Page 1 of 1

Hacking flash for more features.

Posted: Sun Oct 20, 2002 6:26 pm
by Josh
Is there anyone here who has sucessfully altered a codeplug so that a non APCO-25 trunking (9.6k) radio could decode it?

My radio doesn't do it, just 3.6k trunking, IMBE, conventional. I'd like it to be able to decode the 9.6k control channels, hence my question.

PM me if you'd prefer.


Posted: Sun Oct 20, 2002 8:09 pm
by Pj
1. Is the radio a 512k or 1Meg radio?
2. Good luck.

People have been trying to "hack" the flashcode since 1994 when the line was introduced. So far, there is only one known way that has been reported. Using Lab 3.04. Now, I have never used it, but is has been reported that you can take codeplugs from other radio's and jam it into another. However, the codeplug must be able to be read by 3.04 for it to work properly. Also, 3.04 only supports VSLEP radios, as IMBE wasn't introduced when the software was written.

Now, with each software verison, the codeplug is modified a little more, and it has been written that the newer CPS software encypts the codeplug even more.

It should also be noted that you cannot use the hex editors and just change the options either. You need to recaculate quite a few checksums scattered throughout the codeplug. You may be able to tweak it enough to be read by RSS, but if you try to dump it into the radio, you will end up with a nice looking bookend.

Now, you cannot have P25 Trunking installed in a radio with a 512k board. Not enough memory to hold the software.

Posted: Mon Oct 21, 2002 4:32 am
by Josh
Forget it then. My radio is an XTS3000 with 1MB memory and is pretty new (2001). It runs off of one of the newest RSS versions, too (9.01).

Hacking the codeplug is too hard for me to do on my own, I just wondered if anyone else had luck. I was out in a patrol car last night and noticed that their radios had radio ID display (and can do 9600 baud trunking although they've been on 3.6 for almost a year).

Maybe I'll have to acquire a model III 'fully loaded' from 'apcosystems' on eBay or on the board after all. I've gotten spoiled


Posted: Mon Oct 21, 2002 1:44 pm
by Pj
Here is something else to think about before you go spending a $1000+ on a radio...

Though I am not too familiar with trunking systems, my understading is that you need to have access to the "System Key" which is usually only available from the radio shop and/or the person in charge of the radio system. Keys are unique to each trunking system. The most you can do is enter the trunking channels as conventional channels, and then scan those.

Without the system key, you cannot enter trunking information into a radio (generally). If you have a display radio, you can (hopefully) order the flash upgrade from your Motorola dealer, and usually costs under $100 for that upgrade. The radio shop may charge you a handling/programming/whatever fee on top of the cost of the upgrade.

Posted: Mon Oct 21, 2002 2:28 pm
by spectragod
There is no way ANY MSS will flash your radio for a C note for 9600 baud operation, I am real doubltful that you can obtain that flash as an individual (from an MSS), and even if you could, it would be more like 6-8 hundred dollars for the flash.

You will also need a sys key. And............... there is a lot more than the radio just having the 9600 baud flash in it to actually work on the Michigan system. And yes, the flash can be hacked, any of them can.

Best I can say is, your XTS should listen to the sys in conventional mode with astro carrier squelch enabled. You won't be able to decode ID's in that mode, the radio will need to be set up for trunking operation for that feature, and since that sys is smartzone, your radio will auto affiliate, and if you have hacked into the sys, someone watching the sys watch or SIP will notice your hack radio trying to affiliate and make it a brick.

Why don't you just wait for the new Uniden scanner to become available, I am sure it will decode ID's.


Posted: Mon Oct 21, 2002 4:14 pm
by Josh
Why don't you just wait for the new Uniden scanner to become available, I am sure it will decode ID's.

2 reasons. The Uniden scanner does not decode the 9.6k control channels and, of course, it will not decode radio IDs.

Radios like the XTS3000 can have TX inhibited and I've worked with it before with other radios. It works- the radio doesn't even transmit an affiliation.

As for Digital CSQ, It doesn't work. I can program as many channels as I want to scan conventionally and the radio acts as if there is a PL over the channel and won't unmute the speaker until the monitor button is pressed. The monitor button also halts scan so that if it is locked in monitor mode, the radio will not resume scanning, much like a mobile radio and microphone not on the hook.

And for the record, it doesn't matter really if the radio affiliated or not, although transmit is disabled via TX inhibit, the unit number is 0000, and the connect tone is not correct either- I have such good ties with my police department that it doesn't matter in the slightest what it can do to them. They've seen it for themselves!!


Posted: Mon Oct 21, 2002 4:27 pm
by spectragod
The 780 will decode ID's, I have used one on our system and it does incorperate that feature. It most likely will not work on the 9600 baud sys as you said, I don't have that system local to me to try that out with though.

As far as being able to scan that sys conventionally, I know it can be done, I know of 2 XTS's currently scanning that system just as I described.

TX inhibit only inhibits your ability to TX, not the radio's ability to affiliate. And besides, if you have such good ties with your PD, why don't you have your radio programmed with their sys and an ID? I am also sure it would matter to them if your radio actually worked on their trunk.

Once again,
Good luck SG

Posted: Mon Oct 21, 2002 4:33 pm
by spectragod
If the radio is a true 9600 baud radio with the Michigan State Police flash, it will only do conventional or Smartzone, it cannot be changed, and yes, I have seen the CP.


Posted: Mon Oct 21, 2002 4:36 pm
by spectragod
I should say, all my posts are in reference to a working 9600 baud radio with that CP, your actual results may vary with another type flashcode.


Posted: Mon Oct 21, 2002 4:41 pm
by Josh
Wow, those are some fast responses!

