Decryption?

[CrimeCaster]

Now I wouldn't be one to propose braking Federal Laws, but I do have an interesting question for you avid scanner listeners out there (only hypothetical of course). If someone wanted to "decrypt" already encrypted digital public safety traffic, how would that person go about doing it? More public safety agencies are headed this route. Once it picks up speed, we will look up and find that we will be in the dark.

I know that my scanner has alerted me to many things occurring around me that I would have had no idea was happening if it wasn't for my trusty scanner. Many of the things I hear don't even make the news. Honestly, I would hate to be in the dark. One day, after programing Johnson County's new P25 into my scanner, I was picking up Olathe encrypted...I programed the talk groups out of sequence I later found out, and to my relief.

So, the hypothetical question is: How would a person decrypt encrypted digital frequencies using a digital frequency scanner?

HYPOTHETICAL!!!

 

[rankin39]

The bottom line is that there is no way to decrypt digitally encrypted communications. The government probably has the necessary super computers and decryption programs to do it, but the cost for the layman would be astronomical. The Israelis have broken the original DES encryption, but, again, you and I just don't have the hardware or know-how. The best way to prevent departments from adopting encryption is via the media (press, radio, TV). The media have ways of making it very unpleasant, publicity-wise for local police departments that lock them out of their communications entirely. Simple appeals by concerned citizens can also have an effect, especially in instances where the chief law enforcement official, e.g., the sheriff, and the city/county council are elected, not appointed. I think a lot of today's law enforcement sees the benefit of involving citizens as "eyes and ears", but there will always be certain types of communications that will need to be kept private. Most of the state digital system is in the clear, but KBI and perhaps a few other state agencies can and do encrypt on occasion, and that's how it should be.

Bob, WoNXN

 

[scootweather]

down in OKC, OK they mostly run encrypted but the media has been being able to use ICOM's to pick it up.

 

[RadioDaze]

down in OKC, OK they mostly run encrypted but the media has been being able to use ICOM's to pick it up.

I'd be interested to hear more about that.

Some agencies will provide local media with a receive-only HT so that they can monitor... but I would be curious about how they could just get an Icom and pickup encrypted comms.

 

[gewecke]

I'd be interested to hear more about that.

Some agencies will provide local media with a receive-only HT so that they can monitor... but I would be curious about how they could just get an Icom and pickup encrypted comms.

It's NOT encrypted. It's IDAS which is a digital icom format.

IDAS General Information - Features - Icom America

n9zas

 

[rdale]

It's NOT encrypted. It's IDAS which is a digital icom format.

IDAS General Information - Features - Icom America

n9zas

The DB is in serious need of updating then, it says OKC uses EDACS (which is nowhere close to ICOM IDAS)

 

[gewecke]

The DB is in serious need of updating then, it says OKC uses EDACS (which is nowhere close to ICOM IDAS)

Maybe they do use EDACS? I could be wrong,but many people mistake IDAS for encryption rater than a dig.format. The DB is prob correct.
n9zas

 

[johnls7424]

Of course it's possible to decrypt radio transmissions. Any expert hacker could conceivably do this. However, it is highly illegal and the chances of you getting caught are higher than not. Also most police departments have set policies of changing their encryption codes periodically. Lets say, every three months. So in order for you to keep on top of it is most definitely not worth it.

 

[dominator612]

Maybe they do use EDACS? I could be wrong,but many people mistake IDAS for encryption rater than a dig.format. The DB is prob correct.
n9zas

EDACS is the radio system they use, not the encryption method. Most edacs use PROVOICE for encryption not IDAS.

Edacs was brought out by GE initially with MA-com/Harris getting it later.

 

[johnls7424]

Edacs digital is the encryption type however radios have the ability to fully encrypt using numbers/symbols. Usually 8-10 degits on modern radios. Sometimes more sometimes less

 

[Thunderknight]

EDACS is the radio system they use, not the encryption method. Most edacs use PROVOICE for encryption not IDAS.
.

