OP25 Add RC4 (ADP) decryption

[reformedMhacker]

So, to everyone that has contributed to this, THANK YOU! I have tested the fdma receive with rc4 and it works flawlessly - you just have to have all the correct arguments in place. Now, does anyone know how to get the keystream to decode in tdma? I'm fortunate enough to have legitimate access to a couple of keys from local systems running a mix of fdma and tdma... when there is a p1 request and grant, the traffic decodes perfectly, but on a p2 talkgroup or hybrid talkgroup (p2 assignment based on current system load) the keystream of course isn't applied to the frame packets as the code was applied to p25p1_fdma.cc and not to p25p2_tdma.cc. I'm going to attempt to look at the code mods used for fdma and see if I can re-write it for tdma, but coding definitely isn't my forte, and I'm sure some of you could code it before I could even begin to know where to insert said code.

 

[boatbod]

So, to everyone that has contributed to this, THANK YOU! I have tested the fdma receive with rc4 and it works flawlessly - you just have to have all the correct arguments in place. Now, does anyone know how to get the keystream to decode in tdma? I'm fortunate enough to have legitimate access to a couple of keys from local systems running a mix of fdma and tdma... when there is a p1 request and grant, the traffic decodes perfectly, but on a p2 talkgroup or hybrid talkgroup (p2 assignment based on current system load) the keystream of course isn't applied to the frame packets as the code was applied to p25p1_fdma.cc and not to p25p2_tdma.cc. I'm going to attempt to look at the code mods used for fdma and see if I can re-write it for tdma, but coding definitely isn't my forte, and I'm sure some of you could code it before I could even begin to know where to insert said code.

It'd really help if you could grab some raw symbol captures of RC4 encrypted phase 2 traffic (crypt_behavior=0) so that I can use them to implement the decoder for tdma.

 

[reformedMhacker]

It'd really help if you could grab some raw symbol captures of RC4 encrypted phase 2 traffic (crypt_behavior=0) so that I can use them to implement the decoder for tdma.

I’ll try to get those in the next 24 hrs.

 

[reformedMhacker]

It'd really help if you could grab some raw symbol captures of RC4 encrypted phase 2 traffic (crypt_behavior=0) so that I can use them to implement the decoder for tdma.

Boatbod, what file extension do you need me to save the raw files as?

 

[wgbecks]

reformedMhacker,

Typically .bin is the preferred file extension. Example: ./rx.py --raw-symbols "filename.bin" . . . .

Bill

 

[jcardani]

If anybody wanted to give this snippet a test, this should be the general gist of loading different keys values from a known value key array. May need some tweaking if any build errors occur.

//copy and paste this into p25p1_fdma.cc at line 768
//assign zeroes to all potential keyid values so we don't have a segfault
uint64_t key_array[0xFFFF] = {0};
//example known key value. purely fictional.
//key id and value in hex
key_array[0x1337] = 0x58AB912F9D;
//key id in decimal, value in hex
key_array[69] = 0x6969696969;
//add your own keys

//load keys from the key_array based on the value of ess_keyid
adp_key[0] = (key_array[ess_keyid] & 0xFF00000000) >> 32;
adp_key[1] = (key_array[ess_keyid] & 0xFF000000) >> 24;
adp_key[2] = (key_array[ess_keyid] & 0xFF0000) >> 16;
adp_key[3] = (key_array[ess_keyid] & 0xFF00) >> 8;
adp_key[4] = (key_array[ess_keyid] & 0xFF) >> 0;

First I wanted to say thank you all for starting development on this feature!

I would imagine that eventually the KID and Key values could be stored in a Key Management file (for example keys.TSV) and read at OP25 startup.

Also there is a possibility of more than one key value for the same KID. For example County A and County B which are fairly close to each other use the same KID but with different Key values. Maybe add System ID in the file above to fix that issue?

In addition, adding DES-OFB support would also be nice. Code would be needed to create a key stream for DES, similar to how the ADP code creates the key stream, but of course the logic would be very different. I can provide raw Phase 1 IMBE frames for this if needed. I don't have any Phase 2 systems near me, unfortunately.

 

[hrh17]

Boatbod, what file extension do you need me to save the raw files as?

Any chance you could also do some raw wav recordings in dsdplus of TDMA Arc4 encryption.

 

[lwvmobile]

First I wanted to say thank you all for starting development on this feature!

Don't get the wrong idea. I haven't started developing features or anything. I just wrote a small portion of code as an example of how a user might modify the current code to include more keys. Ideally, loading keys from a file would be better, but that's A LOT more code than the few lines I whipped up and spat out. Actually, I already had that code in a project, I just quickly referenced it and adapted it for that snippet.

Also there is a possibility of more than one key value for the same KID. For example County A and County B which are fairly close to each other use the same KID but with different Key values. Maybe add System ID in the file above to fix that issue?

That is a possible scenario as well, I suppose one could add an extra dimension to the array, and have it swap in key values by NAC by KeyID. It would require altering the example I wrote to be something like.

key_array[0x123][0x1337] = 0x58AB912F9D;

adp_key[0] = (key_array[d_nac][ess_keyid] & 0xFF00000000) >> 32;

Again, the code was just a gist more than anything, one thing I hadn't considered until now was whether or not the variables ess_keyid and d_nac are even available to the function they are supposed to be copied into. I still haven't even tested building with that copied in.

In addition, adding DES-OFB support would also be nice.

