Experimentation with the TIDRADIO TD-H3
Go to file
nicsure 01e0adb357
Add files via upload
2024-08-30 19:43:09 +01:00
137AB_H3_240530.BIN Airband extended to 137 MHz 2024-06-18 20:59:10 +01:00
EEPROM_WIPE.bin Add files via upload 2024-08-30 19:43:09 +01:00
MCU.zip Add files via upload 2024-07-23 22:37:06 +01:00
MICGAINFIX.ASM Add files via upload 2024-06-17 22:41:00 +01:00
MicGainFix_H3_240530.BIN Fixes Mic Gain on the TD-H3 2024-06-17 22:20:40 +01:00
NICMODH3_V7.3X3_240702.BIN Add files via upload 2024-07-25 23:37:25 +01:00
NICMODH3_v7.2_240702.BIN Add files via upload 2024-07-20 22:12:52 +01:00
NICMODH3_v7.3X1_240702.BIN Add files via upload 2024-07-24 17:10:00 +01:00
NICMODH3_v7.6_240702.BIN Add files via upload 2024-07-26 21:49:43 +01:00
NICMODH3_v7.7_240702.BIN Add files via upload 2024-07-27 11:26:54 +01:00
NICMODH3_v7.8X1_240702.BIN Add files via upload 2024-07-29 02:23:36 +01:00
NICMODH3_v7.9_240702.BIN Add files via upload 2024-07-29 22:07:56 +01:00
NICMOD_V6.1_NOS_240625-nicsuremod-logo.BIN Add files via upload 2024-07-01 18:55:41 +08:00
NICMOD_V6.1_NOS_240625.BIN Add files via upload 2024-06-29 23:28:37 +01:00
NICMOD_V6.2_H3_240702.BIN Add files via upload 2024-07-04 20:11:16 +01:00
NICMOD_V7_240702.BIN Add files via upload 2024-07-12 18:33:45 +01:00
NICSUREMOD_240606v3.BIN Add files via upload 2024-06-22 02:16:44 +01:00
NICSUREMOD_240606v4.1.BIN Add files via upload 2024-06-23 13:08:50 +01:00
NICSUREMOD_240606v4.BIN Add files via upload 2024-06-23 10:55:42 +01:00
NICSUREMOD_240606v5.BIN Add files via upload 2024-06-24 18:01:37 +01:00
NICSUREMOD_V5.1_H3_240625.BIN Logo says V6, it's not. 2024-06-26 23:33:08 +01:00
NICSUREMOD_V6_240625.BIN Add files via upload 2024-06-27 19:37:27 +01:00
README.md Update README.md 2024-07-29 22:33:33 +01:00
TD-H3 sch.pdf Add files via upload 2024-07-23 21:53:04 +01:00
TID Station Documentation.txt Update TID Station Documentation.txt 2024-06-16 19:45:13 +01:00
ctcss_test.asm Create ctcss_test.asm 2024-07-05 01:12:57 +01:00
firmware_disassembly.asm Create firmware_disassembly.asm 2024-06-01 21:48:02 +01:00
firmware_flash_protocol.txt Add files via upload 2024-05-30 03:16:03 +01:00
firmware_keypad_IDs.txt Create firmware_keypad_IDs.txt 2024-06-26 23:31:20 +01:00
hotspot_powermod.asm Create hotspot_powermod.asm 2024-07-24 18:09:43 +01:00
patched_H3_240530.BIN Add files via upload 2024-06-04 00:39:28 +01:00
protocol.txt Update protocol.txt 2024-06-14 14:15:07 +01:00
pwrtuneheaderfix.jpg Fix for the column names in the power tune app 2024-05-31 20:13:33 +01:00
tidstation0_33b.zip Version 0.33 Beta 2024-06-05 11:05:07 +01:00
tidstation0_34b.zip Add files via upload 2024-06-09 12:01:21 +01:00
tidstation0_35b.zip Add files via upload 2024-06-11 18:25:35 +01:00
tidstation0_36_1b.zip Add files via upload 2024-06-16 19:41:21 +01:00
tidstation0_37_1b.zip Supports 240606 2024-06-20 21:27:11 +01:00
tidstation0_37b.zip Add files via upload 2024-06-19 01:24:20 +01:00

README.md

TD-H3-Engineering

Everything here is beta or experimental in nature. I cannot guarantee it will not cause damage or data corruption to equipment being used with it. So you do so at your own risk.

Facebook: https://www.facebook.com/groups/456942886822492

NICSURE MOD

This firmware is a stand alone radio only firmware. It is not to be used with TIDSTATION and not to be flashed with TIDSTATION. GET IT?

Nicsure mod is changing with every release. It has a custom menu system. To access it, press the Menu (Blue) button to open the regular menu then press PTT-A to open the custom menu.
In the custom menu:
Up/Down - Change value of curent setting.
Menu (Blue) - Advance to next setting.
Cancel (Red) - Exit menu.

Current available functions.

Full size S-Meter enabled by standard.

Menu 0 AM/USB Ovr. Overrides the default mode of operation and forces reception only into AM or USB. When OFF the radio will operate as normal.

Menu 1 Kill Killer. When enabled, Prevents the radio from entering Kill Mode. It may still show "Kill All Lock", just press the red button, then turn off and on and it'll be unkilled.

Menu 2 Fine Tune. Allows finer tuning steps, useful for USB listening.

Menu 3 Mod Hooks. When set to "Blocked", prevents most of the mod's functions from operating. Meant as a trouble shooting feature, if a problem is encountered, set this to Blocked to see if it still occurs. If it does, it's likely not a problem with the mod but with the base firmware, if it doesn't then it's probably some error in the mod.

Menu 4 Tone Monitor. When enabled, displays the CTCSS tone currently being received on the device's screen.

Menu 5 Batt Display: Choose between the regular battery icon and a percentage readout.

Menu 6 Sigbar Style: Selects a solid or segmented RSSI bar.

Menu 7 Freq Adjust: Causes a positive shift in frequency by the selected amount.

Menu 8 WL Copy Freq: Moves the Wireless Copy function's frequency to 433.250 MHz in order to be compliant with some durastictional regulations.

Menu 9 PTT Options:

  • Default: PTT operates as normal dual PTT
  • Switch VFOs: Switches the VFO when the PTT for the non-selected VFO is pressed.
  • Single PTT: PTT-A will TX on whatever VFO is currently selected. PTT-B is disabled.

There is also an Ultra Low Power setting that replaces the regular "Scramble" menu 46. When enabled the TX power is set to the lowest possible output (usually around 100 to 250 mW). Used primarily for local hotspot or repeater use when you are very close to it. This feature is channel and VFO based.

TID Station

Virus/Malware detections are false positives. I have no idea why this is happening. If you are worried then don't download and use it.

An application designed to replace the three apps supplied by TIDRADIO into a single app.
It also allows configuration changes to be made in real time (Live Mode) which gives some remote functionality. TID Station is currently in Beta, it may be updated frequently and will have bugs and glitches.

0.30b onwards has the ability to unlock TX all the way down to 18 MHz. Before some other Edgar with a "lifetime of RF engineering" chimes in virtue signalling, let's just clear something up. It is almost guaranteed the radio will not operate correctly outside of the capabilities of the filters and PA, and I DO NOT condone anyone transmitting where they shouldn't be doing so. I CERTAINLY AM NOT!

The TD-H3 will not transmit on the Air Band frequencies anyway regardless of the limits.

I am interested in seeing a frequency analysis into a dummy load of the radio on the HF bands though. I suspect it would be the same deal as the Quansheng.

0.34b onwards incorporates some firmware mods for extra functions.

Modulation Override
S-Meter
Spectrum Scope
PTT (PC Side)

This is very experimental at this stage and I'm dealing with low level assembly here, so don't expect butter smooth functionality yet, this is work in progress.
To enable the extended functions, you need to flash a patched firmware, this can be accomplished in the firmware flashing menu by checking the options under the "Patches" selection. Please note that the patches are only compatible with the original firmware version 240530 (Do not use my previous Modded firmwares, they were just tests, use the original firmware). You can also use the "Save" button to save the patched firmware .BIN file to disk and use another firmware flashing application if you wish.

The S-Meter is displayed under the two VFOs and should move as signals are receieved. It's not fancy looking at the moment, in fact it's just a re-purposed progress bar, I'll make it look a little nicer in future updates.

To use the Modulation override click the "〜" top right of the app window, this will cycle through modulation modes.
〜 = No override, the radio simply selects the mode it would normally, such as AM in Air Band and FM everywhere else.
AM/USB/FM = Forces the selected mode regardless of what the radio would normally do on a particular frequency.

All extended mods require operation in Live Mode to function and require the use of the USB-C port. There is also a fine tune system in place, you can do this by right clicking the step selection on the VFOs. Note that this does not get saved to the radio, it's local to TID Station only.

