• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

P25 cryptography security video - RUXCON 2011

Status
Not open for further replies.
M

MattSR

Member
Joined
Jul 26, 2002
Messages
407
Location
Sydney, Australia
Hi All,

This is a video of a presentation I recently did at a security conference in Melbourne, Australia. In the audience were various Federal and State police agencies, as well as the Aussie equivalent of the NSA (we call them the DSD)

Ruxcon 2011: APCO P25 Security Revisited: The Practical Attacks - YouTube

It includes a demo of DES-OFB decryption done in entirely in GNUradio on a PC (yes the voice traffic is recovered and played through the PA system)

Everything in the presentation is correct and verifiable from the references in the security paper we published earlier this year.

Please note - I don't want this thread to degrade into a "crypto can't be broken" war. The point of this video is to educate and inform people about how things work in reality. The silence known plaintext attack works and is verified in the video as working with DES-OFB.

Regards,
Matt
 
N

nycap

Member
Joined
Mar 13, 2008
Messages
196
MattSR said:
Hi All,

This is a video of a presentation I recently did at a security conference in Melbourne, Australia. In the audience were various Federal and State police agencies, as well as the Aussie equivalent of the NSA (we call them the DSD)

Ruxcon 2011: APCO P25 Security Revisited: The Practical Attacks - YouTube

It includes a demo of DES-OFB decryption done in entirely in GNUradio on a PC (yes the voice traffic is recovered and played through the PA system)

Everything in the presentation is correct and verifiable from the references in the security paper we published earlier this year.

Please note - I don't want this thread to degrade into a "crypto can't be broken" war. The point of this video is to educate and inform people about how things work in reality. The silence known plaintext attack works and is verified in the video as working with DES-OFB.

Regards,
Matt
Click to expand...

but what gear do you use to compare the plain text to the cypher text and how long does it take to retreive the key?
 
mancow

mancow

Member
Database Admin
Joined
Feb 19, 2003
Messages
6,880
Location
N.E. Kansas
That's wild. 345 billion keys!

What about ADP, has anyone messed with that?
 
M

MattSR

Member
Joined
Jul 26, 2002
Messages
407
Location
Sydney, Australia
Watch the presentation at 21:24 mins. The ADP algorithm is explained and the ley recovery done using Nvidia GPUs.
 
Last edited:
N

nycap

Member
Joined
Mar 13, 2008
Messages
196
my hats off to you sir. i am assuming this will crack RC within hours? did you program the FPGAs or is there a ready made key recovery program available?
 
J

jets1961

Member
Joined
Jan 21, 2002
Messages
224
Could someone jog my memory, what is the cypher strength of DES-OFB encryption?

I will review the complete video tonight but I have to ask was it done in real time. So was the key unknown and deciphered in real time? I did look at that part of the video and that is the way it appears.

Thanks, Joe
 
N

nycap

Member
Joined
Mar 13, 2008
Messages
196
it takes a couple days to get the key. then you put the key in the radio and listen in real time.
 
R

RadioFlyer2012

Member
Joined
Dec 18, 2011
Messages
35
Forum should add ability to edit previous posts.
Price 100-200k, and considering only 56des, and the fact that codes are changed daily or multiple times a day, save your money.
 
P

pepsima1

Completely Banned for the Greater Good
Banned
Joined
Nov 19, 2008
Messages
1,078
Location
Pimp County, Neveda
MattSR said:
Hi All,

This is a video of a presentation I recently did at a security conference in Melbourne, Australia. In the audience were various Federal and State police agencies, as well as the Aussie equivalent of the NSA (we call them the DSD)

Ruxcon 2011: APCO P25 Security Revisited: The Practical Attacks - YouTube

It includes a demo of DES-OFB decryption done in entirely in GNUradio on a PC (yes the voice traffic is recovered and played through the PA system)

Everything in the presentation is correct and verifiable from the references in the security paper we published earlier this year.

Please note - I don't want this thread to degrade into a "crypto can't be broken" war. The point of this video is to educate and inform people about how things work in reality. The silence known plaintext attack works and is verified in the video as working with DES-OFB.

Regards,
Matt
Click to expand...

Matt: I was just wondering if anything more has come to light about this technology since this was released a couple of years ago for the scanning community on encryption?? This is awesome technology
 
B

balibago

Completely Banned for the Greater Good
Banned
Joined
Jan 13, 2008
Messages
220
Location
New Iberia
A lot of these agencies have gone ADP which at the very least we could monitor covertly. Time to give us good guys a break.
 
brandon

brandon

Member
Database Admin
Joined
Dec 19, 2002
Messages
3,511
Location
SoCal
M

MattSR

Member
Joined
Jul 26, 2002
Messages
407
Location
Sydney, Australia
That's the exact website for the exact project that the video and thread is about, and it's my yellow XTS5000 in that video too.

Getting the keys recovered is the whole point of the OP25 project....
 
B

balibago

Completely Banned for the Greater Good
Banned
Joined
Jan 13, 2008
Messages
220
Location
New Iberia
Is there any way an ADP for dummies download or book will ever come out. It looks like you have to be sort of a math or computer wiz to do this. Our big problem here in the states is these agencies using ADP to "cover their asses". There is no real need to keep the 2 percent or so Americans who scan from listening in.
 
B

balibago

Completely Banned for the Greater Good
Banned
Joined
Jan 13, 2008
Messages
220
Location
New Iberia
You don't need a super computer

This ADP encryption doesn't require a super computer to break. However what is needed is some type of black hat software which can emulate the logic in the cipher as well as software to do the search of the 1 Trillion (not so big a number nowadays) or so keys in it and check them against the standard moment of silence which all P25 radios have at the end of their transmissions. It amazes me to no end how some hacker has not stepped up to the plate and put such a program out there in the wild so to speak.
 
Status
Not open for further replies.

Similar threads

M
  • Locked
Hacking with GNUradio videos - RUXCON 2011
Replies
0
Views
2K
MattSR
M
ntnahed
  • Locked
P25 Security Weaknesses VIDEO
Replies
5
Views
3K
com501
com501
Anon6083
  • Locked
Security Researchers Crack APCO P25 Encryption
Replies
0
Views
255
Anon6083
Anon6083
S
  • Locked
Security Researches crack APCO P25 Encryption
Replies
1
Views
5K
WayneH
WayneH
Top