• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

P25 cryptography security video - RUXCON 2011

Status
Not open for further replies.

MattSR

Member
Premium Subscriber
Joined
Jul 26, 2002
Messages
385
Location
Sydney, Australia
Hi All,

This is a video of a presentation I recently did at a security conference in Melbourne, Australia. In the audience were various Federal and State police agencies, as well as the Aussie equivalent of the NSA (we call them the DSD)

Ruxcon 2011: APCO P25 Security Revisited: The Practical Attacks - YouTube

It includes a demo of DES-OFB decryption done in entirely in GNUradio on a PC (yes the voice traffic is recovered and played through the PA system)

Everything in the presentation is correct and verifiable from the references in the security paper we published earlier this year.

Please note - I don't want this thread to degrade into a "crypto can't be broken" war. The point of this video is to educate and inform people about how things work in reality. The silence known plaintext attack works and is verified in the video as working with DES-OFB.

Regards,
Matt
 

nycap

Member
Joined
Mar 13, 2008
Messages
196
Hi All,

This is a video of a presentation I recently did at a security conference in Melbourne, Australia. In the audience were various Federal and State police agencies, as well as the Aussie equivalent of the NSA (we call them the DSD)

Ruxcon 2011: APCO P25 Security Revisited: The Practical Attacks - YouTube

It includes a demo of DES-OFB decryption done in entirely in GNUradio on a PC (yes the voice traffic is recovered and played through the PA system)

Everything in the presentation is correct and verifiable from the references in the security paper we published earlier this year.

Please note - I don't want this thread to degrade into a "crypto can't be broken" war. The point of this video is to educate and inform people about how things work in reality. The silence known plaintext attack works and is verified in the video as working with DES-OFB.

Regards,
Matt
but what gear do you use to compare the plain text to the cypher text and how long does it take to retreive the key?
 

mancow

Member
Database Admin
Joined
Feb 19, 2003
Messages
5,940
Location
N.E. Kansas
That's wild. 345 billion keys!

What about ADP, has anyone messed with that?
 

MattSR

Member
Premium Subscriber
Joined
Jul 26, 2002
Messages
385
Location
Sydney, Australia
Watch the presentation at 21:24 mins. The ADP algorithm is explained and the ley recovery done using Nvidia GPUs.
 
Last edited:

nycap

Member
Joined
Mar 13, 2008
Messages
196
my hats off to you sir. i am assuming this will crack RC within hours? did you program the FPGAs or is there a ready made key recovery program available?
 

jets1961

Member
Joined
Jan 21, 2002
Messages
152
Could someone jog my memory, what is the cypher strength of DES-OFB encryption?

I will review the complete video tonight but I have to ask was it done in real time. So was the key unknown and deciphered in real time? I did look at that part of the video and that is the way it appears.

Thanks, Joe
 

nycap

Member
Joined
Mar 13, 2008
Messages
196
it takes a couple days to get the key. then you put the key in the radio and listen in real time.
 
Joined
Dec 18, 2011
Messages
35
Forum should add ability to edit previous posts.
Price 100-200k, and considering only 56des, and the fact that codes are changed daily or multiple times a day, save your money.
 

pepsima1

Completely Banned for the Greater Good
Banned
Joined
Nov 19, 2008
Messages
1,076
Location
Pimp County, Neveda
Hi All,

This is a video of a presentation I recently did at a security conference in Melbourne, Australia. In the audience were various Federal and State police agencies, as well as the Aussie equivalent of the NSA (we call them the DSD)

Ruxcon 2011: APCO P25 Security Revisited: The Practical Attacks - YouTube

It includes a demo of DES-OFB decryption done in entirely in GNUradio on a PC (yes the voice traffic is recovered and played through the PA system)

Everything in the presentation is correct and verifiable from the references in the security paper we published earlier this year.

Please note - I don't want this thread to degrade into a "crypto can't be broken" war. The point of this video is to educate and inform people about how things work in reality. The silence known plaintext attack works and is verified in the video as working with DES-OFB.

Regards,
Matt
Matt: I was just wondering if anything more has come to light about this technology since this was released a couple of years ago for the scanning community on encryption?? This is awesome technology
 

balibago

Completely Banned for the Greater Good
Banned
Joined
Jan 13, 2008
Messages
216
Location
New Iberia
A lot of these agencies have gone ADP which at the very least we could monitor covertly. Time to give us good guys a break.
 

brandon

Member
Database Admin
Joined
Dec 19, 2002
Messages
3,462
Location
SoCal

MattSR

Member
Premium Subscriber
Joined
Jul 26, 2002
Messages
385
Location
Sydney, Australia
That's the exact website for the exact project that the video and thread is about, and it's my yellow XTS5000 in that video too.

Getting the keys recovered is the whole point of the OP25 project....
 

balibago

Completely Banned for the Greater Good
Banned
Joined
Jan 13, 2008
Messages
216
Location
New Iberia
Is there any way an ADP for dummies download or book will ever come out. It looks like you have to be sort of a math or computer wiz to do this. Our big problem here in the states is these agencies using ADP to "cover their asses". There is no real need to keep the 2 percent or so Americans who scan from listening in.
 

balibago

Completely Banned for the Greater Good
Banned
Joined
Jan 13, 2008
Messages
216
Location
New Iberia
You don't need a super computer

This ADP encryption doesn't require a super computer to break. However what is needed is some type of black hat software which can emulate the logic in the cipher as well as software to do the search of the 1 Trillion (not so big a number nowadays) or so keys in it and check them against the standard moment of silence which all P25 radios have at the end of their transmissions. It amazes me to no end how some hacker has not stepped up to the plate and put such a program out there in the wild so to speak.
 
Status
Not open for further replies.
Top