Monday, January 25, 2016

TYT MD-380 DMR Firmware hack etc...

I will apologize in advance for not having all the answers on the subject.   The purpose of this post is to give the background info, step through the programming, and results so far.

The Tytera MD-380.

So this is a DMR radio, comes in 2 versions, VHF and UHF.   I have the UHF one...mine cost $110.

A group of Amateur Radio hackers figured out how to get into the firmware, and wrote their own to reflash the radio...the future purpose is to hopefully add some additional digital features to the radio.

According to this article.

And this Hackaday article...with this link to the groups notes (near end of PDF)

 Not too long after the first hack,  a firmware was written that supposedly will allow the radio to act as a DMR scanner.

This article talks about it.

And here is the TYT MD-380 Yahoo Group.

I know nothing about DMR setups, but I wanted to learn, and this seemed like a interesting way to do it.

...DMR  is Digital Mobile Radio...voice calls are converted into packets of data and sent over the airwaves...Icom's D-STAR, Yaesu's System Fusion are two of the popular Amateur radio versions.

This PDF has all the background info.

And while I am listing links, this one shows all the DMR-MARC linked repeaters.

 That is all I know about DMR at this second...I just got the radio an hour ago or so, so that's my excuse.

But here is the meat of the to get the hacked firmware loaded (and how to load future firmware) and how to program frequencies etc.

The same website with the news on the new firmware also had the various firmwares.

I needed the "Experimental Firmware" V1.0 as I write this.   And the Programming Software to program the channels...I used the latest which was 1.30.0

My radio came with a programming cable (looks exactly like my Baofung one) that worked with no drivers needed (Win7 64-bit...I am not sure if I have programmed the Baofung on this Windows install).   EDIT:   I did install the programming software before doing all this  MD-380 v130.exe ...that might be necessary.

I plugged the cable into my USB port, and with the radio off plugged it into the radio.

I held the top two buttons (PTT and the one above it...NOT "M")

As I held those buttons I turned the volume knob to power the radio on.

I heard the Win7 beeps as hardware was added...I think I already had the firmware uploading software running...but am not sure if that makes a difference.  (I did NOT have the radio programming software running)

If it is going good so far, the LED at the top will alternate Red/Green. throughout the process...and the colors hold
 steady a few times during the actual firmware load.

Now to the software.

When you unzip the "Experimental Firmware" file you get about 14 files...The TXT file will explain the same process I used.   The Upgrade.exe file is what we will use to load the firmware.

Not much to it...and note the gibberish characters...we will see more in a bit.

In the middle you see "Open Update File", click on that and select the file you want, the TXT file explains the choices...and if you ran the program from the same folder all the files were in, then you should see some ".bin" files.   I chose the "experiment.bin" file   ( "experiment.img and experiment.bin: patched to monitor all talk groups, private calls, and sideload alternate firmware")

Now click on "Download Update File"...that loads it into the radio.   The TXT file says it takes less than a minute...mine took more than a minute.

When it was done I got this...

Apparently it means the load was successful.   I clicked OK, turned off the radio, exited the program, unplugged the cable, and powered it back on.

Great Success!  (that is what the patched bootscreen looks like)

Now time to program some frequencies.

That is the Programming software MD-380.   I hooked the cable back up to the radio, turned it on normally (not holding any buttons).

Then on the software I selected the icon that looks shows yellow arrow away from the radio.

You click that then the radio shows this.

After a bit you get this...

Then do your editing...much like using Chirp or other radio software...I don't know all the ins and outs of DMR, so I don't have everything loaded...but it does receive.

When you are done editing, save a copy for yourself, then push the icon with the red arrow pointing toward the radio.

Looks like this while writing.   You can see the expanded menus on the left where I poked around trying to find where to put in frequencies.

That's about it for now,  I programmed the local DMR repeaters and have been listening to Amateur radio conversations from London and all points of the U.S.

Hopefully they will figure out some advanced firmware soon.


Anonymous said...

I used your details here to get as far as hacking the firmware. I am not familiar with DMR either, so not sure what to do next. If I understand correctly, I then have to add talk groups? Like ones found here?

bubba zanetti said...

Sorry, I just saw this comment (blogger is supposed to notify me...)

I am sure by now you have the answer, but around and you can find 'codeplugs' for your usually has all the DMR repeaters in the area, and all the variety of talk groups.

That is the best way to start because there are so many options you can choose if you are manually adding talkgroups etc.

Once you have a codeplug installed and working, you can pull it back out and look through the various listings to figure out what goes where...then you will be able to add channels more easily.

Think of it as having a good template, and just plugging in new frequencies.