IC-CS-X/README.org

* ICEX patcher
** Disclaimer
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, YOU ARE USING THIS AT YOUR OWN RISK. PATCHING THE FIRMWARE MIGHT VOID YOUR TRANSEIVER WARRANTY. ENSURE MAKING A BACKUPS AND THINK OF WHAT ACTIONS YOU ARE PERFORMING. NONE OF THE AUTHORS, CONTRIBUTORS, ADMINISTRATORS, OR ANYONE ELSE CONNECTED WITH THIS REPOSITORY, IN ANY WAY WHATSOEVER, CAN BE RESPONSIBLE FOR YOUR USE OF THE SOFTWARE BELOW.

** Motivation
Icom CS software for IC-F0 model is back from 1997, requires DOSbox and not more usefull than =xxb=. That's how we get IC-CS-X, or ICEX
** TODO Usage
=Syntax: ./ic_f300_patcher.sh -s %channel_numeber%=%valuein kHz% -f %path/to/x6110_app%-p %power_setting% -m %modulation_depth%=

File will be created from EMPTY.ICF template, if not provided.

See =./ic_f300_patcher.sh -h= to see the list of supported values for changing.

Help and fallback is not yet stable, so follow the available values:
| %channel_numeber%   | 1-30                |
| %power_setting%     | l1, l2, h (default) |
| %modulation_depth%= | w (default)         |

Example:
#+NAME: example
#+BEGIN_SRC sh :eval never
./ic_f300_patcher.sh -s 1=172867 -p l1 -m n
#+END_SRC

As soon as this script substitutes the existing values inside the binary, provided values shoud have the same bit-length as default. Otherwise it may lead to the segmentation fault. Remember to backup the firmware.


** Theory behind
Well, it needs a bit of a hex-magic. But valuables are easy find-and-replaceable in hexeditor. Here are some offsets to remember:

Start offset of the Rx freq of the first Channel of the first bank - =0000050b=

Length of channel record is 44 bytes?
#+NAME: theoretical chan mapping
#+BEGIN_SRC bash
#!/bin/bash
result=$(( 0x50b - 0x2c ))
for i in {0..30}; do
    result=$(($result + 0x2c))

    if [ "$i" -eq 9 ]; then
        result=$(( $result + 0x8 ))
    elif [ "$i" -eq 14 ]; then
        result=$(( $result + 0x8))
    elif [ "$i" -eq 23 ]; then
        result=$(( $result + 0x8))
    fi


    printf "%d,  0x%X\n" "$((i + 1))" "$result"
done

#+END_SRC

Here is the comparison of calculated channel offsetts and the real one, obtained from the incremental changes diffing
#+RESULTS: theoretical chan mapping
| ch | offset calculated | real offset |
|  1 |             0x50B |       0x50b |
|  2 |             0x537 |       0x537 |
|  3 |             0x563 |       0x563 |
|  4 |             0x58F |       0x58f |
|  5 |             0x5BB |       0x5bb |
|  6 |             0x5E7 |       0x5e7 |
|  7 |             0x613 |       0x613 |
|  8 |             0x63F |       0x63f |
|  9 |             0x66B |       0x673 |
| 10 |             0x69F |       0x69f |
| 11 |             0x6CB |       0x6cb |
| 12 |             0x6F7 |       0x6f7 |
| 13 |             0x723 |       0x723 |
| 14 |             0x74F |       0x74f |
| 15 |             0x783 |       0x77b |
| 16 |             0x7AF |       0x7b5 |
| 17 |             0x7DB |       0x7db |
| 18 |             0x807 |       0x807 |
| 19 |             0x833 |       0x833 |
| 20 |             0x85F |       0x85f |
| 21 |             0x88B |       0x88b |
| 22 |             0x8B7 |       0x8b7 |
| 23 |             0x8E3 |       0x8e3 |
| 24 |             0x917 |       0x91d |
| 25 |             0x943 |       0x943 |
| 26 |             0x96F |       0x96f |
| 27 |             0x99B |       0x99b |
| 28 |             0x9C7 |       0x9c7 |
| 29 |             0x9F3 |       0x9f3 |
| 30 |             0xA1F |       0xa1f |
| 31 |             0xA4B |             |
+ Ch8  is 8 bytes longer
+ Ch15 is 8 bytes longer
+ Ch23 is 8 bytes longer

#+NAME: let's try
#+BEGIN_SRC shell :results output
hexdump -s0x50b -n44 -C FIRST_AN.ICF
#+END_SRC

#+RESULTS: let's try
: 0000050b  31 34 35 35 30 30 31 34  36 36 30 30 30 30 43 30  |14550014660000C0|
: 0000051b  30 43 30 33 30 36 33 30  30 30 30 31 30 30 30 30  |0C03063000010000|
: 0000052b  0d 0a 30 32 30 30 31 30  30 30 46 46              |..02001000FF|
: 00000537


Watch the =14550014600= - Rx and Tx freqs of the first channel

Last channel is 31, let's try and pick it directly
#+BEGIN_SRC shell :results output
hexdump -s$(printf "0x%X" $((0x50b + 29 * 0x2c + 3*0x8))) -n44 -C FIRST_AN.ICF
#+END_SRC

#+RESULTS:
: 00000a1f  31 35 35 36 30 30 31 34  34 37 30 30 0d 0a 30 34  |155600144700..04|
: 00000a2f  30 30 31 30 38 30 30 38  30 30 30 33 30 32 33 30  |0010800800030230|
: 00000a3f  30 30 30 31 30 30 30 30  30 30 46 46              |0001000000FF|
: 00000a4b
*** Channel in details
Rx/Tx frequencies are going one by one. Power bit for ch1 is 0x51e. 19th position, offset 0x13
#+NAME: power bit
#+BEGIN_SRC sh :eval once :results output
cd ~/src/radio/IC-F300
binwalk -i -t -W L1N14480.ICF L2N14480.ICF N144800.ICF
#+END_SRC

#+RESULTS: power bit
:
: OFFSET      L1N14480.ICF                                                         L2N14480.ICF                                                         N144800.ICF
: --------------------------------------------------------------------------------
: *
: 0x00000510  30 31 34 34 38 30 30 38 30 30 38 30 30 30 31 30 |0144800800800010| \ 30 31 34 34 38 30 30 38 30 30 38 30 30 30 32 30 |0144800800800020| \ 30 31 34 34 38 30 30 38 30 30 38 30 30 30 33 30 |0144800800800030|
: *
:

Modulation width for ch1 is 0x523. 24th position, offset 0x18
#+NAME: narrow/wide
#+BEGIN_SRC sh :eval once :results output
binwalk -i  -W 144800.ICF N144800.ICF
#+END_SRC

#+RESULTS: narrow/wide
:
: OFFSET      144800.ICF                                                           N144800.ICF
: --------------------------------------------------------------------------------
: *
: 0x00000520  32 33 30 30 30 30 31 30 30 30 30 0D 0A 30 32 30 |23000010000..020| \ 32 33 30 38 30 30 31 30 30 30 30 0D 0A 30 32 30 |23080010000..020|
: *
: