Pro-668: Radio Shack PRO-668 loaded with Whistler DMR firmware

[n3617400]

Whistler tightened up security. The connection to the website now uses TLS and a different base directory for update files. It appears the Ez-Scan application uses the boot version to either use the old method (Version 1) or a new method (Version 2) where they send the new encrypted file directly to the scanner rather than having the Ez-Scan application transcode it.

I thought that everything would calm down.
There will be those who want to pay for upgrading of Whistler and there will be those who will be sitting on the old firmware with DMR but without future upgrades.
But Whistler for some reason shakes the boat.
For this case, yesterday I bought a pro-668 and in a week it will be on my hands to take a more detailed look for problem.

Whistler opened up a large security hole in the scanner. This reminds me of one aspect of the Sony BMG hack where they compromised security of the user's computer when they improved the security of their IP. It also has the potential of compromising their recent work to lock down the scanner with the Version 2.0 boot loader.

The entrance to the rabbit hole is open

 

[n3617400]

Does anyone still have a DSP 3.0 Config.bin file that they can send me? I'm willing to downgrade and then re-upgrade to 3.1 to see fit will kill DMR on my 688.

DropMeFiles

 

[Fasteddy2]

I still have the Whistler Program WS1080install 2.17.0460 program but the DSP 3.0 Config.bin file .I don't know how you can send that,I thought that comes with the program when you first load it.

 

[JustLou]

DropMeFiles

Thank you. I'll report back.

Edit: DMR repeaters in my area are dead right now, so I'm gonna have to wait for some activity.

 

[Septa3371CSX1]

I can confirm that once you have lost DMR with DSP 3.1, rolling back the DSP to 3.0 does not bring back DMR reception. EZScan confirmed that my DSP was in fact back to 3.0 but DMR reception and the use of Eric's tools did not return.

The only available "fix" at this point is to send your radio to Whistler for the official upgrade. As an added bonus you will then be able to upgrade your CPU firmware to 4.8 which will allow you to take full advantage of the logging feature in the new Control Demo 2 (computer control software) that Whistler recently released.

I am planning to eventually send the unit in for the upgrade but it being my only Phase 2 capable receiver and several Phase 2 systems (actually using Phase 2) in my area I'd rather wait until I have something else to fill that void (preferably an APX). For now looks like I'm stuck with what I have.

 

[brian]

I'm running WS1080 EZScan Digital Application v2.19. I ran the application on my PC for the first time in about a week, and I note that the CONFIG_.BIN file in my WS1080 Digital folder now shows a modified date of today's date. This without running any of the update functions in the application. Perhaps this is normal behavior, that in the process of opening the file, the application updates something in it? I have the 3.0 version DPS.

 

[EricCottrell]

Appears my 668 is no longer able to receive DMR. On a saved object (trunked wildcard or conventional DMR channel) I'll see the signal bars light up (and on a non DMR scanner hear DMR noise) but no voice or time slot and talkgroup info comes across. On search it stops on an active signal for a split second then resumes. I am on DSP 3.1 (which doesn't show on the GREWFTool) and DMR was working until the beginning of the month I'd say. I don't have DSP 3.0 to try to roll back. I may try the date trick and see if that does anything.

Hello,

A fix will be a multi-step process. You can try to either get DSP 3.0 or roll back the date. You need to reflash the firmware to eliminate the flash changes, although I think the bootloader is modified to reapply the hack or to prevent updating.

I think I was spared this attack because I realize my scanner's date was back in 2015 and I had not bothered updating the date/time. The hack is applied on powerup while the Whistler screen is displayed. This is likely the time the DSP is loaded.

There may be other attacks since I did see a problem with my boot version being wrong that cleared up.

73 Eric

 

[MunciesFinest]

atleast im not the only one rowing this boat then

 

[EricCottrell]

I'm running WS1080 EZScan Digital Application v2.19. I ran the application on my PC for the first time in about a week, and I note that the CONFIG_.BIN file in my WS1080 Digital folder now shows a modified date of today's date. This without running any of the update functions in the application. Perhaps this is normal behavior, that in the process of opening the file, the application updates something in it? I have the 3.0 version DPS.

Hello,

I noticed this as well. The size of the file has not changed. DSP 3.0 should be 88.9 KB (91,128 bytes).

73 Eric

 

[SCPD]

Hello,

A fix will be a multi-step process. You can try to either get DSP 3.0 or roll back the date. You need to reflash the firmware to eliminate the flash changes, although I think the bootloader is modified to reapply the hack or to prevent updating.

I think I was spared this attack because I realize my scanner's date was back in 2015 and I had not bothered updating the date/time. The hack is applied on powerup while the Whistler screen is displayed. This is likely the time the DSP is loaded.

There may be other attacks since I did see a problem with my boot version being wrong that cleared up.

73 Eric

Interesting to use the word "attack", maybe "defense" would be more appropriate? The rightousness of the initiater / hacker, it's just amazing to watch.

Then there is the whole pesky problem of the hardwired traces to the CPU for product ID under the RFI shield. Am not sure the average user is going to go that deep which makes me wonder why all this effort especially considering there is a reasonably priced upgrade.

As the past GRE guy, I think it's great, as others have posted, that Whistler is offering a path to upgrade the older products. My hat is off to them for that spirit of support! If only the ham radio "big three" would be so generous. I have an "older" icom HF rig (early 7700) that could use an upgrade but the cost is completely prohibitive and don't want to replace the MRF150s as they are buried a few layers deep, well at least not yet.

If you're listening Whistler, keep leading the way for customer support, honoring and improving the GRE legacy.

