• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

P25 Control Messages

Status
Not open for further replies.

SCPD

QRT
Joined
Feb 24, 2001
Messages
65,126
Location
Virginia
I am currently writing a personal program to work with P25 messages and was able to get line by line from opening a serial port in C#. Does anybody know how to decode these lines?

P25:T0001:BA00001144010101B970F0ED
P25:T0001:160000C000E1FFFF00016B7F
P25:T0001:00900259025A0259025A3578
P25:T0001:3900010101B3040139040FDC

(Lines keep changing...)

I notice some start the same (stated the different types of messages) but I can't find any resources online as to what each line means.
 

K9WG

Member
Joined
Nov 12, 2010
Messages
1,364
Location
Greenfield, Indiana USA

bezking

Member
Database Admin
Joined
Aug 5, 2006
Messages
2,634
Location
On the Road
Both very good links! I downloaded them and have worn them out (that is if you can do that to a pdf file ;) )

Now if we could get such detailed info on the Motorola Type-II data...
Good luck! I've heard that the engineering documentation for SmartZone is so bad that the engineers trying to work with it had to call and talk to Motorola's engineers just to figure it out... :lol:
 

Jay911

.
Joined
Feb 15, 2002
Messages
9,183
Location
Bragg Creek, Alberta
Sure wish those had the structure of all the messages. I'm still looking for the adjacent sites broadcast format - looks like I'll have to pay $88 to the TIA to get a copy of AABC. Even then I found a chunk of C code in Google that makes me think I'm not going to be satisfied (the code references "page 121" of the standard, which on the download I'm offered, has only 24 pages).

Still, thanks to all those that have helped both me and the OP in our various quests.
 

mikey60

Member
Joined
Sep 15, 2003
Messages
3,515
Location
Oakland County Michigan
When writing Pro96Com, a lot of it came from studying the messages. Patterns emerge pretty quickly once you really start working with it. Other pieces came from asking people that knew what the messages were, and from some decoding software that Unitrunker did shortly after it was reveiled that the PRO-96 had the CC dump function.

Pro96Com has a similar output to what the old decoding utility did. It might give you more clues.

Mike
 

SCPD

QRT
Joined
Feb 24, 2001
Messages
65,126
Location
Virginia
Seems to me that a public library could be useful (especially for .NET as that contains many popular languages such as C#). I'm trying to make sense of the PDF files but its almost like I bit off more than I can chew. How do I go from "80 00 04 00 FD 00 08 00 1B 5F 3A 09" to "Group Voice Grant - Group: 8 Channel: 0-0253(852.58750) Radio ID: 7007" - Where is it finding radio ID 7007? I can see the only way to find out what kind of message I am looking at is by using Pro96Com. I can see where Group 8 comes in but how will it work for 3-4 digit talkgroup ids?

Sorry about asking how to break it down. I'm in this to learn but I'm a newbie.
 

mikey60

Member
Joined
Sep 15, 2003
Messages
3,515
Location
Oakland County Michigan
80 00 04 00 FD 00 08 00 1B 5F 3A 09

Taking the lower 6 bits of the first byte (byte 0) gives you a value of 0, which is a group voice grant
Second byte is the Manufacturer id. Value of 00 is a standard packet
Talkgroup ID is bytes 5 & 6.
Radio ID is bytes 7, 8 & 9
Bytes 10 & 11 are 16 bit CRC.

A lot of the messages have that radio ID in that position.

Mike
 

Jay911

.
Joined
Feb 15, 2002
Messages
9,183
Location
Bragg Creek, Alberta
Thanks to all of you who helped in this thread and elsewhere, I'm decoding control messages myself now. :) I find it fun as hell to figure out some of the stuff - yes PRO96COM does it, but I had over a gigabyte of data I ran on my HP1 earlier this year which I can't just stuff into PRO96COM from ASCII input (or if I can, please tell me how!).

The documents I have obtained imply that only the 2nd byte (out of 12 bytes) is manufacturer ID, but all the data I am getting from the HP1 logs is 13 bytes long with an extra byte after mfr ID and before the data (which should begin in the "third" byte as per the documentation). Change in the standard or is the HP1 sending out screwy data?

Example - here's the 3 "IDEN" messages for a system I was examining tonight.

"34,B4000586406404CDDBC01D0B"
"34,B400150DC0640501BD0049AB"
"34,B4002586406405698944C85A"

That's as the HP1 delivers the data (in the activity log text file). IDEN number begins with the "05", "15", or "25" group - one group later than the standards document says it should.

Several different systems (logged with my HP1) I have examined exhibit this.

