The Spectra Lab RSS (R04.04.04) has a utility called the MOFLAG Programmer and it lets you edit a series of MOFLAGs "bits" in the codeplug.
The list of the Moflags and what feature each bit controls is listed in the chart below.
The bits control what features are available, and what aren't. The problem is the MOFLAG programmer only edits the codeplug. You could program features in, but when you read your newly upgraded radio the features disappeared in the RSS. If you keep reading below you will see why.
Note that not all features are available with all MLM firmware versions. If you think you are going to turn on zone operation in your version 2.0 MLM, keep dreaming. It takes at least version 6 for zones to be supported. Other features (MPL, RSSI, etc.) may have other requirements. Another thing to remember is you cannot read or open a codeplug from a firmware version 6.xx radio with the LAB RSS.
Spectra Hacking History
Just prior to the true MOFLAG breakthrough, to properly hack more features into a radio involved taking a radio that had lots of features, and cloning Command Board Location range B681 - B693 to another radio which you wanted to clone the feature set to. You could also upgrade the firmware (with an EEPROM burner) to the same or newer level than the radio you cloned the feature string from. Then you would virtually have a clone of the original good radios features and get Zones, Securenet or whatever else the original had. At this time it was known that this string controlled the features but it wasn't cross referenced to the individual moflags... yet.
This method works a lot better than the original way people added features to their radios. That way involved just cloning a more featured codeplug into your radio, overwriting the feature string in the codeplug only and usually giving you what you wanted. The problem was that when you read the radio with the RSS, your features would vanish because the RSS got the feature data from the MOFLAG bits on the command board and the new codeplug only changed data in the codeplug. If you read carefully below, you will see why that happens.
The latest and greatest method, which this page is all about lets you selectively enable/disable the exact features that you want. No more all or nothing!
How the Moflags Work and are Stored in the Spectra
The following locations are the locations reported when you use the Bit Banger function of the Lab RSS. They are the general locations that are going to be important to changing the features of the radio.
NOTE: The addresses for the bytes in the Command board should almost always be the same. The address locations for the MLM may be slightly different, depending on the firmware version and features enabled. However, you will know you have found the correct range in the MLM since it will be the same data as the string in the Command Board.
So, you should check the Command Board range first, and write down the data that is there. Then, go through the MLM range and find where that data is living. It should be somewhere near location 6200 so scroll through the area until you find it.
Command Board Range : B681 - B690 / B691 + B692 = Checksum
MLM
Range : 6183 - 6192 / 6193 + 6194=
Checksum (*the MLM values are relative*)
How MLM and Command Board Features are Checked on POST
The radio on POST checks the Command Board range B681 - B690, with some proprietary checksum algorithm and compares the result with B691 + B692.
If the checksum doesn't match, the radio grabs the entire range from 6183 - 6194 on the MLM, and throws it in the Command Board (assumes the Command Board is corrupted, so it reloads).
With the original feature string cloning method if you were hacking a radio and messed up on one character in the Command Board, (in this range) when you power cycle the radio, good bye changes.
How the RSS Knows What Features to Allow Access to
Moflags are nothing more than single bits stored at those locations that tell the radio and RSS what features it gets to have and what ones it doesn't.
Some people in the past were forcing zone enabled codeplugs in their radios which would allow zones to work but when you read the radio zones wouldn't appear in the RSS.
This is because the RSS reads the Moflag data off the Command Board. Since the Command Board isn't written to when you load a codeplug, you don't truly get Zones and other features correctly enabled.
How to Make Your Own Feature String
You can now make your own string of data using the Moflags as a reference, and turn on whatever you want.
First create a string of data with the features you want. You can use the string below which came out of a very full featured conventional radio as a reference point to create your own. This string has Zones / Securenet / Dual Control Heads. Use the Moflag table below to enable/disable what you want.
CB Range B681 - B690 / MLM Range 6183 - 6192 00 76 40 A3 19 FF F1 FF 64 84 90 1F 1F 00 00 00The best part of this is, if you hack the MLM Range 6183 - 6192 and Command Board B681 - B690 (Moflags#0 - 15, 16 total) you can put any data you want in (any custom string). When you read the radio and rewrite it will create the checksum and put it at the end of the MLM string (at 6193 + 6194). Then, after it is done programming it will reboot the radio and then that checksum gets copied to the Command Board, because the Command Board checksum fails. So it essentially calculates the checksum for us automatically and fixes the radio!
Important Notes
I believe repetory refers to remembering the last number you used when using the scratchpad for MDC call or Phone DTMF etc.
Compander and Adaptive Splatter are generally found on 900Mhz radios for "Hearclear".
The rest is pretty straight forward but there are some odd-ball SP items in the list that are unknowns.
Also when you are doing things like making trunked radios into conventional and vice versa it is a good idea to force a codeplug similar to what you want before you hack it. Otherwise it will still show a trunked mode in the RSS when you read the radio even though you have hacked it to be conventional only.
You can force codeplugs in from other radios with different bands too. Just change the serial number to match a codeplug you want to use and force it in. Then change the model number, head type, bandsplit and serial number back using LAB bitbanger. See further down the page for more BitBanger info.
