又到了一年一次財務年度結束、開始績效考核的季節。以軟體工程師角色,在稍具規模的企業工作是一種練等的職業生涯節奏,但目標不是為了爭取更好聽的頭銜,比較是有計劃的點擊技能樹,進而在組織中獲得信賴,並得以做出更多貢獻。頭銜、職稱與薪資獎勵自然會依據所負責任反應到位。

Job Ladder 或 Career Structure 可以作為客觀的職能參照,用來定位自己的專業能力。但不該是職業生涯的藍圖,因為這些階梯可以透過跳槽避開因為人事、環境的卡關問題而加速升等,更別說在新創公司中毫無意義。

作為一位主管可以每年協助做相應職能的績效考察,提供可以客觀評斷的目標設定,並提供相對的資源來培養技能 (例如: 給予自由時間或補助課程或業務機會)。不過這依然要靠員工的毅力,自我要求來達到年度目標。而晉升到資深等級的專業員工 (Individual Contributor),也可以選擇走 Parallel Track. 例如 engineering management/leadership track 或 product management track,從這之後可以開分支點擊不同的技能樹。

覺的 Chuck Groom 寫的這篇 “The Software Engineering Job Ladder“(簡體中文: 程序员必须要搭建自己的“工作阶梯”) 相當好,除了常見的所需的工作能力要求外,他也點出四個重要的基本特質 編程能力 (Programming ability) 、溝通 (Communication)、批判性思考 (Critical thinking) 與主動性 (Initiative)。這四個特質的確差異化一個員工是否能夠持續成長一個可靠的組織棟樑。

Chuck 也提供各職等的反模式症狀,這些症狀都會造成員工不適任或影響工作效能。處在積極成長的企業會定時汰去未能在時限內晉升資深軟體工程師的員工 (文中所說三級工程師水準)。因為患有這些症狀低於三級以下的工程師,往往會耗費大量的管理精力,但產出低效。像是缺乏基本特質的員工,就容易寫出難以維護的程式碼,無法準確的描述問題場景或理解同事與客戶的要求,無法識讀需求或解決矛盾更別說提供準確的工作時程估算並準時交付委託的工作。

就像 HBC Tech 的 Adrian Trenaman 所說,作為一個組織你希望招募有才能的員工,並創造一個高效且自發的工作環境,鼓勵資深員工成為優秀的領袖,帶領團隊設計與打造好的產品與服務,而不是浪費優秀人才的精力管理庸才。

說到底,頭銜並不那麼重要,更重要的是創造一個工作環境與團隊,可以高效且愉快的每日產出與交付。

中國的高達兩千萬的監視器[1][2]除了被應用於實時行人檢測識別系統[3]之外,甚至進步到可以「預測」犯罪[4]。但不只是老大哥政府為了維穩需求而大幅度監控公民,有商業動機的廣告商更是積極的想蒐集客戶資料[5]。

雖然台灣公部門沒有建制「天網監視系統」的野望,民間科技應用也會透過人臉辨識系統蒐集顧客資訊,例如統一超商櫃台後方或是櫥窗的廣告看板都置有攝影機蒐集人臉生物特徵[6]。

