Page 1 of 1

How does one start porting the fw to another platform?

Posted: Sun Aug 14, 2022 11:26 am

I have a couple RT50s (aka TYT MD-680D) I use for when I’m hiking as they’re pretty strong radios. The internals are pretty similar to the ones found in a GD77 (MK22FN512, HR-C6000, AT1846S, etc.), and I wanted to try myself if I’m capable of porting the OpenGD77S version to this handheld.

I’ve programmed in C several times although I’m not an expert. In fact, a year ago I played around for a couple months with the OpenGD77 source code customizing things and I could get to understand almost every part of the firmware (obviously, I did this complying with the license terms, as my only intention was to improve my coding skills).

My question is, where or how can I start porting this firmware to this radio? I’m guessing a first step would be to be able to flash the firmware to this device, get it to turn on and then see which functions need to be adapted. I remember I read somewhere that the firmware has to be encrypted after being compiled, and that the encryption key is specific to each model of radio, but that there’s a way to crack it.

There’s no way to find an original .bin or .sgl file of the radio’s firmware, as the firmware updater is an .exe file that does everything (it connects to the radio and flashes the firmware), and I don’t know if this means that there’s no way of knowing this programming encryption password. If it’s not possible to flash the firmware in a conventional way (aka, using the firmware loader), is there any other way like using some kind of in-circuit programmer or debugger soldered to the MCU?

Thanks a lot, I know this will take me a lot of work (and it won’t probably be possible to do), but I’m willing to try it out.


Re: How does one start porting the fw to another platform?

Posted: Sun Aug 14, 2022 9:15 pm
You can connect a programmer to the CPU in the radio, but you will not be able to read the firmware because all radios enable the Read Protection in the CPU

You can erase the CPU but then your radio would be useless.

With the GD77 etc, the encryption was broken by DG4KLU, but he keeps his methods secret.
The MD9600 encryption was broken by someone in the MD380Tools team.

I think someone broke the encryption on the Ailuance HD1, which uses an exe file, but I don't know who did this.

Search for 'radiotool' on github and contact them,

Re: How does one start porting the fw to another platform?

Posted: Thu Aug 18, 2022 6:26 pm
Thank you so much! I'll try to reach them and see what I can find out :)