Is Legal Decryption with Key using SDR possible?

radiointhesky · Sep 4, 2015

The agency that owns Motorola digital radios (encrypted) wants to use SDR for cheap monitoring. Obviously, they have the key and full radio configs.

Is it easy to setup the SDR software to decrypt the signal with all of this known information?

blaze · Sep 5, 2015

radiointhesky said:
The agency that owns Motorola digital radios (encrypted) wants to use SDR for cheap monitoring. Obviously, they have the key and full radio configs.

Is it easy to setup the SDR software to decrypt the signal with all of this known information?

Are we talking about P25 here?

In theory, it's easy enough. I've personally done it on a gnuradio-based platform using the open P25 software.

In practice, though, it's not likely you'll get satisfactory results. The basic problem is not the crypto, but the P25 vocoder, which really does not decode audio well in real time on a general purpose computer (which is where the audio decoding happens on most SDR setups, unless you want to write code to burn into the FPGA, which is not a trivial exercise).

The effect is that the setup will be quite unreliable at worst, or require a high-end computer at best.

A cheap ebay special XTS/XTL radio with a crypto module is likely to be both cheaper and more satisfactory overall for production use.

radiointhesky · Sep 5, 2015

Thank you for that information.

I don't actually care about the audio at all. I just want the ID number of the currently rx'ing unit. I know it all comes together though.

One of the main reason for using SDR was to get the ID number of the rx so we can see exactly who is currently sending on the radios out in the field at any time.

I want to get that ID number into a computer somehow (it doesn't matter how, just some interface to get the ID text into a computer).

I have found no way to interface with the mobile radio (APX I believe) without using an extremely expensive Motorola dispatch type of console, $15K+.

That is extreme overkill for just getting text ID numbers into a computer, as we don't need all the other capability of a console.

So, my initial thought was to use SDR to get that ID data into a computer and bypass the APX altogether.

If that isn't a viable solution, do you know a cheap way to interface to an APX or XTS/XTL or anything that would get the ID numbers into a computer?

I don't care if it is serial or USB or RS422 or whatever. Once there is a method to get the currently rx'ing ID number into a computer, I don't care about the audio.

radiomanNJ1 · Sep 5, 2015

A cheap radio?
1. Do you know what type of encryption? There are several flavors.
2. Where would you get the code(s)? Normally kept very secure.
3. If it is hardware encryption who will load your key(s).

You would still be in violation of Federal law relating to encryption.

To the gentleman who implied he breaks encryption regularly, What are you really trying to say?
Voice Inversion ok, ADP, DES DES XL AES 256????

blaze · Sep 5, 2015

radiomanNJ1 said:
A cheap radio?
1. Do you know what type of encryption? There are several flavors.
2. Where would you get the code(s)? Normally kept very secure.
3. If it is hardware encryption who will load your key(s).

You would still be in violation of Federal law relating to encryption.

To the gentleman who implied he breaks encryption regularly, What are you really trying to say?
Voice Inversion ok, ADP, DES DES XL AES 256????

The original poster clearly said he has the key material. I assumed so in my response.

Certainly in my experiments with this, I had the key.

There are no "Federal laws relating to encryption" violated if you're the owner of the system you're monitoring and have the key material.

ElroyJetson · Sep 5, 2015

It is legal to decrypt if you are authorized by the encrypting agency to decrypt their transmissions.

That is the sum and total of it. You're either properly authorized, or you're not. If you are properly authorized, they'll provide you with the key. They may provide you with a suitably encrypted radio for your listening, or they may give you the key (which you will not be allowed to disseminate to others, be sure of that!) and allow you to find your own listening solution.

It is illegal to decrypt transmissions which you are not authorized to receive. Period.

blaze · Sep 5, 2015

I love it when the self-appointed radio police swoop in here to scold you about the illegality of doing something you didn't actually ask about.

radiomanNJ1 · Sep 5, 2015

ElroyJetson said:
It is legal to decrypt if you are authorized by the encrypting agency to decrypt their transmissions.

That is the sum and total of it. You're either properly authorized, or you're not. If you are properly authorized, they'll provide you with the key. They may provide you with a suitably encrypted radio for your listening, or they may give you the key (which you will not be allowed to disseminate to others, be sure of that!) and allow you to find your own listening solution.

It is illegal to decrypt transmissions which you are not authorized to receive. Period.

