DMR Protocol presented at Nullcon 2016

by Travis Goodspeed,

Summary : This lecture concerns the Tytera MD380, a handheld transceiver used for the Digital Mobile Radio (DMR) protocol, a competitor to TETRA and APCO P25. First, I'll describe in detail how firmware was extracted from a locked radio, despite protection features. Then, I'll describe how the firmware was reverse engineered, tracing I/O ports and external memory addresses. Once the firmware was understood, it became possible to patch it for promiscuous mode and other new features. With a bit more work, we'll see completely open source firmware for this platform.