• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

APX 6000 Password

Status
Not open for further replies.
R

rustyjw

Member
Premium Subscriber
Joined
Nov 14, 2015
Messages
111
I recently picked up an APX6000 VHF radio. When Imtry to read the radio it asks for a password. The person Ingot the radio from said that it has been so long since he programmed the radio that he forgot what the password is. I tried to clone another APX6000 to it but got some type of compability message.

Any ideas how I can get this radio programmed?


Thanks
 
P

Project25_MASTR

Millennial Graying OBT Guy
Joined
Jun 16, 2013
Messages
4,201
Location
Texas
If it's an old firmware, the APX line was vulnerable to the same bug as the TRBO line in which the codeplug password was sent via clear text to the CPS for the CPS to validate the password. This could be seen in Wireshark. Newer revisions keep that encrypted.

So if you have a newer revision, your options are get the password or depot the radio.
 
T

TampaTyron

Beep Boop, Beep Boop
Premium Subscriber
Joined
Feb 1, 2010
Messages
1,094
Location
Phoenix, AZ
Does Recovery work the same in APX as it does TRBO? If so, you will need same or newer version of firmware and be good to wipe. TT
 
mancow

mancow

Member
Database Admin
Joined
Feb 19, 2003
Messages
6,880
Location
N.E. Kansas
bremen-historic-depot-2015-small1.jpg


images
 
N

N1GTL

Member
Database Admin
Joined
Jun 14, 2005
Messages
973
Location
CT
Mancow..... Now THAT'S funny!

If I am not mistaken, Motorola has something called a "password of the day" to get into locked radios. Since the APX series is an MR sale, they can look up the original owner. If the original owner gives permission, you can get that password from Motorola. I work at at Moto shop and have gone through this. How they will handle a private party buying a used radio is another issue.

There is no "recovery" on APX radios like a TRBO series radio so this is pretty much your only option. A Moto shop may be needed to get this done for you and they can unlock it. Only other option is ship it to the depot and pay a lot more money for them to do it. And, you'll have to hope it is not a radio that was reported to them as stolen or you won't even get it back.
 
mmckenna

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
23,865
Location
Roaming the Intermountain West
I agree, return it.

There seems to be a lot of this happening. Password protected radio and the seller just happened to "forget" the password. Seems to be a lot of forgetful people selling locked radios on e-Bay. Funny that they rarely mention it on the e-Bay posting…

I'd get your money back. If the seller balks, take it to E-bay or PayPal. The seller knew it was locked and sold it without disclosing that.
 
N

N4KVE

Member
Joined
Mar 1, 2003
Messages
4,126
Location
PALM BEACH, FLORIDA
Once happened to me. I called the seller who instantly gave me the password, & apologized. But it was his password, so he knew it. Return the radio if he “forgot”.
 
MTS2000des

MTS2000des

5B2_BEE00 Czar
Joined
Jul 12, 2008
Messages
5,225
Location
Cobb County, GA Stadium Crime Zone
N1GTL said:
If I am not mistaken, Motorola has something called a "password of the day" to get into locked radios. Since the APX series is an MR sale, they can look up the original owner. If the original owner gives permission, you can get that password from Motorola. I work at at Moto shop and have gone through this. How they will handle a private party buying a used radio is another issue.
Click to expand...
How does MSI know what password I put on my APX codeplugs? I've deployed just shy of 2,000 APX portables. All C/Ps are password protected. The radio were shipped direct to a warehouse. MSI didn't do any factory programming. I don't use RM, so only those who know the password are the ones who created the codeplugs and the programmers. None of the workstations that wrote the radios even had a network connection of any kind. So Motorola knowing a CPS password is about as much as the Fraudbay fencing sellers knowing it.

mmckenna said:
I'd get your money back. If the seller balks, take it to E-bay or PayPal. The seller knew it was locked and sold it without disclosing that.
Click to expand...
This. The thieving sellers on SCAMBAY always seem to have radios that have passwords no one can "remember" or "they don't know this type of radio has a password". Open a claim and escalate it, you'll get your money back. Be sure to leave them a negative for not disclosing a material fact to buyers so the next guy/gal won't get hosed once the turd seller relists it with the "not known but working" nonsense.
 
Citywide173

Citywide173

Member
Premium Subscriber
Joined
Feb 18, 2005
Messages
2,151
Location
Attleboro, MA
MTS2000des said:
How does MSI know what password I put on my APX codeplugs? I've deployed just shy of 2,000 APX portables. All C/Ps are password protected. The radio were shipped direct to a warehouse. MSI didn't do any factory programming. I don't use RM, so only those who know the password are the ones who created the codeplugs and the programmers. None of the workstations that wrote the radios even had a network connection of any kind. So Motorola knowing a CPS password is about as much as the Fraudbay fencing sellers knowing it.
Click to expand...

I believe the poster was referring to a backdoor that Motorola may have in place. Remember that Apple said they wouldn't decrypt the password of an iphone for investigators, not that they couldn't. Probably the same thing-according to the post, permission from the original owner is required.
 
S

SCPD

QRT
Joined
Feb 24, 2001
Messages
0
Location
Virginia
If I recall they only will do that for contract entities. They do charge also for the back door tools they use. It is same tool used they have which they can read a lot data telling them about what cps was used, depot version if ever, etc.

The astro 25 had same restricted controlled item they used.

It requires a round trip to the depot also not a phone in. Meaning a contract owned radio by said agency must send it in, pay the fees and it'll come back without it with respective updates or hardware.

