6D SETPLLC Set PLL register C 1 -
6E SETPLLR Set PLL register R 2 -
6F SETPLLA Set PLL register A 3 -
Queries 80 MUTE? 0 if mute is on - 1
80-9F 83 ATTEN? 1 if attenuator is on - 1
85 BAND? Band# 1/2/3 - 1
86 MODE? 0=SSB, 1=AM, etc. - 1
88 MX? 1=mixer A, 2=mixer B, 3=both - 1
89 VOL? Return current volume setting 0-31 - 1
8C PLLC? Return current PLL register C - 1
8D PLLR? Return current PLL register R - 2
8E PLLA? Return current PLL register A - 3
Setting the Frequency
=====================
Three values have to be sent to the PLL,
to registers C, R and A.
The frequency range is divided into 5 ranges:
0.5-300, 300-513, 513-798, 798-1106, 1106-1300 MHz
To calculate the VCO frequency, add: 556.325, 249.125
58.075, -249.125, -556.325 MHz to the receiver
frequency according to the above ranges.
The PLL generates the VCO frequency according to the
following equation: fvco = 12.8 MHz * N / R
The value of R must range from 640 to 2560,
and N up to 262144.
The ratio of N/R must be calculated for the
desired VCO frequency.
Once the N and R values have been calculated,
the PLL can be programmed:
* PLL register C is always set to 0x2C
* PLL register R is set to: 0x4000 + R
* PLL register A is set to: 0x700000 + (N & 63) + ((N >> 6) << 8)
After the PLL has been programmed, the Band has to be set
(see commands 5A to 5C) and the Mixer has to be set
(see commands 66-68).
Setting the Volume
==================
After first applying power, the volume has to be reset (allow about 1 second
for the radio receiver to completely power up before setting the volume, it
may be a good idea to mute the audio during the power up phase).
Send 31 to command 6A (write to volume register).
Send 0 to command 69, then send the actual volume
(also to command 69).
Once this has been done, the volume can be set by sending the
desired volume level to command 69.
Setting the BFO
===============
The BFO has to be within +/- 3000 Hz.
Setting the BFO requires calculating the 2 bytes
to be sent to command 0B.
First, if the receiver frequency is equal to or
above 513 MHz, negate the BFO offset.
Ct = pow2(5e5 / (3.14159 * (455.0 + bfo / 1000.0))) / 212.46 - 560.14
C = (47 * Ct) / (47 - Ct)
V = exp(((50 - C) / 41) * ln(10))
Value to send to BFO command 0B equals the Low byte and
High byte of the integer value of: V * 6553.5.
END OF FILE
=============================================================
DO NOT CONTACT THE MANUFACTURER ABOUT THIS INFORMATION !!
=============================================================
--- Hertzian Mail+
---------------
* Origin: Hertzian Intercept-San Diego 619-578-9247 (6pm-1pm) (1:202/731)
|