Emil's Projects & Reviews

OpenHardware & OpenSource

Malahit Software Defined Radio 23rd December 2020

The Malahit (Malachite) SDR is a very compact radio hosted in a case only 100×74×27mm in size.

Malahit - Portable SDR

The version I've bought is manufactured in China but the design originated from Russia. The schematic is almost identical to the original except some PCB connectors (J5 & J7). The RF front-end is minimal, just a wideband pre-amp (BGA614) and some LC Π filters (0-12MHz-30MHz-60MHz-120MHz-250MHz-1GHz-2GHz) to separate the huge frequency range. An optional board with better filtration and another narrower pre-amp for the HF bands can be connected via J7 and is inserted in front of the antenna connector. On this chinese clone the Vbat signal is missing so you need to connect it from elsewhere (and there isn't sufficient space inside the case for another PCB anyways).

A few things that I dislike on this SDR:

Even with the above annoyances I think it is an excellent deal to get a portable SDR in an aluminum case for just 82$ delivered.

Malahit SDR - PCB

To program a new firmware in DFU mode you can follow the instructions from this translated manual

I prefer to use the SWD port directly. For this you need a STLinkv2 programmer. The SWD connector on the board misses the 3V3 signal but you can get that from the common anode dual LED (near TP4056 charger which is not soldered). The 3V3 is needed to detect the Vtarget presence. If you use a STLinkv2 clone (the USB stick shaped one) you won't have the Reset signal available (the one labeled RST is from the SWIM interface). Reset is available on port PB0 (pin18 of STM32F103) inside the programmer. Without Reset you'll have some trouble halting the STM32H7.

Convert the DFU or iHEX files to binary. To obtain the flash binary file first remove the RAM fill region and start address which are not part of this image. Then

openocd -f interface/stlink-v2.cfg -f target/stm32h7x.cfg

Open a telnet console on port 4444 an use the flash read_bank to make a backup then flash erase_address followed by flash write_bank on bank 0 to program your new firmware.

The firmware for this radio (latest version as of today is 1_0f) needs to be first activated.
The registration code is an 8 byte hash of the CPU signature ID (12 bytes).
This hash is then stored at (word) locations 0x7E & 0x7F in the SPI F-RAM (FM25W256) and compared every time the radio is started.

To unlock (activate) your Malahit SDR firmware please enter the CPU ID code
Use this format xxxx-xxxx-xxxx-xxxx-xxxx-xxxx (where x are hex nibbles)

- - - - -

Tags: malahit, sdr.

Comments On This Entry

Georgy Submitted at 14:35:48 on 29 December 2020
I am author of this project. Delete this material for unlock code - only the developers of this project are entitled to this, but not you.
Jim Submitted at 15:48:19 on 3 January 2021
Hi, I have this same radio, but have had no luck with the dfu files in the links on Linuxslate. Every time I try tp convert the FW_1_0f.hex file the F
DfuFileMgr says it is an incorrect file to convert to DFU file. None of the dfu files from the site will load with DfuSeDemo. It complains that the files are the wrong type. Any ideas? I do get the radio in dfu mode using the holding the volume encoder while powering on the radio.
Emil Submitted at 18:34:17 on 3 January 2021
Remove everything from this line :020000043002C8 to :00000001FF (excluding) which is the last line of the hex file .
This should not even be there, it is only initializing RAM and a record which points to the start address.
Then use any utility to convert this back to DFU.
One example is the 'hex2dfu' tool. (source and linux executable)
Ivan Submitted at 14:34:37 on 6 January 2021
I have Malahit activated. Can I see and read the activation code using STM32CubeProgrammer ?
Emil Submitted at 14:54:00 on 6 January 2021
No you can't. You need to write a program to dump the F-RAM and flash it to the STM32H7. A much easier way is to hook a StLinkV2 to the SWD connector and read the CPU ID, then use this page to generate the activation code again.
Dan Submitted at 23:07:25 on 6 January 2021
Firstly thank you very much for such valuable information!!!
I was curious and tried to find out the hash algorithm used to generate the unlock code. Is implemented in the firmware a hash algorithm from scratch?
Emil Submitted at 00:21:19 on 7 January 2021
I've called it "hash" but it is really a non-linear function implemented in firmware. It is not very complex but it is not trivial either.
Jim Submitted at 23:53:23 on 8 January 2021
Emil, That worked great. Thank you.
Nemesys76 Submitted at 06:54:18 on 13 January 2021
Hi Emil,
I have created a keygen, it gives the same results as yours.
I have a question for you, I'm sure you will understand with a few details.
00000025000000E6000000BC...

The question concerns the first E6 on the list.
From the firmware it would seem that the total sum is put in its place (byte1-> 12 + 1 + 12). Do you agree?
Emil Submitted at 17:58:34 on 13 January 2021
If I have wanted to give a keygen away I would have done so.
Instead I provide a page where people can upgrade their SDR firmware at no cost.
If you want to know more feel free to investigate by yourself.
Ernest Submitted at 07:26:39 on 14 January 2021
Hi Emil
First of all I would like to thank you for this page. Thank you very, very much.

Add A Comment

Your Name
Your EMail
Your Comment

Your submission will be ignored if any field is left blank or if you include clickable links (URLs without the "http://" start are fine). English only please. Your email address will not be displayed.