Just to provide a point of clarification - ProVoice is a type of digital modulation. It, in itself, is not encrypted.

 

[dominator612]

Just to provide a point of clarification - ProVoice is a type of digital modulation. It, in itself, is not encrypted.

It can be. provoice is digital yes, however, digital can be encrypted from what i just read. digital is the main reason behind p25

 

[NC5267]

It is the same as the FBI and other Federal agencies, P25 AES encryption. Here in San Antonio All Public Safety for the city and county is Provoice and there are a few encrypted talkgroups on top of that(kind of over kill if you ask me) Any digital signal can be encrypted.

 

[W2NJS]

For those of you who want or need to know some more about encryption, the fact is that the agency using an encrypted system can usually change the decoding key in all of its radios from the dispatch console at any time it wants or needs to do so. In Motorola land it's called OTAR, which is an acronym for Over The Air Rekeying, and there are literally millions of key combinations possible. So, go ahead and do whatever you can to figure out the system key and the next day you find the key has been changed and you get to start your search all over again.

 

[rdale]

Of course it's possible to decrypt radio transmissions.

Absolutely wrong.

Edacs digital is the encryption type

Absolutely wrong.

digital can be encrypted from what i just read.

So can analog

digital is the main reason behind p25

Absolutely wrong.

 

[dominator612]

Absolutely wrong.



Absolutely wrong.



So can analog



Absolutely wrong.

I suggest people take a look at the p25 white paper before starting this up.

 

[dominator612]

For those of you who want or need to know some more about encryption, the fact is that the agency using an encrypted system can usually change the decoding key in all of its radios from the dispatch console at any time it wants or needs to do so. In Motorola land it's called OTAR, which is an acronym for Over The Air Rekeying, and there are literally millions of key combinations possible. So, go ahead and do whatever you can to figure out the system key and the next day you find the key has been changed and you get to start your search all over again.

That is correct and EDACS systems have the same capability.

I have read all the Harris EDACS papers so that's how i know you are correct.

 

[rdale]

I suggest people take a look at the p25 white paper before starting this up.

No problem - tell me where you got confused? We're here to help... But quick comments that are inaccurate will get challenged

 

[n5ims]

So, the hypothetical question is: How would a person decrypt encrypted digital frequencies using a digital frequency scanner?

HYPOTHETICAL!!!

Basically to accomplish this you'd need to save the encrypted audio file on your computer and run it through appropriate algorithms in an attempt to decrypt it, changing the test key each time until you get a clear audio output (this will probably take quite a while, think months, not hours). You've now decrypted the file (breaking the law in the process, but still, you've done it). You probably will now know the top secret information that "unit 21 is now clear from their traffic stop".

If you want to decrypt another sample, you start again with the new sample. While you may get lucky and they haven't yet changed their encryption key, but chances are by the time you've found the old key, they're using a new one. Be aware that this process uses a single transmission (generally the shorter it is, the less processing is required, but you'll need a large enough sample for things to work). Trying this on "live" transmissions will not work.

As you can tell, there's nothing really "secret" about this process, just try every combination until something works. Nothing really special about it. The special part is the key, which is guarded closely and generally changed often to keep folks from using this process successfully. Be aware that key to this process is preparing the sample file, which may be simple or may be complex, depending on how you do it. That I'll leave that part up to you since it depends on many variables, including how the audio was captured, what format it's in, extracting the audio portion from the framing, system overhead, and other parts of the transmitted signal (the P-25 - or whatever type of system was used in the transmission - documentation may help here).

 

[Squad10]

"This is only an academic demonstration! I need to reiterate that the OP25 project is only concerned with whitehat security research, and has absolutely no interest in the practical side of key cracking whatsoever." balint256

World's cheapest P25 receiver w/ decryption: GNU Radio + OP25 + $20 RTL2832 DVB-T Dongle - YouTube