TYT MD380 firmware reverse engineered

Use this section to discuss Digital Amateur Radio operations, such as D-Star and other digitally-encoded traffic
Post Reply
User avatar
Admiral
Legend
Legend
Posts: 10108
Joined: 08 Mar 2011, 21:20
Call Sign: 26TM157
Location: MK-UK

Re: TYT MD380 firmware reverse engineered

Post by Admiral »

Well, baby steps for me, I've just uploaded the prom-private.bin firmware to my 380 and set the grouplist to none on a channel with several TGs, and lo and behold, it works, all traffic is coming through as 'TG 100', confirmed with DSD+ that I'm not missing any throughput, and this repeater doesn't use TG100, so positive so far, it is annoying that all TGs show as TG100 instead of showing the actual TG, maybe I expect too much for no effort?
Winner of the 2017 IBTL 'Summer Sizzler' competition
sec1223
Top Poster
Top Poster
Posts: 1699
Joined: 28 May 2010, 09:28
Location: west yorkshire

Re: TYT MD380 firmware reverse engineered

Post by sec1223 »

did you get the firmware off the links that got posted?
cant stand IGNORANT b******ds
User avatar
Admiral
Legend
Legend
Posts: 10108
Joined: 08 Mar 2011, 21:20
Call Sign: 26TM157
Location: MK-UK

Re: TYT MD380 firmware reverse engineered

Post by Admiral »

sec1223 wrote:did you get the firmware off the links that got posted?
It's the 'Experimental' one one here:

http://www.va3xpr.net/programming-software-firmware/

And a slight edit, it shows the first TG in your contacts list, mine just happens to be TG100, if yours is TG1 then it will show 'TG1' etc.
Winner of the 2017 IBTL 'Summer Sizzler' competition
Dodgey Dave
Regular
Regular
Posts: 52
Joined: 31 Jan 2016, 08:13

Re: TYT MD380 firmware reverse engineered

Post by Dodgey Dave »

Do you just put frequency in and it will just come through or do you still have to put frequency, colour code and talk group? Unsure of programing be nice to have it confirmed. With dsd it just decodes on the frequency you place it on is this firmware the same aspect???
User avatar
Admiral
Legend
Legend
Posts: 10108
Joined: 08 Mar 2011, 21:20
Call Sign: 26TM157
Location: MK-UK

Re: TYT MD380 firmware reverse engineered

Post by Admiral »

Just to clarify again, the firmware uses the first entry of your contact list when no grouplists are selected.

I put my grouplist back on the channel with about 6 TGs and removed one of the known TGs, renamed my first contact entry to 'HACKED' (I know, lame, but just to experiment) and the other TGs come up with their correct names, and the missing one gets through and displays HACKED. So you can use as normal, and if you've missed a TG from the channel then it will still get through.

Sweet, so it's not as restrictive as I thought, just waiting for a private call now to see what happens.
Winner of the 2017 IBTL 'Summer Sizzler' competition
sec1223
Top Poster
Top Poster
Posts: 1699
Joined: 28 May 2010, 09:28
Location: west yorkshire

Re: TYT MD380 firmware reverse engineered

Post by sec1223 »

so.. do you have to put the color code and talk group in, or can you just put a frequency in and it will receive everything on that freq?
cant stand IGNORANT b******ds
User avatar
kr0ne
Veteran
Veteran
Posts: 4536
Joined: 25 Sep 2011, 18:33

Re: TYT MD380 firmware reverse engineered

Post by kr0ne »

WhiteNoisePoetry wrote:
Why would anyone need more than 60 mins ?

I'd consider seeing a doctor if that were the case :D
:shock:

:lol:
User avatar
kr0ne
Veteran
Veteran
Posts: 4536
Joined: 25 Sep 2011, 18:33

Re: TYT MD380 firmware reverse engineered

Post by kr0ne »

Nice work fellas! :D
User avatar
Admiral
Legend
Legend
Posts: 10108
Joined: 08 Mar 2011, 21:20
Call Sign: 26TM157
Location: MK-UK

Re: TYT MD380 firmware reverse engineered

Post by Admiral »

sec1223 wrote:so.. do you have to put the color code and talk group in, or can you just put a frequency in and it will receive everything on that freq?
No, it doesn't seem to bypass the CC, I set mine to 0 and nothing got through, it only seems to bypasses the TGs.
Winner of the 2017 IBTL 'Summer Sizzler' competition
sec1223
Top Poster
Top Poster
Posts: 1699
Joined: 28 May 2010, 09:28
Location: west yorkshire

Re: TYT MD380 firmware reverse engineered

Post by sec1223 »

cheers pal.
cant stand IGNORANT b******ds
User avatar
Admiral
Legend
Legend
Posts: 10108
Joined: 08 Mar 2011, 21:20
Call Sign: 26TM157
Location: MK-UK

Re: TYT MD380 firmware reverse engineered

Post by Admiral »

I'm hoping it's work in progress by the clever people of this world and there'll be further updates to bypass the CC and maybe display the actual unknown CC and TG one day.

