Closed shawnchain closed 7 years ago
Howdy Shawn,
I initially extracted the firmware by patching the bootloader to disable RDP (Readout Device Protection), then installing a firmware update the unlocked radio for extraction. This is documented in PoC||GTFO 10:8, page 76.
The current method used by this project is one by @cr, who took my cleartext firmware and compared it to an encrypted firmware update. She realized that the encryption was total garbage, and implemented an encryption and decryption routine into md380-fw
.
Unfortunately, neither gets you virgin firmware from a physical radio sample. Your best bet would be to email Tytera asking for a .xip
or .bin
of the firmware update.
Cheers from New Jersey, --Travis
Just got one TYT MD380 with firmware version D013.033.
Any tutorial for extracting the virgin firmware?