而只是帶著口罩是騙不過這些監控系統[7],未來出門可能需要戴上特製反射眼鏡[8][9]或乾脆在臉上刺上干擾辨識的圖騰才能換得隱私保護了。

[1] China’s All-Seeing Surveillance State Is Reading Its Citizens’ Faces – WSJ – https://www.wsj.com/articles/the-all-seeing-surveillance-state-feared-in-the-west-is-a-reality-in-china-1498493020
[2] 人臉辨識技術 成中國強大監視工具 – 新唐人亞太電視台 – http://www.ntdtv.com.tw/b5/20170703/video/200216.html?%E4%BA%BA%E8%87%89%E8%BE%A8%E8%AD%98%E6%8A%80%E8%A1%93%20%E6%88%90%E4%B8%AD%E5%9C%8B%E5%BC%B7%E5%A4%A7%E7%9B%A3%E8%A6%96%E5%B7%A5%E5%85%B7
[2] SenseTime – 智能人脸布控解决方案 – https://www.sensetime.com/isSecurity-FaceDispatch/
[3] 「雲從科技」(Cloud Walk)的廣州科技公司正在為「預防犯罪制度」努力,讓警方在犯罪之前就阻止惡性事件發生。他們準備開發一套智能預測系統,監測人們的行動和行為模式,然後評估出是否有犯罪的可能,並通知警方。 Chinese companies are working with police to develop artificial intelligence they say will help them identify and apprehend suspects before criminal acts are committed. – https://www.facebook.com/financialtimes/videos/10155507438890750/
[4] 纪录片《辉煌中国》第5集《共享小康》中的“中国天网”监控最新实时行人检测识别系统曝光。 – https://v.qq.com/x/cover/6lz219aeyiiieex/i0553xdarb9.html
[5] 广告牌通过顶部的摄像头,搜集食客的面部信息,以判断其性别、年龄层次、观看广告的停留时间。 – http://www.pingwest.com/dianziguanggaopai/
[6] PilotTV – 廣告看板正偷偷盯著你! Intel 與前線科技以人臉辨識打造精準行銷 – http://pilottv.com.tw/event/16
[6] 零售解決方案:Intel® Retail Client Manager – https://www.intel.com.tw/content/www/tw/zh/retail/solutions/rcm.html
[7] Dear rioters: Hiding your face with scarves, hats can’t fool this AI system • The Register – https://www.theregister.co.uk/2017/09/06/ai_to_identify_protesters_in_disguise/
[7] Disguised Face Identification (DFI) with Facial KeyPoints using Spatial Fusion Convolutional Network – https://arxiv.org/abs/1708.09317
[8] 6 Ways To Defeat Facial Recognition Cameras | Survivopedia – http://www.survivopedia.com/6-ways-to-defeat-facial-recognition/
[9] Magic AI: these are the optical illusions that trick, fool, and flummox computers – The Verge – https://www.theverge.com/2017/4/12/15271874/ai-adversarial-images-fooling-attacks-artificial-intelligence
[9] CCS 2016 – Accessorize to a Crime: Real and Stealthy Attacks on State-Of-The-Art Face Recognition – YouTube – https://www.youtube.com/watch?v=6Xh1vuwnVhU
[9] Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition https://www.cs.cmu.edu/~sbhagava/papers/face-rec-ccs16.pdf

這篇文章是閱讀了 Kuon Ding 在 COSCUP 2016 發表的演講簡報「開源編譯器,如何實現系統安全最後一哩路」的一點想法。因為 COSCUP 一直待在場外聊天,未進入演講廳聽講,這些心得僅僅參考投影片的資訊。

私認為資訊安全沒有最後一哩路[1],需要保持紀律的環環層層不停的造橋鋪路。

這場演講分享了開放原始碼編譯工具針對系統安全的發展,編譯工具的確是重要一環,以 Ubuntu 為例[2], gcc 的 Stack Protector、built as PIE for exec ASLR、Fortify Source、Read-only relocation 都做額外的補釘加強安全性。然而 toolchain 不能提供獨立的安全保護,像是 Address Space Layout Randomization (ASLR) 必須是從 kernel 層做的。不管是融合桌面、手機環境的 Ubuntu 或是以手機為主的 Android 而言,安全性的發展都是盡可能的降低攻擊範圍(attack surface) 並層層疊加安全限制。

以最近發布的 Android 7[7][8] 為例子,針對系統面的保護改進用 SELinux 與 seccomp sandboxing 中減少 ioctl 的白名單呼叫範圍、 Library ASLR[3]、從 Grsecurity 學來的 CONFIG_DEBUG_RODATA 等等。這些都一步步的減少了攻擊暴露範圍。

舉例而言,文中提到了像是 2016/08 的 DEFCon 24 發布的 QuadRooter 相關漏洞[4],許多都是來自 SoC 的程式碼設計缺陷所造成,而這些缺陷很難透過代碼審查的方式查出,特別是由於智慧產權的限制,很多有問題的驅動程式是以二進位檔散布的,作業系統廠商或終端硬體品牌商是拿不到原始碼的。這些只能透過系統安全機制[15]來防護。

如 QuadRooter 中提到的 CVE-2016-2059: Linux IPC router binding any port as a control port,這個攻擊的前提是系統關掉 kASLR[5],然後才有機會做 Heap Spraying,但是要再拿到 root 還得關閉 SELinux 才行。而攻擊第一步 iocl 命令是可以透過 SELinux Policy 抑制的,例如 CVE-2016-0820 中,MediaTek 的 WiFi 驅動程式的 private ioctl 漏洞,可以關掉一般程式存取 device private commands[6].

