Open main menu

Teardown Video

6 minute video @ 3x playback speed showing full disassembly of the radio with commentary, full length video with no audio here.

Teardown PCB Pictures

Modules and Interconnects


Mechanical Pictures


Reverse Engineering Efforts

 
Kenwood TH-D74 connected to JTAGulator

High level goals

  • Obtain a copy of the firmware for analysis/modification
  • Understand how the radio works and what test ports are available internally

Obtaining firmware

  • Determine routes of attack
    • JTAG Port
    • Serial Port
    • Hardware attack - Remove Flash Memory and read directly (possibly encrypted)

Initially the radio was opened and wires were soldered to test points and a port of interest as seen in the video below.
<youtube></youtube>

Understand how the radio works


Datasheets