Columbia County Digital TRS

[AMROCKS]

Any updates on this? Im looking at the new 996 radio that has APCO Ph II but Im still not sure if it would do any good without the encryption key. Lets say I get my hands on the "encryption key" how would you apply it? Is it different for each radio like a MAC address or ESN? or is it the same for every radio on the system? I sure would like to get something going on this!

 

[W7FDX]

It is impossible to use an encryption key in a scanner. You would have to have a legit system radio and have the keys loaded with a key loader. It is also highly illegal to try and decrypt encrypted signals.

 

[AMROCKS]

well there is nothing illegal about listening to municipal transmissions but im not sure about the encryption issue. Not sure why they are trying to hide... Anyone can request county radio transmission logs/ transcripts as they are/should be available to the public. So in this case you can read them way after they fact but you cant hear them live! There will be some way around all of this it's just a matter of time.

 

[N8IAA]

Run out and buy a subscriber radio, get the key, load everything up.
But, wait, you have to be able to affiliate to the system. That's where they will come knocking on your door, or brick the radio.
Since attempting to decrypt the signal is a federal offense. Your money not mine. Oh, if it is somehow broken, they'll just use another form of encryption. Defeated again.
Larry

 

[AMROCKS]

I'm not trying to do anything illegal, however I'm willing to push the limits a bit. It really comes down to a technology battle. Kind of like radar detectors. They will come out with something new that's hard to detected and then the next detector will have that capability. If scanner radio makers plan to stay in business then they will have to overcome this hurdle, and based on your responses I'm assuming that we aren't there yet.

 

[RRR]

"Attempting to decrypt" is not a federal offense.

 

[N8IAA]

I'm not trying to do anything illegal, however I'm willing to push the limits a bit. It really comes down to a technology battle. Kind of like radar detectors. They will come out with something new that's hard to detected and then the next detector will have that capability. If scanner radio makers plan to stay in business then they will have to overcome this hurdle, and based on your responses I'm assuming that we aren't there yet.

The scanner manufacturers, under the Communications Act of 1986, can't build scanners that can decode encryption. Though I'm sure that RRR will chime in with his half pennies worth.
The closest you will come to trying to unencrypt those signals is with SDR and one heck of a computing resource.
JMO,
Larry

 

[SCPD]

You would need a radio capable of 800mhz P25 phase II, Motorola CPS and associated hardware for programming said radio, the system key for their TRS, a system ID for your radio so it can affiliate properly, and a KVL/appropriate cable for the radio. Oh, forgot the encryption key for their system so you can load it into the key loader. Did I forget anything else? Off the top of my head I see about $6,000, minimum, to purchase all this equipment but, I may be wrong.

Let's say you have all this equipment but not the encryption key, system key, or the system ID for your radio. Getting these three VERY needed items will be impossible. Since 9/11, some States have enacted laws pertaining to illegal use of law enforcement frequencies and prosecute these crimes as acts of terrorism. If you affiliate on their system, without permission or use a pirated ID, you would be doing just that. But, if, and when, you are capable of successfully breaking their encryption, programming the radio, and affiliating on their system without getting caught, I would be VERY interested in learning how you did it. Oh, and contact the NSA for a job too... you might be able to name your price during employment negotiations.

What I'm saying is that you're going to need lot's of money, time, and technical skills to accomplish what you want to do.

BTW, do some research on U.S. laws pertaining to decrypting encrypted communications before you devote your time to it.

 

[MTS2000des]

You would need a radio capable of 800mhz P25 phase II, Motorola CPS and associated hardware for programming said radio, the system key for their TRS, a system ID for your radio so it can affiliate properly, and a KVL/appropriate cable for the radio. Oh, forgot the encryption key for their system so you can load it into the key loader. Did I forget anything else? Off the top of my head I see about $6,000, minimum, to purchase all this equipment but, I may be wrong.

and the biggest part that is left out is authorization from the system manager/administrator in wiriting to have said system keys, encryption keys, that valid UID and authorized templates...or you could just do what this guy did. Ask him how well that's working out for him.

If a system is encrypted, that is usually a big giant red sign to stay OUT.


but, do as you please. Plenty of jailhouse lawyers here to come to one's defense when it goes south...

 

[SCPD]

I was assuming he was starting from scratch and trying to do all this without permission of any sort That's why I would be VERY interested in the techniques used to obtain the syskey, encryption key, etc., without any help from the admin of the system.

 

[nbarco]

I was under the impression with P25 systems, programming can be done that does not require system affiliation. I know you can do it with Harris, is it not universal? I am speaking of receive only. This how press radios are typically programmed. I have seen it on Harris P25 not sure about others...

 

[N8IAA]

I was under the impression with P25 systems, programming can be done that does not require system affiliation. I know you can do it with Harris, is it not universal? I am speaking of receive only. This how press radios are typically programmed. I have seen it on Harris P25 not sure about others...

