Listen to encrypted convosations

[stok573]

hello readers,

yesterday i was just browsing some sites in hope to find some interesting information which i think i did. this pdf link will show you the APX 7500 Multiband Consolette with really nice specifications, such as 10.000.000 conventinal channels and 48.000 trunking with ASTRO 25 intergrated encryption hardware and a 10 to 50 watts power output. this unit comes with a price tag of $4395

now i do understand this is not for us scanner hobbiest ofcourse unless you want to start your own police station, lol just kidding.. but hey look at those specs!! it would make one awesome scanner without the transmit options

http://www.motorolasolutions.com/we...atic Flies/APX_7500_Consolette_Spec_Sheet.pdf

i just thought this was worth sharing.

thanks for reading,
marc

 

[W8RMH]

You would not be able to listen to anything unless you received an access code from the system administrator. If you tried to access the system without one they could disable the radio and you would be out all that money.

 

[RadioDaze]

Yep. If it were as simple as simply spending $4395.00 to listen to encrypted comms, plenty of folks would be doing it. I'd max out a Mastercard for that myself.

 

[902]

This comes up a lot, but I've never really read about WHY this is not necessarily an achievable project.

Here's the big deal about encryption:

It's not that no one can buy the hardware. It's all over the place and equipment gets disposed of all the time. That's not it.

The big deal is that someone makes up a crypto key in a specialized thing called a "Key Variable Loader." There are fewer of these things floating around, but you'll see them from time to time, so it's not having one of these, either.

It's having the absolutely right key variable generated by someone putting random letters and numbers into the device. It can't be off by one and be "close enough." The only way to ever recover anything means you need exactly the right information.

Computers working through sequences of letters and numbers MIGHT get the data, but there are so many possible combinations that it could take YEARS, if not TENS or HUNDREDS of years, even with the fastest computers available in the marketplace. By that time, the communication will be old and you would have read about it in the local papers. You won't be able to get the computer to generate your crypto key, you'll have to punch it into the KVL by hand and keep notes about the ones you already tried. That figure of years is with the computer applying the possibilities, not having to key it in yourself by pushbuttons.

But say you DID get the right code. Agencies are supposed to change the codes periodically. Some places even have "Key Management Facilities" that can do Over the Air Rekeying (OTAR) so that all that time you might have taken to find the right crypto key needs to be spent on the traffic for the next operational period.

THAT is what the big deal is.

Now, can the really big boys figure out what this is? Yeah, probably. There are lots of threads in other forums about security issues, and we know that there is some massive computer power at state (as in country) levels. But it's far beyond most hobbyists' capabilities to crack an AES or DES code.

If you buy something like that, and you can, probably nobody will stop you, you still will not have what you need to hear what you want. And if you do figure it out, be prepared for sheer boredom until the codes are changed again and you have to re-do any effort. Most encrypted radio traffic is like unencrypted radio traffic. It's 99.99999% boring, and 0.00001% action of some sort. Then you have to add the element of listening at just the right time.

Sorry, but that's the reality of it. There can be all of the "it's bad to do" arguments (as if that philosophy works with other things in life), but it's not done because it's just not practical, even by spending thousands of dollars.

 

[LIScanner101]

And to add to that:

Listening to encrypted comms are ILLEGAL. I don't know how many times this has to be said over and over and over and over and over and over and over again.

 

[BigEd1314]

That consolette only does "up to" 2000 channels.

10,000,000/48,000 is digital ID capacity.

FYI.

Ed

 

[stok573]

that it is illegal i think most of us know this but that doenst mean we cant talk about it and teach each other how this technology works. i didnt know about that key codes and i thank him for letting me know.

and who knows what could happen in the future perhaps a solar flare will come and fry all those systems and we all fall back to old analog systems.

marc

 

[902]

that it is illegal i think most of us know this but that doenst mean we cant talk about it and teach each other how this technology works. i didnt know about that key codes and i thank him for letting me know.

and who knows what could happen in the future perhaps a solar flare will come and fry all those systems and we all fall back to old analog systems.

marc

If for anything, I'm glad you didn't spend a lot of money to figure out what you got still didn't do what you wanted.