TA3782F

Most of the components in this radio are well known off the shelf stuff. However this TA3782F MCU is not and there is practically no documentation for it. I initially believed this to be some MCU utilizing an Arm Cortex-M4 core, but now I'm almost convinced this is not the case. I'm leaning toward some kind of Intel 8051 MCU architecture such as the AT89S51, P89V51RD2 or W78E052DDG etc..
This is providing some meaningful disassembly in IDA Pro.

Here's a typical snippet of disassembly of the firmware image assuming Intel 8051 code architecture

code:0000B98D code_B98D:                              ; CODE XREF: code_B949+5B↓j
code:0000B98D                 mov     A, #0x52 ; 'R'
code:0000B98F                 add     A, RAM_30
code:0000B991                 mov     DPL, A          ; Data Pointer, Low Byte
code:0000B993                 clr     A
code:0000B994                 addc    A, #4
code:0000B996                 mov     DPH, A          ; Data Pointer, High Byte
code:0000B998                 movx    A, @DPTR
code:0000B999                 mov     R7, A
code:0000B99A                 lcall   code_F101
code:0000B99D                 inc     RAM_30
code:0000B99F                 mov     A, RAM_30
code:0000B9A1                 clr     C
code:0000B9A2                 subb    A, #0x25 ; '%'
code:0000B9A4                 jc      code_B98D
code:0000B9A6                 ret

The structure and logic of this section does seem to make sense, it's performing some kind of loop, incrementing a ram pointer, calling some other function until some condition is met then returning.

