• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

Hytera MD782 Password

0

0xFF1E071F

Member
Joined
Sep 26, 2019
Messages
50
It is too dangreous for people who do not know how to (and what to) use FB. Anyone can easily turn their radios into brick! Be very careful!
 
L

leighplt

Newbie
Joined
May 18, 2023
Messages
3
FB is like Linux - direct access to the OS. But FB is hard to find.
P.S. I didn't find it :(
 
Forts

Forts

Mentor
Database Admin
Joined
Dec 19, 2002
Messages
6,708
Location
Ontario, Canada
0xFF1E071F said:
It is too dangreous for people who do not know how to (and what to) use FB. Anyone can easily turn their radios into brick! Be very careful!
Click to expand...
I both agree and disagree with this.. Can you put your radio into an unbootable state? Yes, absolutely. But can you revive it? Also yes. No matter how badly you hose the codeplug you can seemingly always get back into it. Morale of the story: Back things up before playing!
 
J

jasej

Member
Joined
May 11, 2012
Messages
33
Location
Hidalgo Texas
Hi friends

In my recent experience that I had with these models, such as the PD786 and PD986, in these devices and with newer firmware, the option to reset to factory mode does not work, as it previously worked with Hytera devices that had older firmware..

This case is beyond to be able to solve it...

Regards
 
M

McDeeJ

Newbie
Joined
Aug 29, 2023
Messages
1
Hi,
I need the same thing as described.
total noob here.

Got a PD785G
firmware A6.05.07.006
A6.05.07.006
Need to completely go back to factory default, without any passwords or other data.

Please help?
 
T

Tarnish05

Member
Joined
Jun 24, 2021
Messages
17
Slightly off topic but......

Can someone please tell me a step process how to brute-force the Basic Key from a Hytera dump after a successful FBurn extraction?

I'm wanting to try a MotoTRBO set against a Hytera set.

The Hytera is set with BP and I would like to extract the key and then program it to a Moto set with EP as they should work, right?

Do you need a powerful PC? Special tools? etc..... I've got this far just a few more steps??? PM me if its a little sensitive for some.
 
Forts

Forts

Mentor
Database Admin
Joined
Dec 19, 2002
Messages
6,708
Location
Ontario, Canada
Couple things...

1 - Hytera BP and Moto BP are completely different. Hytera Full Encrypt and Moto Enhanced Privacy are both RC4 and are compatible.
2 - Hacking of encryption can not be discussed here.
 
R

radalia

Newbie
Joined
Dec 18, 2023
Messages
1
0xFF1E071F said:
Hola W4ADC;
¿Resolviste tu problema? Si no, podría ayudarte. No mencionaste tu versión de firmware. De todos modos existe una herramienta llamada flashburn para radios hytera. Lamentablemente, creo que está prohibido compartir este tipo de herramientas en este foro. Pero puedes encontrarlo en línea.;)
1. Descargue e instale flashburn
2. Lea los datos "definidos por el usuario". El resultado debería ser de aproximadamente 15-16 Mb (necesita un cable de programación para esto)
3. Envíame ese archivo. Voy a utilizar la fuerza bruta e intentaré encontrar tu pase o restablecerlo.
Click to expand...
Hola, buenas tardes. Tengo una Huyera PD705G con bloqueo de lectura, escritura y clonación. Si te envío el archivo que indicas en tu post es posible que puedas ayudarme. Agradeciendo de antemano si me ayudan, quedo a su disposición. Saludos cordiales desde Cádiz España
 
0

0xFF1E071F

Member
Joined
Sep 26, 2019
Messages
50
radalia said:
Hola, buenas tardes. Tengo una Huyera PD705G con bloqueo de lectura, escritura y clonación. Si te envío el archivo que indicas en tu post es posible que puedas ayudarme. Agradeciendo de antemano si me ayudan, quedo a su disposición. Saludos cordiales desde Cádiz España
Click to expand...
One more problem solved ;)
 
T

Tarnish05

Member
Joined
Jun 24, 2021
Messages
17
Motorola BP can simply be guessed by reprogramming the codeplug each time until the radio filters the clear audio through, so you have 1-255 possible options.