編譯器未能防止類似的問題,必須依賴其他機制來保護系統。

編譯器[9]實踐的 KAsan (Kernel Address Sanitizer)[21] 功能可以查找 QuadRooter 中 CVE-2016-2503/CVE-2016-2504 等 use-after-free attack[22] 問題,但是一樣需要核心的支援[10]。而這個在 4.4 中的功能能夠發送到使用者手上尚須要一段時間[14],不僅僅是更新 toolchain 重新編譯即可。

不是所有的理論技術都可以在安全、便利性、效能上帶來好處,作業系統往往必須做出取捨。

  • 例如啟動了投影片中[1]提到 vtable verification feature[27],這個功能會讓一些重要的軟體如 Firefox 炸掉[11],因為開發者會對 vtable 用一些奇計淫巧。
  • 例如前述的 Ubuntu 中的 built as PIE 在 i686 平台上會造成 5-10% 的效能損失[12],只能挑某些重要的庫使用。到 16.10 才因為 64 bit 環境成熟而預設啟用。
  • 例如啟動了 Kernel Address Space Layout Randomisation (kASLR) 後,在 x86 上就無法讓電腦休眠[13] ,對沒電時需要緊急休眠的筆記型電腦使用者是無法接受的。

每項安全設計都不能只從單方面來看,需要全局的評估。有些無法在編譯器中實踐的功能,可以在 kernel 中完成,kenrel 的問題可以透過 app sandboxing 來補強。

而最近幾年的作業系統發展趨勢以 Isolation (Sandboxing) 為方向,像是 Android 使用 Selinux 的 Sandbox、ChoromeOS 中使用 Minijail[16],Linux Desktop 上的 xdg-app/Flatpak[17][18],以及 Ubuntu 使用 Snappy (Apparmor)[19][20] 等等技術。除了 Linux 以外,Apple OSX 基於 TrustedBSD Mandatory Access Control (MAC) Framework 的 Sandbox[23][24][25], 以及 Microsoft 的 Windows Runtime sandbox[26] 等等。這些系統的設計都是為了保護使用者的資料,除了防止惡意程式之外,如果程式遭到破解,所能造成的破壞也會被侷限在沙箱內。

最大的挑戰之一,或許是針對新的 security model 設計具備彈性 API,以及在多重限制的運行環境下仍可提供友善便利的使用者體驗吧。

[1] 開源編譯器,如何實現系統安全最後一哩路 by Funny Systems – https://speakerdeck.com/FunnySystems/kai-yuan-bian-yi-qi-ru-he-shi-xian-xi-tong-an-quan-zui-hou-li-lu
[2] https://wiki.ubuntu.com/Security/Features
[3] Implement Library Load Order Randomization – https://android.googlesource.com/platform/bionic/+/4f7a7ad3fed2ea90d454ec9f3cabfffb0deda8c4%5E%21/
[4] QuadRooter Research Report – https://www.checkpoint.com/downloads/resources/quadRooter-vulnerability-research-report.pdf
[5] Kernel address space layout randomization [LWN.net] – https://lwn.net/Articles/569635/
[6] Only allow shell user to access unprivileged socket ioctl commands. – https://android.googlesource.com/platform/external/sepolicy/+/57531ca%5E%21/
[7] Security | Android Open Source Project – https://source.android.com/security/
[8] Security Enhancements in Android 7.0 | Android Open Source Project – https://source.android.com/security/enhancements/enhancements70.html
[9] [ASan] Initial support for Kernel AddressSanitizer · llvm-mirror/llvm@e9149f4 – https://github.com/llvm-mirror/llvm/commit/e9149f4f8cd3b915ada134d80452c6eae7875ca4
[10] KASan support for arm64 – http://lkml.iu.edu/hypermail/linux/kernel/1511.0/02583.html
[11] Crash in mozJSComponentLoader::ModuleEntry::GetFactory when compiled with GCC 4.9.0 and VTV – https://bugzilla.mozilla.org/show_bug.cgi?id=1046600
[12] PIE has a large (5-10%) performance penalty on architectures with small numbers of general registers (e.g. x86) – https://wiki.ubuntu.com/Security/Features#pie
[13] Prefer kASLR over Hibernation – Patchwork – https://patchwork.kernel.org/patch/8765121/
[14] KASan support for arm64 – http://lkml.iu.edu/hypermail/linux/kernel/1511.0/02583.html
[15] Google Online Security Blog: Protecting Android with more Linux kernel defenses – https://security.googleblog.com/2016/07/protecting-android-with-more-linux.html
[16] Chromium OS Sandboxing – The Chromium Projects – https://www.chromium.org/chromium-os/developer-guide/chromium-os-sandboxing#h.l7ou90opzirq
[17] Projects/SandboxedApps – GNOME Wiki! – https://wiki.gnome.org/Projects/SandboxedApps
[18] Sandbox · flatpak/flatpak Wiki – https://github.com/flatpak/flatpak/wiki/Sandbox
[19] snapcraft – Snaps are universal Linux packages – http://snapcraft.io/
[20] Snappy Interfaces | Labix Blog – http://blog.labix.org/2016/04/22/snappy-interfaces
[21] Kernel Address Sanitizer – https://github.com/google/kasan/wiki
[22] Four new Android privilege escalations [LWN.net] – https://lwn.net/Articles/696716/
[23] The Apple Sandbox https://media.blackhat.com/bh-dc-11/Blazakis/BlackHat_DC_2011_Blazakis_Apple%20Sandbox-Slides.pdf
[24] The Apple Sandbox https://media.blackhat.com/bh-dc-11/Blazakis/BlackHat_DC_2011_Blazakis_Apple_Sandbox-wp.pdf
[25] SandBlaster: Reversing the Apple Sandbox – https://arxiv.org/pdf/1608.04303.pdf
[26] WinRT: The Metro-politan Museum of Security https://conference.hitb.org/hitbsecconf2012ams/materials/D1T2%20-%20Sebastien%20Renaud%20and%20Kevin%20Szkudlapski%20-%20WinRT.pdf
[27] Improving Function Pointer Security for Virtual Method Dispatches https://gcc.gnu.org/wiki/cauldron2012?action=AttachFile&do=get&target=cmtice.pdf

Dropbox 在 2012 的時候曾經傳出被入侵盜走六百九十萬筆個人資料。結果最近媒體發現[1],其實是被偷走 68,680,741 筆,其中31,865,280 組密碼使用 bcrypt hashing 加密,而另外的36,815,461組密碼則使用SHA1 hashing 加密。「我被黑了嗎?」(Have I been pwned[2]) 的站長 Troy Hunt[3] 拿到這批資料,驗證[4]之後確定是 Dropbox 被偷走得資料、不是假資料。

這些資料包含電子郵件與密碼,雖然這些密碼是被加密過,但是還是可能被破解猜出來。若沒有用不同密碼的習慣,別人就可能有機會用同樣帳號密碼登入不同的服務。而這些資料除了某些熟門路的人拿的到,像是 LeakedSource[5] 也提供付費版 API[6] 供人取用受害者原始資料 (亦即加密後的密碼等資料)。

比較好的習慣是使用密碼管理軟體 (Password Manager) 與雙因素授權 (Two factor authentication, 2FA)[9]。

密碼管理軟體的基本功能就是幫你產生亂數密碼,自動登入等,所以你可輕易在不同服務間使用難破解的密碼。密碼管理器的選擇很多[7][8],我自己是使用 Lastpass[11],它在瀏覽器與 Android 平台上整合的很方便。而且價格是 12 USD 一年,相較其他軟體更為便宜,雖然目前服務的公司有提供免費帳號,但是我已經買了好幾年了。Lastpass 雖然在 2015 也被入侵過[12],不過由於安全設計得當,並沒有產生重大問題。

