Is DSD + decoding encrypted group calls apco 25

[sammy3418]

Hi all,

I am monitoring an APCO25 system in the UK using unitrunker, DSD plus may 15 edition. In the DSD + event log, I keep seeing Enc group calls come up with Alg ID some random number then a very interesting part KeyID with some other random number and I am still able to hear the communications. I have a screen shot if anyone could be so kind as to elaborate on what it means? Is it decoding APCO25 enc calls?

Screen shot wont upload to big !

 

[RayAir]

Hi all,

I am monitoring an APCO25 system in the UK using unitrunker, DSD plus may 15 edition. In the DSD + event log, I keep seeing Enc group calls come up with Alg ID some random number then a very interesting part KeyID with some other random number and I am still able to hear the communications. I have a screen shot if anyone could be so kind as to elaborate on what it means? Is it decoding APCO25 enc calls?

Screen shot wont upload to big !

No. It doesn't decode encryption. It will normally say Alg ID= and then Key - 01 or whatever key number is assigned.

It's not they actual enc key.

 

[sammy3418]

ok thanks

Sent from my GT-I9300 using Tapatalk

 

[RayAir]

Check your signal strength and make sure you're right on frequency.

I kept getting Enc Group Call OVCM alg ID=00 for some DMR frequency even though I could hear the comms. I adjusted my scanner frequency slightly and DSD+ dropped the Enc italic event log notations.

Caught some Enhanced Privacy being used on a Cap+ last night and the Border Patrol was out doing something. They were running encrypted. DSD+ indicated AES.

Show a screenshot or what are you getting for an alg ID?

I'm guessing it's a low signal issue.

 

[Boatanchor]

Would be the holy grail if true

 

[mancow]

But why is he hearing the comms? Maybe retaining and displaying old key info from prior encrypted traffic?

 

[Boatanchor]

Hmmm, exacery. The plot thickens

 

[Ghstwolf62]

Would be the holy grail if true

+10

 

[SCPD]

Is it possible the digital signal sends out a data packet maybe including Data saying I have aes capability? Like the others said if that were true it he the holy grail lol. I'm thinking they probably run clear dmr and if need be switch on aes. The digital data packet probably has a coding in it saying hey I have aes capability on dmr. I'd imagine what it is. As for key I'd it is just assigning a name for that key and not decoding a key. Morley assigning a number. I'd assume not sure the dsd is decoding the digital packet that says hey I got key 1 loaded and I have aes on here to other radios in the system. That or dsd just assigns a number to a garbled secure com saying secure or key and it's key 1 or 0.

 

[sammy3418]

Clip

Hi guys,

I have been doing little videos of the APCO25 running on my tablet using DSD + With Unitrunker. The screen shots are too big to upload so here is a link to one of my videos https://www.youtube.com/watch?v=s7g1k2cmHs0

If you go to exactly 2:25 and pause this is the sort of stuff I am getting regarding enc traffic. I am using the May 15 version of DSD+ I have done a few clips so feel free to browse through them and see the other DSD + event logs.. I have seen AES pop up now and again.

 

[RayAir]

Decoding AES in real time on a home PC, you must have a fast computer, lol.

I'm using the same version as you and when I pick up ATF and Border Patrol and they're running AES, it sounds all R2DU and I get the AES indicator and DSD auto mutes. Sometimes they run in the clear though.

Metro Airport is real paranoid and every TG there is AES encrypted too.

Would be nice to auto decode TRBO Basic Privacy and NXDN 15 bit scrambling.

I'll watch your video when I get home.

 

[Ghstwolf62]

Another thing but I don't know if this could be it is that DSDPlus shows key and alg ids when -v4 I think is used even on clear channels.

I read somewhere its something like "80" for the ID on clear transmissions under AES. I don't know if this could be what you're seeing though. It looks like an encrypted call but its not and comes through decoded.

 

[sammy3418]

Another thing but I don't know if this could be it is that DSDPlus shows key and alg ids when -v4 I think is used even on clear channels.

