Aha! I think I figured something out. I did some web searching to see if I could figure out how to identify the firmware entry point address. I found a StackExchange post that mentioned something called a “reset vector”. It sounds like a reset vector is a pointer that the CPU looks at to tell it where to begin program execution. The reset vector location is CPU-specific. I went back to the Motorola datasheet and searched for information about reset vectors.

After having dumped the firmware for my Kantronics KPC 9612+ TNC, my next thought was to try and disassemble this code with IDA Pro, however it turns out IDA Pro free edition doesn’t support this architecture. I’m not excited enough about this project to go spend the money on a professional license. Next I tried Ghidra. I hadn’t used Ghidra before, but it seemed like a good time to test it out.

After working on my WinAPRS exploits, I had a thought that my ham radio TNC (radio modem) could have vulnerabilities built right into the TNC itself. I have a Kantronics KPC 9612+ TNC. I think it originally was released sometime in the 1990’s and was finally discontinued in 2020 for a newer model. Mine still works just fine, though. The TNC runs its own little operating system that supports decoding different kinds of packet data.

In early 2021 I took an Offensive Security course to earn my Offensive Security Exploit Developer certification. This course taught me a lot about exploiting memory corruption vulnerabilities in Windows 32-bit programs. It was also a lot of fun. Aside from security things, I also dabble in ham radio. Most of my experience with ham radio has been through the use of packet radio and other digital modes. Rather than talking to people over the air using voice, I’m sending and receiving data through a computer over the airwaves.

I got my ham radio license eight years ago so I could use it for a high altitude balloon project with some friends from college. We had a lot of fun, but I haven’t used the license much since then. I get into it for a few weeks every couple of years and then get bored. I just don’t have much interest in talking to strangers over the air. I’ve always been much more fascinated by the idea of packet radio.