EDIT: I just realized my error - I've been counting the "34," part as the first byte and thought "B4" was the manufacturer ID. My bad!
 
Last edited:

mikey60

Member
Joined
Sep 15, 2003
Messages
3,515
Location
Oakland County Michigan
B4000586406404CDDBC01D0B

Table 0
Base: 403.000000 Mhz
TX Offset: +5.00000 MHz
Spacing: 12.5KHz

B400150DC0640501BD0049AB

Table: 1
Base: 420.00000 MHz
TX Offset: -11.00000 MHz
Spacing: 12.5KHz

B4002586406405698944C85A

Table: 2
Base: 454.01250 MHz
TX Offset: +5.00000MHz
Spacing: 12.5 KHz
 

WayneH

Forums Veteran
Super Moderator
Joined
Dec 16, 2000
Messages
7,464
Location
Sitting in an airport somewhere
Now if we could get such detailed info on the Motorola Type-II data...
There are a couple of us on here that know it well. I can identify around - ahh, roughly - 95% of the data sent out. But you are right, none of us have written anything on it. I have a ton of notes but no definitive guide.

I'm open to queries so someone can hit me up privately if they want to know more.
 

SCPD

QRT
Joined
Feb 24, 2001
Messages
65,126
Location
Virginia
I notice that I'm getting Group Voice Grants about every second for the manufacturer id that is the SAME as the system id. Do I ignore these? Why do these occur? Also, I'm getting doubles of every grant. Is this normal?
 

SCPD

QRT
Joined
Feb 24, 2001
Messages
65,126
Location
Virginia
I guess I should have checked Pro96Com's dump first. It looks like I'm picking up Group channel grants AND patch information both. How do I separate these?

Patch: 00 90 02 59 02 5A 02 59 02 5A 35 78
Non-Patch: 00 00 04 00 97 00 08 00 1B 5F 07 27

I can see 00 90 vs 00 00 but I was told the OpCode is in byte. How do I know the difference?
 

mikey60

Member
Joined
Sep 15, 2003
Messages
3,515
Location
Oakland County Michigan
The OpCode is the lower 6 bits of Byte 0. The MFGID is Byte 1. You have to look at both of those pieces of information to be able to decode the TSBK.

In this case:
Patch: 00 90 02 59 02 5A 02 59 02 5A 35 78

OpCode is 0x00, Mfg ID is 0x90. This is a Motorola Specific (non-standard) TSBK.
This one is a patch announcement that tells which talkgroups are patched to another.

In this case:
Non-Patch: 00 00 04 00 97 00 08 00 1B 5F 07 27

OpCode is 0x00, MFGID is 0x00
This is a standard P25 TSBK and should be the same on all manufacturer's systems.
This one is an initial voice grant. You'll only see this at the beginning of each PTT. While the conversation is in progress, you'll only see voice grant updates.

Mike
 

SCPD

QRT
Joined
Feb 24, 2001
Messages
65,126
Location
Virginia
Wow, I can't thank you enough Mike. Before this post, I had no idea what these P25 messages meant and what octets were, bytes, bits, that so much information could be held in a byte, etc... Above it was stated that I could use Pro96Com to figure out what different messages are. I can successfully ID the messages but have no way of finding out what information is contained in them. The two PDF links provided only give so many (EG: They don't say what information is in a voice grant update). Any idea where I can find out the information in them?

Also, is it normal for me to receive double data for each P25 line or should I look into this for my serial port communications?

My last question is in a unit registration response, the RV is defined as 1 bit but looks like it requires 2 bits. Which two bits do I use to define it?

Thanks a lot and this is fun learning for myself and mostly from others.
 

SCPD

QRT
Joined
Feb 24, 2001
Messages
65,126
Location
Virginia
My last question is in a unit registration response, the RV is defined as 1 bit but looks like it requires 2 bits. Which two bits do I use to define it?
From the horse's mouth ...

"RV (octet 2 bits 4 and 5) is the Registration Value."
 