我每個月都會定期做一次 Lastpass security challenge[10],他會檢查密碼強度、是否重複使用密碼,以及類似 Have I been pwned[2]、LeakedSource[5] 的功能,會查找已知的受害者資料庫,提醒是否為高風險需要採取任何行動。

快選一個密碼管理器吧。 https://lastpass.com/f?4133426

同場加映: Password manager security papers | Wilders Security Forums – http://www.wilderssecurity.com/threads/password-manager-security-papers.365724/

  • “Password Managers: Risks, Pitfalls, and Improvements” (2014)

    We study the security of popular password managers and their policies on automatically filling in passwords in web pages. We examine browser built-in password managers, mobile password managers, and 3rd party managers. We show that there are significant differences in autofill policies among password managers. Many autofill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the user’s password manager without any interaction with the user. We experiment with these attacks and with techniques to enhance the security of password managers. We show that our enhancements can be adopted by existing managers.

  • “Protecting Users Against XSS-based Password Manager Abuse” (2014)

    To ease the burden of repeated password authentication on multiple sites, modern Web browsers provide password managers, which offer to automatically complete password fields on Web pages, after the password has been stored once. Unfortunately, these managers operate by simply inserting the clear-text password into the document’s DOM, where it is accessible by JavaScript. Thus, a successful Cross-site Scripting attack can be leveraged by the attacker to read and leak password data which has been provided by the password manager. In this paper, we assess this potential threat through a thorough survey of the current password manager generation and observable characteristics of password fields in popular Web sites. Furthermore, we propose an alternative password manager design, which robustly prevents the identified attacks, while maintaining compatibility with the established functionality of the existing approaches.

  • “Vulnerability and Risk Analysis of Two Commercial Browser and Cloud Based Password Managers” (2013)

    Web users are confronted with the daunting challenges of managing more and more passwords to protect their valuable assets on different online services. Password manager is one of the most popular solutions designed to address such challenges by saving users’ passwords and later auto-filling the login forms on behalf of users. All the major browser vendors have provided password manager as a built-in feature; third-party vendors have also provided many password managers. In this paper, we analyze the security of two very popular commercial password managers: LastPass and RoboForm. Both of them are Browser and Cloud based Password Managers (BCPMs), and both of them have millions of active users worldwide. We investigate the security design and implementation of these two BCPMs with the focus on their underlying cryptographic mechanisms. We identify several critical, high, and medium risk level vulnerabilities that could be exploited by different types of attackers to break the security of these two BCPMs. Moreover, we provide some general suggestions to help improve the security design of these and similar BCPMs. We hope our analysis and suggestions could also be valuable to other cloud-based data security products and research.

  • “Automated Password Extraction Attack on Modern Password Managers” (2013)

    To encourage users to use stronger and more secure passwords, modern web browsers offer users password management services, allowing users to save previously entered passwords locally onto their hard drives. We present Lupin, a tool that automatically extracts these saved passwords without the user’s knowledge. Lupin allows a network adversary to obtain passwords as long as the login form appears on a non-HTTPS page. Unlike existing password sniffing tools, Lupin can obtain passwords for websites users are not visiting. Furthermore, Lupin can extract passwords embedded in login forms with a destination address served in HTTPS. To determine the number of websites vulnerable to our attack, we crawled the top 45,000 most popular websites from Alexa’s top website list and discovered that at least 28% of these sites are vulnerable. To further demonstrate the feasibility of our attack, we tested Lupin under controlled conditions using one of the authors’ computers. Lupin was able to extract passwords from 1,000 websites in less than 35 seconds. We suggest techniques for web developers to protect their web applications from attack, and we propose alternative designs for a secure password manager.

  • “Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage” (2013)

    To protect sensitive user data against server-side attacks, a number of security-conscious web applications have turned to client-side encryption, where only encrypted user data is ever stored in the cloud. We formally investigate the security of a number of such applications, including password managers, cloud storage providers, an e-voting website and a conference management system. We find that their security relies on both their use of cryptography and the way it combines with common web security mechanisms as implemented in the browser. We model these applications using the WebSpi web security library for ProVerif, we discuss novel attacks found by automated formal analysis, and we propose robust countermeasures.