I'm currently having a look at the Python compilation to see if it makes any sense to me and maybe I can chip in, I very much doubt it though.
Winner of the 2017 IBTL 'Summer Sizzler' competition
User avatar
welshevo
Super Member
Super Member
Posts: 296
Joined: 13 Jun 2013, 07:55
Call Sign: 163TM995
Location: Cardiff
Contact:

Re: TYT MD380 firmware reverse engineered

Post by welshevo »

hey folks! ive tried time and time to upload the firmware to the radio by following the instructions supplied but still the radio wont update... i can update with TYT firmware but not the experimental one! or the public or private ones? any ideas... ive tried various machines from a win 10 laptop to a win 7 pc.. and still the same ? i press and release the PTT and button above (not M ) lights flash etc but nothing ......
:thumbup: Tetra is a Lonely place! Get DMR instead! (163TM995) ...... :thumbup:
User avatar
bigbloke
Top Poster
Top Poster
Posts: 1449
Joined: 25 Aug 2008, 17:53
Location: Nominally Newport (South Wales) but potentially "anywhere"
Contact:

Re: TYT MD380 firmware reverse engineered

Post by bigbloke »

Whilst I cant comment on why Welshevo's firmware image didnt upload, I must observe
that I have been running the revised private + public firmware for several weeks now
and I have found no benefit, or indeed difference whatsoever.

The only regular users of private calls around here (as Im sure welshevo knows - the 55XX series users)
also deploy RAS and it seems that, unlike DSD+, the experimental firware doesnt detect it.

Better of streaming a BCT-15 with discriminator tap via DSD+ and U-loop through USB soundcard into
Proscan - at least you can stream the recovered DMR audio to a smartphone :-)

Regards

BB
User avatar
bigbloke
Top Poster
Top Poster
Posts: 1449
Joined: 25 Aug 2008, 17:53
Location: Nominally Newport (South Wales) but potentially "anywhere"
Contact:

Re: TYT MD380 firmware reverse engineered

Post by bigbloke »

Having scrolled back through quite a few pages of this thread, I don't really want to stir up bad vibes but
with reference to the "digital divide", "analogue good / digital bad" opinions posted here. Many amateur licence holders
seem to forget one thing when they pass their test, and its a critical differentiator from CB / 446 / Simple UK use

I refer to section 1 of the BR 68 document that comes with the licence document

Code: Select all

Conditions of use

Purpose

1(1) The Licensee shall use the Station for the purpose of self-training in communication by radio 
telecommunications, which use (without limiting the generality of the foregoing) includes technical 
investigations.
Perhaps as MW6ZANs footer states (and I admit I'm paraphrasing) - its your attitude to the problem that is the problem itself ? :mrgreen:

Regards

BB
User avatar
Admiral
Legend
Legend
Posts: 10108
Joined: 08 Mar 2011, 21:20
Call Sign: 26TM157
Location: MK-UK

Re: TYT MD380 firmware reverse engineered

Post by Admiral »

welshevo, I used the update program contained in the experimental folder, using the switch on with PTT and top button to get flashing orange and green LED method didn't work for me either, but using the USB program mode did, ie just do the upload with the radio on in normal listening mode. It does say on another site that your PC may be missing a couple of files, mine obviously isn't, I'll dig the link out.

I have found an anomaly, I'm not sure if it's with the firmware or DSD+, whilst listening to my local SW, they only use a fixed frequency, seemingly one TG, one CC and one timeslot, all traffic gets through DSD+ and it reports the correct details, with the new firmware most of the traffic is reported with the correct TG on the radio (as previously mentioned, you can still use your grouplists, the firmware will catch any strays and report as your first contact on screen) but now and again it will show the 'passthrough' TG of the firmware, and the radio traffic is different, usually the control and the head honchos having a private chat about what's going on on the main 'channel', but DSD+ is still reporting the same CC, TG and TS. I'm slightly baffled by this at the moment. I have both timeslots in my radio just in case, can a repeater system spoof DSD+ into reporting a TG as something it's not? Or is the firmware sometimes finding the 'passthrough' TG before the real one in the grouplist?
Winner of the 2017 IBTL 'Summer Sizzler' competition
Post Reply