I read somewhere its something like "80" for the ID on clear transmissions under AES. I don't know if this could be what you're seeing though. It looks like an encrypted call but its not and comes through decoded.

Could be buggy software

 

[DSDPlus]

If you go to exactly 2:25 and pause this is the sort of stuff I am getting regarding enc traffic. I am using the May 15 version of DSD+ I have done a few clips so feel free to browse through them and see the other DSD + event logs.. I have seen AES pop up now and again.

It is just a brief bad decode. All of the traffic is clear voice.

 

[RayAir]

I've noticed sometimes on Capacity Plus systems that run VS, DSD indicates an alg ID of BP and EP. A few calls will show BP, then the next one or two will show EP. Same talk group.

From the sound of it I'm guessing they're using EP, because with BP you can hear a more syllabic speach pattern.

Is this a possible bug? Signal strength of this system is S2-S3.

 

[slicerwizard]

If DSD+ displays "EP", it saw a PI header frame, and the call is encrypted with 40 bit EP or better.

If DSD+ displays "BP", it saw the enc bit set in a voice header frame, but no PI header frame was seen. Either the call is using 8 bit BP or the PI header frame was lost due to poor signal quality.

 

[RayAir]

If DSD+ displays "EP", it saw a PI header frame, and the call is encrypted with 40 bit EP or better.

If DSD+ displays "BP", it saw the enc bit set in a voice header frame, but no PI header frame was seen. Either the call is using 8 bit BP or the PI header frame was lost due to poor signal quality.

So what are these CS700 radios using for voice privacy, because when I tested mine DSD+ wouldn't make any sound at all? Are they just throwing off the voice frames so they aren't recognized?

With Moto BP and EP you get the scrambled sounding voice, CS700 you get nothing.

 

[RayAir]

If DSD+ displays "EP", it saw a PI header frame, and the call is encrypted with 40 bit EP or better.

If DSD+ displays "BP", it saw the enc bit set in a voice header frame, but no PI header frame was seen. Either the call is using 8 bit BP or the PI header frame was lost due to poor signal quality.

What do you make of this Slicer,

454.4625MHz, Receiving 30 minutes south of Grand Rapids,MI. DMR Conv Rpt CH., DCC: 12
Very heavy traffic. Strong signal.

All calls begin:

Enc Bcast Group Call; TG= 16777215 RID=100 Slot=2 Alg=EP KeyID=1

All replies are:

Enc Private Call; Tgt-100 Src=1 (also seen Src=4,6,11,and 23 and 24) Slot= 2 Alg=EP KeyID=1

Did a license search and it comes back to a frequency used for paging.

 

[slicerwizard]

So what are these CS700 radios using for voice privacy, because when I tested mine DSD+ wouldn't make any sound at all? Are they just throwing off the voice frames so they aren't recognized?

With Moto BP and EP you get the scrambled sounding voice, CS700 you get nothing.

You need to look at what DSD+ is telling you. When you hit it with a TDMA transmission from your DMR radio, DSD+ isn't decoding anything due to poor syncing. You can probably clean it up by locking the baud rate and protocol with the -fr command line switch.

What do you make of this Slicer,

454.4625MHz, Receiving 30 minutes south of Grand Rapids,MI. DMR Conv Rpt CH., DCC: 12
Very heavy traffic. Strong signal.

All calls begin:

Enc Bcast Group Call; TG= 16777215 RID=100 Slot=2 Alg=EP KeyID=1

All replies are:

Enc Private Call; Tgt-100 Src=1 (also seen Src=4,6,11,and 23 and 24) Slot= 2 Alg=EP KeyID=1

Did a license search and it comes back to a frequency used for paging.

Typical taxi company setup. Dispatcher (RID 100) broadcasts to all drivers, drivers reply only to the dispatcher. You should upload a raw audio recording.

 

[RayAir]

I'll record some tonight.