Reverse Engineering Cheap Chinese Radio Firmware

This post isn’t related to SDR, however it may interest many readers as it has the potential to become the “RTL-SDR” of handheld hardware radios. Recently at Shmoocon 2016 (a yearly hacking and security themed conference), hardware hacker Travis Goodspeed showed how he was able to reverse engineer the firmware of a cheap Chinese made Tytera MD380 DMR digital handheld radio transceiver.

The reverse engineering feat essentially means that custom firmware can now be written to the radio. They’ve already managed to add a promiscuity mode that allows the radio to be able to receive from all talk groups on a known repeater and timeslot. Access to he firmware now also means that custom decoders for protocols such as P25, D-Star or System Fusion can potentially be added to the radio’s features in the future. In the end this could turn this cheap $140 radio into a more featured radio that would be worth much more.

See the full story over at Hackaday and the white paper here (start at page 76) and the video of the talk below.

Jailbreaking a Digital Two Way Radio Travis Goodspeed travisgoodspeed

Inside the Tytera MD380
Inside the Tytera MD380
Notify of

Inline Feedbacks
View all comments