• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

Hytera MD782 Password

W

W4ADC

Newbie
Joined
Jan 21, 2018
Messages
4
Location
Summerfield, North Carolina
Hello all. I acquired three (3) Hytera MD782 mobiles from an auction. Two of them programmed flawlessly as expected. Unfortunately one of them is "password" protected. Question??? Does anyone know how to bypass this or have a firmware reset procedure. Such a nice and useful radio to be rendered as useless. Thanks for any help or ideas.
 
D

dazey77

Member
Joined
Jan 30, 2015
Messages
196
I have never had to get around a password. I believe that if you have the cps that corresponds to the radio firmware version you may be able to write initial config to it (but only the right CPS will work). That and firmware updates might do something. I would start by trying to find a CPS that will write intital data to the radio. This issue does come up on here from time to time so worth a search too.
 
0

0xFF1E071F

Member
Joined
Sep 26, 2019
Messages
51
Hello W4ADC;
Did you solve your problem? If not, i might help you. You did not mention your firmware version. Anyway there is a tool named flashburn for hytera radios. Unfortunately sharing such tools on this forum is forbidden i think. But you can find it online ;)
1. Download and install flashburn
2. Read "user_defined" data. The result should be approximately 15-16Mb(You need programming cable for this)
3. Send that file to me. I am going to brute force and try to find your pass or reset it.
 
T

trafficcop608

Member
Joined
Aug 23, 2020
Messages
29
0xFF1E071F said:
Hello W4ADC;
Did you solve your problem? If not, i might help you. You did not mention your firmware version. Anyway there is a tool named flashburn for hytera radios. Unfortunately sharing such tools on this forum is forbidden i think. But you can find it online ;)
1. Download and install flashburn
2. Read "user_defined" data. The result should be approximately 15-16Mb(You need programming cable for this)
3. Send that file to me. I am going to brute force and try to find your pass or reset it.
Click to expand...
Got ya, so far I have not been able to locate the tool.

tried to call the seller who’s tag is inside the battery they are out of business.

many help is appreciated
 
H

Hyt321

Newbie
Joined
Sep 14, 2022
Messages
1
Location
Uk
0xFF1E071F said:
Hello W4ADC;
Did you solve your problem? If not, i might help you. You did not mention your firmware version. Anyway there is a tool named flashburn for hytera radios. Unfortunately sharing such tools on this forum is forbidden i think. But you can find it online ;)
1. Download and install flashburn
2. Read "user_defined" data. The result should be approximately 15-16Mb(You need programming cable for this)
3. Send that file to me. I am going to brute force and try to find your pass or reset it.
Click to expand...
Hello,

I have a PD605 with read and write passwords that have been lost - does this way work for this model?
Thanks
 
I

IK7VXC

Newbie
Joined
Oct 8, 2022
Messages
2
@
0xFF1E071F

I have the same password problem with a PD758G. However I wasn't able to find this flashburn program. Could you give some pointers? Please PM me. Thank you.
Mike
 
J

jasej

Member
Joined
May 11, 2012
Messages
60
Location
Hidalgo Texas
IK7VXC said:
Forgot to mention: Firmware version A9.02.01.013
Click to expand...

My friend, according to a list I have, you need the Hytera CPS V9.00.09.306 iM version... But, I had the same situation, but I couldn't get access to the CPS V9.00.09.306 iM version, but I got access to newer firmware that I used to install on my PD782, and then use the correct CPS to reset the radio to factory settings...

Upgrade Firmware : A9.02.03.005 Cps used to reset my PD782i : V9.02.04.003 im.NA2

I hope the information is useful to you

Regards
 
Jae30001

Jae30001

Member
Joined
May 18, 2011
Messages
7
Location
Pittsburgh, PA
Did you get this figured out? I've purchased two 782 radios and they are both password locked(when I try to read them through cps). The hytera website is not easy to navigate, pretty much downloaded all the versions, tried each one. I upgraded firmware with batch terminal upgradentool. Still no luck.

Finding flashburn is hopeless
 
J

jasej

Member
Joined
May 11, 2012
Messages
60
Location
Hidalgo Texas
Hi, Jae30001, !

Just look for CPS version CPS V9.00.09.306 iM , so you can reset your Hytera device with firmware A9.02.01.013.

Must work and clean your equipment...

See the attached..

. Greetings
 

Attachments

  • CPS vs Firmware RadioReference.jpg
    CPS vs Firmware RadioReference.jpg
    91.2 KB · Views: 161
radioopperator

radioopperator

Member
Feed Provider
Joined
Apr 15, 2019
Messages
297
Local dealer should be able to tell you how to over write the code plug then have no password.
 
I

idarlund

Member
Joined
Dec 1, 2022
Messages
12
0xFF1E071F said:
3. Send that file to me. I am going to brute force and try to find your pass or reset it.
Click to expand...

How do you bruteforce it? Extract a hash from the file and then johntheripper/hashcat it? If yes; How to extract hash, and what hash type is it? :)
 
Forts

Forts

Mentor
Database Admin
Joined
Dec 19, 2002
Messages
6,890
Location
Ontario, Canada
Jae30001 said:
Did you get this figured out? I've purchased two 782 radios and they are both password locked(when I try to read them through cps). The hytera website is not easy to navigate, pretty much downloaded all the versions, tried each one. I upgraded firmware with batch terminal upgradentool. Still no luck.

Finding flashburn is hopeless
Click to expand...
Even with flashburn, you aren't going to get too far, dependng on your FW version. After FW 7.5ish (or maybe 8?) the codeplug contents are all encrypted. In older versions the passwork could easily be found in the clear.
 
Jae30001

Jae30001

Member
Joined
May 18, 2011
Messages
7
Location
Pittsburgh, PA
Forts said:
Even with flashburn, you aren't going to get too far, dependng on your FW version. After FW 7.5ish (or maybe 8?) the codeplug contents are all encrypted. In older versions the passwork could easily be found in the clear.
Click to expand...
Ahh, your correct, and partially wrong. Your looking at the problem the wrong way.. You don't need to un encrypt it. You just need to "Brute Force" it. Flashburn lets you pull the data from the Hytera. Including the password locked file.

This can take 5 minutes, or hours. But its a simple path forward. Its not a high bit encryption. Its a simple encryption. You could write a program in a dozen languages, to force and retry.

Ofcourse, the most simple way. Is matching the CPS to the firmware, and doing a reset. But some firmware versions are not easy to come by.
 
You must log in or register to reply here.

Similar threads

N9JIG
Scanner Tales: The Ten Commandments of the radio hobby
Replies
13
Views
3K
knockoffham
K
Spuff
Struggling to Program DM4400e - Password Issue
Replies
0
Views
551
Spuff
Spuff
K
I revived my corrupted Astro Saber without a Smart RIB! How to read/write S-records and do other things without a Smart RIB.
Replies
12
Views
2K
knockoffham
K
R
Hytera PD562i write password
Replies
12
Views
994
Muxlow
Muxlow
jcefd10
Horrible Interference on repeater
2 3 4 5 6
Replies
101
Views
11K
speedway_navigator
S
Top