Custom Firmware for Encryption

[BinaryMode]

My post is not addressed directly to redbeard but to everyone…and I have very little knowledge in this area so pardon my stupidity and this is not to find fault with anyone’s interpretation, but I have gone back and read most past posts on decryption and frankly I have not seen a definitive explanation as to the true legality in the real world. Many theories and quotes of FCC docs etc., but none that actually address this.

Fortunately at this point I have no need in my area for decrypting, so this is strictly an interest, but I would love to see a legal, clear statement on this, not just interpreting what someone thinks it means. I assume there have been no test cases in court etc. Not sure what “legal access” means and how one judges.

As a final example, when voice inversion was being used, I do not believe anyone was convicted of a crime for “decrypting” this. I know I did it then. I am sure someone will say today is different but again just curious as to why.
Please criticize, flame me a bit and prove I am wrong as I really would like to learn something! Thanks.

It basically comes down to the illegal wiretapping already on the books...

18 U.S. Code § 2511 - Interception and disclosure of wire, oral, or electronic communications prohibited

www.law.cornell.edu

18 U.S. Code Chapter 119 - WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS

www.law.cornell.edu

So the moral of the story is, if you don't own the key or have permission to use it, you are illegal wiretapping... Inversion is "scrambling."


Also, that scanner would serve as exhibit A in court if used in an illegal manner.

 

[10-43]

You can decrypt if you have enough time and resources. You should read about Alan Turing & co.

I'm not sure what you mean by scam. I've never seen GitHub used as a hotbed of scam activity. A quick skim of the project, I didn't see anyone asking for time or money. Though I didn't parse the code. That doesn't mean the project will ever get off the ground or succeed, but it doesn't mean it's a scam either.

Always call BS on any claim of decrypting up to date systems. We all have to forget about ever being able to listen to encrypted public safety traffic. It will never ever happen.

Read about Gordon Welchman, instead. The were four genius mathematicians at Hut 6. Welcman lead the group. You cant rely on that movie or the book about Turing. Turing made improvements to the Polish cryptoanalyst designed bomba, but Welchman actually invented the diagonal board that made the bomba successful in breaking the plugboard of the enigma.

The methods used to decipher the German messages didnt use just the bomba. They also used metadata being the repeated type of content of the messages, which is how deciphering is still done, but not breaking AES encryption.

DES is a dead encryption method. Quite old and outdated. AES 256 is the usual standard now. Also used with financial web site certificates and any other sites wanting the highest security between your web browser and the web site. AES 128 is possibly breakable with numerous super computers and enough time. But AES 256 currently is not. Look at the site cert for your bank's web site. It will show AES 128 GCM or AES 256 GCM. My credit union site is AES 128, but fidelty.com wher I invest is AES 256.

Currently there are no computers that can break AES 256. The amount of time needed is virtually infinite.

 

[scottb908]

Clearly you didn't do even a hot second of research about it.

I work with radio encryption. Yes, I know that keys can be cracked with enough computing power and time. Without a key, it's pretty much useless.

 

[10-43]

I work with radio encryption. Yes, I know that keys can be cracked with enough computing power and time. Without a key, it's pretty much useless.

Cracking AES 128 or AES 256 is far outside the capability of anyone without endless resources. AES 128 would require more compute power and time than anyone other than a super power or multi billionaire's resources. AES 256 currently exceeds any available compute power and would require an infinite amount of time.

I dont know how often your radio keys are updated, but if you look at web site certs they are short lived. Usually one year. This makes it even harder to crack.

I have not managed radio keys, but I have been the certificate manager and VMware admin for a medium sized data center. Not only are web site certs used, but within VMware, connections for all the hosts and modules in VMware use AES certs to encrypt those connections.

Data centers are not cracked or hacked, unless it is some fly-by-night outfit without security. Every data breach or ransomeware attack in the news starts with Social Engineering. An employee does something stupid that gives up their credentials for access to data. Usually clicking in or answering a phishing email.

If anyone thinks they will ever be able to listen to encrypted radio traffic using AES 128 or 256, they are much more likely to win Powerball or MegaMillions.

 

[WX4JCW]

the bigger issue is if you get caught doing that stuff you probably deserve it because you couldn't keep your mouth shut

 

[10-43]

Just thought of an interesting trivia question.

Who can tell us what was in every German message that the Hut 6 team used to verify their work, and helped crack the enigma cyphers?

 

[jtwalker]

Just thought of an interesting trivia question.

Who can tell us what was in every German message that the Hut 6 team used to verify their work, and helped crack the enigma cyphers?

Heil Hitler? Heil Fuhrer?

 

[10-43]

Heil Hitler? Heil Fuhrer?

Yep! Heil Hitler. Amazing isnt it. Hitler's own arrogance did him in.

 

[trentbob]

So if you were to have the key can't a unication pager accommodate your needs or certain model ICOM models? Just wondering.

 

[GTR8000]

I believe the author is a member here.