I'm guessing that you're talking about UNENCRYPTED TGID's. You can't get ENCRYPTED TGID's unless you affiliate with the system, and the key is loaded onto the radio.
Larry

 

[nbarco]

Makes sense...however when using DSD, you still get the key ID which corresponds to the key on the device. Not sure why affiliation is required. I have only seen this work on Harris and it wasn't an encrypted system.

 

[N8IAA]

Makes sense...however when using DSD, you still get the key ID which corresponds to the key on the device. Not sure why affiliation is required. I have only seen this work on Harris and it wasn't an encrypted system.

If you read post #49, the answer is there.
Larry

 

[SCPD]

nbarco said; Makes sense...however when using DSD, you still get the key ID which corresponds to the key on the device.

Doesn't make sense to me, can you explain? What key ID and device? Are you saying that DSD can be used to find the encryption key so it can be loaded into a KVL? Or, can it be used to generate a syskey? If it's capable of finding the encryption key I sure could have used this program 25 years ago when I was a SIGINT analyst.

Since this is a Motorola system, used by Columbia County, that we're talking about I know of only two ways to get a syskey. One is from Motorola and the other is by generating one illegally. If DSD can do it there's probably some legal issues there.

The only TRS I have experience with is the PAL800 system and I don't claim to know it all. I've programmed XTS 1500's, XTS 2500's, XTS 3000's, XTS 5000's, XTL 2500's, XTL 5000's and the APX series radios for Richmond County and Aiken County. I was also a RF Specialist for Richmond County, a few years ago, and managed every radio and MDT in the county. I've scoured both the Astro 25 mobile and portable CPS and can't seem to figure out how to convince it to let me set it for no affiliation.

 

[nbarco]

DSD will not generate the system ID. It will generate the key ID which is what is transmitted over the air. Now on systems that don't require affiliation DSD can be programmed with keys to decode. Of course you would have to have the encryption keys. This is not an advertised feature and requires a decompile of the program and programming knowledge. I know that systems like Richmond can be monitored in a receive only mode. The new P25 can too but only if they are not encrypted. Again, I was told by a county radio manager that it will work with Moto systems, but I can only speak from Harris, because I have seen it.

 

[SCPD]

nbarco said; DSD will not generate the system ID. It will generate the key ID which is what is transmitted over the air. Now on systems that don't require affiliation DSD can be programmed with keys to decode.

I'm still confused... what is a "key ID"? In my experience, a "key" is something used to encode/encrypt something to obscure or hide intelligence. To decode/decrypt means to reveal the intelligence that was hidden. For example, an alpha/numeric combination is entered into a KVL and then key loaded into an encryption capable radio. The encryption is used to hide the intelligence (voice) and then decrypted by another radio that is equipped to do so. Usually, transmitting your key over the air is a big no go.

What systems don't require affiliation for the radios to work and what keys does DSD use for decoding?

 

[nbarco]

The keys are in the radios...there can be multiple keys in a radio. Each key is given an ID, which is what is transmitted across telling the radio which key to use. The encryption keys don't actually transmits. I am sure every manufacturer calls it something different. In essence it is the identifier for the decryption key. Yes, transmitting the key is a no-no. So it is the key ID that tells the radio which key to use. For example, if there are 2 keys loaded, 1 and 2. Radio A uses key 2 to encrypt a transmission, therefore the Key ID of 2 is transmitted telling radio B that it has to use the corresponding key under key 2 to decrypt the transmission.

 

[SCPD]

We've strayed away from the original topic... it's common since that each radio would have to have the correct corresponding key(s) for decryption. Some radios have the capability of storing multiple encryption keys for various users, etc. You stated, in an earlier post, that DSD "Will generate the key ID which is what is transmitted over the air. Now on systems that don't require affiliation DSD can be programmed with keys to decode." This gives a person the impression that DSD would put the National Security Agency out of business, am I reading that correct?

I'm trying to wrap my mind around how DSD can do something as complicated as obtaining an encryption key from over the air. If it was that easy then every scanner listener in the CSRA would be able to listen the Columbia County Government and their encryption would be null and void. At the time Columbia County implemented their current TRS, in October 2012, it was one of only seven systems like it in the U.S. and the only one in the State of Georgia.

Back on topic of what an someone asked in an earlier post, Columbia County has a state of the art Motorola PII TRS with encryption. In order to scan their TRS, using a Motorola radio, one would need the proper radio, all associated programming cables/CPS, a KVL with the correct encryption key, the system key for the TRS, etc. IMHO, it's virtually impossible to monitor their system, legally, in this fashion.

 

[nbarco]

That is correct....I would leave virtually out. It would be impossible.

Yes, DSD has the framework to monitor with keys, not actually decode. It can also facilitate brut forcing of keys on systems that have lower bit encryptions algorithms. It will decode the key ID not the encryption key. That is header information that tells the radio which key to use.