DMR Silence Frame
- Thread starter Red_Ice
- Start date
- Status
Isn't the silence frame F8 01 A9 9F 8C E0 80 ?
(Reference: DSDPlus Feature Requests)
I have no idea what is FID.
(Reference: DSDPlus Feature Requests)
I have no idea what is FID.
Sorry @hr17, I don't usually save the audios, I usually save the logs to study them later, here I show you the capture of the voice super frame.
[36m DMR PDU Payload [00][10][40][00][00][64][00][09][95][4F][BB][CE][0m
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
[33m SLCO Activity Update TS1: 8 Hash: 3B TS2: 0 Hash: 00
SLCO Completed Block [18][03][B0][07][30][0m
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC1*
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC2
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
[33m SLCO Activity Update TS1: 8 Hash: 3B TS2: 0 Hash: 00
SLCO Completed Block [18][03][B0][07][30][0m
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC3
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC4
AMBE 8702A64FBBD380 err = [0] [0]
AMBE B33151A158D380 err = [0] [0]
AMBE 7433EEBE00F800 err = [0] [0]
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
[33m SLCO Activity Update TS1: 8 Hash: 3B TS2: 0 Hash: 00
SLCO Completed Block [18][03][B0][07][30][0m
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC5
AMBE 8710E319B3F200 err = [0] [0]
AMBE 97397F538DC780 err = [0] [0]
AMBE 6733B22299CD80 err = [0] [0]
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC6
[31m SLOT 1 FLCO FEC ERR [0m[31m (FEC ERR)[0m
[36m DMR PDU Payload [00][10][40][00][00][64][00][09][95][0m
[36m SB: 00000000000 - 000[0m
AMBE 6231CBFDB26080 err = [0] [0]
AMBE 97217709588480 err = [0] [0]
AMBE A7256093DCE780 err = [1] [0]
[36m DMR PDU Payload [00][10][40][00][00][64][00][09][95][4F][BB][CE][0m
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
[33m SLCO Activity Update TS1: 8 Hash: 3B TS2: 0 Hash: 00
SLCO Completed Block [18][03][B0][07][30][0m
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC1*
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC2
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
[33m SLCO Activity Update TS1: 8 Hash: 3B TS2: 0 Hash: 00
SLCO Completed Block [18][03][B0][07][30][0m
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC3
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
AMBE E701B69F93E080 err = [0] [0]
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC4
AMBE 8702A64FBBD380 err = [0] [0]
AMBE B33151A158D380 err = [0] [0]
AMBE 7433EEBE00F800 err = [0] [0]
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
[33m SLCO Activity Update TS1: 8 Hash: 3B TS2: 0 Hash: 00
SLCO Completed Block [18][03][B0][07][30][0m
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC5
AMBE 8710E319B3F200 err = [0] [0]
AMBE 97397F538DC780 err = [0] [0]
AMBE 6733B22299CD80 err = [0] [0]
10:51:08 Sync: +DMR slot1 [slot2] | Color Code=05 | IDLE
10:51:08 Sync: +DMR [SLOT1] slot2 | Color Code=05 | VC6
[31m SLOT 1 FLCO FEC ERR [0m[31m (FEC ERR)[0m
[36m DMR PDU Payload [00][10][40][00][00][64][00][09][95][0m
[36m SB: 00000000000 - 000[0m
AMBE 6231CBFDB26080 err = [0] [0]
AMBE 97217709588480 err = [0] [0]
AMBE A7256093DCE780 err = [1] [0]
Thank you for that log.
If you XOR E701B69F93E080 with the real silence F8 01 A9 9F 8C E0 80 you indeed get 1F 00. Which is indeed what you are looking for.
Reference: Motorola Basic Privacy compatibility. · Issue #50 · travisgoodspeed/md380tools
If you XOR E701B69F93E080 with the real silence F8 01 A9 9F 8C E0 80 you indeed get 1F 00. Which is indeed what you are looking for.
Reference: Motorola Basic Privacy compatibility. · Issue #50 · travisgoodspeed/md380tools
Check it out in other XOR calculator sites (such as XOR Cipher - Exclusive OR Calculator - Online Decoder, Encoder).
I think a prefix 0 on the left has been dropped by mistake with your calculation. With my example there is no issue like that and you get the exact result.
Don't want to hijack the conversation but is the silence frame the same in P25 as well?
Okay but does Motorola use F8 01 A9 9F 8C E0 80 as the silence frame on P25 as well?
I did some research with OP25 on a Motorola P25 Phase I system and I found this code word 04 0c fd 7b fb 7d f2 7b 3d 9e 44 appearing at the start and end of every voice transmission.
Are you saying it’s possible to deduct the key from the keystream?
boatbod
Member
xMBE encryption is based on XOR'ing the ciphertext with the key. If you know the ciphertext, know what to expect for the plaintext, and have received the MI you can theoretically compute the missing information which is the key.
As mentioned above (and in a few other places) the Motorola Silence Frame is F8 01 A9 9F 8C E0 80
I believe that the Anytone Silence frame is 00 00 00 00 00 00 00 (or possibly 00 00 00 00 00 02 00)
Does anyone know what the Hytera silence frame looks like please?
(Or could someone provide me with a decent raw .WAV sample of an unencrypted Hytera transmission so I can work it out myself?)
Thanks
Is there a reason why Motorola and other manufacturers add silence frames in the beginning of every transmission?
And also why isn't it the case with base radios (using TBROnet solutions i.e.)?
And also why isn't it the case with base radios (using TBROnet solutions i.e.)?
- Status
