For Christmas, [Lior] received a Baofeng UV5R radio. He didn’t have an amateur radio license, so he decided to use it as a police scanner. Since the schematics were available, he cracked it open and hacked it.

This $40 radio communicates on the 136-174 MHz and 400-480 MHz bands. It uses a one-time programmable microcontroller and the RDA1846 transceiver. With the power traces to the MCU cut, [Lior] was able to send his own signals to the chip over I2C using an Arduino. He also recorded the signals sent by the stock microcontroller during startup, so that he could emulate it with the Arduino.

Once communication was working on an Arduino, [Lior] decided to get rid of the stock microcontroller. He desoldered the chip, leaving exposed pads to solder wires to. Hooking these up to the Arduino gave him a programmable way to control the device. He got his radio license and…