Quansheng UV-K5 emulator v0.1 (c) 2023 Jacek Lipkowski <sq5bpf@lipkowski.org> This program connects to a unix socket (default /tmp/sock1 ) and looks like a UV-K5 radio to radio programming software. The radio eeprom is simulated by the file k5_eeprom_test.raw This can be used to reverse engineer the eeprom contents by observing how the original radio programming software changes them. This can also be used to debug third party programming software, like for example k5prog https://github.com/sq5bpf/k5prog Note: this is a one-off hack which i wrote for my own purpose, horrible code which will cause your eyes to bleed, with no error checking etc. Usage: Te primary use is to connect it to an emulated serial port provided by virt-manager. The serial port in virt-manager should be configured as a unix socket, with path /tmp/sock1 The virt-manager VM runs windows and the Quansheng programming software. To connect a unix program, such as chirp, use socat. Example with chirp under linux, vendor software under windows: - Configure a windows VM under virt-manager with a serial port connected to /tmp/sock1 - If your user doesn't have access to /tmp/sock1, then either add to the libvirt-qemu group, or for now sudo chmod 666 /tmp/sock1 - In the k5emulator directory launch: ./k5emulator /tmp/sock1 - Launch socat to connect unix socket and pty: socat -d -d PTY,rawer unix-listen:/tmp/sock2 - In the k5emulator directory launch: ./k5emulator /tmp/sock2 - Look at the socat output, it will say what pty is used, for example /dev/pts/16 - Launch chirp, read from radio, use custom serial port /dev/pts/16 (input the one given by socat above), select radio Quansheng UV-K5 - Now you can read and write the emulated radio both with the vendor software and with chirp. If you want to interface this with something else, then use the magic of socat. I usually use these steps: - read configuration from radio by the windows programming software - change something - write configuration to radio - see what bytes changed The differences can be found by vbindiff, or the binarydiff script: ./binarydiff uvk5_original_eeprom.raw k5_eeprom_test.raw You can also use findflips, which was written for reverse engineering efforts like this: https://github.com/sq5bpf/findflips Hope this is useful in your reverse engineering efforts :) VY 73 Jacek / SQ5BPF