Thank you Elroy. I still wonder how they plan on doing this on a hardware encryption radio.
Perhaps its just voice inversion and nothing more. I notice these folks did not say.
Of course I wonder why they would want monitor their own system using SDR and not an actual radio. Maybe it's just me. We lost Bergen Co. Police (no more) Sheriff to AES when they put up their P25 system.

gtaman · Sep 5, 2015

Typical RR. Never can get the answer wanted. Always turns into a courtroom.

buddrousa · Sep 5, 2015

Nothing wrong with being fore warned but a simple answer yes if you are the key holder but not practical would have been the better answer.

tonypl056 · Sep 5, 2015

My theory is, if you have the ""ABILITY" to do it then do it, but keep it to yourself.
keep your mouth shut, simple, bragging about it is surely is a good way to get into trouble you really do not want. "be sure brain is engaged before putting mouth into gear"

and that's where i am leaving that.

Tony

blaze · Sep 5, 2015

radiomanNJ1 said:
Thank you Elroy. I still wonder how they plan on doing this on a hardware encryption radio.
Perhaps its just voice inversion and nothing more. I notice these folks did not say.
Of course I wonder why they would want monitor their own system using SDR and not an actual radio. Maybe it's just me. We lost Bergen Co. Police (no more) Sheriff to AES when they put up their P25 system.

The original poster said digital. Voice inversion is an analog technology.

I'm not sure what you mean by "hardware encryption radio". The (ADP, DES, AES) algorithms are simply algorithms that operate on the digitally-encoded voice data; they can be implemented in software on a general purpose computer (as in a typical SDR platform) or in special-purpose hardware.

AES and DES keys for Motorola (and most other) P25 radios are managed by keyloader hardware that connect to the radio. Keyloaders won't display the numeric key value. However, unless the FIPS option is enabled, you can extract keys from a keyloader simply by connecting it to a bit of purpose-built hardware that receives (and decodes) keys as if it were a radio. (I'm not aware of any commercial products that do this, but it's not hard to build one). And keys are initially entered into the keyloaders by hand, by typing them in the keypad. If the keys were written down before they were entered, you'd have them that way, and wouldn't need to use a keyloader at all for your SDR-based decoding.

ADP keys can be managed by keyloaders or by the programming software, where you just type them in.

By the way, both ADP and DES keys are too short to be "secure" in any meaningful sense. They are vulnerable to exhaustive search by an adversary with even relatively modest resources. It doesn't make sense for any user today to go to the expense and trouble of deploying crypto without using AES. That said, there are a lot of ADP and legacy DES systems out there. But breaking keys to monitor systems you don't have legitimate access to *is* illegal, as has been pointed out.

My comments assumed (as the original poster clearly said) that he had legitimate access to the key material. I'm not sure why this is unclear.

blaze · Sep 5, 2015

buddrousa said:
Nothing wrong with being fore warned but a simple answer yes if you are the key holder but not practical would have been the better answer.

Why? I prefer to know more stuff rather than less stuff. I think most other people here do, too.

I've written and published several papers on the security properties of P25 systems, as have others. The sky has not fallen.

tonypl056 · Sep 5, 2015

The way i see it, to each his own.

mikepdx · Sep 5, 2015

blaze said:
I love it when the self-appointed radio police swoop in here to scold you about
the illegality of doing something you didn't actually ask about.

Particularly when there's absolutely no indication
whatsoever what country the OP is in.

prcguy · Sep 5, 2015

If the OP is on a VHF system and its P25 or DES you can get a very cheap under $100 Racal/Thales handheld and the regular programming software will load the keys.
prcguy

MTS2000des · Sep 5, 2015

radiointhesky said:
Thank you for that information.

I don't actually care about the audio at all. I just want the ID number of the currently rx'ing unit. I know it all comes together though.

One of the main reason for using SDR was to get the ID number of the rx so we can see exactly who is currently sending on the radios out in the field at any time.

I want to get that ID number into a computer somehow (it doesn't matter how, just some interface to get the ID text into a computer).

ASSuming you are running an Astro 25 core of late 7.xx, why not just run the Affiliation display application on a workstation and pipe of that workstation wherever you want?

Much easier than some Rube Goldberg method. A simple conversation with your IT department and you can just funnel the output of the NM client to as many monitors as you want. If the workstation supports multiple monitors, run the Affiliation display and/or Zone watch on one and your other tools you don't want anyone else to "see" on the other monitor. (like Provisioning Manager for instance, would not want everyone in my center watching while I update radios!)

Also saves you from having to buy additional licenses for those applications.

blaze · Sep 5, 2015

radiointhesky said:
Thank you for that information.

I don't actually care about the audio at all. I just want the ID number of the currently rx'ing unit. I know it all comes together though.

