MattSR
Member
Yep! we just need some good quality baseband audio and part of the key.
no need for the full key or the clear message as thats cheating I reckon
no need for the full key or the clear message as thats cheating I reckon
Decoding Encryption with Permission...
- Thread starter rescue161
- Start date
- Status
Yep! we just need some good quality baseband audio and part of the key.
no need for the full key or the clear message as thats cheating I reckon
for a full on attempt i agree.
I have been playing with a p25 service monitor and my own hardware with no success but I have been able to log lots of packages using a constant input signal (300hz square wave) and the same key. on 3 occasions (out of lots and lots) i was able to get exactly the same output bytes on the first 2 VC blocks on a p25 conventional channel. I think that this indicates that it might be possible use the output to referance back to the key used in some mannor.
if we are going to do this then maybe we should discuss the ground rules for the signal to be experimented with. Im in favor of P25 with des-ofb
. I like the idea of one voice transmission , one dead mic (audio input to encoder held at ground for no audio input) and one with a suitable constant tone or signal. for a serious attempt I think the following should be ready or in place.
1 known type of signal (we have that)
2 known decode (we will have that)
3 known signal source/level (any scanner with a good tap should suffice unless the sample is taken directly from the RXAU-DT line to the p25 decoder hehe NOW that would be sweet )
4 known sample quality (easilly checked by rescue playing back his test sample to the encoding radio and getting decode)
with this as a starting point serious atttemps can be made on the test samples.
for those playing along at home here is what i belive will have to be created.
5 a routine that converts the supplied inputs to binaryfiles
6 a routine that takes the binary files and properly splits the data into the correct sized blocks for DES decoding
7 a decryption routine that allows seperate or sequential or whatever keys to be used or enetred
8 a routine that takes the blocks and applies the decryption routine to the blocks
9 a routine that then applies the decrypted (hopefully) blocks back to the p25 demodulator (this we also have in any digital scanner)
no doubt other sub routines will need to be created but that the fun of this type of challenge. One thing not discussed is what platform (windows or linux) I prefer windows as VB and especially c++ can be transcribed into linux. Also I think (propbably wronly) that there are more windows coders out there, certainly there are more windows users out there it might come down to having volunteers try blocks of keys in a divide and concor attemp.
MattSR
Member
All I want is a transmission (dont care what it includes, voice music or silence - in real life the traffic isnt known anyway) and part of a known key.
I've asked for that 3 times now - if the O.P. or anyone else doesn't want to provide then I guess no one cares anymore and ill move on to other things
I've asked for that 3 times now - if the O.P. or anyone else doesn't want to provide then I guess no one cares anymore and ill move on to other things
- Joined
- May 7, 2004
- Messages
- 4,012
- Reaction score
- 132
I'm curious to know why anyone would divulge their capability to decode an encrypted transmission. :lol:
I'm sure some NSA employees are following this thread on their lunch break. That is if they are not reading about the latest math problem no one can solve.
I'm sure some NSA employees are following this thread on their lunch break. That is if they are not reading about the latest math problem no one can solve.
MattSR
Member
No one has divulged any such thing... as a HAM I just like tinkering with things... P25 and DES are both open standards so its free and legal for anyone to look at how they work... and also the NSA couldn't care any less about me..
- Joined
- May 7, 2004
- Messages
- 4,012
- Reaction score
- 132
So if someone on here had the capability to decrypt a transmission , and publicly stated and proved that he could, wouldn't this raise some Fed eyebrows?
Motorola Encryption Topics - The RadioReference Wiki
Motorola Encryption Topics - The RadioReference Wiki
Last edited:
Maybe they'd be offered a job with the NSA.
57Bill
Member
Federal employees couldn't care less.
MattSR
Member
Oh well. Since no one wants to provide samples, I guess everyone will have to just wait for our academic paper and presentation to be released soon. This will prove for once and all that DES has the same security for P25 voice as it does for text (in fact voice is easier - than text)
PJH
Member
- Joined
- Aug 23, 2002
- Messages
- 3,622
- Reaction score
- 87
Ok, didn't have time to go back all twelve pages..but are we talking about DES in general or DES on a radio level?
In addition to DES, are we speaking of straight DES or one of the varient's?
Matt I know your stuff from over at the BB, but just want to make sure we are on the same page as plain old DES has been cracked for quite awhile from the raw data format as far as computer communications go. I want to say it took three? days and a few Pentium 1 or P2 computers to do it (for those who didn't know).
In addition to DES, are we speaking of straight DES or one of the varient's?
Matt I know your stuff from over at the BB, but just want to make sure we are on the same page as plain old DES has been cracked for quite awhile from the raw data format as far as computer communications go. I want to say it took three? days and a few Pentium 1 or P2 computers to do it (for those who didn't know).
