More ActiveGPS inspection with Python/Wireshark/Ghidra

Python, Wireshark, ActiveGPS.exe, Ghidra
My ActiveGPS device, purchased maybe 15 years ago (no more produced) 

Hardware used:
https://techcoderadio.blogspot.com/2025/04/some-activegps-pymocking.html

Enhanced version of the PyMock for the ActiveGPS (due to hw setup many retries required when running with sleep or flush .... maybe com0com would work better?). B = b'0303 ... firmware version, 3.6 is the latest version

import serial
import time

A = b'00'
B = b'03036F72AD18F8BF4B07DA01120B3215AF00'
C = b'00000'
D = b'00'
E = b'00'
J = [
     b'18F8BF4B07DA01120B3215AFFFFFFFFF',
     b'409CA961000050124EF175426C73AE41',
     b'14060D0907DB5B58421D474A4A00FFFF',
     b'FFFFFFF133FB33FB33FA33FA33FA33FA',
     b'33FA33FA33FA33FA33FA33FA33FA33FA',
     b'33FA33FFFFFFFFFFFFFFFFFFFFFFFFFF',
     b'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
     b'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000',
    ]

ser = serial.Serial('COM7', 9600, timeout=None)
print("...")
while True:
    s = ser.readline()
    #if s[0:1] == b'\xff' or s[0:1] == b'\xfe' or s[0:1] == b'\xfc':
    #    s = s[1:]
    if s[0:1] != b'&':
        s = s[1:]
    print('\r\nReceived ' + str(s))
    if s == b'&A\r\n':
        print('\tSent ' + str(A))
        ser.write(A)
    elif s == b'&B\r\n':
        print('\tSent ' + str(B))
        ser.write(B)
    elif s == b'&C01\r\n':
        print('\tSent ' + str(C))
        ser.write(C)
    elif s == b'&J\r\n':
        for i in J:
            print('\tSent ' + str(i))
            ser.write(i)
    elif s == '&E000000\r\n':
        print('\tSent ' + str(E))
        ser.write(E)
    elif s == '&D\r\n':
        print('\tSent ' + str(D))
        ser.write(D)
        break
    #else:
    #    break
    time.sleep(0.01)
    #ser.flush()
ser.close()
print("Port closed")



 

                                                Firmware 3.3

 

 Use active mode (Aktiivi Ftp) FTP transfer (päivitä firmware = update firmware)


 

Wireshark



Data packets export as bin in Wireshark and e.g. Linux cat as single file for the e.g. Ghidra or DetectItEasy
 

  

Comments

Post a Comment

Popular posts from this blog

Telive-2 how-to

Image
Oracle VirtualBox Debian 12 clean install sudo apt install rtl-sdr sudo apt install wireshark sudo apt install xterm sudo apt install audacious https://github.com/sq5bpf/telive-2 download: https://github.com/sq5bpf/telive-2/tree/main/scripts/install_telive.sh or wget it chmod 755 install_telive.sh ./install_telive.sh set desired frequency teliveusr@debian:~/tetra/telive-2/gnuradio-companion/python3_based_gnuradio$ nano telive_1ch_simple_gr310_udp_xmlrpc.grc     open 2 terminal windows run GNU Radio Companion, load and execute the grc in terminal window 1 run teliveusr@debian:~/tetra/osmo-tetra-sq5bpf-2/src$ ./receiver1udp in terminal window 2 run teliveusr@debian:~/tetra/telive-2$ ./rxx   receiver1 and receiver2 require simdemod2.py. It can maybe copied from original telive src teliveusr@debian:~/tetra/osmo-tetra-sq5bpf-2/src/demod$ ls __pycache__  simdemod3_telive.grc  simdemod3_telive.py  simdemod3_telive_send_udp_to_telive.py
Read more

Inspecting Alinco DJ-X100E firmware updater

Image
DJ-X100E(CPU 4.00-004 _DSP 1.07).exe dotPeek, Visual Studio 2022, Detect It Easy Detect It Easy  Motorola S-record inside (DIE Strings view)   DIE save Strings to file   dotPeek to Visual Studio solution. Renesas microcontroller? BIN file inside VS solution. VS can show its content in HEX and ASCII   Python code for extracting S-record lines from the DIE strings file fin = open("G:\\DJ-X100E(CPU 4.00-004 _DSP 1.07).exe.Strings.txt", mode="r", encoding="utf8") fout = open("G:\\DJ-X100E-SREC.txt", mode="w", encoding="utf8") arr = ["S00", "S311", "S315", "S309", "S30B", "S307", "S30C", "S30F", "S30E", "S30D", "S705", "S306"] while True:     line = fin.readline()     if not line:         break     for item in arr:         i = line.find(item)         if i > -1:             fout.write(line[i:])             break...
Read more