Next problem is if it is a AN 6000 it is eol with them I believe.

I'd return it. Other than one thing mentioned there isn't much you'd be able to do and even in that case it's 50/50 but tainted by garage work.

It's possible some older equipment in small areas gets auctioned off without any basic plug thrown back into it. Look at youtube where them guys put old units back together in patrol cars. I've seen about ten so far old sfpd cars with heads removed and brick still in trunk. Out of luck they plug a head in and it pops on working. Whether the system kills it later I wouldn't know. But this mismanagement or poor accountability in equipment happens a lot. It's old get rid of it we don't need it.

Little does one know just unplugging it, removing head, throwing it all in a box in trunk at vehicle auction isn't good enough. I did ask one youtube owner about his restoration of a old San Mateo unit which he made a unmarked security car for some reason if his portable he found worked, and xtl5000 in car he reinstalled they left in a box in back seat he said yes both work still. The system probably is showing a valid ID and never removed. Very poor accountability in that depts comm dept.
 
Last edited:
mmckenna

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
23,865
Location
Roaming the Intermountain West
Serious disconnect between the radio shop and the fleet guys.

On the other hand, I've had a hell of a time getting old radios back from people when they no longer need them. Often they don't even think about it, to them it's just a "thing" and it goes in e-waste or surplus like all the other things.
Sometimes they are afraid I'll charge them…
I take the radios back and put a blanked out program in them. Then they go off to their fate.

I do keep a read/write password on all the radios, and no one gets it. On the newer Kenwood's theres a field where you can put in a couple of lines of information about the radio that can be read even without the password. I always put our agency name and my phone number, that way if someone does end up with one legitimately, there's a way they can contact us.

If the OP did find out who the radio originally belonged to, it's probable that the agency would not give the password out to some random dude over the phone. Best you could hope for is that they'd let them bring it by their shop to be blanked out.

In other words, unlikely.
 
N

N1GTL

Member
Database Admin
Joined
Jun 14, 2005
Messages
973
Location
CT
MTS2000des said:
How does MSI know what password I put on my APX codeplugs?
Click to expand...

They don't. I'm sure it is an algorithm that is based on some parameters. Perhaps the serial number and the date? The password will only work for that day on that radio. The next day the algorithm would generate a different password?

I'm not sure what criteria they use but it is an option. As I mentioned, they may only provide this to a Moto shop, not an individual and permission had to given by the ORIGINAL PURCHASER of the radio. If that radio was shipped to Chief Smith of ABC Fire Department, Motorola will need permission from him.
 
mancow

mancow

Member
Database Admin
Joined
Feb 19, 2003
Messages
6,880
Location
N.E. Kansas
It's probably like a CBI function where it goes in and just blanks out that field leaving the rest of the data intact.
 
com501

com501

Member
Joined
Sep 28, 2003
Messages
1,617
Location
127.0.0.1
The depot tools don't care about the password and ignore it. There is an APX password hack out in the wild.
 
E

EncryptedTech

Member
Joined
Aug 27, 2014
Messages
46
Does anyone know what firmware the wireshark trick stopped working? I had some free time and I have been trying to hack my own radios, I have a few as old as 09.05.00 I'm not sure if I'm missing it or if it is to new and I need to find a older radio in my fleet.
 
Last edited:
R

radioman2001

Member
Joined
Mar 6, 2008
Messages
2,974
Location
New York North Carolina and all points in between
Quote"
Serious disconnect between the radio shop and the fleet guys.

Defintely, when I first started to run our shop all the radios went with the vehicles. Not disconnected, not removed, not deprogrammed just left in the vehicle for auction. Head of motor services said they were disposable items and he didn't care. We then pulled out over 60 radios that summer before the next auction, talk about security risk.

APX password hack, never even heard of it anywhere only Astro 25.

Some time ago I bought a microprocessor board that the designer used the date of manufacture as a password to the OS located inside. So if you knew when the radio was built that is a possibility.
 
allend

allend

Member
Premium Subscriber
Joined
Feb 1, 2012
Messages
1,378
Location
Long Beach, CA
Just Depot the radio and be done with it. There are people that can handle this for you and create you a fresh codeplug with some nice features as long as the firmware is not past like 17 or 18
 
mmckenna

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
23,865
Location
Roaming the Intermountain West
radioman2001 said:
Defintely, when I first started to run our shop all the radios went with the vehicles. Not disconnected, not removed, not deprogrammed just left in the vehicle for auction. Head of motor services said they were disposable items and he didn't care. We then pulled out over 60 radios that summer before the next auction, talk about security risk.
Click to expand...

I'm really starting to like the idea of a small explosive charge in the radio that can be set off remotely. Sort of like Mission: Impossible. Not hurt anyone, but something to totally wipe the codeplug. AKA: "Death Ping" the radio.

I guess I shouldn't be giving Mother M any ideas, lest they work that into their next firmware release.
 
Status
Not open for further replies.

Similar threads

Mogley
How to reset FPP Password on an APX 6000?
Replies
3
Views
252
Mogley
Mogley
R
How to get rid of the codeplug password on a Motorola XPR 6550?
Replies
2
Views
602
N4KVE
N
K
Quansheng UV-K5 (8) Password for CPS
Replies
18
Views
998
nonos66
N
N5FOG
  • Locked
APX 6000 - Won't get a GPS lock
2
Replies
28
Views
1K
KevinC
KevinC
N
“Menu Items” missing from APX CPS
Replies
10
Views
964
ElroyJetson
ElroyJetson
Top