That's the way it usually goes when you add one feature, then suddenly there are a ton of adjacent features of similar functionality requested. Again, I'd just like to remind everybody that I'm not developing these features, I'm just encouraging others to look at the source code and tinker. That's how I learned how to code. I wanted to add a feature to something, and I looked at the code, and I tinkered, I changed something small, then I made a ton of mistakes, then I figured something out, then I kept going and I haven't looked back yet.

 

[thewraith2008]

That's the way it usually goes when you add one feature, then suddenly there are a ton of adjacent features of similar functionality requested. Again, I'd just like to remind everybody that I'm not developing these features, I'm just encouraging others to look at the source code and tinker. That's how I learned how to code. I wanted to add a feature to something, and I looked at the code, and I tinkered, I changed something small, then I made a ton of mistakes, then I figured something out, then I kept going and I haven't looked back yet.

To be expected when you open that particular can of worms.
I can just imagine yours and the OPs PMs running hot the last few days.

 

[lwvmobile]

I can just imagine yours and the OPs PMs running hot the last few days.

Surprising, that's not the case currently. Boatbod, on the other hand, I can imagine his PMs stay flooded on a constant basis. I normally just get the random PM about whether or not FME does or will support decryption. I don't even have to open the can of worms for those to come along.

 

[jcardani]

Guys I am just throwing out ideas for future development and not opening up a can of worms. I am not part of the development team for Boatbod's fork of OP25 so I don't want to step on any toes if I contributed C code samples here. And I thanked the group for the renewed interest in adding these features, not any specific person.

Just so you guys know I wrote patches to the original OP25 to display voice frames for Phase 1 and 2 5+ years ago as well as add DMR voice frame display to DSD 1.7 back then also.

 

[reformedMhacker]

It'd really help if you could grab some raw symbol captures of RC4 encrypted phase 2 traffic (crypt_behavior=0) so that I can use them to implement the decoder for tdma.

boatbod, PM has been sent with the link and other data / notes you need.

 

[U2flyer]

Hello, the development on this project has been amazing! As jcardani stated earlier it would be amazing not only to have the ability to have multiple keys but also a way to change the key IDs or have duplicate IDs and just match off the system ID. There are multiple systems in my local area that myself and co workers monitor however we have to have an array of Unication's and Moto's to complete this task due to the poor planning and interopability of the systems using the same KID. I wish I could help however I have no appitude to code but I will thank everyone involved to make this happen for ADP as it is a widely used and often forgotten algo. I am sure AES is next.

 

[boatbod]

Well we're moving forward in small steps
As of now, the "dev" branch of boatbod op25 can configure multiple keyid/algid/key combinations and successfully use them with FDMA (phase 1) ADP encrypted traffic. There's a bug/something not right with the TDMA decrypt alg because as-yet I've not been successful in playing back phase 2 encrypted traffic.

Needless to say some things aren't pretty, and if op25 misses the HDU (as is common due to tuning latency) the first frame will sound garbled because it won't know that encryption is in use until the next frame arrives with ESS info. At some point I also need to address auto-rolling of the MI parameter, but for now we're just using the one received over the air.

Conceptually adding DES and AES support should now be relatively straight forward since the hooks now exist. Look in p25_crypt_algs.cc for the meat of the block decrypt routine.

 

[boatbod]

Thanks to @lwvmobile TDMA ADP support is up and running in the boatbod "dev" branch.
Look in the 'apps' directory for p25_rtl_example.json to see how to set up crypt_keys file to hold your decryption keys. It's basically json format with the ability to utilize hexadecimal. If you bork the formatting it'll probably cause the app to exit when it tries to read the file. Example keys file can be found in example_keys.json

Conceptually, adding DES and AES support should be relatively simple if someone would like to offer algos for keystream generation and decoding. They would integrate in to the p25_crypt_algs class.

 

[lwvmobile]

Thanks to @lwvmobile TDMA ADP support is up and running in the boatbod "dev" branch.

Don't thank me, thank The Florida Man

 

[boatbod]

ADP/RC4 decrypt support has been back-ported to rx.py. You can specify the keys.json file on the rx.py command line using "-k" or "--crypt-keys". Note that encrypted transmissions with no key defined will always be silenced (but not skipped). You can still use the --crypt-behavior=2 option to skip all encrypted traffic.

Dev branch has been promoted to Master. Once you've performed a 'git pull' you'll need to do a full-rebuild due to interface changes.

 

[Plutonium94]

Hi everyone! I've just read this thread. I'm very proud of all the work you've done in these monts, it's amazing! On the other hand, I don't know if it's a good idea to say this, but I want you to know that it's VERY POSSIBLE to crack ADP. I'm not going to give any information about this but you just have to do some research and that's all!

 

[Forts]

Gotta love the "I know something you don't know" posts.

 

[thewraith2008]

Sorry, this seems apt:

Why, Mr. Anderson?, Why, why?.
Why do you do it? Why, why get up?.
Why keep fighting?.
Do you believe you're fighting...for something?.
For more than your survival?.
Can you tell me what it is?.
Do you even know?; Is it freedom?, Or truth?.
Perhaps peace?. Could it be for love (of encryption)?
Illusions, Mr. Anderson.
Vagaries of perception.
Temporary constructs of a feeble human intellect trying desperately to justify an existence that is without meaning or purpose.
And all of them as artificial as the Matrix itself, although... only a human mind could invent something as insipid as love (of encryption).
You must be able to see it, Mr. Anderson.
You must know it by now, You can't win.
It's pointless to keep fighting.
Why, Mr. Anderson?.
Why?, Why do you persist?.