SCPD

QRT
Joined
Feb 24, 2001
Messages
65,126
Location
Virginia
One problem that keeps getting to me right now is I'm getting double data for everything. Up until this point I thought it was my program or how I was retrieving the data but I opened up PUTTY to read the serial port and the same thing happens there. Is it normal behavior to get double messages and why do programs like Pro96Com and Unitrunker seem to only get it once. Same data I'm getting is:


P25:T0001:05900000000000000000D1C3
P25:T0001:3B0000BEE0014401B970012A
P25:T0001:96000040FFFFFFFF0001BBFF
P25:T0001:020000FD0006018700086014
P25:T0001:3A00001144010101B97014D9
P25:T0001:809002590259025A025956AD
P25:T0001:3D000322D0320A2510A263A0
P25:T0001:09900A00000000000000A7C1
P25:T0001:8590000000000000000035F7
P25:T0001:3B0000BEE0014401B970012A
P25:T0001:16000040FFFFFFFF00015FCB
P25:T0001:820000FD0006018700088420
P25:T0001:3A00001144010101B97014D9
P25:T0001:00900259025A0259025A3578
P25:T0001:BD001325E032091B94C412AC
P25:T0001:3C00003144010405E57022C7
P25:T0001:3900010101B3040139040FDC
P25:T0001:89900C8000000000000068C7
P25:T0001:05900000000000000000D1C3
P25:T0001:3B0000BEE0014401B970012A
P25:T0001:96000040FFFFFFFF0001BBFF
P25:T0001:020000FD0006018700086014
P25:T0001:000004007D00070006624C22
P25:T0001:BA00001144010101B970F0ED
P25:T0001:009002590259025A0259B299
P25:T0001:000004007D00070006624C22
P25:T0001:BD000322D0320A2510A28794
P25:T0001:09900C800000000000008CF3
P25:T0001:0200007D000700FD0006E90F
P25:T0001:8590000000000000000035F7
P25:T0001:3B0000BEE0014401B970012A
P25:T0001:16000040FFFFFFFF00015FCB
P25:T0001:820001870008007D0007D8BC
P25:T0001:3A00001144010101B97014D9
P25:T0001:00900259025A0259025A3578
P25:T0001:BD001325E032091B94C412AC
P25:T0001:09900B400000000000003DFE
P25:T0001:020000FD0006018700086014
P25:T0001:8590000000000000000035F7
P25:T0001:3B0000BEE0014401B970012A
P25:T0001:16000040FFFFFFFF00015FCB
P25:T0001:8200007D000700FD00060D3B
P25:T0001:3A00001144010101B97014D9
P25:T0001:009002590259025A0259B299
P25:T0001:BD000322D0320A2510A28794
P25:T0001:3C00003144010304D1708D8B
P25:T0001:3900010101D70401B3046B55
P25:T0001:89900DC0000000000000F2F8
P25:T0001:020001870008007D00073C88
P25:T0001:05900000000000000000D1C3
P25:T0001:BB0000BEE0014401B970E51E
P25:T0001:16000040FFFFFFFF00015FCB
P25:T0001:020000FD0006018700086014
P25:T0001:BA00001144010101B970F0ED

As you can see there are entries that repeat after 17 messages in between them.
 

mikey60

Member
Joined
Sep 15, 2003
Messages
3,515
Location
Oakland County Michigan
Many messages do repeat on a regular basis. That's how the radio's know they are on the correct system. Just looking at those I can tell you the SysID is 144, and the WACN is BEE00. Pro96Com will just update the information internally if it changes, otherwise it ignores the duplicates.

Mike
 

SCPD

QRT
Joined
Feb 24, 2001
Messages
65,126
Location
Virginia
I guess that makes sense. I don't know why unit registration would require duplicates but I guess when I write my library I'll just have to create a list and when that list changes it'll set off a delegate/event.

My last 2 questions (so I can stop bombing you trying to figure everything out) is if I do try and buy the TIA for P25, will it lay everything out the same as the above PDF's? I don't want to buy the book and not be able to understand it. Is there anything cheaper then the $400 (or what ever the higher price is). Maybe someone who published the standards for a cheaper price?

Also, above it was stated that I could use Pro96Com to figure out what different messages are. I can successfully ID the messages but have no way of finding out what information is contained in them and in what position. The two PDF links provided only give so many (EG: They don't say what information is in a voice grant update). Any idea where I can find out the information in them or is asking here (bugging everyone) and buying the standard the only way?
 

Jay911

.
Joined
Feb 15, 2002
Messages
9,183
Location
Bragg Creek, Alberta
Is there any way to tell if this is a legitimate message or just spurious junk? A lot of messages around this one in the HP1 log state "Receive error". This system has been completely idle every time I've monitored it ever since I discovered it nearby a few months ago. Also, LCN 1423 is not licensed to the user (the CC is LCN 312) nor is it even a valid frequency in Canada.

12/21/2011 13:02:13 "04,0400058F781401A52480CC3B" Unit To Unit Voice Channel Grant Lcn:1423 Tad:7869441 Sad:10822784

I suspect the target and source addresses are close to or outside their limits which is one of the ways I was hoping I could discard this as false data.
 
Status
Not open for further replies.
Top