• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

Over the air rekeying?

Status
Not open for further replies.
poltergeisty

poltergeisty

Truth is a force of nature
Banned
Joined
May 7, 2004
Messages
4,012
Location
RLG, Fly heading 053, intercept 315 DVV
Not sure where to put this question. Can you rekey a radio that is currently encrypted without the encryption key? In other words is the data sent have to match the current encryption key or is data not voice not encrypted?

Thanks!
 
grem467

grem467

Member
Joined
Dec 19, 2002
Messages
884
Location
Houston, TX
Without the traffic key? Yes. Without the ukek? No. The radio has to have a key loaded to decrypt the key packets. This prevents eBay radios from being able to snag the encryption keys over the air.

All radios have to be keyloaded manually the first time (and if they drop their ukek)
 
wlmr

wlmr

Member
Joined
Apr 26, 2004
Messages
420
No.
KVL used to put in the ukek. The other keys don't need to be put in at this point in time.
The system uses the ukek to put the other key(s) used for encrypting voice into the radio. (Keys are sent to the radio as encrypted data.)
If the keys need to be changed, the system again uses the ukek to make the changes - including a new ukek if the plan is to replace the original one.
 
poltergeisty

poltergeisty

Truth is a force of nature
Banned
Joined
May 7, 2004
Messages
4,012
Location
RLG, Fly heading 053, intercept 315 DVV
Here's what I have learned.

UKEK Unique Key Encryption Key - The UKEK is used to encrypt keys transmitted
from the KMF to the KVL. During system initialization a Unique KEK is programmed into
each KVL and that UKEK is associated with that KVL within the KMFÕs database. Once the
system is fully initialized, each UKEK can then be used to communicate with only ONE KVL.
No other KVL will receive keys encrypted with this UKEK. The KMF uses the concept of the
UKEK to created a secure link between itself and any individual unit (KVL) under its
management.
Click to expand...

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp079.pdf
 
WayneH

WayneH

Forums Veteran
Super Moderator
Joined
Dec 16, 2000
Messages
7,521
Location
Your master site
poltergeisty said:
Here's what I have learned.
Click to expand...
That as it is can easily be taken out of context. I wouldn't be concerned with KMF to KVL transmission since as a beginner it's not important; if you manage/use a KMF then it is and you would need much better reading material. What needs to be known is that all primary subscriber communication with the KMF is going to be encrypted with the UKEK at the base layer. It's possible to do a "Clear Hello" but that's only to establish general data communication confirmation with the radio. And as long as you know what the UKEK is you can enter it in to any KVL and upload it to the radio.
 
I

immelmen

Member
Joined
Jun 13, 2007
Messages
383
grem467 said:
Without the traffic key? Yes. Without the ukek? No. The radio has to have a key loaded to decrypt the key packets. This prevents eBay radios from being able to snag the encryption keys over the air.

All radios have to be keyloaded manually the first time (and if they drop their ukek)
Click to expand...

Just to clarify, this is not completely correct with regard to some Motorola. Moto has a feature called "Generate Key Loss Key" which is enabled in the secure hardware general tab in CPS. If enabled, as soon as the radio is hit with a KEK from a KVL, it encrypts the KEK with itself and permanently stores it in nonvolatile memory. This double encrypted key is NOT erasable from the subscriber unit even if all keys are completely zeroed out or via tampering. Instead it is used to OTAR the KEK that is then in-turn able to OTAR the TEKs...basically you can take a radio that has been zeroed (including deleting the KEK) and successfully OTAR with a validated GKLK re-key request(IF the GKLK feature was enabled in CPS.)

...so, if someone got an ebay/second hand radio from a known source and had knowledge of the KMF profile in question, even if the radio had been zeroed but that feature was in play, a competent user could snag keys out of the air. That is a lot of "ifs" but I have personally seen a radio sold on the second hand market that got to the buyer with the codeplug fully programed from the last user and three hardware traffic keys STILL LOADED in the radio, so stranger things have happened.

[tested to work on Astro25 subscriber]
 
Last edited:
Status
Not open for further replies.

Similar threads

K
Strange T.G situation on TXWARN
Replies
2
Views
183
kmartin
K
D
Jax Beach Scanning
Replies
3
Views
234
davet188
D
jcefd10
NX5200 DMR question
Replies
8
Views
786
otobmark
O
JimD56
Sentinel: NXDN NOT in Sentinel, How to Program?
Replies
8
Views
353
Hit_Factor
Hit_Factor
D
L3Harris P25 Phase 2 Call - Source Address Anomaly
Replies
3
Views
410
lwvmobile
lwvmobile
Top