My radio isn't flashed for Smartzone, ID decode, nor Apco trunking. Just IMBE, Smartnet, and Conventional w/signalling. The radios the department has are the same model (XTS3000 model II) but are flashed with more options like the 9.6k control channel functionality. The system is a multi-site simulcast systems, so there are only 4 control channels system-wide and no affiliation is needed because all of the towers simulcast the same information on the same frequencies.

At any rate, I don't want my radio programmed like theirs because they've only got it programmed way different than I like, plus because the feature sets are different the codeplug likely wouldn't take. They've got cities abbreviated, NO scan, the ABC switch changes between ours and the neighboring cities, the channel knob switches between the 2 PD talkgroups and the 2 FD talkgroups.

I still don't know why my radio isn't unmuting properly. I have it set up in digital CSQ, conventional scan, ASTRO only. there are no provisions for signalling over that. Monitor does indeed allow me to hear the traffic, but I have to hit the button every couple seconds to catch traffic.


Posted: Mon Oct 21, 2002 4:43 pm
by spectragod
You cannot disable smartzone coverage on a MSP radio, I guess you want a copy of the CP to verify that next, right??

I don't really care what the RSS manual says, it is written for normal smartzone users, not the 9600 baud systems, you have the RSS manual, when was the last class you went to in Schaumburg?


Posted: Mon Oct 21, 2002 4:49 pm
by spectragod
The feature set is no big deal, program the radio with CPS, just read theirs and drag and drop to yours. You can change all the functions for the buttons and switchs as well. But you will need a sys key to program any trunking features, your radio will need their flashcode to function properly as well.


Posted: Mon Oct 21, 2002 4:52 pm
by spectragod
Smartzone cannot be manipulated in that radio's features.


Posted: Mon Oct 21, 2002 4:54 pm
by ASTRO_25
spectragod wrote:If the radio is a true 9600 baud radio with the Michigan State Police flash, it will only do conventional or Smartzone, it cannot be changed, and yes, I have seen the CP.

That's correct. Read the following thread:

Newer 9600 codeplug do not allow you to disable affiliations.

Posted: Mon Oct 21, 2002 5:03 pm
by spectragod
Apparently, r0f forgot about your thread that he replied to.


Posted: Mon Oct 21, 2002 5:22 pm
by spectragod
In that radio, they are one in the same. The radio is smartzone and conventional only, hence, you cannot disable the auto affiliation in it.


Posted: Mon Oct 21, 2002 5:30 pm
by spectragod
I will sum it up like this, it is the MSP CP, it might as well be an SP CP, but none the less, that is how the 9600 baud radio's are set up.


Posted: Mon Oct 21, 2002 8:00 pm
by Josh
ONe thing about the MSP that Shaun might like is that for portable radios, it's Astro Sabers all the way!


Posted: Mon Oct 21, 2002 10:02 pm
by Twisted_Pear
spectragod wrote:In that radio, they are one in the same. The radio is smartzone and conventional only, hence, you cannot disable the auto affiliation in it.

SG, he's not talking about disabling auto-affiliation in the system personality (you've never been able to do that with an XTS). Autoaffing is still set but you set some switch as TX inhibit and it kills transmit globally (within the radiowide options).

I haven't tried it with a 9600 system so unless Motorola set something specifically in the radio to force affiliation when the system is a 9600 system, it should block it.


Posted: Fri Oct 25, 2002 1:34 pm
by mike m
I have a smartzone omnilink 9600 baud radio that I have used for airborne demos with MSP and while you can select either P25 TYPE systems with 9.6 k baud ctrl channels or type II/IIi systems in the trunking setup, you do not have the choice of selecting the affiliation type, the affiliation field is blanked out and the radio always affiliates on power up, or any switch changes etc. Also the only choices of trunking available are: #1 Smartzone ( in either P25 or typeII/IIi of the CPS TYPE field) or #2 conventional and nothing else. There is no option to select Smartnet or any lower type of trunking protocol, and my flashcode is the same as MSPs which is also similar to the Phoenix AZ. PD P25 omnilink 9.6 k system that was under test and evaluation about a year ago.

What gives anyway with this thread, I thought the new trunktracker was going to be 9.6 k control channel astro P25 capable ? Did Uniden changes specs at the last minute ?


Posted: Sat Oct 26, 2002 4:06 pm
by Josh
What gives anyway with this thread, I thought the new trunktracker was going to be 9.6 k control channel astro P25 capable ? Did Uniden changes specs at the last minute ?

The Uniden scanner does not support the 9.6k digital control channel.

What is the MSP flashcode? or a flashcode supporting 9.6k anyhow?


Posted: Mon Oct 28, 2002 1:41 pm
by mike m
My flash is a similar flash code to MSPs, mine is 100008-000480-9 just a basic full 9.6 k ctrl channel P25 smartzone omnilink radio module, aside from that it is nothing fancy but as I said it works fine for airborne demos with MSP and it also worked with the old Phoenix/mesa AZ smartzone omnilink system that was in the works in Dec. of 2001 but now I'm not sure where this system is in the design stage or the scrapping stage.
Keep in mind my radio is not an actual xts3k HT either, but a derivative of the XTS3K family packaged specifically for avionics use, IE it's based on the same feature set as the XTS3K, the I/Q stages and the DSP and all of the controller boards are based on the XTS3K but the RF section is not a motorola but my own design so it isn't a true handheld in the sense and I'm not 100% sure if you could get the same flash in the HT version of the xts3k.


baud ??

Posted: Mon Oct 28, 2002 5:39 pm
Stupid Question, How do you determine what baud your unit is ? Also how does this effect the radio?