• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

Anytone Anytone 878 RC4 and AES

Astrak

Member
Joined
Feb 17, 2005
Messages
1,599
Location
Mesa, AZ
Is there a way to switch between RC4 and AES without going into the CPS and reprogramming the radio?
 

TassieJay

Member
Joined
Apr 12, 2012
Messages
71
Location
Australia
Wait... the 878 has RC4? I knew the 878's implementation of AES is compatible with other DMRA standard radios... but the 878's 'regular' encryption is RC4???
 

Astrak

Member
Joined
Feb 17, 2005
Messages
1,599
Location
Mesa, AZ
V1.16 supports AES and whatever they use on the 868 and Btech radio. The option to use AES or the other version of encryption is in the CPS. In the firmware release notes it reads as though this is selectable on the radio and only requires a reboot of the radio, but in reality it needs to be changed in CPS and reprogrammed.
 

morton1566

Member
Joined
Apr 26, 2017
Messages
16
V1.14 and V1.15 do not have RC4
Don't mind me asking, but does that mean from 1.16 onwards if I use "regular" (ie. "common") encryption there will still be a privacy indicator sent, but the encryption will be DMRA 40-bit RC4 instead of DMRA AES?
 

morton1566

Member
Joined
Apr 26, 2017
Messages
16
Also, noticed something interesting. Try enabling AES on the Anytone radio, and analyse the full Tx traffic in DSD+ (use the -v4 option). Message ID (MI) seems to be a constant "12345678" no matter what key or channel settings, which if I read this correctly means the IV is constant. Yes, DMR's MI is a measly 32 bits of IV, but keeping it constant for all transmissions seems like a possible issue (known plaintext attacks?).

Do correct me if I am mistaken.
 

devtty

Newbie
Joined
Jan 31, 2018
Messages
4
Location
Earth
Also, noticed something interesting. Try enabling AES on the Anytone radio, and analyse the full Tx traffic in DSD+ (use the -v4 option). Message ID (MI) seems to be a constant "12345678" no matter what key or channel settings, which if I read this correctly means the IV is constant. Yes, DMR's MI is a measly 32 bits of IV, but keeping it constant for all transmissions seems like a possible issue (known plaintext attacks?).

Do correct me if I am mistaken.
Do you able to send some raw records to look? thank you.
I will watch difference between them.
 

KE5MC

Member
Premium Subscriber
Joined
Dec 19, 2002
Messages
993
Location
Lewisville, TX
Also, noticed something interesting. Try enabling AES on the Anytone radio, and analyse the full Tx traffic in DSD+ (use the -v4 option). Message ID (MI) seems to be a constant "12345678" no matter what key or channel settings, which if I read this correctly means the IV is constant. Yes, DMR's MI is a measly 32 bits of IV, but keeping it constant for all transmissions seems like a possible issue (known plaintext attacks?).

Do correct me if I am mistaken.
No chance for correction from me...

However, Does DSD+ give you known good information for the IV? You might already know this from looking at other encrypted DMR transmissions.
Mike
 

Astrak

Member
Joined
Feb 17, 2005
Messages
1,599
Location
Mesa, AZ
The Anytone radios do not have RC4 that I'm aware of... really wish they did, it would be super handy for use with Moto and Hytera radios.
Firmware 1.16 and the CPS that goes with it gives you an option to use AES or encryption that will work with the 868 and Btech radios.
 

morton1566

Member
Joined
Apr 26, 2017
Messages
16
No chance for correction from me...

However, Does DSD+ give you known good information for the IV? You might already know this from looking at other encrypted DMR transmissions.
Mike
The version of DSD+ I'm using (the public released v1.101) doesn't display the actual IV of DMR transmissions (like, there isn't a specific field that says "IV" even if you used the -v4 setting), but I'm thinking the IV is likely the MI (since that is displayed in -v4, and based on the quoted post above and the fact that the Motorola patent for DMR encryption mentions that the IV is 32 bits which the MI also is, this is likely the IV). And since in my personal tests of the Tx of the D878UV the MI has always remained the same ("12345678")...

(By the way, if anyone else has a D878UV and an SDR, you can test this out too (so that I'll know this isn't some bug specific to my batch of D878UVs). Would be interesting to test this out on a D578 as well, since I don't have that one but I'd really like to get it.)

That said, if anyone else knows better about what makes up the IV of DMRA AES encryption I want to be corrected, because I don't want to be making a mountain out of a molehill here.
 

morton1566

Member
Joined
Apr 26, 2017
Messages
16
Do you able to send some raw records to look? thank you.
I will watch difference between them.
What sort of raw records would you like? I can send IQ recordings of transmissions using the same key I programmed (even all 0s if you'd like) and can provide the keys.
 

devtty

Newbie
Joined
Jan 31, 2018
Messages
4
Location
Earth
What sort of raw records would you like? I can send IQ recordings of transmissions using the same key I programmed (even all 0s if you'd like) and can provide the keys.
Hello, IQ records will be great, but NFM demodulated with no filters and no squelch applied will be enough. Keys not needed at all, but i am will not able to check compatibilety with others radios later, than you.
 

morton1566

Member
Joined
Apr 26, 2017
Messages
16
@devtty can't PM you, you'll need to allow people to start conversations with you (Your account > Privacy > Allow users to...Start conversations with you > set to "Members Only")

PS: anyone else wants some recordings I made, feel free to PM me.
 

devtty

Newbie
Joined
Jan 31, 2018
Messages
4
Location
Earth
@devtty can't PM you, you'll need to allow people to start conversations with you (Your account > Privacy > Allow users to...Start conversations with you > set to "Members Only")

PS: anyone else wants some recordings I made, feel free to PM me.
i am already have this option, i am was trying to send pm to you, but it failed.
 

mikewazowski

Forums Manager/Global DB Admin
Staff member
Joined
Jun 26, 2001
Messages
11,437
Location
Central Ontario
i am already have this option, i am was trying to send pm to you, but it failed.
 

morton1566

Member
Joined
Apr 26, 2017
Messages
16
Darn I forgot about this. Change of plans...

@devtty and anyone else, try this instead. Encryption key for all 3 transmissions is the same and are all 6s (that is, 64 '6's), with key ID of 6.
 

devtty

Newbie
Joined
Jan 31, 2018
Messages
4
Location
Earth
Darn I forgot about this. Change of plans...

@devtty and anyone else, try this instead. Encryption key for all 3 transmissions is the same and are all 6s (that is, 64 '6's), with key ID of 6.
As i can see, the IV (MI parameter in dsd+) in all cases are the same.
It will add extra vulnerability to this implementation. Randomized IV is used to avoid using the same keystream again.
As i can hear in decoded audio the IV properly updated over transmission.
What firmware version your radio running?
 
Top