ASK byte moved in MTS2000, can't find it

I have several MTS2000 model III radios
They are
H01UCH6PW1BN
Codeplug: 000F
Firmware: 08.73
Package: H37
Flash code: 200004_000000_2 & 000004_000000_6

I have read that the byte that controls the ASK is at 0X282 with the checksum at 0X289, that is the most current, the previous location was 0X28E,

but,  the location has moved again

The 2 lines before and after this area in the codeplug are now all 00

Does anyone know where they moved the ASK byte to for this model radio with this flashcode and firmware ?
I don't have a clean s-record for the radios before they were ASK'd

I am not even sure if they would take an old S-record now that they have been ASK'd

If anyone can help, I would really appreciate it

Otherwise, I have a bunch of paperweights

Thanks in advance

Bill
KC2OVX






Just saw your post. It did move to a new location in the latest firmware. I see you posted on other website too. Will help try to troubleshoot over there.

These were my findings for a batch of radios I got off eBay. Will update if we find it is different on your radios.

The ASK Flag can be found in the most significant bit of 0x282. Make sure to update checksum at 0x289. In my case the byte was 80. So it became 00. And the checksum was 14, subtract 80 and it became 94.

I wrote a quick .Net/C# program to take care of the programming for a batch of B5 radios had for $5 a piece on eBay. Many thanks to Mars and the Python scripts written by Paul Banks.

Communications log. (Adjust your values accordingly in bold.)

Sending 01 02 00 40 9E
Echoed: 01 02 00 40 9E

Entering SBEP Mode
Sending 00 12 01 06 02
Echoed: 00 12 01 06 02
Ack: 50
Entered SBEP Mode


Sending F5 17 00 02 82 00 6F
Echoed: F5 17 00 02 82 00 6F
Ack: 50
Received 00 02 82


Sending F5 17 00 02 89 94 D4
Echoed: F5 17 00 02 89 94 D4
Ack: 50
Received 00 02 89

Exited SBEP Mode

Sending 00 00 01 08 7C
Echoed: 00 00 01 08 7C








I am not familiar with anything other than the official Windows version of Motorola CPS. All 0's in that location would definitely be a problem. Does the radio even turn on? I once tried for fun setting a flash to all 0's and it would no longer boot. I take it you're able to read the radio in CPS to know ASK is on, so I don't think it is the case.


I sniffed the serial port to see the commands that it uses and found how to retrieve the flash contents directly. I then started reverse engineering the block types to figure out where I need to look. I am not that familiar with the S-RECORD format. It's mostly just a legacy thing back when floppy disks and other storage was not that reliable. I know you have to calculate the checksum for the block record.. and then a checksum for the S-RECORD... I just skipped that extra link in the chain.

You can use an advanced serial port software terminal like Real Term and send the bytes that I have above, if you wanted to give it a shot in the dark on one of your radios. Set the speed to 9600 BPS. Send the hex values and you should see the returns noted above.

Are you running old old RSS on DOS? Otherwise if you can connect the cable to a modern computer, I can send you a .Net program that reads from the serial port. I've been swamped at work and my time just freed back up to get back to finished hacking the rest of this radio. I'll refresh what I know tomorrow and then I'm sure we can figure it out. There's a lot of these ASK'd radios out there for next to nothing.