|
AR8000 Knowledge Base
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
AR8000 Knowlege Base Posted 3/26/95
Soft Reset Problem
There is a bug in the internal software that causes a reset when the 8K is
turned off while it is set to a passed (locked out) channel. This used to
happen to me frequently because I (like many other people) put the NOAA
weather freq. on a locked out channel and call up that channel directly
when I want to hear the forecast. I know now that I shouldn't turn the unit
off until I switch to a non locked out channel otherwise I get the reset
you described when I turn the unit back on again.
I'm interested if your US model exhibits the firmware bug we've found. If
you wouldn't mind trying something:
Lock out a frequency in one of your scan channels.
Copy the locked out frequency to the 2VFO register.
Turn off the scanner.
Now turn it back on and see if you have the classic symptoms of a soft reset:
1) Both VFOs tune to 80
2) Beep is set to on (from off)
3) Function is set (from 2nd Func)
4) Mode is set to Novice (from Expert)
Loose BNC connector fix
I had to tighten the BNC connector as soon as my AR8000 arrived. It's no
big deal to do. Take out the two screws in the battery compartment. There
are two sets of two screws on each side of the scanner at the top of the
rubberized grips. You only need to remove the screw on each side that's
closest to the back of the scanner. After removing these 4 screws, the case
will come apart. Take it apart gently as there are some connectors inside
that will come apart.
Remove the two screws at the bottom of the PC board that's set in the back
half of the case. Pull off the rubberized caps of the Squelch, Power, and
tuning knobs. You'll need to remove the washers that are on these knobs.
They have slots in them 180 degrees from each other. If you have one of
these special tools, use it. I just used the tips of a pair of needle-nose
pliers with no trouble.
Now, remove the PC board that has the knobs attached to it. There's a large
connector in the center of the board, so be gentle when lifting it out.
When you do this, you may have the two power battery clips pop out. These
clips have long straight leads that go through holes in the battery
compartment into connectors on the board you just removed. Fortunately,
they're not hard to reset.
Once you've got the PC board out, you'll be able to get to the BNC
connector. It also uses one of those slotted washers. It's a little awkward
to get to with needle-nose pliers but not too hard.
Reassembling:
Put the PC board back in place: Knobs go through the holes in the top of
the case and the connector in the center of the board must be aligned
properly. Gently push the connector in. Put in the two screws at the bottom
of the board. If the battery comaprtment springs have popped out, now is
the time to replace them. Flatter spring goes on the left, "deep" spring
goes on the right (as you're looking into the battery compartment). Put the
washers back on the knobs and then the rubber covers.
Finally, put the front of the case and the back together, aligning the
connectors inside carefully. Screw in the black screws
Traveling Birdie Fix
The solution I came up with that works *most* of the time with the floating
birdies, is to set the Level threshold to 1 (in the Scan config setup). The
birdie usually doesn't produce a signal greater than 1 on the S-meter and
setting the threshold to 1 requires a signal *greater* than 1 to break
squelch. Thus, the birdie is skipped. Of course, setting the level
threshold to other than 0 has other implications one has to balance out
with the birdie problem.
2nd fix-- It seems that by turning the Audio search on and playing with the
Audio level (Func 4) you can have the scanner automatically skip the
birdies. Adjusting Audio Wait (Func 3) will determine how long it will
stay on the birdie. Audio search will not work if Audio level is set to
00. The default is supposed to be A but some shipped set to 00, causing
their owners to think that the Audio search didn't work. I have had to set
Audio level to 1A to skip the birdies
Desktop power stand
Check your EEB (1995) catalog, pg. 28. Listed as the PSU-101 Desk
Charger/Power Supply. The 12-volt model works fine for both the Yupi and
the AR8000 (same plug works fine, actually). Here's your two paragraphs...
"This quality custom-designed combination desk charger and regulated power
supply unit is perfect for convenient 'Base Station' use of your handheld
scanner at home or office!"
"Securely holds scanner in handy position. Chages radio's internal Ni-Cds.
Powers radio from standard 117 VAC house current. WT: 2 lbs." EEB can be
reached at 800-368-3270.
Interface cable fix
Just a warning, several Scan*Star customers have had problems with the EDCO
US interface either not working or going bad after a few days.
The problem is that the right angle bends where the flat cable connects to
the small PC board develop hair line cracks and break. There is a fix, if
you don't want to return the device: Open the unit up and place one side of
the shell on a flat surface. Lay a large "pillow" of silicone (RTV) near
the opening, where the flat cable will exit the housing. Place the board
and cable into the half shell and lay the cable on the pillow. You need to
put something under the board to hold it straight while the silicone dries.
Once in place, place another glob of silicone on top of the other one,
sandwiching the flat cable. AFTER the silicone dries, fix any cracks or
breaks in the right angle connections with a soldering iron CAREFULLY, then
snap the other shell on. If you did the silicone right, there wont be too
much to snap the shells together and the flat cable will be held in the
middle. The point is to mechanically isolate the right angle connections
from the outside world. By reaheating t
he right angle solder joints after the silicone dries you remove any stress
from misalignment.
Audio Scan Fix
This info might help fellow AR8000 owners who suspect that their
AUDIO SCAN/SEARCH function may not be working properly, when it in
fact might be working just fine.
I recently posted my experiences with this, and was pretty
convinced that there was a problem with the AUDIO SCAN/SEARCH not
working on my radio too. I believe there really ARE units that are
truly defective, but here is what I discovered about mine to solve
the problem.
Hold down [FUNC] [4] at the same time, while turning the unit on,
holding down these two keys until the radio displays "SET LEVEL"
and "AUDIO LEVEL". There will be a 2-digit value displayed also
(how to do this is also in the manual near the end).
It took me a while of fiddling with the radio and examining the
manual to figure out that mine was set by default to 00 (rather
than 0A like it says in the manual)! This parameter sets the
minimum amount of modulation present in a carrier before it is
considered a truly valid signal (and thus not bypassed via AUDIO
SCAN/SEARCH). Thus when set to 00, AUDIO SCAN/SEARCH considers a
perfectly quiet carrier to be a valid signal, thus opening the
squelch and staying locked on that frequency, and all you hear is
a dead carrier. It was precisely this that lead me to believe that
my AR8000 was defective (until I found the solution).
Well, the manual says this default is "0A". With my default being
00, it effectively negated the effect of the AUDIO SCAN/SEARCH.
So, I set the value to 0A (like the manual said) and it seemed to
work fine. Actually, after some playing with it, I settled on a
much lower value of 02, since 0A seemed to blow past signals with
moderately strong carrier modulation; signals that you really DO
want to hear. Setting it to 02 seemed to be enough for it to truly
ignore reasonably quiet carriers.
The numbering scheme chosen for this parameter seems strange, and
is in hexadecimal form, and ranges from 00 to 4F. Converted to
decimal, this results in 80 discrete settings for the AUDIO LEVEL
(4 * 16 + 16 = 80), F = 16 hex. You really don't need to know hex
to set this, but it would have made more sense if it was
sequentially indexed using conventional decimal notation (00 to
80). Of all the settings in this scanner, it's the only one that
counts in hexadecimal. I guess this truly makes it a computer!
If setting AUDIO LEVEL to something greater than 00 does not fix
it on your radio, then you probably have a bona fide problem with
it. My serial number by the way is 11412.
I hope this helps. It was a big relief.
Programming
To enter a new freq into a channel use the VFO mode, enter the freq, step, mode and attenuator settithen press and hold the enter key until it pops you into the frequency enter mode, then you can seetany channel you want and enter the alpha text.
If you are using the tuning knob, let's say with a .0005 step rate, click on the function key once,d the tuning rate will increase by a factor of 10. Click on the function key again, and the tuningrt will return to .0005 steps.
Mail Lists
I have set up a mailing list for ar8000 owners/users/developers. To subscribe to the list,
simply send a message to [email protected] with a subject of
subscribe. Likewise, a subject of unsubscribe will get you off the list; and
of course, all posts should go to [email protected].
AR8000 Antenna
Try a Radio Shack PRO-43 ducky. Works swell. The Pro43 ducky is called the GRE All-Band rubber duckytenna. It is 8" long and costs about $15. Call GRE America at 800-233-5973 (outside Cal) or 415-59-40. PS Also, make sure you purchase the RS $9.99 telescoping whip! Nothing touches it on VHF-Lo.Caalg number is 20-006.
AR8000 Search Bank limits
>Your trick for getting the AR8000 to accept search limits in between the steps has a problem. If yoo exactly as you said (enter the true upper and lower limits, and step with +) something funny hapeswhen you search. I haven't pinned this down exactly, but it's something like this: when searchin uwads, it skips the high limit channel, and when searching downwards, it loses the lower limit on. Oen he squelch and step manually through a search range, and you'll find that either the top or ow lmit,or both, isn't seen depending on direction and how you start the search. "You can't fool Mther artur".
I've found the only way to be SURE it includes both limits in the search is to do this: take the lowlimit and subtract half the step. Take the upper and add half the step. So in effect you have adde n whole step to the search range.