Don't forget that if you turn on Securenet or Trunking on a radio that didn't have it enabled prior the deviation will need alignment for those TX modes because the radio was never tuned for operation in those modes.
| Moflag 0 | Moflag 1 | Moflag 2 | Moflag 3 | Moflag 4 | |
| Bit 0 | Unused | Out Of Range Display | Call Alert 2 | Unused | DTMF Encoder |
| Bit 1 | Unused | Horn and Lights | Call Alert Unlimited | Unused | Compander |
| Bit 2 | Sys Search Lock | Unused | Call Alert Repertory | Trunk Sys Opsel Scan | Adaptive Splatter |
| Bit 3 | AMSS | Privacy Plus | Conv With Sys Scan | Trunk Mode Slave Scan | Time Out Timer |
| Bit 4 | Dynamic Regrouping | ATG B9 PP (DON’T USE) | Pvt Call Master Enable | Trunk Message | Mode Names |
| Bit 5 | Emergency Call | Phone Unlimited | Private Call Repertory | Conv Message | Trunk Pri Opsel Scan |
| Bit 6 | Emergency Alarm | Phone With Repertory | Call Alert Master Enable | Trunk Status | Trunk Pri Scan |
| Bit 7 | Emergency Trunk | Trunk Phone RX | Private Call Unlimited | Conv Status | ID 64K |
| Moflag 5 | Moflag 6 | Moflag 7 | Moflag 8 | Moflag 9 | |
| Bit 0 | OpSel Talkaround | DTMF 8 Digit IDs | Perm Horn And Lights | Unused | Multi Radio System |
| Bit 1 | MDC Emergency | NEVER to be USED | MDC Call Response | Smartnet Features | Auxiliary Reciever |
| Bit 2 | Conv Opsel Scan | Data Radio | MDC Call List | Siren | Variable Power Output |
| Bit 3 | Securenet | Hand Held Control Head | MDC Call Unlimited | Expanded Data | Home For TX Revert |
| Bit 4 | Talkaround | Phone Interconn Decode | Zone Mode | Motorcycle SP | Metro Radio |
| Bit 5 | MDC Signalling | DTMF Sel Call Decode | MDC Call Alert | S9K Control Head | Failsoft By Mode |
| Bit 6 | NonPri Mode Slave S | DTMF SelCall Enc Unlimite | MDC Auto Sel Call | Multiple PL | Auto Affiliation |
| Bit 7 | Pri Mode Slave Scan | DTMF SelCall Enc Repty (* | MDC Enhanced Sel Call | Transmit Inhibit | Last ACC/First Rel Dig |
| Moflag 10 | Moflag 11 | Moflag 12 | Moflag 13 | Moflag 14 | |
| Bit 0 | Aux3 | MDC 600 | Re Arm Horn and Lights | Unused | Unused |
| Bit 1 | Algeria SP | New Control Head | MDC1200 RAC | Unused | Unused |
| Bit 2 | PC/CA ID Aliasing | Vehicle Repeater | MDC RAC List | Unused | Unused |
| Bit 3 | PC/CA Variable List | Internal PA | MDC RAC Unlimited | Unused | Unused |
| Bit 4 | Dual Control Head | Speaker A/B | Single Tone | Unused | Unused |
| Bit 5 | RHKPF | Metro Conv | Railroad Radio | SIU | Unused |
| Bit 6 | No Adap Dev or Volu | PL Monitor | Electronic Mode Stops | Data On Trunking | Unused |
| Bit 7 | External Securenet | One Button Call Alert | Parallel Data Interface | New Trunked NYCTA | Unused |
| Moflag 15 | |||||
| Bit 0 | Unused | ||||
| Bit 1 | Unused | ||||
| Bit 2 | Unused | ||||
| Bit 3 | Unused | ||||
| Bit 4 | Unused | ||||
| Bit 5 | Unused | ||||
| Bit 6 | Unused | ||||
| Bit 7 | Unused |
If your radio for example reads hex 03 at address B681...
This translates to 00000011 Binary.
This corresponds to Moflag0 : Bit7 Bit6 Bit5 Bit4 Bit3 Bit2 Bit1 Bit0 Bit0 - Unused - Enabled Bit1 - Unused - Enabled Bit2 - Sys Search Lock - Not Available Bit3 - AMSS - Not Available Bit4 - Dynamic Regrouping - Not Available Bit5 - Emergency Call - Not Available Bit6 - Emergency Alarm - Not Available Bit7 - Emergency Trunk - Not AvailableIn Lab 4 Moflags can be changed to 3 settings (Not available/Enabled/Disabled).
Enabled/Disabled will still give you a binary 1 and just reflects whether it is turned on in the RSS/Codeplug. Not Available is set with a 0.
The problem with Lab 4 is it will let you edit the Moflags in the codeplug stored on the PC. You then could force the codeplug into the radio with new features. But when you read the radio again those features aren't available.
That is because they do not write over the string in the Command Board (which would be the ideal fix).
This means that you can mess around with a codeplug and change the features that you want, but when you finally figure out what you want to use for a feature string, you need to Bit Bang it into the proper location on the Command Board, before writing the new codeplug to the radio.
No comments:
Post a Comment
Discussion groups
.
Amateur Radio Users Support Group
https://groups.io/g/AmateurRadio
.
Note: only a member of this blog may post a comment.