  • “On The Security of Password Manager Database Formats” (2012)

    Password managers are critical pieces of software relied upon by users to securely store valuable and sensitive information, from online banking passwords and login credentials to passport- and social security numbers. Surprisingly, there has been very little academic research on the security these applications provide.
    This paper presents the first rigorous analysis of storage formats used by popular password managers. We define two realistic security models, designed to represent the capabilities of real-world adversaries. We then show how specific vulnerabilities in our models allow an adversary to implement practical attacks. Our analysis shows that most password manager database formats are broken even against weak adversaries.

  • From Web-based Attacks on Host-Proof Encrypted Storage (2012):

    Cloud-based storage services, such as Wuala, and password managers, such as LastPass, are examples of so-called host-proof web applications that aim to protect users from attacks on the servers that host their data. To this end, user data is encrypted on the client and the server is used only as a backup data store. Authorized users may access their data through client-side software, but for ease of use, many commercial applications also offer browser-based interfaces that enable features such as remote access, form-filling, and secure sharing.
    We describe a series of web-based attacks on popular host-proof applications that completely circumvent their cryptographic protections. Our attacks exploit standard web application vulnerabilities to expose flaws in the encryption mechanisms, authorization policies, and key management implemented by these applications. Our analysis suggests that host-proofing by itself is not enough to protect users from web attackers, who will simply shift their focus to flaws in client-side interfaces.

利益揭露: lastpass 的邀請連結是我的個人 premium referral link.

[1] Hackers Stole Account Details for Over 60 Million Dropbox Users | Motherboard – http://motherboard.vice.com/read/hackers-stole-over-60-million-dropbox-accounts
[2] Have I been pwned? Check if your email has been compromised in a data breach – https://haveibeenpwned.com/
[3] Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security – https://haveibeenpwned.com/About
[4] Troy Hunt: The Dropbox hack is real – https://www.troyhunt.com/the-dropbox-hack-is-real/
[5] Find the source of your leaks – https://www.leakedsource.com/
[6] LeakedSource API Purchase – https://www.leakedsource.com/api/purchase
[7] Password Managers Compared http://www.howtogeek.com/?p=240255
[8] Best Password Manager http://www.asecurelife.com/dashlane-vs-lastpass-vs-1password-vs-roboform-vs-keepass/
[9] https://en.wikipedia.org/wiki/Multi-factor_authentication
[10] https://blog.lastpass.com/tag/lastpass-security-challenge/
[11] https://lastpass.com/f?4133426
[12] LastPass Hacked http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571

The Taiwan government has launched the new Public Warning System to warn cell phone subscribers the happening emergency. There are a few integration need to be done to support PWS on Ubuntu phone.

  1. rild from Android.
  2. ofono to dbus.
  3. User interface to handle the dbus event.

ofono supports the CBS/PWS[1] long time ago. There are a few TODOs to support the PWS

  • Make sure the rild can receive and pass the Cell Broadcast Service (CBS) to ofono
  • Need a userspace program to handle the Emergency Broadcast from dbus.

References:

[1] 國家通訊傳播委員會_災防告警系統(PWS)介紹 – http://www.ncc.gov.tw/chinese/gradation.aspx?site_content_sn=3744
[2] ofono/ofono.git – Open Source Telephony – http://git.kernel.org/cgit/network/ofono/ofono.git/tree/src/cbs.c#n100
[3] PWS specs

The post is based on engineering note.