For instance - to search cordless (46.61 - 46.97 @ 20 KHz) you enter limits of 46.60 (46.61 minus 20 and 46.98 (46.97 + 20/2). With a step size of + 20 of course. That works ... all the time.<
Interface Software
Scan*Star
Signal Intelligence
408-926-5630
Sam Dunham 71603,366 call the Scan*Star BBS @ 408-258-6462.
You can get cellular images loud-and-clear in the 1419.9-1442.9MHz range when using AR8000s.
FCC Frequency Allocations
---------------------------
A summary of the FCC Table of Frequency Allocations, based on
the Oct '93 Code of Federal Regulations - 47 CFR 2.106
30 - 50 MHz: FM @ 20 kHz steps
30.000 - 30.560 US Government
30.560 - 31.980 Business / Industry / Forestry
31.990 - 32.000 Public Safety
32.000 - 33.000 US Government
33.000 - 33.100 Public Safety
33.120 - 33.400 Business / Petroleum
33.420 - 34.000 Fire
34.000 - 35.000 US Government
35.020 - 36.000 Business / Paging
36.000 - 37.000 US Government
37.020 - 37.420 Police / Local Govt
37.460 - 37.860 Power, Water, Pipeline
37.900 - 38.000 Highway Maint / Special Emergency
38.000 - 39.000 US Government
39.020 - 40.000 Police / Local Govt
40.000 - 42.000 US Government
42.020 - 42.940 State Police
42.960 - 43.680 Business / Paging
43.700 - 44.600 Transportation - bus, truck
44.620 - 45.060 State Police / Forestry Conservation
45.080 - 45.860 Police / Local Govt / Highway Maint
45.900 - 46.040 Police / Emergency
46.060 - 46.500 Fire
46.520 - 46.580 Local Govt
46.610 - 46.970 Cordless Phones - base (20/40 kHz steps)
47.020 - 47.400 Highway Maint
47.440 - 47.680 Industry / Emergency
47.700 - 49.580 Industry
49.670 - 49.990 Cordless Phones - handset (irregular steps)
50 - 150 MHz
50.000 - 54.000 Amateur (6-meter)
54.000 - 72.000 Broadcast TV chs 2-4 (6 MHz steps - FMw)
72.000 - 76.000 (various)
76.000 - 88.000 Broadcast TV chs 5-6 (6 MHz steps - FMw)
88.000 - 108.000 FM Broadcast (200 kHz steps - FMw)
108.000 - 118.000 Aero - navigation
118.000 - 136.000 Aero - communications (25 kHz steps - AM)
136.000 - 138.000 Satellite
138.000 - 144.000 US Government
144.000 - 148.000 Amateur (2-meter)
148.000 - 150.800 US Government
150 - 162 MHz: FM @ 15 kHz steps
150.815 - 150.965 Auto Emergency
150.995 - 151.595 Highway / Forestry / Industry
151.625 - 151.955 Business (30 kHz steps)
152.030 - 152.240 Mobile phone (Base) / Page (30 kHz steps)
152.270 - 152.450 Taxi (Base)
152.510 - 152.840 Mobile phone (Base) / Page (30 kHz steps)
152.870 - 153.725 Industry
153.740 - 154.445 Fire / Govt (mobile)
154.452 - 154.482 Industry (telemetry) (7.5 kHz steps)
154.490 - 154.625 Industry
154.650 - 156.240 Police / Govt / Emrgncy / Hwy
156.025 - 157.425 Maritime (ship) (25 kHz steps)
157.470 - 157.515 Auto Emergency
157.530 - 157.710 Taxi (mobile) / Business
157.770 - 158.100 Mobile phone (mobile) / Page (30 kHz steps)
158.130 - 158.460 Industry
158.490 - 158.700 Mobile phone (mobile) / Page (30 kHz steps)
158.730 - 159.210 Police / Govt / Highway
159.225 - 159.465 Forestry Conservation
159.495 - 160.200 Transportation - bus, truck
160.215 - 161.610 Railroad
160.625 - 160.950 Maritime - Coast (25 kHz steps)
161.640 - 161.760 {Broadcast Pickups
161.500 - 162.025 {Maritime - Coast (25 kHz steps)
162 - 450 MHz
162.025 - 174.000 (various, mainly US Government)
174.000 - 216.000 Broadcast TV chs 7-13 (6 MHz steps - FMw)
216.000 - 218.000 Maritime - AMTS, coast (25 kHz steps)
218.000 - 219.000 IVDS - Interactive Video & Data
219.000 - 220.000 Maritime - AMTS, ship (25 kHz steps)
220.000 - 221.000 (Private land Mobile) - base ( 5 kHz steps)
221.000 - 222.000 (Private land Mobile) - mobile( " " " )
222.000 - 225.000 Amateur (1.25-meter)
225.000 - 400.000 US Government - Aero (AM)
400.000 - 406.000 US Govt - Meteorological / Space
406.000 - 420.000 US Government
420.000 - 450.000 Amateur (70cm) / military radar / radiolocation