@n3617400

Yeah, the same guy selling Uniden upgrade keys. I'm good with not sending any money to some hacker in Russia, thanks. 🚩

 

[a727469]

It basically comes down to the illegal wiretapping already on the books...

18 U.S. Code § 2511 - Interception and disclosure of wire, oral, or electronic communications prohibited

www.law.cornell.edu

18 U.S. Code Chapter 119 - WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS

www.law.cornell.edu

So the moral of the story is, if you don't own the key or have permission to use it, you are illegal wiretapping... Inversion is "scrambling."


Also, that scanner would serve as exhibit A in court if used in an illegal manner.

Thanks! While still subject to some interpretation, the following seems helpful and it mentions scrambled or encrypted.

The following is lawful to receive…transmission…
by any governmental, law enforcement, civil defense, private land mobile, or public safety communications system, including police and fire, readily accessible to the general public;

Then we have the definition from which we could work backwards as to what is not…


“readily accessible to the general public” means, with respect to a radio communication, that such communication is not— (A) scrambled or encrypted; (B) transmitted using modulation techniques whose essential parameters have been withheld from the public with the intention of preserving the privacy of such communication; (C) carried on a subcarrier or other signal subsidiary to a radio transmission;

 

[cherubim]

This is nothing new. Custom firmware was made years ago for the GRE PSR-500/600 which did the same thing.

 

[n3617400]

The lopsided way in which people pull their law books out from under the bed at the mention of encryption in scanners is astounding.
I direct the spotlight of knowledge in the other direction: any modern radio station can also decrypt voice if it has a key to the radio network. But I don't see any mention of legal acts in the posts about how to enter or add an encryption key in CPS.

 

[BinaryMode]

Always call BS on any claim of decrypting up to date systems.

ADP is cracked... And many departments use it.

Also used with financial web site certificates and any other sites wanting the highest security between your web browser and the web site. AES 128 is possibly breakable with numerous super computers and enough time. But AES 256 currently is not. Look at the site cert for your bank's web site. It will show AES 128 GCM or AES 256 GCM. My credit union site is AES 128, but fidelty.com wher I invest is AES 256.

The certificate authorities can't be trusted...

(I really need to learn the Unicode for ellipses because I use them a lot).

 

[jtwalker]

Yep! Heil Hitler. Amazing isnt it. Hitler's own arrogance did him in.

This is why we aren’t supposed to use properly spelled words in our passwords. Helps password crackers when it finds a word it recognizes.

 

[Forts]

Not sure why everyones panties get so tight over someone adding decryption to scanner firmware. It's literally no different than what Unication and all the big radio manufacturers have been doing for years. I have multiple models of Harris and Motorola radios sitting on my desk that will all happily let me enter a key. Nobody gets all bent over that... If anything the issue at hand here is reverse engineering Unidens firmware and selling the mods for profit.

This has nothing to do with hacking/cracking keys. Lots of people (myself included) use radios with encryption and are privy to the key value. This would just potentially be another tool in the toolbox.

 

[mancow]

Intriguing, but I can’t get over how the radios follow the access keys when they are changed. The agency using the encryption does routine “handshakes” with each radio when they are attempting a transmission, each unit being registered with the controller. If the unit in question is not registered with the controller it is not recognized and therefore does not get the key needed to communicate. Even if you found a lost or stolen portable radio belonging to the agency, if it’s reported as lost or stolen, the system will locate said radio using GPS and it is recovered, even if the radio is turned off. If they can do that it means they can disable the radio remotely in addition to locating it. So, even with a key, what do you do when the key is changed? It’s my understanding they can set up the changing of keys anytime they choose, routinely changing keys on a daily basis, up to the minute basis or only when the need arises. But I am by no means an expert where encryption techniques are concerned and accept there are sensitive and proprietary reasons for its use, where the information conveyed is not for my ears so I don’t bother programming encrypted systems period. However, I do believe there are times it’s a needed mode and time where it’s not.

What access keys? This isn't about system access authentication. It's involving the payload (voice traffic). Unless the system has OTAR the radios do not access a key server and automatically load themselves. All they do, in a scenario in which this would be useful, is see the encryption flag in the transmission, see the KEY ID and algo then try to grab a key from their internal crypto stack that matches that ID. If that is satisfied the voice frames are sent through the decryption engine using the matching KEY ID's key values.

This project would be very handy for agencies like the one where I'm at where there are use cases for decrypting radio traffic without having to dedicate a several thousand dollar radio, such as an overhead paging radio traffic source, desk mounted secanner, etc...

 

[KevinC]

Seems a lot of people missed my reply in post #3...

About Encryption Key​

Important
Custom Firmware will not find the Encryption Key. It is something that needs to be obtained in other ways.

 

[KevinC]

And I still can't get it to work on ADP and now AES256. It does remove the band restrictions, but that doesn't really do me any good.

 

[Forts]

I had success with ADP and ARC4 on DMR.