TYT MD380 firmware reverse engineered
- Admiral
- Legend
- Posts: 10108
- Joined: 08 Mar 2011, 21:20
- Call Sign: 26TM157
- Location: MK-UK
Re: TYT MD380 firmware reverse engineered
Well, baby steps for me, I've just uploaded the prom-private.bin firmware to my 380 and set the grouplist to none on a channel with several TGs, and lo and behold, it works, all traffic is coming through as 'TG 100', confirmed with DSD+ that I'm not missing any throughput, and this repeater doesn't use TG100, so positive so far, it is annoying that all TGs show as TG100 instead of showing the actual TG, maybe I expect too much for no effort?
Winner of the 2017 IBTL 'Summer Sizzler' competition
-
- Top Poster
- Posts: 1699
- Joined: 28 May 2010, 09:28
- Location: west yorkshire
Re: TYT MD380 firmware reverse engineered
did you get the firmware off the links that got posted?
cant stand IGNORANT b******ds
- Admiral
- Legend
- Posts: 10108
- Joined: 08 Mar 2011, 21:20
- Call Sign: 26TM157
- Location: MK-UK
Re: TYT MD380 firmware reverse engineered
It's the 'Experimental' one one here:sec1223 wrote:did you get the firmware off the links that got posted?
http://www.va3xpr.net/programming-software-firmware/
And a slight edit, it shows the first TG in your contacts list, mine just happens to be TG100, if yours is TG1 then it will show 'TG1' etc.
Winner of the 2017 IBTL 'Summer Sizzler' competition
-
- Regular
- Posts: 52
- Joined: 31 Jan 2016, 08:13
Re: TYT MD380 firmware reverse engineered
Do you just put frequency in and it will just come through or do you still have to put frequency, colour code and talk group? Unsure of programing be nice to have it confirmed. With dsd it just decodes on the frequency you place it on is this firmware the same aspect???
- Admiral
- Legend
- Posts: 10108
- Joined: 08 Mar 2011, 21:20
- Call Sign: 26TM157
- Location: MK-UK
Re: TYT MD380 firmware reverse engineered
Just to clarify again, the firmware uses the first entry of your contact list when no grouplists are selected.
I put my grouplist back on the channel with about 6 TGs and removed one of the known TGs, renamed my first contact entry to 'HACKED' (I know, lame, but just to experiment) and the other TGs come up with their correct names, and the missing one gets through and displays HACKED. So you can use as normal, and if you've missed a TG from the channel then it will still get through.
Sweet, so it's not as restrictive as I thought, just waiting for a private call now to see what happens.
I put my grouplist back on the channel with about 6 TGs and removed one of the known TGs, renamed my first contact entry to 'HACKED' (I know, lame, but just to experiment) and the other TGs come up with their correct names, and the missing one gets through and displays HACKED. So you can use as normal, and if you've missed a TG from the channel then it will still get through.
Sweet, so it's not as restrictive as I thought, just waiting for a private call now to see what happens.
Winner of the 2017 IBTL 'Summer Sizzler' competition
-
- Top Poster
- Posts: 1699
- Joined: 28 May 2010, 09:28
- Location: west yorkshire
Re: TYT MD380 firmware reverse engineered
so.. do you have to put the color code and talk group in, or can you just put a frequency in and it will receive everything on that freq?
cant stand IGNORANT b******ds
- kr0ne
- Veteran
- Posts: 4536
- Joined: 25 Sep 2011, 18:33
Re: TYT MD380 firmware reverse engineered
WhiteNoisePoetry wrote:
Why would anyone need more than 60 mins ?
I'd consider seeing a doctor if that were the case
- kr0ne
- Veteran
- Posts: 4536
- Joined: 25 Sep 2011, 18:33
Re: TYT MD380 firmware reverse engineered
Nice work fellas!
- Admiral
- Legend
- Posts: 10108
- Joined: 08 Mar 2011, 21:20
- Call Sign: 26TM157
- Location: MK-UK
Re: TYT MD380 firmware reverse engineered
No, it doesn't seem to bypass the CC, I set mine to 0 and nothing got through, it only seems to bypasses the TGs.sec1223 wrote:so.. do you have to put the color code and talk group in, or can you just put a frequency in and it will receive everything on that freq?
Winner of the 2017 IBTL 'Summer Sizzler' competition
-
- Top Poster
- Posts: 1699
- Joined: 28 May 2010, 09:28
- Location: west yorkshire
- Admiral
- Legend
- Posts: 10108
- Joined: 08 Mar 2011, 21:20
- Call Sign: 26TM157
- Location: MK-UK
Re: TYT MD380 firmware reverse engineered
I'm hoping it's work in progress by the clever people of this world and there'll be further updates to bypass the CC and maybe display the actual unknown CC and TG one day.
I'm currently having a look at the Python compilation to see if it makes any sense to me and maybe I can chip in, I very much doubt it though.
I'm currently having a look at the Python compilation to see if it makes any sense to me and maybe I can chip in, I very much doubt it though.