450 - 460 MHz: FM @ 25 kHz steps (450-455 base, 455-460 mobile)
450.050 - 450.925 Auxiliary Broadcasting
451.025 - 452.025 Industry
452.050 - 452.500 Taxi / Industry / Transport
452.525 - 452.600 Automobile Emergency
452.625 - 452.950 Transportation - Trucks / Railroad
452.975 - 453.000 Relay Press
453.025 - 453.975 Local Govt / Public Safety
454.025 - 454.650 Mobile Telephone
454.675 - 454.975 Mobile Telephone Air (ground)
455.050 - 455.925 Auxiliary Broadcasting
456.025 - 457.025 Industry
457.050 - 457.500 Taxi / Industry / Transport
457.525 - 457.600 {Maritime - shipboard repeater (mobiles @ 467.xxx)
{Business - low power
457.625 - 457.950 Transportation - Trucks / Railroad
457.975 - 458.000 Relay Press
458.025 - 458.975 Public Safety / Local Govt
459.025 - 459.650 Mobile Telephone
459.675 - 459.975 Mobile Telephone Air (airborne)
460 - 470 MHz: FM @ 25 kHz steps (460-465 base, 465-470 mobile)
460.025 - 460.550 Police / Public Safety
460.575 - 460.625 Fire
460.650 - 460.875 Business - Airport use
460.900 - 461.000 Business - Central Alarms
461.025 - 462.175 Business
462.200 - 462.525 Manufacturers / Industry
462.550 - 462.725 GMRS (12.5 kHz steps)
462.750 - 462.925 Business (paging)
462.950 - 463.175 MED (Ambulance/Hospital)
463.200 - 465.000 Business
465.025 - 465.550 Police / Public Safety
465.575 - 465.625 Fire
465.650 - 465.875 Business - Airport use
465.900 - 466.000 Business - Central Alarms
466.025 - 467.175 Business
467.200 - 467.525 Manufacturers / Industry
467.550 - 467.725 GMRS (25 kHz steps)
467.750 - 467.925 {Business (2w, telemetry)
467.750 - 467.825 {Maritime - shipboard (rptr at 457.xxx)
467.950 - 468.175 MED (Ambulance/Hospital)
468.200 - 469.975 Business
470 - 806 MHz: 6 MHz per channel, wide FM audio
470.000 - 512.000 {Broadcast TV, chs 14-20
{Large Metro Public Safety (25 MHz steps - FM)
512.000 - 806.000 Broadcast TV, Chs 21-69
806 - 896 MHz: FM @ 25 kHz steps (mobile 806-851, base 851-896)
806.000 - 809.750 General - conventional
809.750 - 811.000 General - single channels
811.000 - 816.000 General - trunked
816.000 - 821.000 SMR - trunked
821.000 - 824.000 Public Safety - trunked (12.5 kHz steps)
824.040 - 834.360 Cellular Telephone (30 kHz steps)
834.390 - 835.620 Cellular Telephone (data) (30 kHz steps)
835.650 - 848.970 Cellular Telephone (30 kHz steps)
849.000 - 851.000 Aircraft Telephone (6 kHz steps - AM)
851.000 - 854.750 General - conventional
854.750 - 856.000 General - single channels
856.000 - 861.000 General - trunked
861.000 - 866.000 SMR - trunked
866.000 - 869.000 Public Safety - trunked (12.5 kHz steps)
869.040 - 879.360 Cellular Telephone (30 kHz steps)
879.390 - 880.620 Cellular Telephone (data) (30 kHz steps)
880.650 - 893.970 Cellular Telephone (30 kHz steps)
894.000 - 896.000 Aircraft Telephone (6 kHz steps - AM)
896 - 1300 MHz:
896.000 - 901.000 SMR/Business/Industry - mobile (12.5 kHz steps)
901.000 - 902.000 Personal Communications Services
902.000 - 928.000 Amateur (33cm) / various secondary
928.000 - 929.000 ()
929.000 - 930.000 paging
930.000 - 931.000 Personal Communications Services - base
931.000 - 935.000 ()
935.000 - 940.000 SMR/Business/Industry - base (12.5 kHz steps)
940.000 - 941.000 Personal Communications Services - base
941.000 - 960.000 ()
960.000 -1215.000 Aeronautical navigation
1215.000 -1240.000 US Govt - Radiolocation / Space
1240.000 -1300.000 Amateur (23cm)
Hacking The AR8000
There has been much discussion for the last few months about hacking
the AR8000. Why do many want to hack it? They want to have access
to cellular Band area that is restricted by US Law. Others want
to change the default settings in the band plan to ones that are
more suitable for the world IRC region were they live. Myself,
I wanted to add secret information to make it possible to prove
that the radio was mine in the event it is stolen.