Don't know that I have much more to add to this thread, have just tried to bring some overall balance to how we can best support and preserve this hobby. One cornerstone of that is good competition so I wish both Uniden and Whistler success which will be a win for us the scanner geeks The few who oppose progress hurt us all.

73 and SK, Craig

 

[Hamradiostuffing]

Interesting to use the word "attack", maybe "defense" would be more appropriate? The rightousness of the initiater / hacker, it's just amazing to watch.

Then there is the whole pesky problem of the hardwired traces to the CPU for product ID under the RFI shield. Am not sure the average user is going to go that deep which makes me wonder why all this effort especially considering there is a reasonably priced upgrade.

As the past GRE guy, I think it's great, as others have posted, that Whistler is offering a path to upgrade the older products. My hat is off to them for that spirit of support! If only the ham radio "big three" would be so generous. I have an "older" icom HF rig (early 7700) that could use an upgrade but the cost is completely prohibitive and don't want to replace the MRF150s as they are buried a few layers deep, well at least not yet.

If you're listening Whistler, keep leading the way for customer support, honoring and improving the GRE legacy.

Don't know that I have much more to add to this thread, have just tried to bring some overall balance to how we can best support and preserve this hobby. One cornerstone of that is good competition so I wish both Uniden and Whistler success which will be a win for us the scanner geeks The few who oppose progress hurt us all.

73 and SK, Craig

I agree I think Whistler is being very generous with this upgrade to older products and ones sold by Radio Shack. One thing for certain is that my future scanner purchases will be from the Whistler Group. The reason I bought the PRO 668 is because I knew it was built in the factory that makes the Whistler products. I personally have encouraged everyone I know that has an older scanner to take advantage of the upgrade offer. I think Whistler should get all the profit they can for their firmware. Development is not cheap and Whistler deserves to make a profit.

 

[ChibiPaw]

Adding my finding to the collective here.
so we have to identical Pro-668 scanner here, which my friend brought over. One is now DMR-less because I failed to read the thread here before applying it, but the other one is saved because I stopped the process from completing the process.


Scanner A was upgraded to CPU 4.6, DSP 3.1, and was powered on. No longer able to use Eric's tool to downgrade CPU. I was able to copy DSP 3.0, but the payload has been delivered because I've powered it up. Lost DSP reception, and cannot use Eric's tool to downgrade firmware to original RS CPU.

Scanner B was upgraded too to CPU 4.6, DSP 3.1, However, my friend who owns this unit did NOT powered up, but instead went to bed. I was able inform him of the issue and quickly replaced the CONFIG__.bin with version 3.0. Scanner was able to retain DSP reception


Scanner A was replaced with a copy of Scanner B's SD card. In a side by side test. Scanner A cannot receive DSP and Scanner B can. Scanner A still cannot be firmware altered by Eric's tool.

I haven't tried the dialing forward or backward of the dates. Not sure why if that would make any difference, maybe perhaps the date was dialed back before July 1st 2017.

Also, this reminds me an awful lot of the Sony BMG copy protection rootkit scandal, while I understand the DMR access since it isn't listed on the box. However, taking the ability to use the RS firmware might be in violation of consumer rights law in California , Texas , and New York.


So anyone else made any progress in reversing the damage?

 

[Fasteddy2]

Noone I know can revert back the firmware But the DSP you can.Did it many times to no avail of getting DMR to work .

 

[fredva]

However, taking the ability to use the RS firmware might be in violation of consumer rights law in California , Texas , and New York.

But couldn't Whistler claim that the RS firmware was lost after the consumer freely chose to download Whistler firmware on a non-Whistler scanner?

 

[ChibiPaw]

But couldn't Whistler claim that the RS firmware was lost after the consumer freely chose to download Whistler firmware on a non-Whistler scanner?

They can say that all they want, but first off you can still pull the original RS software that would load the firmware locally from here: https://www.radioshack.com/products...-digital-trunking-scanner?variant=20332485509
But now that you'd actually have the software of doing so, you cant actually load it back in, so it isn't lost.

 

[fredva]

They can say that all they want, but first off you can still pull the original RS software that would load the firmware locally from here: https://www.radioshack.com/products...-digital-trunking-scanner?variant=20332485509
But now that you'd actually have the software of doing so, you cant actually load it back in, so it isn't lost.

Does the scanner function the same as when it was sold? Or did it lose some of the original functionality, such as P25?

 

[ChibiPaw]

Does the scanner function the same as when it was sold? Or did it lose some of the original functionality, such as P25?

I don't know since I just got the scanner about 24 hours ago. However, I can no longer use the Radio Shack programming software to configure the radio anymore. does that count as a loss of original functionality?

 

[fredva]

I don't know since I just got the scanner about 24 hours ago. However, I can no longer use the Radio Shack programming software to configure the radio anymore. does that count as a loss of original functionality?

It might. Then again, did Whistler cover themselves in that situation by posting this warning regarding their firmware: This software is intended for use with Whistler brand products only. Attempting to update any other brand of scanner with Whistler software/firmware may cause the scanner to stop functioning.

 

[ChibiPaw]

It might. Then again, did Whistler cover themselves in that situation by posting this warning regarding their firmware: This software is intended for use with Whistler brand products only. Attempting to update any other brand of scanner with Whistler software/firmware may cause the scanner to stop functioning.

Not that I am aware of such disclaimer. They pretty much pretended the procedure didnt exist to the public until now.

 

[Boy77777777777]

I usually don't post my opinion on here but enough of the whining. We all knew we were taking a chance doing this procedure on the scanner. Take responsibility for your actions. I like the way their scanner functions so much I bought a trx-1. I may not have if it wasn't for the hack.