• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

mototrbo codeplug hex edit

Status
Not open for further replies.

matty909

Member
Joined
Mar 19, 2015
Messages
115
Location
Fontana, California
hello all, I'm trying to assist someone with there radio and I have seen the Wireshark method, clone a CPS file without a password (tried but read/write locked), update firmware and recover (tried but wants the password again?? defeats the point) so I'm considering a possibility "will it be possible to hex edit the CPS and disable the password feature so to say and trick the radio into reading or any other tips or tricks? the shop that last programmed the radio wasn't too helpful and while on a 3 way call just listening to it all pretty much in a nutshell said "FU we don't give out passwords, GOOD LUCK!" i was shocked a shop would do this and I'm glad I do my own programming (I will try reaching out to the shop myself Monday)
 

Giddyuptd

Member
Premium Subscriber
Joined
Oct 6, 2018
Messages
1,347
Location
Here and there
If the radio is private owned, or owned by a agency get the necessary people to sign of on obtaining the password. If the private shop refuses have your city or town legal get involved. Seen small joke shops hold departments hostage before with their own gear. It is nice seeing those clowns in court winning a summons complaint on them.

If its bought from auction this tells me they still have same password like idiots on new equipment. I'd do away with that shop if I was that entity using them. Go elsewhere in future. If they are too lazy to utilize new password for new gear models one has to wonder what their programming is like. If it was bought used in auction and the programming is useless youd be sol in the normal view of things without methods which are against RR policy to discuss and other issues one could get self into.

Rare cases of a shop holding a dept hostage but legal can solve that.

If its trunking that's a different ball game and the system administrators for that network must be ones to approve it which if that's case here they wont approve it.

The data may have legal agreement and mous from various agencies on who can read the data or alter it. So be careful.

If it's a issue of who owns the data have the radio set to default programming of nothing and password removed and reprogram if you're authorized to do so if the radio is legally owned by you or dept.
 

matty909

Member
Joined
Mar 19, 2015
Messages
115
Location
Fontana, California
I forgot to mention its a xpr 7550 the radio was privately owned by a security patrol company (now out of service) owner got rid of most except a few things, few years later after a move from East to West this radio was found and given to it's new owner by the original. I believe they used a dmr system the shop had. and go figure shop is on East coast in NY and the radio is here on the west coast in CA
 

Giddyuptd

Member
Premium Subscriber
Joined
Oct 6, 2018
Messages
1,347
Location
Here and there
If the owner on file with them orders the radio be reprogrammed and password removed he needs to either send it to them at his cost or new users cost, probably with certified letter or prior agreement. If the system is not used anymore and was the shops I am willing to bet they assigned a new user with same data/system to it and why they are reluctant to give the password out as they used same data and password in use.
 

matty909

Member
Joined
Mar 19, 2015
Messages
115
Location
Fontana, California
If the owner on file with them orders the radio be reprogrammed and password removed he needs to either send it to them at his cost or new users cost, probably with certified letter or prior agreement. If the system is not used anymore and was the shops I am willing to bet they assigned a new user with same data/system to it and why they are reluctant to give the password out as they used same data and password in use.


good idea that didn't cross my mind. and I have noticed shops do tend to use a common password when they do such a
 

matty909

Member
Joined
Mar 19, 2015
Messages
115
Location
Fontana, California
#1 Hexedit is not the legal way to do this.
#2 does the owner have permission from the owner of the system to have a radio on the system.

go figure.....

1. the shop programmed the radio and set a password on the codeplug (last programmed September 2016)

2. the former company (not the radio shop) owned the radios however looks as if they were using a system the radio shop owned by looking at the channels and radio ID's and MDC ID's and research I have found.

(I believe I mentioned that above minus the ID's and channels)

3. the company is out of business. so no more user agreement for system use (I assume since out of business) the system is located on the east coast near New York area and the radio is now here in California so aside from the programming the radio is no longer connected to the system (unless it's back in New York) and at one time it was a fully authorized radio for the system.
 

matty909

Member
Joined
Mar 19, 2015
Messages
115
Location
Fontana, California
just to be clear.... not looking to keep the old radio system that is currently in the radio. the new owner plans to use this for GMRS only
 

Ant9270

The Green Weenie
Joined
Aug 31, 2018
Messages
493
I may possibly be wrong but I'm thinking goosetown


Goosetown is still a very prominent dealer in the Tri State Area. They have a very large DMR system named “ONEVOICE” which is accurately covered in the database. I personally suggest reaching out to Goosetown and running by them that you have the radio, and provide the serial number. I’d much rather you play it safe and check with them to make sure you don’t have a stolen portable. They’re a great shop and seem to be hobbyist friendly. Once you explain the specifics, If everything checks out with the radio, maybe they can assist you in clearing the former programming history by sending the unit in. Just my 2 cents.. for whatever it’s worth.
 
Last edited:

matty909

Member
Joined
Mar 19, 2015
Messages
115
Location
Fontana, California
Goosetown is still a very prominent dealer in the Tri State Area. They have a very large DMR system named “ONEVOICE” which is accurately covered in the database. I personally suggest reaching out to Goosetown and running by them that you have the radio, and provide the serial number. I’d much rather you play it safe and check with them to make sure you don’t have a stolen portable. They’re a great shop and seem to be hobbyist friendly. Once you explain the specifics, If everything checks out with the radio, maybe they can assist you in clearing the former programming history by sending the unit in. Just my 2 cents.. for whatever it’s worth.

yes I do plan to reach out to them tomorrow as well
 

matty909

Member
Joined
Mar 19, 2015
Messages
115
Location
Fontana, California
no not yet, it's not my radio it belongs to a gmrs user that asked me to take a look at it and I did look for Depot however files were missing so no help there, and this point I give up on this thing. I did learn a good lesson...... I can write protect MY XPR7550e then no one can use it on top of radio disable, these things are pretty secure! btw the shop could unlock the radio if it was brought to them but CA to NY? I'll pass
 

rescue161

KE4FHH
Database Admin
Joined
Jun 5, 2002
Messages
3,675
Location
Hubert, NC
I would imagine that the shop could do a TeamViewer session to remotely access the radio over the internet and unlock the radio without giving you the password. That way, they could deprogram the radio and unlock it about 10 minutes. They may even have a stored copy of the original codeplug and would take even less time. Just something to ask. That way it doesn't look like you are trying to gather info about their system or try to put a rouge radio on their system. I've helped people like this in the past and it worked great.
 

Ant9270

The Green Weenie
Joined
Aug 31, 2018
Messages
493
Just mail it into them. All you need to do is send the radio in an $8.00 priority mail box. It’ll fit perfectly. Ask them if you can mail it in, I’m sure they’d be happy to help.
 

N1GTL

Member
Database Admin
Joined
Jun 14, 2005
Messages
994
Location
CT
1. the shop programmed the radio and set a password on the codeplug (last programmed September 2016)

I believe this was before they hid the password from wireshark so the version of firmware should give you the password in plain text.
 
Status
Not open for further replies.
Top