Custom Firmware for Encryption

KevinC · Friday at 9:33 AM

Forts said:
I had success with ADP and ARC4 on DMR.

Hmm...I'm trying P25, maybe that's the issue.

Forts · Friday at 9:34 AM

I'll shoot you a PM

kayn1n32008 · Friday at 12:46 PM

BinaryMode said:
ADP is cracked... And many departments use it.

Defeated. Not cracked, defeated. It offers ZERO security, except to stop scanners.

kayn1n32008 · Friday at 1:40 PM

n1chu said:
Intriguing, but I can’t get over how the radios follow the access keys when they are changed.

Access keys?

n1chu said:
The agency using the encryption does routine “handshakes” with each radio when they are attempting a transmission, each unit being registered with the controller.

ANY radio, regardless of encryption being used or not has to register and affiliate to the system.

The 'handshake' isnt a hand shake when you PTT, it is a channel request. If everything is okay, the system will grant a voice channel.

n1chu said:
If the unit in question is not registered with the controller it is not recognized and therefore does not get the key needed to communicate.

That's not how it works at all. Encryption keys can be loaded by a key loader, with out a radio ever registering, or affiliating to a trunk system. This is how its done with conventional systems that use encryption.

Unless the radio keys are out of date, and needs to be re-keyed(this required the feature to be active in the radios, and a KMF active and installed on the system) there is no key loading when the radio affiliates.

n1chu said:
Even if you found a lost or stolen portable radio belonging to the agency, if it’s reported as lost or stolen, the system will locate said radio using GPS and it is recovered.

That's not how it works. While a system can be configured to allow this to happen, It isn't the normal.

n1chu said:
even if the radio is turned off.

You watch waaaay too much TV. That's not how it works. At all.

n1chu said:
If they can do that it means they can disable the radio remotely

Correct. They can.

n1chu said:
in addition to locating it.

IF, and it's a big IF, the system has been configured to make use of location data.

n1chu said:
So, even with a key, what do you do when the key is changed?

Then you need the new key. Duh.

n1chu said:
It’s my understanding they can set up the changing of keys anytime they choose,

To a point. First a new key set needs to be created and made available in the KMF(IF OTAR is an available feature AND the radios have that feature active), then every radio needs to be re-keyed with the new key set. Then after, the consoles all need to be rekeyed as well. Once that is done, then the new keys can be used.

n1chu said:
routinely changing keys on a daily basis, up to the minute basis or only when the need arises.

Thats not how it works at all. Changing keys doesn't happen daily, and absolutely doesn't happen by the minute.

If keys are changed, it would more likely be monthly, or a longer interval than that. Sometimes they are never changed. Depends how seriously the agency takes their comms security.

n1chu said:
But I am by no means an expert

No need to tell us, it's very apparent you don't know what you are talking about.

n1chu said:
where encryption techniques are concerned and accept there are sensitive and proprietary reasons for its use, where the information conveyed is not for my ears so I don’t bother programming encrypted systems period.

Nothing any first responder agency says on the radio is for any unauthorized listener(anyone that isn't a member or emotes of said agency is an unauthorized listener) to listen to.

n1chu said:
However, I do believe there are times it’s a needed mode and time where it’s not.

It's needed 100% of the time.

a727469 · Friday at 1:40 PM

Boy, 4 pages and we are right back at the start.
Yes, a piece of software provides the means but not the result(need key)
The legalities of the means seem fine.
The results of using a key if not authorized are not fine(or legal?).

kayn1n32008 · Friday at 2:00 PM

10-43 said:
Always call BS on any claim of decrypting up to date systems.

Well keep believing that.

10-43 said:
DES is a dead encryption method. Quite old and outdated.

DES uses a 56 bit key.. you are correct. DES is long out dated.

ADP/EP/ARC4 uses a 40bit key.

it's a 16 it shorter key than DES. It is an incredibly weak cipher, and offers zero security. Modern computers can easily brute force a 40bit key. They can easily brute force a 56bit key.

10-43 said:
AES 256 is the usual standard now.

Except, AES isn't really prevalent in NA in Motorola DMR subscribers.

Many agencies are only using APD on P25 systems.

10-43 said:
Also used with financial web site certificates and any other sites wanting the highest security between your web browser and the web site. AES 128 is possibly breakable with numerous super computers and enough time. But AES 256 currently is not. Look at the site cert for your bank's web site. It will show AES 128 GCM or AES 256 GCM. My credit union site is AES 128, but fidelty.com wher I invest is AES 256.

Okay?

10-43 said:
Currently there are no computers that can break AES 256.

For now.

10-43 said:
The amount of time needed is virtually infinite.

That is going to change. A lot sooner than you think.

n3617400 · Friday at 2:20 PM

KevinC said:
And I still can't get it to work on ADP and now AES256. It does remove the band restrictions, but that doesn't really do me any good.

Set only the "Frequency" checkbox and specify the frequency and key. The rest of the checkboxes are unchecked. That's usually the problem. Well it only works with P25 phase 1 ADP, P25 AES256 in plans.

KevinC · Friday at 2:20 PM

KevinC said:
Hmm...I'm trying P25, maybe that's the issue.

Figured out my issue (operator error) and it worked on P25 ADP as well as DMR basic privacy (that's all I tried).

KevinC · Friday at 2:22 PM

n3617400 said:
Set only the "Frequency" checkbox and specify the frequency and key. The rest of the checkboxes are unchecked. That's usually the problem. Well it only works with P25 phase 1 ADP, P25 AES256 in plans.

Yeah, I'm an idiot. I placed the "alice" file in the wrong place.

KevinC · Friday at 4:25 PM

n3617400 said:
Well it only works with P25 phase 1 ADP, P25 AES256 in plans.

Probably has something to do with it not working on AES256.

Firebuff66 · 2025-01-05T11:36:25-0600

KevinC said:
Figured out my issue (operator error) and it worked on P25 ADP as well as DMR basic privacy (that's all I tried).

Took me a few also

I have no idea why people are getting so uptight about this, Like was said above, it the same as having a Unication.
If you don't have the key you are not going to hear anything and the Unication/Motorola/Harris/Uniden/Icom/BK and on will all decode encryption IF you have the key...They wont find it for you

sflmonitor · 2025-01-05T17:46:06-0600

If I wanted to program this for a P25 DES trunked system, do I just have to set each frequency and key individually or does programming this to a trunked system require a different method. BTW, it worked fine on a conventional, P25 DES channel.

KevinC · 2025-01-05T18:18:50-0600

sflmonitor said:
If I wanted to program this for a P25 DES trunked system, do I just have to set each frequency and key individually

I would try that method.

sflmonitor · 2025-01-05T18:25:22-0600

KevinC said:
I would try that method.

Thanks

Custom Firmware for Encryption

KevinC

The big K

Forts

Mentor

kayn1n32008

ØÆSØ Say it, say 'ENCRYPTION'

kayn1n32008

ØÆSØ Say it, say 'ENCRYPTION'

a727469

Active Member

kayn1n32008

ØÆSØ Say it, say 'ENCRYPTION'

n3617400

Member

KevinC

The big K

KevinC

The big K

KevinC

The big K

Firebuff66

Member

sflmonitor

196-ÆS Ø

KevinC

The big K

sflmonitor

196-ÆS Ø

Similar threads