MattSR
Member
Its like there's this myth that theres two types of algorithm - "radio DES" and "Normal DES" and only the latter has been cracked. This is not the case
DES is DES is DES is DES. Its the EXACT same block cipher algorithm regardless of the application
DES is DES is DES is DES. Its the EXACT same block cipher algorithm regardless of the application
Last edited:
DES is DES, like Matt is saying, but it is much harder to crack voice than it is to crack a text document.
I'm sorry for not getting back to this topic, but I had to switch jobs, so all of my hobbies got put on hold.
I'm sorry for not getting back to this topic, but I had to switch jobs, so all of my hobbies got put on hold.
MattSR
Member
Incorrect. However I'm more than happy to let you believe that - It will only add to your disbelief when our paper gets published and you're proven wrong
benbenrf
Member
Buy yourself a COPACABANA ..............................
COPACOBANA - Special-Purpose Hardware for Code-Breaking
Makers claim 48 billion DES decrypt's per second - which equates to successfull "brute force" type attack within a week or so on a/(any?) DES key(?)
COPACOBANA - Special-Purpose Hardware for Code-Breaking
Makers claim 48 billion DES decrypt's per second - which equates to successfull "brute force" type attack within a week or so on a/(any?) DES key(?)
Attachments
PJH
Member
- Joined
- Aug 23, 2002
- Messages
- 3,622
- Reaction score
- 87
Correct...radio is more dynamic, but the underlying concept is the same. This is one of the reasons (amoung tecnological improvements) that DES became obsolte once the personal computer and eggheads ran rampant in the late 80's early 90's...nevermind what governments had at their disposal.
EFF DES cracker - Wikipedia, the free encyclopedia
As with radio, you have to remember that DES "is DES" isn't always DES. Depending on how your trying to get thru stuff, DES, DES-XL, DES-OFB work similar, but differently. -XL is Motorola's proparitary verison for the increased range and synchronization with the other radios. Obviosly -OFB is meant for the digital only voice and does not add in the CVSD (which also needs to be overcome for the analog transmissions for DES).
So in short, which one are you really trying to crack? -OFB, original -CFB, the Motorola -XL varient? If DES and/or DES-XL, how are you decoding the CVSD to get to the DES?
Either way, I put this message up back in 2007 and it has still not been decoded. Even after I gave everyone the key, the algo and the radios used, only one guy got close.
I've heard the claims, but no proof. I've seen where a text document was cracked, but no proof at all of a cracked audio file.
A key change every week or even twice a week is easy enough.
I've heard the claims, but no proof. I've seen where a text document was cracked, but no proof at all of a cracked audio file.
A key change every week or even twice a week is easy enough.
nova1010
Member
Even if it could be cracked it would take longer to crack than to change the key so you'd be back to square one
Even if it could be cracked it would take longer to crack than to change the key so you'd be back to square one
Such is true. Many systems have OTar capacity too so the key can be changed on the fly.
It would be interesting to make a DES routine that would work. If A known key was used to confim proper decrypt then some serious attemps could then be done to locate a unknown key.
That was the whole point of me starting this thread. After nobody successfully decoded my transmission, I gave them the key so that methods could be developed. Still, three years later, only one person actually got close. He said that it was taking too much of his time and agreed that it is next to impossible to decode audio encypted with DES.
There are too many variables that one would have to guess at during a brute force attack. I think a week is underestimating the time that it will actually take. Mine was simple DES in analog mode. I don't remember the rest of the parameters, but it was a simple setup. Someone stumbling across a channel is not going to know what all of the parameters are and is going to be playing a guessing game on top of the "week" that they claim that it will take. If they get one of the parameters wrong, then just keep adding the weeks. In the meantime, the system admin has already changed the key several times. It's a losing battle.
MattSR
Member
Your completely ignoring my fresh challenge with P25 DES-OFB. Yes securenet might be a pain because its proprietary, but thats simply "security through obscurity" which isn't real security at all.
Currently available commercial FPGA clusters can be had for tens of thousands of dollars and will recover a key in under 3 days maximum - on average a day and a half is all it takes.
I made a fresh challenge - give us some P25 DES-OFB with part of the key (simply because a desktop PC is too slow) but you haven't responded.. At least that way we're working with a know protocol rather than having to guess how securenet works (which would only have to be done once - once the structure is understood that work doesn't need to be repeated)
Currently available commercial FPGA clusters can be had for tens of thousands of dollars and will recover a key in under 3 days maximum - on average a day and a half is all it takes.
I made a fresh challenge - give us some P25 DES-OFB with part of the key (simply because a desktop PC is too slow) but you haven't responded.. At least that way we're working with a know protocol rather than having to guess how securenet works (which would only have to be done once - once the structure is understood that work doesn't need to be repeated)
- Status
Similar threads