Can anyone explain how to 'guess' the Hytera Basic Privacy? What would be the way to test this? It may be easier to attempt this rather than Brute Force a flashburn extraction.
 
0

0xFF1E071F

Member
Joined
Sep 26, 2019
Messages
50
Tarnish05 said:
Motorola BP can simply be guessed by reprogramming the codeplug each time until the radio filters the clear audio through, so you have 1-255 possible options.

Can anyone explain how to 'guess' the Hytera Basic Privacy? What would be the way to test this? It may be easier to attempt this rather than Brute Force a flashburn extraction.
Click to expand...
In Hytera user can enter a basic protection/encryption key. And AFAIK on the flash, it is stored encrypted (At least I cannot find any clear text encryption keys). And probably you cannot just bruteforce it. Do you even know how Hytera encrypt keys? ¯\_(ツ)_/¯
 
T

Tarnish05

Member
Joined
Jun 24, 2021
Messages
17
0xFF1E071F said:
In Hytera user can enter a basic protection/encryption key. And AFAIK on the flash, it is stored encrypted (At least I cannot find any clear text encryption keys). And probably you cannot just bruteforce it. Do you even know how Hytera encrypt keys? ¯\_(ツ)_/¯
Click to expand...
I don't know how or where it’s stored.

I had misread that Hytera BP was capable of being received on a Motorola set so long as it was set to Enhanced Privacy but that’s not possible so thanks to 'Forts' pointing that out.

Hytera says that Basic Privacy solution offers provides key option between 1-255 using 10, 32 or 64 characters to the transmission and receiver frequency, each of which must match up. The keys are not customised, so if a hacker was so minded they need only scan all 255 keys to potentially hit on the one you are using.

You have 1-30 Key IDs to set (as a maximum) and a Key Value.

So, if I have a radio set to set with ‘Key ID 1’ and ‘10-Characters’ I only need to find the Key value field.

Im guessing its not as straightforward as trying 1-255 under the Key Value with FFFFFFF for the rest given that the value can be 0-F.

So, what options are available to find/read/sniff/decode it? Method, Tools etc can I use with the RCDB file.

Regards

Mike
 
radioopperator

radioopperator

Member
Feed Provider
Joined
Apr 15, 2019
Messages
257
you might have to be like 0001 ? not sure I use enhanced on the Hytera and enhanced on the Motorola xpr they seem to work together.
 
0

0xFF1E071F

Member
Joined
Sep 26, 2019
Messages
50
@Tarnish05 before admins get mad open a new thread and let's discuss it there. What do you want to do? Reveal already written basic enc keys from a Hytera Radio? Or you want to make motorola and hytera to communicate in basic privacy? Explain it in a new thread!
 
D

deanhod

Member
Joined
Jan 26, 2024
Messages
8
I have a couple of new Hytera radios and 12 old PD705LT that i want to program to work together. Problem is the PD705LT were bought second hand and all have passwords set when trying to read the data in the Hytera CPS.

Is there any way to download the config so i can program to the 2 new radios?
 
You must log in or register to reply here.

Similar threads

R
Hytera PD562i write password
Replies
12
Views
606
Muxlow
Muxlow
Scannerham62
Hytera HM782 error: "Model settings does not match"
Replies
7
Views
816
radioopperator
radioopperator
D
MD782 U(2) firmware upgrade path
Replies
6
Views
2K
Expat2017
E
D
  • Locked
New RSP1A owner disappointed with spurious responses
2 3
Replies
41
Views
9K
SpaceForceCmdr
SpaceForceCmdr
kruser
  • Locked
IC-R8600 Service Manuals now available
Replies
1
Views
4K
krokus
krokus
Top