Back to Home11/13/2025, 7:12:01 AM

Reverse Engineering Yaesu FT-70D Firmware Encryption

austinallegro
157 points
23 comments

Mood

thoughtful

Sentiment

positive

Category

tech

Key topics

reverse engineering

firmware encryption

ham radio

Debate intensity20/100

The author successfully reverse-engineered the firmware encryption of the Yaesu FT-70D radio, detailing their process and findings.

Snapshot generated from the HN discussion

Discussion Activity

Active discussion

First comment

3h

Peak period

20

Day 1

Avg / period

11

Comment distribution22 data points

Based on 22 loaded comments

Key moments

  1. 01Story posted

    11/13/2025, 7:12:01 AM

    6d ago

    Step 01
  2. 02First comment

    11/13/2025, 9:51:58 AM

    3h after posting

    Step 02
  3. 03Peak activity

    20 comments in Day 1

    Hottest window of the conversation

    Step 03
  4. 04Latest activity

    11/15/2025, 4:29:49 AM

    4d ago

    Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (23 comments)
Showing 22 comments of 23
tiniuclx
6d ago
2 replies
Ham radio is well worth getting into if you come from a software background but want to get more hands-on with embedded electronics. Radios are ubiquitous in modern technology, and getting a deeper understanding of how they work can have surprising career benefits too!
ACCount37
5d ago
3 replies
The RF fundamentals stay the same, but the gulf between ham radio and modern RF comms is truly vast.

Those TDM'd bands 40MHz wide, with digital data and modulation past the limits of sanity, and the entire RF system being integrated into one die somehow? Oh boy.

jacquesm
5d ago
3 replies
What really blows me away is the range that you can achieve with almost no power on tiny little antennas. For instance, ELRS uses a transmitter/receiver that is less than a gram, that can keep a link with a drone alive across 30 km or even more. And the antenna is so small you might toss it away with the packaging if you're not paying attention.

One example:

https://rcmaniak.pl/userdata/public/assets/images/SpeedyBee/...

Oh, and it also speaks WiFi, just in case and it has its own little onboard computer and a web server.

stavros
5d ago
1 reply
I use this one, with an onboard antenna:

https://imgaz.staticbg.com/thumb/large/oaupload/banggood/ima...

It's a centimeter on a side, and easily goes more than 10km. It's just mind-blowing that this exists. 0.9 grams, IIRC.

jacquesm
5d ago
1 reply
Wow, that's an even better example. I already have a hard time finding the radio sometimes, and need to put on my glasses, with that one you need tweezers to mount it :)

I ran into your tuning tips page the other day by way of a random search!

stavros
5d ago
1 reply
Oh nice, I was hoping they'd be useful to someone!

With that radio, I just use a drop of hot glue on the fuselage, and it works great! Plus, it's easy to find then :P

jacquesm
5d ago
1 reply
I'm having a devilish time tuning a drone using Inav, I've read through a mountain of documentation and tried a whole pile of things but so far it has not led to a breakthrough, just gradually increasing insight. Oh well, better to keep plugging away at it :)
stavros
5d ago
Let me know if you need help, I've done it a few times.
mystraline
5d ago
Yep, its called LoRa.

Ive been able to decode as low as -26 SNR.

Theres LoRa chips for 2.4GHz, 900MHz, 868MHz, 433MHz, and 144MHz.

tappaseater
5d ago
I used to follow the balloon projects that hams would launch. A mylar balloon with a tiny 50 milliwatt transmitter and GPS, solar powered on the 10Mhz band tracked thousands of miles away.
jwr
5d ago
1 reply
> the gulf between ham radio and modern RF comms is truly vast

Especially if you consider modern cellular radios. Your phone has a completely separate powerful computer just for handling the radio (we still call this a modem for some reason), with a large software stack running.

As for modulation, starting with LTE and turbo coding, we are now near the maximum theoretical channel capacity (Shannon limit), which is mind-blowing.

Learning the basics of radio is still worth the effort (and great fun!), but the gap is indeed huge.

ACCount37
5d ago
1 reply
I did some LTE work. Nasty stuff. And 5G is even worse.
vetrom
4d ago
I don't think most people really understand the compute complexity required for LTE and 5G terminals. It's telling that pretty much every discrete-ish full-speed LTE or 5G modem I've lain eyes upon is actually an embedded SBC running its own OS, with attendant power requirements.
willis936
5d ago
When I flip through the ham radio outlet catalog and see what people pay for a bog standard class A amplifier I realize how I am in the wrong line of work.

The coolest modern ham stuff is happening on SDRs like hackRF.

mschuster91
5d ago
1 reply
> Radios are ubiquitous in modern technology, and getting a deeper understanding of how they work can have surprising career benefits too!

Indeed.

The problem with many modern ham radios of any sufficiently complex feature set - especially when it comes to cheap hackable radios or digital radios - is that a lot of the functionality is hidden away in blackbox ASIC hardware blocks that have no public datasheets (e.g. BK4819 powering Quansheng's radios, Si4732, or for anything DMR, the AMBE-2020 vocoder).

It's truly a miracle what the hacker community has gotten out particularly out of the Quansheng chipset.

subscribed
5d ago
1 reply
Get the appropriate licence and build your own :) Either from the kit or from scratch :)
mschuster91
5d ago
It's not that easy. AMBE is patent encumbered and SDRs are black magic on their own.
jacquesm
5d ago
1 reply
Job well done! I tried reverse engineering the encryption on Yamaha's midi files. I thought it would be super complex but it turned out to be ridiculously easy. It's funny when you're preparing mentally for some long slog and turns out to be an hour at best. In case you're interested: they used a fixed block of 256 bytes that they xor'd the data with in a cyclic fashion.
the_biot
5d ago
1 reply
That's more like obfuscaton, you got lucky there!

I've reverse engineered lots of things, but the one time I actually got paid for it (this is more a hobby to me), I got the exact opposite of what happened to you.

I quoted some small amount to document the protocol to configure some embedded device that I thought would take a day or so, and it turned into a two-week nightmare. Turned out there was no configuration protocol, it was firmware updates always -- and internal parameters were just overwritten along with the code. So I ended up having to disassemble a big chunk of the firmware before I could configure the device.

Enginerrrd
5d ago
Pro-tip, state your assumptions baked into the estimate. If one of them is wrong you can renegotiate price, although depending on the client, you may not always want to do that to show good will and whatnot.
jandrese
5d ago
Another day another hardware manufacturer rolling their own encryption. We are lucky these companies don't really know what they are doing or they could actually make it close to impossible to hack the firmware.
vivzkestrel
4d ago
since you love reverse engineering a lot from your blog posts it seems, if it isn't too much to ask, can you look into this .unr file which is basically an unreal map that was made with an internal tool at Ubi HQ for a 15 yr old game (splinter cell conviction) . It won't load inside UEExplorer or any of the openly available UE tools. Perhaps it could be a topic of your next post in addition to being tremendous help for the gaming community as only basic mods can be made for this game currently unless someone can figure out how to load its maps somehow

1 more comments available on Hacker News

View full discussion on Hacker News
ID: 45911704Type: storyLast synced: 11/16/2025, 9:42:57 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Read ArticleView on HN