THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, YOU ARE USING THIS AT YOUR OWN RISK. PATCHING THE FIRMWARE MIGHT VOID YOUR TRANSEIVER WARRANTY. ENSURE MAKING A BACKUPS AND THINK OF WHAT ACTIONS YOU ARE PERFORMING. NONE OF THE AUTHORS, CONTRIBUTORS, ADMINISTRATORS, OR ANYONE ELSE CONNECTED WITH THIS REPOSITORY, IN ANY WAY WHATSOEVER, CAN BE RESPONSIBLE FOR YOUR USE OF THE SOFTWARE BELOW.
Xiegu x6100 is told to be a first ARM based HF-transeiver, running Linux. Most of the radio’s features are provided by the app living in the /usr/app_qt folder of a device.
By today (<2022-05-30 Mon>) the firmware is yet very fresh, but not opened for modification. E.g. lables of rf gain or tx power lables have a color, close to red, that makes them hard to read on a bluish background. Another example an RTTY shift, wich has a constant number of available values. Some well known broadcasters, like DWD, rely on values not available on the x6100.
It was my motivation to dive into the binary and try to fix that things for me. I’ve ended up with a little script that simplifies that task and could be run on the radio iself. So you don’t need a PC, just an ssh cliet (smartphone is fine) to change the values, if you need.. Unfortunately, xxd on x6100 has very restricted functionality. Maybe in future I’ll migrate the script to the hexedit.
Syntax: x6100_patcher -s %key%=%value% -f %path/to/x6110_app%
See x6100_patcher -h to see the list of supported values for changing
Example:
./x6100_patcher.sh -s gain_color=ffaeae -f ./x6100_ui_v100_colorAs soon as this script substitutes the existing values inside the binary, provided values shoud have the same bit-length as default. Otherwise it may lead to the segmentation fault. Remember to backup the default application.
When performing patch on radio, remember to stop the service through /etc/init.d
Well, it needs a bit of a hex-magic. But valuables are easy find-and-replaceable in hexeditor. Here are some offsets to remember:
| Address | Function |
| 0x8DB8C | ntpdate -u, yet to investigate |
| 0x87C2B | VOLUME/SQL THR/RF GAIN color |
| 0x87CFB | TX POWER (and other selectable settings) color |
| 0x88515 | Start of some GPIO manipulations |
| 0x9356E | Start of many values of settings, e.g filters, offsets |
| 0x946F4 | RTTY shift value of 425 |
| 0x94648 | Start of RTTY RATE values |
| 0x94971 | hardcoded ntp_server1 |
| 0x949B8 | hardcoded ntp_server2 |
| 0x97598 | Screenshot function (?) |
It’s actually possible to build a script to patch a binary:
hexdump -n0x946F3 -C ~/opt/x6100-stuff/dumps/x6100_ui_v100_play | tail -n3
hexdump -s0x946F3 -C ~/opt/x6100-stuff/dumps/x6100_ui_v100_play -n16via regular echo it’s doable:
xxd x6100_ui_v100_play | grep -i 000946f
#000946f0: 3022 2c22 3432 3522 2c22 3835 3022 205c 0","425","850" \
echo "<000946f0: 3022 2c22 3435 3022 2c22 3835 3022 205c>" | xxd -r - x6100_ui_v100_play
xxd x6100_ui_v100_play | grep -i 000946f
#000946f0: 3022 2c22 3435 3022 2c22 3835 3022 205c 0","450","850" \So binary code for /”/ is 22, “”3**4** 3**2** 3**5**” gives 425. So patch-string could be composed in bash. It’s just a hex ascii encoding.
" 4 2 5 "" 3022 2c22 3432 3522 2c22 3835 3022 205c
echo "\"420\"" | xxd -ps | head -c-3Looks like we can build a simple patch-composer for that particular case
VAL=570
echo "<000946f3: $(echo "\"$VAL\"" | xxd -ps | head -c-3)>"% echo "<000946f3: $(echo "\"$VAL\"" | xxd -ps | head -c-3)>" | xxd -r - x6100_ui_v100_play % diff <(xxd x6100_ui_v100) <(xxd x6100_ui_v100_play) 38000c38000 < 000946f0: 3022 2c22 3432 3522 2c22 3835 3022 205c 0","425","850" \ --- > 000946f0: 3022 2c22 3537 3022 2c22 3835 3022 205c 0","570","850" \