6 minute video @ 3x playback speed showing full disassembly of the radio with commentary, full length video with no audio here.
Teardown PCB Pictures
Modules and Interconnects
Reverse Engineering Efforts
High level goals
- Obtain a copy of the firmware for analysis/modification
- Understand how the radio works and what test ports are available internally
- Determine routes of attack
- JTAG Port
- Serial Port
- Hardware attack - Remove Flash Memory and read directly (possibly encrypted)
Initially the radio was opened and wires were soldered to test points and a port of interest as seen in the video below.
Understand how the radio works