Your second paragraph - we are moving toward very complicated networks for communications needs. The thing about them is that they can be "hardened" as much as possible, but none of them has been built to Cold War standards, and there are always points of vulnerability. The biggest being the last mile, either through isolation or damage (it sucks to be in the affected area if the end node isn't there, but the situation is), or through hub points. Things like geographic diversity can mitigate the vulnerability, but the best means of disaster recovery goes back to simple "me to you" simplex systems that are just radio to radio, maybe with a repeater trucked out in between (or sent up in a tethered zeppelin).

I'm all for providing the tools people need to do the job, but I recognize that a craftsman has a variety of tools in his toolbox. Sometimes I think our politicians and moldy oldies (stockholders invested in the new hoo-haa, no doubt) are pulling all of the proven old tools out of the box and just replacing them with a low-bid foreign-made multitool.

 

[poltergeisty]

Security Researchers Crack APCO P25 Encryption - Slashdot

 

[INDY72]

Which is why AES is what smart users use... http://en.wikipedia.org/wiki/Advanced_Encryption_Standard http://www.twoway.net/sites/default/files/documents/p25_encryption_and_interoperability.pdf AES II or better if possible.

From an above article: "DES is now considered to be insecure for many appli
cations. In recent years, the cipher has been super
seded by
the Advanced Encryption Standard (AES). Furthermore
, DES has been withdrawn as a standard by the Natio
nal
Institute of Standards and Technology (formerly the
National Bureau of Standards). "

 

[poltergeisty]

I know about AES, just wanted to point out that with time comes defeat. :twisted:

 

[902]

When there was this big push to go from DES-OFB to AES a few years ago, some folks were saying that DES-OFB was actually a stronger algorithm and had suspicions that AES might be back-doored. I didn't believe it then, but these days I'm not so sure. Either way, it's beyond my means to figure out. Most of what we could possibly listen to is very time sensitive. It loses its relevancy after a while and as time goes even further only has historical and genealogical significance.

As far as cracking P25, there's nothing to crack. It's an ANSI standard. They'd have to "crack" the embedded encryption in either DES-OFB or AES in order to have backslaps for all. ANY RF system can be spoofed. If you put it out there, from the very simple to the very complex, someone can/will spoof it.

 

[Forts]

If someone was to try and brute force an AES key using todays available general purpose PC's, we will all be long dead before it finds the key. The 256 bit keyspace is ENORMOUS. Does the NSA have a way in? Likely, but Joe scanner listener sure won't.

 

[mikewazowski]

I know about AES, just wanted to point out that with time comes defeat. :twisted:

With time comes new encryption methods.

 

[balibago]

ADP should be broken

Look a lot of these agencies have gone to that cheap ADP. It's been broken already by some security researchers in Australia. We know more about ADP than the British knew about the Enigma machine For the life of me I can't figure out why someone hasn't posted an adp for dummies cracking guide on the net. And believe me Motorola solutions ain't no solution they are a problem for freedom loving Americans.

 

[Forts]

Why hasn't it been posted on the net if it's been hacked you ask? Well, for one it's a federal offense. Two, it's obviously not an easy task, 40 bit keyspace or not. And three... If your local agencies were using ADP and you were suddenly able to listen in again why in the world would you announce it on the internet? Boom... Next thing you know they are running AES and you have someone with a shiny badge standing at door.

 

[poltergeisty]

You can publish a how to on TPB.

 

[szron]

It's illegal and possible

Search YT, some guys did a presentation on flaws of radio encryption. Apparently you can sniff out the keys somehow.

 

[balibago]

hey knowledgei is Power and I want all I can get.

 

[Forts]

You can't sniff out the keys, they aren't transmitted. What is transmitted is the algorithm being used and the key identifier (KID). That's it, that's all.