How does one figure out how to go about hacking the AR8000? First
ask oneself, why did the FCC take so long to certify the radio
for USA use and then refuse to certify the CU 8-232 interface?
They knew that critical pointers are changeable that would change
the operation of the radio to receive frequencies which the FCC
did not want the citizens of the USA to be able to monitor. The
FCC later certified a specialy modified computer control interface
for USA use.
How does the USA interface differ from the CU 8 232? There is
no clone position that allows two AR8000's to talk to each other
in the USA version. This indicates that the EEPROM that is reprogramed
by the CLONE operation is where the 'personality' of the radio
is stored. The European radio contains a different basic bandplan
and is able to continously monitor from 500 KHZ to 1950 MHZ. This
then tells one that the CLONE operation is where the FCC has a
problem with allowing this radio to be sold in the USA.
What happens when the AR8000 is set to CLONE to another AR8000?
Read your AR8000 manual . Page 102 describes what takes place
if you have the CU 8 232 and two AR8000's. I reasoned out in a
message posted to USENET back in October 1994 that one could put
their AR8000 in COPY SEND-MODE SYS-DATA and make a PC act like
the other AR8000 that was being cloned to. I used Procom Plus
for Windows version 2.0 for my project. I opened a chat window
so I could see what I was sending verses what I was receiving
from my AR8000. The AR8000 sent %0000# and stopped. I tried various
things and then reasoned that maybe it wanted me to echo what
I had received. BINGO! The AR8000 then sent a continuos stream
of data (134 characters to be exact) ending with something I immediately
recognized. The ending sequence was %0040#.. That meant there
was actually 128 bytes of data followed by a address offset from
the beginning to indicate where the NEXT 128 bytes would be read
from in my AR8000's system memory. But wait the increment in addressing
was not 128 bytes. It was 40 hex. which is only 64 bytes of system
data. This meant that the data was a hex dump of system memory
and the receiving AR8000 would convert the hex data back to system
memory. Same thing when you convert a UNIX bin file to 7 bit ASCII
(two hex bytes for each 8 bit piece of data) and then email the
data to someone who has to reverse the process to get his bin
data back. This is how ham radio transfers binary data in packets
to another ham.
Echoing the last six bytes %xxxx# would cause the AR8000 to send
the next packet of data until one had received a total of 112
packets of good data. The last packet (actually 113) is a concluding
handshake that I believe indicates all is well - we are done with
this transfer. This is a little less then 8 K worth of data for
the sys memory map. (8K would have been 128 packets of 64 bytes).
A dump of the entire EPROM (i.e. SEND-MODE ALL-DATA) works out
to 32K of memory that you can alter with the CU 8 232.
To reprogram or alter the AR8000's EPROM, one must reverse the
process with the altered data being feed back in the same manner
in which it came from the AR8000 in the first place. This is a
tedious process by hand and is best done by writing a script file
to do it for you. The script can also do the checking to see if
the AR8000 got the data correctly in the first place, just as
if they were talking to each other. Failure to echo the next address
properly should be followed by re-sending the missed data , sending
first a pointer %xxxx# to where the missed data is coming from
waiting for a proper response, and then sending the data followed
by the next pointer. The AR8000 will not jump around or go backward
during a clone. Screw it all up and you may have messed up your
AR8000's memory requiring you to reset every thing. Lower the
baud rate and re-send the proper system data. The things that
allow you to recover are contained in another ROM that contains
the micro code or actual system program for the AR8000's internal
computer. You can not write to this ROM fortunately. You replace
it with another that has been programmed externally in a ROM burner
if you really are daring and sharp. Then you would have a truly
unique AR8000! The ROM is where that message "WELCOME TO..."
resides. Bummer - I wanted to change that to "THIS RADIO
STOLEN FROM KI4JE." to cut the radio's resale value if stolen
from me.
|
|