Byte Frequency Analysis of Firmware image: H3_240427(1).BIN

00: 05.32% 03350
01: 02.38% 01497
02: 02.18% 01376
03: 01.72% 01084
04: 01.89% 01193
05: 00.71% 00444
06: 00.52% 00328
07: 00.34% 00215
08: 00.45% 00281
09: 00.25% 00157
0A: 00.31% 00198
0B: 00.19% 00120
0C: 00.31% 00194
0D: 00.18% 00112
0E: 00.22% 00139
0F: 00.42% 00266
10: 00.54% 00340
11: 00.19% 00121
12: 05.89% 03707
13: 00.20% 00123
14: 00.40% 00255
15: 00.12% 00076
16: 00.19% 00118
17: 00.14% 00086
18: 00.21% 00131
19: 00.21% 00133
1A: 00.17% 00105
1B: 00.14% 00090
1C: 00.20% 00125
1D: 00.08% 00050
1E: 00.12% 00076
1F: 00.28% 00174
20: 02.95% 01857
21: 00.12% 00077
22: 01.33% 00838
23: 00.15% 00095
24: 00.59% 00370
25: 00.56% 00352
26: 00.18% 00114
27: 00.15% 00092
28: 00.26% 00162
29: 00.18% 00114
2A: 00.10% 00060
2B: 00.10% 00061
2C: 00.15% 00097
2D: 00.24% 00153
2E: 00.31% 00197
2F: 00.31% 00195
30: 02.10% 01323
31: 00.61% 00385
32: 00.53% 00333
33: 00.56% 00353
34: 00.63% 00395
35: 00.44% 00275
36: 00.24% 00153
37: 00.30% 00187
38: 00.34% 00213
39: 00.23% 00144
3A: 00.28% 00177
3B: 00.35% 00220
3C: 00.45% 00285
3D: 00.23% 00144
3E: 00.24% 00151
3F: 00.20% 00126
40: 00.82% 00514
41: 00.30% 00192
42: 00.19% 00118
43: 00.29% 00184
44: 00.31% 00194
45: 00.29% 00181
46: 00.31% 00196
47: 00.25% 00159
48: 00.19% 00117
49: 00.15% 00096
4A: 00.32% 00201
4B: 00.14% 00090
4C: 00.31% 00194
4D: 00.63% 00396
4E: 00.56% 00352
4F: 00.48% 00303
50: 00.72% 00452
51: 00.17% 00107
52: 00.31% 00194
53: 00.42% 00263
54: 00.60% 00376
55: 00.18% 00113
56: 00.09% 00055
57: 00.06% 00040
58: 00.12% 00074
59: 00.09% 00057
5A: 00.13% 00082
5B: 00.07% 00042
5C: 00.10% 00065
5D: 00.09% 00059
5E: 00.13% 00084
5F: 00.12% 00075
60: 00.61% 00383
61: 00.19% 00120
62: 00.19% 00117
63: 00.15% 00097
64: 00.44% 00279
65: 00.16% 00100
66: 00.11% 00067
67: 00.08% 00048
68: 00.07% 00041
69: 00.13% 00079
6A: 00.22% 00137
6B: 00.09% 00059
6C: 00.21% 00131
6D: 00.24% 00154
6E: 00.24% 00150
6F: 00.32% 00201
70: 00.49% 00308
71: 00.18% 00111
72: 00.24% 00148
73: 00.17% 00110
74: 00.95% 00601
75: 01.16% 00731
76: 00.07% 00043
77: 00.05% 00029
78: 00.30% 00186
79: 00.28% 00176
7A: 00.29% 00181
7B: 00.56% 00355
7C: 00.13% 00083
7D: 00.64% 00401
7E: 00.28% 00174
7F: 01.11% 00696
80: 01.09% 00686
81: 00.07% 00046
82: 00.33% 00205
83: 00.26% 00165
84: 00.04% 00026
85: 00.20% 00124
86: 00.04% 00026
87: 00.06% 00039
88: 00.33% 00208
89: 00.27% 00167
8A: 00.12% 00077
8B: 00.05% 00034
8C: 00.08% 00050
8D: 00.14% 00091
8E: 00.06% 00040
8F: 00.21% 00131
90: 04.13% 02599
91: 00.05% 00034
92: 00.21% 00135
93: 00.19% 00121
94: 00.61% 00386
95: 00.13% 00085
96: 00.12% 00078
97: 00.13% 00084
98: 00.12% 00073
99: 00.10% 00061
9A: 00.07% 00044
9B: 00.07% 00041
9C: 00.05% 00032
9D: 00.39% 00243
9E: 00.11% 00070
9F: 00.12% 00075
A0: 00.10% 00063
A1: 00.09% 00054
A2: 00.20% 00123
A3: 00.84% 00526
A4: 00.14% 00088
A5: 00.08% 00052
A6: 00.06% 00038
A7: 00.04% 00024
A8: 00.11% 00070
A9: 00.13% 00083
AA: 00.14% 00090
AB: 00.16% 00098
AC: 00.06% 00039
AD: 00.38% 00242
AE: 00.07% 00046
AF: 00.31% 00198
B0: 00.09% 00055
B1: 00.05% 00033
B2: 00.08% 00052
B3: 00.07% 00045
B4: 00.48% 00301
B5: 00.12% 00074
B6: 00.09% 00056
B7: 00.09% 00056
B8: 00.16% 00099
B9: 00.06% 00040
BA: 00.05% 00033
BB: 00.13% 00080
BC: 00.13% 00084
BD: 00.11% 00067
BE: 00.14% 00090
BF: 00.13% 00082
C0: 00.33% 00206
C1: 00.19% 00117
C2: 00.92% 00577
C3: 00.54% 00342
C4: 00.16% 00098
C5: 00.16% 00098
C6: 00.08% 00050
C7: 00.08% 00048
C8: 00.17% 00106
C9: 00.12% 00078
CA: 00.11% 00067
CB: 00.08% 00052
CC: 00.12% 00076
CD: 00.09% 00057
CE: 00.11% 00067
CF: 00.17% 00108
D0: 00.35% 00220
D1: 00.08% 00051
D2: 00.89% 00558
D3: 00.36% 00225
D4: 00.07% 00043
D5: 00.10% 00063
D6: 00.07% 00043
D7: 00.14% 00088
D8: 00.20% 00123
D9: 00.08% 00053
DA: 00.12% 00074
DB: 00.18% 00114
DC: 00.09% 00058
DD: 00.09% 00058
DE: 00.07% 00044
DF: 00.21% 00135
E0: 02.92% 01841
E1: 00.16% 00098
E2: 00.10% 00066
E3: 00.13% 00084
E4: 01.56% 00981
E5: 00.86% 00539
E6: 00.24% 00149
E7: 00.17% 00106
E8: 00.11% 00070
E9: 00.09% 00054
EA: 00.13% 00082
EB: 00.16% 00099
EC: 00.44% 00276
ED: 00.22% 00138
EE: 00.27% 00172
EF: 00.69% 00432
F0: 02.86% 01801
F1: 00.14% 00089
F2: 00.10% 00065
F3: 00.11% 00068
F4: 00.25% 00160
F5: 01.84% 01157
F6: 00.10% 00062
F7: 00.05% 00029
F8: 00.27% 00169
F9: 00.15% 00092
FA: 00.14% 00091
FB: 00.23% 00144
FC: 00.38% 00237
FD: 00.45% 00282
FE: 00.45% 00286
FF: 01.78% 01119