- Status
Could you define what you mean by 'police software'. Software to help you upload data to your scanner, software to allow you to monitor information sent to their car computers. Kind of a broad general question so don't expect too many informative answers.
b7spectra
EMS Dispatcher
Brace yourself, all the self rightous board police will get you for that request!
In a nut shell, the FCC says it's illegal to intercept and decode MDT (Mobile Data Terminals) traffic. There is software out there, but, as any politician will tell you, it's not illegal unless you get caught.
In a nut shell, the FCC says it's illegal to intercept and decode MDT (Mobile Data Terminals) traffic. There is software out there, but, as any politician will tell you, it's not illegal unless you get caught.
I've been trying to find information on this subject myself, even if I can't specifically decode the police data, I am still interested to know about data transmissions over radio.
I am a computer guy, and I am just recently picking up radio as a hobby, incorporating the two past the ability to program my scanner would really be a huge lift in me getting into this hobby.
But I am finding that a great deal of effort has gone into preventing people from finding information on the subject, all I can find is old websites that consider a P2 an extremely fast computer and dead links and stories about Bill Cheek.
Admittedly my original interest was to decode police MDT transmissions, but all the secrecy has bumped this to a level of scientific interest for me.
I am a computer guy, and I am just recently picking up radio as a hobby, incorporating the two past the ability to program my scanner would really be a huge lift in me getting into this hobby.
But I am finding that a great deal of effort has gone into preventing people from finding information on the subject, all I can find is old websites that consider a P2 an extremely fast computer and dead links and stories about Bill Cheek.
Admittedly my original interest was to decode police MDT transmissions, but all the secrecy has bumped this to a level of scientific interest for me.
Can you say, "encryption?" MDTs are not passive units. They require valid two-way handshake traffic and polling and update responses which are also encrypted, and they're set up to operate in various levels of systems through various levels of encryption. They require a valid unit ESN log-in to the MDT system just to get access to these handshake and polling levels.
To get past the encryption of the moment, you would need not only the current version of the particular MDT system software and a valid operator log-in for it, you would also need the current version of the particular CAD system software and a valid log-in for that. Without all these elements, all an MDT will do is find the control channel and sit there and indicate there's a data system/control channel on the frequency. If you really wanted to push the envelope, you would need the current version of the NCIC software and access codes, and some authorized individual's ID and passwords to access the national crime database that is further encrypted.
The software for each is proprietary, has system unique properties, is expensive as hell, and is illegal to possess. Since you don't have the system software or the CAD software for your computer and because scanners don't TX and therefore can't do the valid handshake or polling responses and log-ins, there's not much way to get the many levels of decryption codes of the moment that may be in those transactions so that you'd be able to read the traffic.
The wants/warrants search traffic on the MDTs may contain data from the National Crime Information Center, and since the national law enforcement crime computer system and its records and messages and inquiries are all off-limits to anyone without the requisite certifications and authorizations, the traffic is further encrypted to protect what may be sensitive case material and anything that is not yet public record.
Bottom line = it's a really bad idea. You would think "they don't want us to know what's behind the green door."
To get past the encryption of the moment, you would need not only the current version of the particular MDT system software and a valid operator log-in for it, you would also need the current version of the particular CAD system software and a valid log-in for that. Without all these elements, all an MDT will do is find the control channel and sit there and indicate there's a data system/control channel on the frequency. If you really wanted to push the envelope, you would need the current version of the NCIC software and access codes, and some authorized individual's ID and passwords to access the national crime database that is further encrypted.
The software for each is proprietary, has system unique properties, is expensive as hell, and is illegal to possess. Since you don't have the system software or the CAD software for your computer and because scanners don't TX and therefore can't do the valid handshake or polling responses and log-ins, there's not much way to get the many levels of decryption codes of the moment that may be in those transactions so that you'd be able to read the traffic.
The wants/warrants search traffic on the MDTs may contain data from the National Crime Information Center, and since the national law enforcement crime computer system and its records and messages and inquiries are all off-limits to anyone without the requisite certifications and authorizations, the traffic is further encrypted to protect what may be sensitive case material and anything that is not yet public record.
Bottom line = it's a really bad idea. You would think "they don't want us to know what's behind the green door."
Last edited:
Yep, the systems are inspected for security prior to NCIC tie in and audited to insure security and compliance.
In short... it isn't going to happen.
In short... it isn't going to happen.
A lot of MDT systems operate off of the cellular network. So first one would have to somehow decode that then do what the other users said. Next to impossible and not worth it for pointless boring information.
I agree that attempting to intercept the MDT traffic is first illegal and second very difficult to do even if you want to violate the law.
But given the overall legality of it if one did go out and pursue breaking in and got caught, you would probably face more jail time for the patent and copyright infringements than breaking into the law enforcement system. Doesn't make sense, but that is life anymore.
Renagde361, if you are really interested in data over radio, there are two very common areas you can dabble in. First is the typical wireless network, you know the ones in many houses or that were used to allow 41 million credit card and debit card numbers to be compromised. The second is the broadband service provided by most cell companies.