Bafong UV-5R Tower

去年為了登山用途,連續團購了好幾打中國製造的便宜業餘無線電 – 福建省南安市寶鋒電子有限公司的 UV-5R.英文名稱是 Baofeng,不過由於商標的權力衝突關係,目前已經逐漸改成 Pofung. 此款支援 UHF/VHF 雙頻守聽、 FM 電台功能,這款無線電改版多次,市面上有多種型號。中國售價大多不超過一千台幣,進口需額外負擔運費與關稅等,仍然相當便宜,因為實在太便宜了,深受登山客、業餘玩家喜愛,就連烏克蘭的民間武裝抗議人士也愛用。(圖為頓內次克政府建築外的親俄士兵)

A pro-Russian protester mans a barricade outside a government building in Donetsk.
A pro-Russian protester mans a barricade outside a government building in Donetsk. Konstantin Chernichkin / Reuters

韌體與硬體

我看過許多種不同的版本,型號有 UV-5R / UV-5RA / UV-5RPlus / UV-5Ra+ / UV5RB / UV5RE 等等千奇百怪針對不同市場的延生版。硬體基本上大同小異,改版主要是外型設計與韌體的改善,加強操作的便利性。

若想知道你所持有的手機是哪一種版本,可以按著 3 開機看韌體版本、按下 6 開機看硬體版本。你若發現韌體版本是 BFB297,那代表是新版的產品,真正的韌體版本資訊無法透過開機訊息查看,必須另外透過軟體檢查。

例如我手上的產品,早期購買版本

  •    BFB229
  •    201002 VER04

後期購入版本則是

  •  BFB297 (實際用軟體查看是 BFB307)
  •  130505N.

韌體功能

基本的韌體功能有

  • VHF/UHF 雙頻無線電對講機. 雙顯示/雙待機/跨段收發
  • 省電功能
  • 語音導引
  • 手電筒功能
  • 鍵盤鎖功能
  • 語音保密裝置
  • 點陣雙排顯示
  • 128組記憶頻道
  • 帶收音機功能
  • VOX聲控發射功能
  • 可調的三色背景燈
  • 1800MAH 鋰電池
  • VHF / UHF 4W/1W 可調整輸出功率
  • TCSS(50組) / DCS(105組)碼任設

 硬體資訊

UV-5R weight

  • 標準配備的重量為 204g, 單機重 108g
  • 天線 16g
  • 1800mah 電池約 80g
  • 3800mah 加長形電池 135g

manchine meightantenna

設定工具

UV-5R 的韌體提供一些基本的設定,像是設定固定頻道、開機訊息等。可以透過耳機麥克風接頭來進行設定。腳位如下圖

uv-5r dualjack

我個人有如下圖的 FT232RL TTL2USB 的接頭,因此可以找一條未用的耳機麥克風接頭改裝。當然你也可以花錢買一條專用的設定線。

FT232RLProgramming cable

至於設定的軟體可使用開放原始碼的 Chirp,這套軟體支援相當多的業餘無線電,也包含了 UV-5R 及其大量的延伸版本。軟體可以用來設定記憶無線電、DTCS 等,方便大量設定無線電,但並非所有設定選單的功能都可以透過電腦設定,詳細支援可見功能清單

Hacks

硬體設計相當容易維修,我曾經拆過試著維修喇叭等。以下是 UV-5RE 的拆解圖

UV-5RE 外觀主機板正面

 

主機板反面主機板特寫

 

小零件屏蔽金屬板

其中比較有趣的元件是

大神級的 Lior Elazary (KK6BWA) 做了許多的 hacks. 其中最 lelazary 做過最瘋狂、最有趣的是換掉 MCU ,外接的 arduino 來控制無線電,甚至直接用 STM32更換原本的微控制器

不像是 UV-3R 用的 MC81F8616 是可程式化的,UV-5R 用 EEPROM 加上自己的 MCU 只能 OTP (One Time Programmable),因此沒有升級的可能性。也沒無法像是 UV-3R 有機會硬幹自己的韌體

另外一個有趣的 hack 是 John BoilesTRRS Adapter。將 TRRS 端子 (Phone connector) 接到無線電上,因此可以將數位轉類比 RF,用 AFSK modulation 可以作到1200 bps.若接上智慧型手機如 iOS 的PocketPacket 或 Android 的 APRSdroid 可以作到自動位置報告系統 APRS (Automatic Position Reporting System)。而不用搞得到處飛線

如果想要用無線電做更快的數位傳輸,據說 RDA1864 可以設定關掉 audio filter ,因而可以作到 9600bps GMSK.

如果你的目的是為了改機亂接,建議玩 UV-B5,新的設計留了排線,比較容易介接。

延伸閱讀