• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

Firmware CRC Check

Status
Not open for further replies.

Radioman96p71

Member
Feed Provider
Joined
Jan 11, 2008
Messages
1,079
A bit of a weird request here, but maybe someone in the know can point me in the right direction.

Dealing with an Orion 512k Radio Code.

I'm wondering if anyone knows how the radio checks the CRC of the Radio Code when its booted/written. And/Or where that value is stored in the Code file. After a couple hours of investigating, I have found a couple places that SEEM to have the CRC value stored (the last 2 bytes of the Radio Code file), because it is always those 2 bytes that never match when compared to even closely-dated firmware dumps. I could be way off but not sure at this point.

The problem is I can't find what TYPE of CRC is being used or what parts of the firmware it is verifying. I want to make a few tweaks to the code but even changing one bit throws it off, and a simple "add a bit here take a bit there" method doesn't work like it does for Moto. So im thinking it is using a CRC instead of a Checksum.

Any ideas? Maybe someone else has dabbled with this before?

I can post some of my findings with examples if someone would like to collaborate.
 
Last edited:

EDACS_247

Member
Premium Subscriber
Joined
Nov 16, 2009
Messages
35
Location
Vero Beach, Fl.
Any Luck?

I too have been attempting this... I thought I found references to CRC in the .bin file, but I have no idea what type.
Have you you tried zeroing it out and writing back to the radio?

Let me know if you've made any progress.

Thanks.
 

Radioman96p71

Member
Feed Provider
Joined
Jan 11, 2008
Messages
1,079
I haven't really messed with this too much since then. I have been needing to revisit it tho so maybe I will fire up the old hex editor and see if i can make some sense out of it. I do remember changing those bits and it wouldn't even load into Radio Maint as a valid code file. So the CRC function might be built into the PC software, making reverse engineering possible. I'll try to dig more into it in the near future. I know a few people have asked me to add features to the M7100 radios but they use the same protection method.
 

EDACS_247

Member
Premium Subscriber
Joined
Nov 16, 2009
Messages
35
Location
Vero Beach, Fl.
I can't imagine that Programmer/RPM would reject the code based on its content. R20 and RPM did become very picky when it comes to the codes file name. If you changed the file name in a way that Programmer/RPM doesn't like, then it won't recognize it as a valid Flashcode.

It will usually accept any radio code as long as it has a valid file name.

I'm trying to tweak RPM level code for M7100/P7100.
 
Status
Not open for further replies.
Top