• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

Hytera MD782 Password

I

idarlund

Member
Joined
Dec 1, 2022
Messages
12
Forts said:
Even with flashburn, you aren't going to get too far, dependng on your FW version. After FW 7.5ish (or maybe 8?) the codeplug contents are all encrypted. In older versions the passwork could easily be found in the clear.
Click to expand...

I'm not talking about decrypting anything. I'm talking about offline brute-forcing of the password (hash). In almost every case this happens by extracting the hash from whatever stores the hash; AD, /etc/shadow, ROM, or whatever. I also really doubt that Hytera has created it's own hashing algorithm.. so if the password hash is possible to extract, the password hash is possible to brute-force.

So.. Is it possible to get the (hashed) password from a Hytera v9 device?

Jae30001 said:
Those are called proprietary secrets 😁
Click to expand...

As stated above. I really doubt that Hytera has created it's own hashing algorithm. Also; there's no point in keeping the hashing algorithm a secret. That's called "security by obscurity". The password(s) people choose are supposed to be strong enough that you can't brute-force it easy ;)

Forts said:
True enough... I was just commenting that flashburn on it's own won't help with newer firmware.
Click to expand...

Does that mean it's not possible to get the password hash(es) from a v9 device? Or are you just trying to say that "the password is encrypted and you can't read it in clear text any more"? If the latter; Please let me be the judge of that ;)
 
M

Moommoom

Newbie
Joined
Dec 7, 2022
Messages
1
0xFF1E071F said:
Hello W4ADC;
Did you solve your problem? If not, i might help you. You did not mention your firmware version. Anyway there is a tool named flashburn for hytera radios. Unfortunately sharing such tools on this forum is forbidden i think. But you can find it online ;)
1. Download and install flashburn
2. Read "user_defined" data. The result should be approximately 15-16Mb(You need programming cable for this)
3. Send that file to me. I am going to brute force and try to find your pass or reset it.
Click to expand...

When you crack open the password, are the the data saved?
 
S

slayer23

Member
Premium Subscriber
Joined
Jan 13, 2017
Messages
21
I very recently ran into this issue. The most easy way to go about this is getting the right CPS and firmware version and doing a wipe.
 
Last edited:
I

idarlund

Member
Joined
Dec 1, 2022
Messages
12
Yes, you could do a wipe. But what if you want to actually read the config which is on the radio? :)

@0xFF1E071F : How do you do the bruteforce and will it work on a v9 dump?
 
S

slayer23

Member
Premium Subscriber
Joined
Jan 13, 2017
Messages
21
idarlund said:
Yes, you could do a wipe. But what if you want to actually read the config which is on the radio? :)

@0xFF1E071F : How do you do the bruteforce and will it work on a v9 dump?
Click to expand...
That's a whole other topic lol. OP just wants to be able to program the radio.
 
T

Tarnish05

Member
Joined
Jun 24, 2021
Messages
17
DMR Flashburn located - version V5.00.01.003

Cannot read with USB, CPS works fine so I know radio and lead is good.

Could this be a settings change needed in FB or is the above version just for PD782 as showing in the 'set' config file?

Can this FB version be used with any radio?
 
radioopperator

radioopperator

Member
Feed Provider
Joined
Apr 15, 2019
Messages
257
Is that a good thing I download every version of CPS and firmware I can get my hands on? :)
 
0

0xFF1E071F

Member
Joined
Sep 26, 2019
Messages
50
Tarnish05 said:
DMR Flashburn located - version V5.00.01.003

Cannot read with USB, CPS works fine so I know radio and lead is good.
Click to expand...

Did you try reading via "Programming Mode" or "Download Mode". FB only works on "Download Mode". By "Download Mode" I mean "Upgrade Mode".

If you tried on Download Mode and cannot read it, it is most probably a version issue. You should find a newer version of FB.

What is your firmware version?
 
