Encryption

[SCPD]

Im just curious about how different standards are encrypted . Yes I know I can Google the miscellaneous standards and read dry technical documents . What Im looking for is just simplified explanations of the common standards that you will see today ( EDACS , PRO95).

Also I was wondering how a company decodes standards so they can be a feature included say in a new line of products ( like dual trunking ). I assume newer stuff has digital keys that both radios in a talk group have to share and compare to talk to each other ? if so can you brute force a key with a saved "conversation" and a computer running possible combinations ;even though you would need to detect a "voice" otherwise you would need to listen to each attempt .

If you have physical access to say a radio that is setup on a encrypted setup like whatever the U of A security uses ( I am on campus a-lot.....) can you simply view whatever "key" is programed into the radio and then be able to program it into a scanner and listen?

Thanks for your time . I understand that some of this may be incorrect in thinking .

 

[mikewazowski]

Im just curious about how different standards are encrypted . Yes I know I can Google the miscellaneous standards and read dry technical documents . What Im looking for is just simplified explanations of the common standards that you will see today ( EDACS , PRO95).

I think you're asking about voice encryption? EDACS is a trunking protocol and doesn't really have anything to do with encryption. PRO95 sounds more like a GRE/Radio Shack scanner model. Perhaps you meant Provoice which is a digital modulation format and isn't a form of encryption either? The common standards these days are DES and AES. Motorola also offers ADP which is proprietary and is popping up a lot more often.

I assume newer stuff has digital keys that both radios in a talk group have to share and compare to talk to each other ? if so can you brute force a key with a saved "conversation" and a computer running possible combinations ;even though you would need to detect a "voice" otherwise you would need to listen to each attempt .

The keys are preloaded into the radios. The transmission is encrypted, sent over the air and the receiving radio uses its key to decode it. You could brute force it but going through every possible key combination will take a very powerful computer and time.

I If you have physical access to say a radio that is setup on a encrypted setup like whatever the U of A security uses ( I am on campus a-lot.....) can you simply view whatever "key" is programed into the radio and then be able to program it into a scanner and listen?

No, the keys are not viewable. Even if somebody told you what the key is, scanners don't support encryption.

If this is leading down the path to you being able to listen to U of A security, then you might as well forget it. About the only way you could hack into their system is if they are running MotoTRBO with basic privacy, you buy a compatible radio, software, programming cable and you go through all 255 keys until you decode them.

If they're using stronger encryption, then you're out of luck.

 

[SCPD]

Thanks ! That clears things up . I had thought that Edacs ( provoice ) was all encrypted ( some channels like eps traffic are according to the RR datasheet ?) . It just being a standard that needs to be followed makes it easy to see why a scanner can support a large number of modes.

So at a current state voice encryption is only "hackable" ( within reason ) on MotoTRBO with basic privacy? Is there a forum where they talk about possible decrypting techniques and such ?

The fact they are using AES or DES ( wasn't DES "broken" a while ago?) is impressive at lest to me because it in my mind would cause a significant amount of lag in communication.
.
In the next week I am getting some RTL dongles and going to start playing with SDR radio so hopefully I will learn more about the different standards and such through example.

also 255 keys means a 7 bit ( in Binary ) key ?

 

[mikewazowski]

Thanks ! That clears things up . I had thought that Edacs ( provoice ) was all encrypted ( some channels like eps traffic are according to the RR datasheet ?) . It just being a standard that needs to be followed makes it easy to see why a scanner can support a large number of modes.

EDACS is a trunking protocol. Provoice is a modulation format. Provoice can either be clear or encrypted. Scanners can follow EDACS trunking systems but they cannot decode Provoice whether its encrypted or unencrypted. All you can do is listen to the analog voice. If you were to buy a Provoice capable radio and the Provoice was unencrypted, you could listen. Same with P25 trunking systems. Scanners can follow P25 trunking systems and they can listen to P25 voice if its in the clear. If you add encryption on top of the P25 modulation format, then you're SOL.

The fact they are using AES or DES ( wasn't DES "broken" a while ago?) is impressive at lest to me because it in my mind would cause a significant amount of lag in communication.

Yes, there is a delay but I'd bet its under 500msec. DES was broken but for the most part, being able to listen is still out of range for the majority of scanner listeners.

Generally there isn't too much discussion on encryption hacking here. Since this website is hosted in the US, the armchair lawyers generally flock to such discussions to point out how the discussion contravenes American laws. There are other websites out there that are far more liberal in their discussions.

 

[kayn1n32008]

Wirelessly posted (Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en-US) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.746 Mobile Safari/534.11+)

EPS uses provoice on a lot of their talk groups, some are DES encrypted some are not. I am not sure if UofA is using privacy on their system or not, but if not then DsD and a tapped scanner will allow you to listen to them.

 

[rabrol]

Wirelessly posted (Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en-US) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.746 Mobile Safari/534.11+)

EPS uses provoice on a lot of their talk groups, some are DES encrypted some are not. I am not sure if UofA is using privacy on their system or not, but if not then DsD and a tapped scanner will allow you to listen to them.

Or DSD with one of your dongles.
Trouble with the U of A system is that it is trunked. That makes conversation a little harder to follow.