Are you ready for this? : Spectra Moflags Cracked AND Hacked
Moderator: Queue Moderator
MOFLAGS aren't the Whole Answer
I have been trying to get some 900 Spectras to have talk around without success. I have cloned them with a codeplug that, when read by itself, says that talkaround is available. If I read the radio the codeplug came from, I can program a talkaround frequency. However, when I dump that codeplug into another radio, even if I enable the Moflags for talkaround, when I first look at a mode, it says talkaround is there, but when I go to program the frequency, changes to not available. This has happened on at least three radios. There is something in the radio itself that is prohibiting talkaround from being used even if the moflag is set and the model number supports it. Any ideas what it could be?
Back in it's entirety....actually, with all of the Cowthief BS removed from it. There are some interesting tidbits in the thread not covered on the main Batlabs site, so I've reposted this thread for all members to enjoy.
Todd
Todd
No trees were harmed in the posting of this message...however an extraordinarily large number of electrons were horribly inconvenienced.
Welcome to the /\/\achine.
Welcome to the /\/\achine.
- Victor Xray
- Posts: 845
- Joined: Mon Dec 17, 2001 4:00 pm
THANK YOU WAVETAR!
This was the number one (of only two) threads that everyone has heard me b!tch about having been removed. Good to have it back again.
Now what I'd like to see are address value difference between MLM verisions. And maybe more information/identification on the other address registers that haven't already been identified.
This was the number one (of only two) threads that everyone has heard me b!tch about having been removed. Good to have it back again.
Now what I'd like to see are address value difference between MLM verisions. And maybe more information/identification on the other address registers that haven't already been identified.
Reguarding the moving checksums...
Back in '02, while spending (far too) much time examining the maxtracs .mdf file I learned of how organized it was and how to predict where the tables would start and end. I haven't posted this as I didn't think maxtracs where still being examined (but will if asked).
This seems like a good time to bring this up.
There are pointers at the beginning of the mdf file that tell you;
for table 1:
hex start address of table 1word
unknown 1word
length of characters per entry 1word
number of entries in table 1word
for table 2:
same...
Seems that the number of tables is fixed and expected.
so when the data varies, there are pointers to setup the rss.
So I am suggesting there is a pointer to show where to look for the checksum, perhaps as functions expands the table shifts, like when hacking the mtx820(portable), it used vector tables you could modify but you had to keep track of where you should be depending on what you modified.
the pointer if exists maynot be so hard to find.
look for reversed byte orders loByte/hiByte as that is typical of the format I have found.
Doug
Back in '02, while spending (far too) much time examining the maxtracs .mdf file I learned of how organized it was and how to predict where the tables would start and end. I haven't posted this as I didn't think maxtracs where still being examined (but will if asked).
This seems like a good time to bring this up.
There are pointers at the beginning of the mdf file that tell you;
for table 1:
hex start address of table 1word
unknown 1word
length of characters per entry 1word
number of entries in table 1word
for table 2:
same...
Seems that the number of tables is fixed and expected.
so when the data varies, there are pointers to setup the rss.
So I am suggesting there is a pointer to show where to look for the checksum, perhaps as functions expands the table shifts, like when hacking the mtx820(portable), it used vector tables you could modify but you had to keep track of where you should be depending on what you modified.
the pointer if exists maynot be so hard to find.
look for reversed byte orders loByte/hiByte as that is typical of the format I have found.
Doug
- Victor Xray
- Posts: 845
- Joined: Mon Dec 17, 2001 4:00 pm
-
- Posts: 55
- Joined: Fri Jan 06, 2006 10:37 pm
- What radios do you own?: PM1500, XTS2500, PM1200, Astro
Re: Hacking a codeplug to change the control head type
OK, I've just finished reading all of the info here and am a bit overwhelmed (but impressed) by everybody's technical expertise. What I'd like to know is, has the "just for dummies" version of these changes come out yet? LOL
In my case, I simply want to use an A5 (or even an A7 head) on an A9 Spectra mid-power 800-mhz conventional radio. While I am capable of programming changes in channels, etc (basic changes), I honestly have no idea of what is being discussed here, as far as hacking the codeplug to make changes (such as changing the control head type). I'm not that well-versed in such technical aspects.
Has anybody provided a step-by-step downloadable version of how to do some of these changes (without necessarily fully understanding the deeply-technical aspects), and if so, where might we find such a valuable resource?
Thanks...
In my case, I simply want to use an A5 (or even an A7 head) on an A9 Spectra mid-power 800-mhz conventional radio. While I am capable of programming changes in channels, etc (basic changes), I honestly have no idea of what is being discussed here, as far as hacking the codeplug to make changes (such as changing the control head type). I'm not that well-versed in such technical aspects.
Has anybody provided a step-by-step downloadable version of how to do some of these changes (without necessarily fully understanding the deeply-technical aspects), and if so, where might we find such a valuable resource?
Thanks...
-
- No Longer Registered
- Posts: 872
- Joined: Tue Feb 22, 2005 7:03 am
JAYMZ posted his info in the Knowledge Base section of this BBS. Check Mobile Radios, Spectra Model/Serial.
While it's not necessarily a simple "change this, change that" article, it does tell you what to change.
Similarly there's some useful Spectra info on http://www.repeater-builder.com, in the Motorola area, Spectra section, in an article titled Miscellaneous Spectra Topics. It describes changing the control head byte to turn an A9 radio into an A7, based on the info found above.
Bob M.
While it's not necessarily a simple "change this, change that" article, it does tell you what to change.
Similarly there's some useful Spectra info on http://www.repeater-builder.com, in the Motorola area, Spectra section, in an article titled Miscellaneous Spectra Topics. It describes changing the control head byte to turn an A9 radio into an A7, based on the info found above.
Bob M.
-
- Posts: 55
- Joined: Fri Jan 06, 2006 10:37 pm
- What radios do you own?: PM1500, XTS2500, PM1200, Astro
Actually Bob, there is a primer for model/control head changes in the knowledge base as well.
http://batboard.batlabs.com/kb.php?mode=article&k=31
It's all a work in progress, of course.
http://batboard.batlabs.com/kb.php?mode=article&k=31
It's all a work in progress, of course.
JAYMZ
"Mom and dad say I should make my life an example of the principles I believe in. But every time I do, they tell me to stop it."
Calvin
"Mom and dad say I should make my life an example of the principles I believe in. But every time I do, they tell me to stop it."
Calvin
-
- Posts: 55
- Joined: Fri Jan 06, 2006 10:37 pm
- What radios do you own?: PM1500, XTS2500, PM1200, Astro