T

Tarnish05

Member
Joined
Jun 24, 2021
Messages
17
0xFF1E071F said:
Did you try reading via "Programming Mode" or "Download Mode". FB only works on "Download Mode". By "Download Mode" I mean "Upgrade Mode".

If you tried on Download Mode and cannot read it, it is most probably a version issue. You should find a newer version of FB.

What is your firmware version?
Click to expand...


Radio is:
FW A7.06.01.006
BL 01.07.004

Last P - 2018

Hopefully FB version is suitable as it took me a while to locate this version - V5.00.01.003.

Based on radio fw version, what version should I be looking for?

Regards.
 
T

Tarnish05

Member
Joined
Jun 24, 2021
Messages
17
0xFF1E071F said:
Did you try reading via "Programming Mode" or "Download Mode". FB only works on "Download Mode". By "Download Mode" I mean "Upgrade Mode".

If you tried on Download Mode and cannot read it, it is most probably a version issue. You should find a newer version of FB.

What is your firmware version?
Click to expand...


Ahhhhh! Yes, success! Managed to read and save the file now. Dropped you a PM with a link to it :)
 
T

tog182

Newbie
Joined
Jun 4, 2014
Messages
3
Can someone let me know where to download flashburn, I have a PD 685 with firmware version V8.05.06.011 and trying to get the password, as I lost it.
 
T

tog182

Newbie
Joined
Jun 4, 2014
Messages
3
Thank you for your reply, I have done work on the code plug in the radio and have lost the password for it, and would rather not do all the work again and was hoping to get hold of Flashburn in the hope of getting the password.
 
M

motopit

Newbie
Joined
Mar 3, 2022
Messages
1
Hello
Can anyone help reset password in pd505. I have a userdata file.
Thanks
Pit
 
T

Tarnish05

Member
Joined
Jun 24, 2021
Messages
17
Jae30001 said:
Ahh, your correct, and partially wrong. Your looking at the problem the wrong way.. You don't need to un encrypt it. You just need to "Brute Force" it. Flashburn lets you pull the data from the Hytera. Including the password locked file.

This can take 5 minutes, or hours. But its a simple path forward. Its not a high bit encryption. Its a simple encryption. You could write a program in a dozen languages, to force and retry.

Ofcourse, the most simple way. Is matching the CPS to the firmware, and doing a reset. But some firmware versions are not easy to come by.
Click to expand...
I sent you a PM on this......
 
H

hurricaneoleg

Member
Joined
Mar 15, 2023
Messages
61
Hello. I need the v9 version of flashburn as well, at least for someone to tell me where to find it, other than "try google" because I have, for weeks now and can't find anything. If anybody has it or knows where to get it please get back to me, I'd really appreciate it tremendously! Thank you.
 
A

achalela

Newbie
Joined
Apr 13, 2020
Messages
4
Location
Colombia
Hi everyone. I need help! I have two Hytera PD-788G and PD-786G with forgoten read password. I dont need to read actual configuration i only need to made a Factory Reset to reconfigure it but i cant do it.

Today i uprade both to A9.00.07.105.IM with the Terminal Batch Upgrade Subscribe and i have CPS V9.00.09.200IM(EM5), when i try to made Factory Reset i get password error and the same for read it.

What is wrong ir missing? Thanks.
 
Last edited:
You must log in or register to reply here.

Similar threads

R
Hytera PD562i write password
Replies
12
Views
632
Muxlow
Muxlow
Scannerham62
Hytera HM782 error: "Model settings does not match"
Replies
7
Views
858
radioopperator
radioopperator
D
MD782 U(2) firmware upgrade path
Replies
6
Views
2K
Expat2017
E
D
  • Locked
New RSP1A owner disappointed with spurious responses
2 3
Replies
41
Views
9K
SpaceForceCmdr
SpaceForceCmdr
kruser
  • Locked
IC-R8600 Service Manuals now available
Replies
1
Views
4K
krokus
krokus
Top