Identifying the MCU from RT85 handheld Radio

[eb4fbz]

Appreciate the decrypter. However, it does not work. It's also a random binary and not source code. We generally prefer source code on this forum when available: we all like to share and improve for each other =) I can always make one too.

For us BQ radio owners I'll have time to do side channel attacks to recover the key in April or may.  I know you may not be interested in a new firmware, but imagine a cheap HT like this with better, simpler and clearer menus in your native language... that's only one of my goals =)

Hi. Did you found that time? It would be interesting to hack this firmware as they are doing on the UV-K5. I prefer RT-85/UV-88 radios.

[true]

I haven't tested in depth but I think this radio has a better designed front-end than the K5. Could be wrong.

But with how cheap it is, the larger screen, and the better volume knob, I'm focusing efforts on UV-K5. I may come back around to this after August, and after I get new written firmware started for UV-K5. I have the equipment to perform an attack and attempt to recover the encryption key. I also have the development tools and spare MCUs to get started even if I don't successfully hack it.

[eb4fbz]

Forget about the RT-85 BQ encryption. It doesn't make any sense to spend time on breaking it if you can only buy BS version nowadays.

RT-85 or UV-88 is definitely better. It has better shielding, better filtering, with a separate cavity for the BK4815, and one 6W power amplifier (HTL7G06S006P) per band instead of the single and 2W rated RD02LUS2 transistor used in UV-K5. Case feels way superior as well. The only drawback is they use BK4815 instead, which is only 128-590MHz.

Other options are Retevis RA685 and Abbree AR-F5, using ARM MCU + BK4815.

[true]

Re: RT85 BS radio, I still haven't found one. All I have are BQ radios. (edit: I ordered two more brand new and they are both BQ. so I still only have BQ radios.) If I can get a BS radio, then I can simultaneously target firmware for it.

As to it making sense to break it, isn't writing firwmare for these also a bit ridiculous and possibly seen as a waste of time? For me, breaking it would be for fun.

Re: RA685, the units I have have yet a different board. MCU is not marked. Differs from other boards I have seen online. Voice is different too. Another issue is the top lights are way too bright and annoying.