RayAir
Member
- Joined
- Dec 31, 2005
- Messages
- 1,930
A few years ago a couple of manufacturers introduced digital frequency hopping spread spectrum radios for the consumer market; the Motorola DTR and the Trisquare eXRS 900MHz frequency hopping radios. One claim is that they cannot be monitored by scanners. For the most part, that is not true (except for the DTR). Others have discovered the Trisquare can be monitored with an Optoelectronics R-10 linked to a scanner. This is true. (Note: The Trisquare does NOT use digital audio, it is analog frequency hopping) I have discovered a poor mans method of monitoring these radios. I don't have an R-10 linked to a scanner so I just used my signal stalker and wrote down every frequency it stopped on while tx'ing. This yielded about 30 unique freq's. All the channels are 25KHz spaced. I entered all the freq's into a scanner bank, turned off the delay and hit SCAN. What do ya know I heard audio, albeit choppy, but mostly readable. I am still missing a few of the hopping freq's obviously. I just have to spend more time with the freq. counter. I am going to use my Scout instead of the signal stalker when I get some more time. With some refining this should work really good.
If you have a Trisquare eXRS radio and want to try this here is some additional info:
- The eXRS radios all have a maximum of 400 possible hopping frequencies, however for each TX the radio selects a set of 50 frequencies to perform hopping on. The 50 freq. set is determined by the channel number you select.
- The hop rate is 400mS.
- This crack will not work for the Motorola DTR radios because they use digital audio (VSELP). So, even if you could track the DTR with a near field receiver you would still have to be able to demodulate VSELP.I believe the hop rate for the DTR is 90mS.
This is just an information piece. Of course these radios were not made for true COMSEC, they do however provide much more privacy than virtually all consumer grade radios. However I have seen numerous web sites hawking these radios as "secure" and "unmonitorable". That is simply not the case. Anyone who wants to listen to this radio service just has to try.
I would like to get a complete list of all 400 possible frequencies. One initial problem I am noticing is the scanner stopping on a synchronization signal. Deleting these should solve that problem. They seem to be all in the 922MHz+ range. Most of the voice so far has been in the 906-919MHz range.
If you have a Trisquare eXRS radio and want to try this here is some additional info:
- The eXRS radios all have a maximum of 400 possible hopping frequencies, however for each TX the radio selects a set of 50 frequencies to perform hopping on. The 50 freq. set is determined by the channel number you select.
- The hop rate is 400mS.
- This crack will not work for the Motorola DTR radios because they use digital audio (VSELP). So, even if you could track the DTR with a near field receiver you would still have to be able to demodulate VSELP.I believe the hop rate for the DTR is 90mS.
This is just an information piece. Of course these radios were not made for true COMSEC, they do however provide much more privacy than virtually all consumer grade radios. However I have seen numerous web sites hawking these radios as "secure" and "unmonitorable". That is simply not the case. Anyone who wants to listen to this radio service just has to try.
I would like to get a complete list of all 400 possible frequencies. One initial problem I am noticing is the scanner stopping on a synchronization signal. Deleting these should solve that problem. They seem to be all in the 922MHz+ range. Most of the voice so far has been in the 906-919MHz range.
Last edited: