• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

Aor Ard25

Status
Not open for further replies.
kd7rto

kd7rto

Member
Joined
Dec 19, 2002
Messages
475
Location
Bountiful, Ut
My ARD25 was inop out of the box, but after a trip to the AOR repair facility, it's working
great. Now that I have a working system, and have spend some time getting familiar with it, I would like to ask those with experience with this unit what you have been able to make of the data it outputs to the serial port:

MI 000000000000000000
AG 80
KY 0000
TG FFFF
SI FF1F60
DI ******

MI 80DAFE722E0FBB3C9E
AG A1
KY 1111
TG FFFF
SI FFDAF0
DI ******

MI, followed by all zeros, seems to indicate in the clear. A series of hex characters, which
never seems to be the same, even if it is from the same unit, appears on encrypted calls.

On the two trunked systems I monitored, AG, KY, and TG were consistently the same, and SI agreed with the talk group, as decoded by trunker in hex.

Are either AG or KY the NAC?

I also monitored one conventional freq, and found 100% of the calls were encrypted. Here, none of the parameters were consistently the same.

I would appreciate any help you can offer in making more sense of this.
 
KC1UA

KC1UA

Scan New England Janitor/Maintenance
Database Admin
Joined
Oct 27, 2002
Messages
2,106
Location
Marstons Mills, Cape Cod, Massachusetts
SI appeared to me to be the ID of the unique radio or console when receiving conventional P25 from New Hampshire. This is what my data looked like for Hampton NH Police:

MI 000000000000000000
AG 80
KY 0000
TG 0001
SI 00033E
DI ******
cmd>

MI 000000000000000000
AG 80
KY 0000
TG 0001
SI 0CAC2E
DI ******
cmd>

MI 000000000000000000
AG 80
KY 0000
TG 0001
SI 00033E
DI ******
cmd>

MI 000000000000000000
AG 80
KY 0000
TG 0001
SI 0CAC2E
DI ******
cmd>

MI 000000000000000000
AG 80
KY 0000
TG 0001
SI 00033E
DI ******
cmd>

MI 01D026032000000000
AG 0C
KY 0000
TG 0001
SI 0CAB68
DI ******
cmd>

Another person (RFMobile) reported that MI, AG and KY were related to encryption. We had a brief discussion of this data in this thread:

http://www.radioreference.com/forums/showthread.php?t=40353&page=4

As an aside, have you noticed any difference in the ARD25's decoding quality when you remove the serial connection from the back of it? I find the decoding quality to be much better with the serial connection plugged in. I'm not sure why.
 
kd7rto

kd7rto

Member
Joined
Dec 19, 2002
Messages
475
Location
Bountiful, Ut
Scott,

I would agree with RFMobile that MI, AG and KY are related to encryption. I observed these two units in a QSO on a trunked system, one coded, and the other in the clear:

MI 000000000000000000
AG 80
KY 0000
TG FFFF
SI FFDAF0
DI ******
cmd>

MI F8670070299DFB99B0
AG A1
KY 1111
TG FFFF
SI FFDAF0
DI ******

It looks like none of these are the NAC. Fortunately, RFMobile wrote and posted a NAC decoder. It should come in very handy in determining users. If the same NAC is seen on two or more frequencies, it's a reasonable conclusion that it is the same agency.

I'm also impressed that the ARD mutes when it determines a call is encrypted. This reduces the time unintelligable noise is recorded on a .wav file to an acceptable minimum. I'm finding the one unit coded, one in the clear, scenario to be quite common. I'm not sure whether it is programmer or operator error, but I'm just glad of it.

Finally, I have not noticed a difference on sound quality whether or not the serial port is plugged in. Then again, sound quality on the ARD's tiny built in speaker is pretty bad to begin with. I will certainly be adding an external speaker.
 
Last edited:
KC1UA

KC1UA

Scan New England Janitor/Maintenance
Database Admin
Joined
Oct 27, 2002
Messages
2,106
Location
Marstons Mills, Cape Cod, Massachusetts
I need to play around with the data a bit more and see if I can discover a pattern. I also have some military P25 in the area which may be interesting also.

I agree, the audio from the ARD25's built in speaker is horrendous. I've been using an external speaker from the word go, and it sounds pretty good. If anything it's a tad on the "tinny" side. I don't pass analog audio from the R8500 through it. If I come across a P25 signal the 8500's volume goes down and the ARD25's goes up. I also opened the box and found a jumper that when moved blocks any analog audio from passing through. This as you're aware can also be done via software.

Another thing I've noticed is that I can't turn up its volume past about 8:30 without getting blown out of the room. Very short throw of effective volume range, at least on this one. It's a very neat (if not a little pricey) device. Who knows what the future might hold for it.
 
M

MattSR

Member
Joined
Jul 26, 2002
Messages
407
Location
Sydney, Australia
OK

MI F8670070299DFB99B0
AG A1
KY 1111
TG FFFF
SI FFDAF0
DI ******

MI is Message indicator - its analagous to the Initialtisation vector, which is a number that is used in stream cryptography to generate a stream. Of course this means its only used with encryption

AG Is the algorithm type - signifies, clear, DES-OFB, AES, etc etc

KY is the Key ID - used to determine which encryption key is currently in use. its similar to the LID on old securenet systems

I suspect TG is talkgroup and SI is the unit ID. no idea what DI is.

Cheers,
Matt

PS - this unit looks interestng! I really want one now...
 
kd7rto

kd7rto

Member
Joined
Dec 19, 2002
Messages
475
Location
Bountiful, Ut
Great information, Matt.

SI works differently on trunked vs. conventional. On a trunked system, it is the talkgroup in hex, while on conventional, it is a unique ANI for each radio.
 
M

MattSR

Member
Joined
Jul 26, 2002
Messages
407
Location
Sydney, Australia
No problems, thought I might add that the MI changes every 360ms (length if P25 superframe).

Interesting that the SI is dual use.

I also discovered a while back that the NAC used for digital TG's trunked systems is calculated from the last two hex digits of the SysID and the connect tone value.

Cheers,
Matt
 
kd7rto

kd7rto

Member
Joined
Dec 19, 2002
Messages
475
Location
Bountiful, Ut
I've found that system 6227 has a NAC of 275 and a connect tone of 116.13, and 3D38 has a NAC of 383 and a connect tone of 90.0. The first two digits of the NAC are indeed the last two digits of the sys id. The last digit, however, does not match what I know of Motorola connect tones. This is the chart, as I am aware of it:

0 105.88
1 116.13
2 128.57
3 138.46
4 76.6
5 83.72
6 90.0
7 97.3
 
M

MattSR

Member
Joined
Jul 26, 2002
Messages
407
Location
Sydney, Australia
That list is not correct - heres what I have:

0 - 105.88
1 - 76.60
2 - 83.72
3 - 90.00
4 - 97.30
5 - 116.13
6 - 128.57
7 - 138.46
 
S

SCPD

QRT
Joined
Feb 24, 2001
Messages
0
Location
Virginia
n6orz said:
SI works differently on trunked vs. conventional. On a trunked system, it is the talkgroup in hex, while on conventional, it is a unique ANI for each radio.
Click to expand...
Actually SI is the same for trunked AND conventional. SI is the subscriber ID or ANI as you say. Notice in the examples above the TG is FFFF which is the all-talkgroup so any radio tuned to the channel will hear. The NAC is really for channel access to prevent breakthrough.

-rick
 
Status
Not open for further replies.

Similar threads

N9JIG
Scanner Tales: Floored in the Comm Center
Replies
19
Views
2K
JDKelley
JDKelley
N9JIG
Scanner Tales: Why am I doing this?
2
Replies
20
Views
2K
IC-R20
IC-R20
N9JIG
Scanner Tales: The Big Icoms (and an AOR and Kenwood or two)
Replies
12
Views
2K
pb_lonny
pb_lonny
N9JIG
Scanner Tales: Chasing Trunking Systems
Replies
5
Views
2K
K9JDN
K9JDN
TJX400
Caroline County Fire & Rescue Changes
Replies
11
Views
2K
N4VKF
N4VKF
Top