Winner of the 2017 IBTL 'Summer Sizzler' competition
- welshevo
- Super Member
- Posts: 296
- Joined: 13 Jun 2013, 07:55
- Call Sign: 163TM995
- Location: Cardiff
- Contact:
Re: TYT MD380 firmware reverse engineered
hey folks! ive tried time and time to upload the firmware to the radio by following the instructions supplied but still the radio wont update... i can update with TYT firmware but not the experimental one! or the public or private ones? any ideas... ive tried various machines from a win 10 laptop to a win 7 pc.. and still the same ? i press and release the PTT and button above (not M ) lights flash etc but nothing ......
Tetra is a Lonely place! Get DMR instead! (163TM995) ......
- bigbloke
- Top Poster
- Posts: 1449
- Joined: 25 Aug 2008, 17:53
- Location: Nominally Newport (South Wales) but potentially "anywhere"
- Contact:
Re: TYT MD380 firmware reverse engineered
Whilst I cant comment on why Welshevo's firmware image didnt upload, I must observe
that I have been running the revised private + public firmware for several weeks now
and I have found no benefit, or indeed difference whatsoever.
The only regular users of private calls around here (as Im sure welshevo knows - the 55XX series users)
also deploy RAS and it seems that, unlike DSD+, the experimental firware doesnt detect it.
Better of streaming a BCT-15 with discriminator tap via DSD+ and U-loop through USB soundcard into
Proscan - at least you can stream the recovered DMR audio to a smartphone :-)
Regards
BB
that I have been running the revised private + public firmware for several weeks now
and I have found no benefit, or indeed difference whatsoever.
The only regular users of private calls around here (as Im sure welshevo knows - the 55XX series users)
also deploy RAS and it seems that, unlike DSD+, the experimental firware doesnt detect it.
Better of streaming a BCT-15 with discriminator tap via DSD+ and U-loop through USB soundcard into
Proscan - at least you can stream the recovered DMR audio to a smartphone :-)
Regards
BB
- bigbloke
- Top Poster
- Posts: 1449
- Joined: 25 Aug 2008, 17:53
- Location: Nominally Newport (South Wales) but potentially "anywhere"
- Contact:
Re: TYT MD380 firmware reverse engineered
Having scrolled back through quite a few pages of this thread, I don't really want to stir up bad vibes but
with reference to the "digital divide", "analogue good / digital bad" opinions posted here. Many amateur licence holders
seem to forget one thing when they pass their test, and its a critical differentiator from CB / 446 / Simple UK use
I refer to section 1 of the BR 68 document that comes with the licence document
Perhaps as MW6ZANs footer states (and I admit I'm paraphrasing) - its your attitude to the problem that is the problem itself ?
Regards
BB
with reference to the "digital divide", "analogue good / digital bad" opinions posted here. Many amateur licence holders
seem to forget one thing when they pass their test, and its a critical differentiator from CB / 446 / Simple UK use
I refer to section 1 of the BR 68 document that comes with the licence document
Code: Select all
Conditions of use
Purpose
1(1) The Licensee shall use the Station for the purpose of self-training in communication by radio
telecommunications, which use (without limiting the generality of the foregoing) includes technical
investigations.
Regards
BB
- Admiral
- Legend
- Posts: 10108
- Joined: 08 Mar 2011, 21:20
- Call Sign: 26TM157
- Location: MK-UK
Re: TYT MD380 firmware reverse engineered
welshevo, I used the update program contained in the experimental folder, using the switch on with PTT and top button to get flashing orange and green LED method didn't work for me either, but using the USB program mode did, ie just do the upload with the radio on in normal listening mode. It does say on another site that your PC may be missing a couple of files, mine obviously isn't, I'll dig the link out.
I have found an anomaly, I'm not sure if it's with the firmware or DSD+, whilst listening to my local SW, they only use a fixed frequency, seemingly one TG, one CC and one timeslot, all traffic gets through DSD+ and it reports the correct details, with the new firmware most of the traffic is reported with the correct TG on the radio (as previously mentioned, you can still use your grouplists, the firmware will catch any strays and report as your first contact on screen) but now and again it will show the 'passthrough' TG of the firmware, and the radio traffic is different, usually the control and the head honchos having a private chat about what's going on on the main 'channel', but DSD+ is still reporting the same CC, TG and TS. I'm slightly baffled by this at the moment. I have both timeslots in my radio just in case, can a repeater system spoof DSD+ into reporting a TG as something it's not? Or is the firmware sometimes finding the 'passthrough' TG before the real one in the grouplist?
I have found an anomaly, I'm not sure if it's with the firmware or DSD+, whilst listening to my local SW, they only use a fixed frequency, seemingly one TG, one CC and one timeslot, all traffic gets through DSD+ and it reports the correct details, with the new firmware most of the traffic is reported with the correct TG on the radio (as previously mentioned, you can still use your grouplists, the firmware will catch any strays and report as your first contact on screen) but now and again it will show the 'passthrough' TG of the firmware, and the radio traffic is different, usually the control and the head honchos having a private chat about what's going on on the main 'channel', but DSD+ is still reporting the same CC, TG and TS. I'm slightly baffled by this at the moment. I have both timeslots in my radio just in case, can a repeater system spoof DSD+ into reporting a TG as something it's not? Or is the firmware sometimes finding the 'passthrough' TG before the real one in the grouplist?
Winner of the 2017 IBTL 'Summer Sizzler' competition