One of the main reason for using SDR was to get the ID number of the rx so we can see exactly who is currently sending on the radios out in the field at any time.

I want to get that ID number into a computer somehow (it doesn't matter how, just some interface to get the ID text into a computer).

I have found no way to interface with the mobile radio (APX I believe) without using an extremely expensive Motorola dispatch type of console, $15K+.

That is extreme overkill for just getting text ID numbers into a computer, as we don't need all the other capability of a console.

So, my initial thought was to use SDR to get that ID data into a computer and bypass the APX altogether.

If that isn't a viable solution, do you know a cheap way to interface to an APX or XTS/XTL or anything that would get the ID numbers into a computer?

I don't care if it is serial or USB or RS422 or whatever. Once there is a method to get the currently rx'ing ID number into a computer, I don't care about the audio.

Ah, OK. In that case this is much simpler.

First of all, this is a conventional (non-trunking) Phase I system, right? If not, things are a bit different, but let's deal with the conventional option first.

P25 unit IDs aren't encrypted, even when encryption is used. So you don't have to worry about keys, even if the system is encrypted. (Yes, this means that outsiders can do traffic analysis, too, but that's how the P25 standard works).

A cheap SDR with a laptop or PC running Gnuradio and the Open P25 (OP25) package is likely to be entirely sufficient here, if you don't care about voice decoding. You can get the software here: OP25

Note that this is not quite "plug and play" production-grade software. It will require some hacking to make it work. But if you want a cheap, quick-and-dirty over-the-air logging system for conventional P25, it may be just the ticket.

Another option, which I use in production, is an ICOM R2500 software controlled receiver with some software to capture IDs. I actually use this (with our own software, not ready for prime time) for my P25 capture setup for logging clear vs encrypted traffic. The ICOM is a better receiver than a cheap SDR. With the default ICOM software, just put the radio in monitor mode on your channel and enable ID logging, (You can't scan multiple channels this way, so you'll need one radio and laptop per conventional channel).

If this is a trunking system, other options apply.

radiomanNJ1 · Sep 5, 2015

I love all of the guys here who are making like they are breaking AES 256. Too short?
It must be good to be so knowledgeable.

blaze said:
The original poster said digital. Voice inversion is an analog technology.

I'm not sure what you mean by "hardware encryption radio". The (ADP, DES, AES) algorithms are simply algorithms that operate on the digitally-encoded voice data; they can be implemented in software on a general purpose computer (as in a typical SDR platform) or in special-purpose hardware.

AES and DES keys for Motorola (and most other) P25 radios are managed by keyloader hardware that connect to the radio. Keyloaders won't display the numeric key value. However, unless the FIPS option is enabled, you can extract keys from a keyloader simply by connecting it to a bit of purpose-built hardware that receives (and decodes) keys as if it were a radio. (I'm not aware of any commercial products that do this, but it's not hard to build one). And keys are initially entered into the keyloaders by hand, by typing them in the keypad. If the keys were written down before they were entered, you'd have them that way, and wouldn't need to use a keyloader at all for your SDR-based decoding.

ADP keys can be managed by keyloaders or by the programming software, where you just type them in.

By the way, both ADP and DES keys are too short to be "secure" in any meaningful sense. They are vulnerable to exhaustive search by an adversary with even relatively modest resources. It doesn't make sense for any user today to go to the expense and trouble of deploying crypto without using AES. That said, there are a lot of ADP and legacy DES systems out there. But breaking keys to monitor systems you don't have legitimate access to *is* illegal, as has been pointed out.

My comments assumed (as the original poster clearly said) that he had legitimate access to the key material. I'm not sure why this is unclear.

radiointhesky · Sep 5, 2015

Thank you blaze. My responses come in very delayed because as a new user on this forum, my posts are still being moderated. So, that is great news about the IDs not being encrypted.

Is the system using trunking? I don't know. I think it is ASTRO 7.4 and P25 Phase 2 ... so I assume that means it is using trunking. I'm an IT guy and learning about radios. The only suggestion the radio system vendor will give us is the $15K solution using some official monitoring system and software. That is just too expensive and overkill, so I'm looking for solutions myself.

The radios are new versions, installed within the last 2 or 3 years.

To answer some other points that were mentioned throughout the thread here:

I am in USA. I'm not interested in breaking encryption, I'm not interested in accessing any encrypted data outside of the agency that I work for.

Is Legal Decryption with Key using SDR possible?

Member

Member

Member

Member

Member

I AM NOT YOUR TECH SUPPPORT.

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

5B2_BEE00 Czar

Member

Member

Member

Similar threads