19
edits
Changes
Jump to navigation
Jump to search
Add details on changing frequency, Add link to firmware dumps
==Original Firmware==
Original firmware is not locked and can be dumped with Rlink-STD Debugger with RFlasher7.
Several dumps are publicly available on https://github.com/MrARM/lms6/tree/master/dumps
Vector table and other interesting addresses:
*0x9CDB - The start of frequency registers, each dip switch has registers starting from this address.
*0xE003 - Serial number, at least 3 bytes. Ex: 0x7C6A34 is 8153652 big-endian.
*0xE100 to 0xE136 - something that changes between units. Maybe calibration factors? Checksums?
[[File:TX circuit modified.jpg|alt=Picture of circuit board|thumb|Picture of TX circuit, highlighting components to remove to disable amplifier and a replacement jumper.]]
When testing, it's important not to transmit on unlicensed frequencies. Emissions can be eliminated by replacing the RF amplifier with a jumper between pins 1 and 3, and terminating the load at the antenna connection. The amplifier is an SOT-89 device just above the "-" terminal of B3. To access the RF chain, the shield housing may need to be temporarily removed. Also remove the bias feed resistor just below the "L104" marking. Then, remove the transmitter antenna from the "ANT1" connections. Use a 50 ohm resistor across the two terminals to provide a terminating load and eliminate any further transmission. Near-field reception is still possible after making these changes.
<br />
=== Change Frequency<ref>https://github.com/MrARM/lms6#change-the-tx-frequency</ref> ===
It is possible to change the TX frequency by modifying what is sent to the cc1050(radio) registers. Here is an example on how to get 422.5 MHz
# Download this frequency calculator: https://github.com/rsaxvc/LMS6APRS/blob/master/docs/cc1050%20frequency%20calculator.ods
# The easiest way to get started is to edit NWS1111's frequency(row 17), delete column D and J.
# Change column J to your desired frequency(for this example, 422.500000). Try to keep your frequency close to the original if you want to only have to change the frequency register.
# A number in column I will appear, copy this number to column D and round it up.
# Start gradually adjusting column D until the frequency error (col. K) is around ±5
# Convert your number in column D to hexadecimal
# Acquire a dump of your LMS-6 firmware using a programmer
# Go to 0x9D8F in the dump in a hex editor and insert the first two bytes of your hexadecimal number. Insert the next two after the 05 byte and the final two after the 07 byte.
# Save this hex file and flash it to the LMS-6
# Set all dip switches to 1 1 1 1 and turn on your LMS-6, you should be able to see it transmitting in your desired frequency. If you see abnormalities with the waveform, make sure your Freq Err is good, and check your FSEP and REFDIV values.
==Instruction Timing Tables==
