• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

Hytera Over The Air Encrypt & Scanners

Status
Not open for further replies.
RayAir

RayAir

Member
Joined
Dec 31, 2005
Messages
1,930
This is regarding the newer feature in Hytera firmware for certain DMR models called "Over the air encrypt". It scrambles the signalling frames to prevent interception of radio ID's and talk group information and is set in CPS (32 digit hexadecimal key).

Initial testing shows Motorola radios (and others) light up like they want to receive but nothing is displayed on the screen and nothing is heard.


DSD plays the voice frames just fine, but of course no RID or TG info is displayed.

Has anyone tested (or has the ability to test) Hytera OTA encryption vs a DMR capable scanner such as certain Whistler or Uniden models to see if it affects their ability to decode transmissions?

I understand if I wanted to enable voice protection I'd just toggle AES 256 on. Just curious if the signalling frame encryption alone has any effect on a scanners ability to receive the transmission.

Remember hearing some had difficulty with RAS enabled systems and OTA Encrypt is similar, but appears more effective as it blocks more info.

Thanks!
 
teufler

teufler

Member
Joined
Dec 19, 2002
Messages
2,357
Location
ST PETERS, MISSOURI
ENCYPT is encrypt and you should not hear any audio or understandable audio. I have had some luch listeningh into encrypted traffic, taking a wide guess that the users are using the defalt setting, I have no police traffic in my area using DMR but casinos and I have heard some DMR traffic on Brandmeister. Usually last at night or early in the morning.that have been encrypted. Nostly just experimentors.
 
jonwienke

jonwienke

More Info Coming Soon!
Joined
Jul 18, 2014
Messages
13,416
Location
VA
teufler said:
ENCYPT is encrypt and you should not hear any audio or understandable audio.
Click to expand...

Not necessarily. It's the Hytera version of RAS. If the voice frames are not encrypted, then the voice content can still be decoded by a scanner, although the TG and UID and other info will not be available. Which is what is happening with DSD.

It's a pointless feature. If your transmission is sensitive enough to warrant encryption, the voice frames should be the first thing encrypted, not the last. Better yet, encrypt all frames, and then scanners get nothing but digital noise.
 
MSS-Dave

MSS-Dave

Member
Joined
Jan 20, 2010
Messages
430
Location
Generally Central Florida
"It's a pointless feature. If your transmission is sensitive enough to warrant encryption, the voice frames should be the first thing encrypted, not the last. Better yet, encrypt all frames, and then scanners get nothing but digital noise."

It's not pointless if you run the system and want to prevent a competitor from loading his radios on your stuff. This seems to be just like (operationally)
Moto's Restricted Access to System. Since there isn't a central system "key", it's another way to protect your asset you sell time on.

If you have sensitive voice traffic, ENCRYPT, ENCRYPT, ENCRYPT. AES256 is the best way to go if you can pony up the $$$ for it. At least on Hytera, I'm not sure that Moto is offering that in DMR in NA yet.

Sent from my SAMSUNG-SGH-I337 using Tapatalk
 
WQLU507

WQLU507

Member
Joined
Jan 6, 2009
Messages
40
Location
Powder Springs, GA
I was trying to figure out a use case for this feature and MSS-Dave hit it on the head...operators of systems who lease space. No point in paying for encryption licenses on rental radios for taxis, delivery services and the like, but you also don't want people piggybacking on your system.

I don't think /\/\ is willing to enable AES256 in the US for TRBO. I think it's a P25 only feature for them. Have to keep milking those gov't contracts *eye roll*
 
RayAir

RayAir

Member
Joined
Dec 31, 2005
Messages
1,930
WQLU507 said:
I was trying to figure out a use case for this feature and MSS-Dave hit it on the head...operators of systems who lease space. No point in paying for encryption licenses on rental radios for taxis, delivery services and the like, but you also don't want people piggybacking on your system.

I don't think /\/\ is willing to enable AES256 in the US for TRBO. I think it's a P25 only feature for them. Have to keep milking those gov't contracts *eye roll*
Click to expand...


You could always throw one of the free voice privacy schemes (basic or arc4) in the radios.
Since Hytera basic gives up the key in the frames and ARC4 is only shades better I opted to pay for the advanced licenses for all the radios.

Still curious if the OTA signalling encryption alone messes with DMR scanners..

This is a neat feature.
 
jonwienke

jonwienke

More Info Coming Soon!
Joined
Jul 18, 2014
Messages
13,416
Location
VA
RayAir said:
YStill curious if the OTA signalling encryption alone messes with DMR scanners.
Click to expand...

To some extent yes. A Uniden x36 can't be programmed as a trunked system, the individual frequencies have to be programmed as conventional DMR in order to receive traffic.
 
F

Fidgety9996

Member
Joined
Oct 12, 2015
Messages
107
Location
Europe
RayAir said:
Still curious if the OTA signalling encryption alone messes with DMR scanners..

This is a neat feature.
Click to expand...

I can do it for you.
That is weird that only the singalling part is encrypted. But I will have to test if you can have both at the same time (DMRA 40-bit arc4).
If someone has access to hytera with AES it would be good to know if you can use AES to encrypt the voice part and Over the Air Encrypt to encrypt the signaling.
"Over the Air Encrypt

--------------------------------------------------------------------------------

This parameter allows you to set whether to enable the Over the Air Encrypt feature. With this feature enabled, the voice, data and signaling transmitted by the radio or repeater over the air interface are encrypted by using the key or encryption algorithm. The repeater can forward and the receiving radio can decrypt the voice, data and signaling only when the key value is correct. This prevents the unauthorized radio from occupying channel resources and interrupting communication.

At present, only signaling can be encrypted and decrypted.
Click to expand...

That is from CPS v8.06.01.014
 
K

kayn1n32008

ØÆSØ
Joined
Sep 20, 2008
Messages
6,636
Location
Sector 001
jonwienke said:
It's a pointless feature. If your transmission is sensitive enough to warrant encryption, the voice frames should be the first thing encrypted, not the last. Better yet, encrypt all frames, and then scanners get nothing but digital noise.
Click to expand...

Not pointless at all.

The OTA Encrypt keeps nosy scanner listeners from mapping your radio system and knowing which radios are using what talk-groups. AES 256 keeps those same listeners from knowing who is using your system.

OTA Encrypt, as others have said, keeps cheapskates from adding radios to your rental system with out paying for those radios.
 
RayAir

RayAir

Member
Joined
Dec 31, 2005
Messages
1,930
mattimac said:
I can do it for you.
That is weird that only the singalling part is encrypted. But I will have to test if you can have both at the same time (DMRA 40-bit arc4).
If someone has access to hytera with AES it would be good to know if you can use AES to encrypt the voice part and Over the Air Encrypt to encrypt the signaling.


That is from CPS v8.06.01.014
Click to expand...


Yes, you can use signalling and voice encryption at the same time. On the current radios in use, signalling encryption is forced while voice encryption is selectable.
 
Status
Not open for further replies.

Similar threads

F
BCD436HP/BCD536HP: 'Unscannable' trunked system or just me? Shift DMR Australia
Replies
14
Views
747
Ubbe
U
K
Yaesu VX-6R vs Wouxun KG-Q10H
Replies
8
Views
536
ShawnInPaso
S
U
DMR vs P25 - Encryption standards and software vs hardware encryption
Replies
4
Views
1K
N4DES
N4DES
N
Bon Air stuff -- can anybody check on trunking?
Replies
2
Views
454
n4jri
N
DVINTHEHOUSEMAN
P25 C4FM vs CQPSK/LSM - Listening to tell the difference
Replies
1
Views
359
RoninJoliet
R
Top