But given the overall legality of it if one did go out and pursue breaking in and got caught, you would probably face more jail time for the patent and copyright infringements than breaking into the law enforcement system. Doesn't make sense, but that is life anymore.
Renagde361, if you are really interested in data over radio, there are two very common areas you can dabble in. First is the typical wireless network, you know the ones in many houses or that were used to allow 41 million credit card and debit card numbers to be compromised. The second is the broadband service provided by most cell companies.
If someone wants to play with legal data over radio, there are lots of ham and other stuff to decode legally. The WEFAX thread is a good start for some good clean fun 
Transmissions are never entirely needed to decrypt a WIFI WEP transmission.... Only if you want to increase your chances of accruing the key.. So in a nut shell, EVDO could be haxxed in the same context, I.E. passively. The problem lies in the encryption used. Just like how WPA is only brute forcefully cracked..
Time is the key!
Time is the key!
Perhaps I misunderstood the question, but it was my impression the OP just wanted to monitor the MDT traffic, not break into the system and run his own want/warrant checks. The encryption is certainly still an obstacle, but all that logging in and handshaking stuff would be done by the real MDTs being monitored.
I did a bit of research based on the original question. Most of what I found was old and probably very out of date. My conclusion was that if you live in an area where the police haven't updated their equipment in 20 years, you might have some luck. The original MDTs were apparently encrypted with the magical ASCII code. Lord knows how anyone would be able to break that. After that they apparently started using real encryption and sometimes the cell phone system.
And now that the US government, in its infinite wisdom, has decided all encryption research should be done by people outside the US, it is clearly illegal for anyone in the US to even attempt to break any kind of encryption. Any work on decrypting these types of transmissions would likely come from other countries where the same type of equipment is in use.
Huh? Do research on the NSA and distributed computing. Notably DES. :lol:
Oh, check my sig. on the "real radio haxxer" :lol:
Decryption is one thing. What its plain text contains is another.. In other words, it better not be labeled Secret, Classified or Top Secret. And of course not bear the weight of a possible court hearing. Like cracking SSL to gain credit card info., etc.
Last edited:
You're right...you're going to get flamed.
You want software...BUY IT.
Don't steal it.
Why are you better than anyone else...that they have to pay for software and you don't!
Idiot.
n1das
Member
It's actually not the FCC that says it's illegal.
It's illegal according to the Electronic Communications Privacy Act of 1986 (ECPA'86). Has nothing to do with FCC at all.
I'm aware of the NSA and their standing as one of the foremost encryption research bodies on the planet. I was referring to the DMCA which has effectively made it illegal to even talk about technical details of any form of encryption used to protect intellectual property.
You can't just turn the radio to the required channel and just "monitor" the MDT data through a computer that has the proper software. The point of my post above was to give a brief and less than detailed idea of how the system works and how it is that the mobile terminals are able to access the data being transmitted.
Maybe you missed the part about ENcryption coding, and that you will need the software and a valid log-in for BOTH the system level AND the CAD level, all of which requires a transmitter with a valid ESN in order to GET the current DEcryption coding so that you can "monitor" the data. Without a way to respond to polling, there's no way to get the coding updates as they occur. No DEcrypt coding, no "monitoring." None of this process has anything at all to do with running wants/warrant checks. That's another level altogether.
The system looks at the ESN of the radio to determine if it's a registered unit, then it looks at your system log-in to see if you're an authorized user. If you pass those tests, you're logged in as "active" in the system. Now you can begin your log-in to the CAD system using the last encryption coding your computer has on board. If you pass the log-in, the CAD will do the little coding change dance with your unit and you'll be logged into the CAD as "active." Then and only then will your computer be able to DEcrypt the CAD data being transmitted. As long as your computer is fully logged in, the periodic polling sessions will keep your unit logged in.
Since unit polling is individual, the little coding change dance is also frequently done with short individually encrypted exchanges, so forget a blanket coding exchange that might work for all units. Outgoing Encryption coding can be different than incoming coding, too, so add that to the mix, not that any of that would affect just receiving data so long as the incoming coding hasn't changed.
The system tracks which units have updated and which haven't. Those that haven't (like being out of range for a set number of polling intervals but not long enough to drop the system) won't have the new coding and may revert to being logged into the system but not to the CAD. No CAD log-in, no updates, so the operator has to log-in to the CAD again to get the current coding so his computer will DEcrypt properly. The system knows this MDT hasn't updated and allows it a set number of log-in attempts with the old coding before it pulls the plug. If your unit has been out of range or out of service for a sufficient period of time, and the last coding in your computer is old enough to have been discarded by the system, you'll have to call the "help desk" and get initially logged in manually by the system people. Then you can log into the CAD itself if all else is still valid.
As to plain text transmissions, those are now pretty much limited to local option preset text type status and disposition codes, if in fact any plain text is still used at all. You are correct about older systems still in service that may use plain text, but even those systems go to encryption when the data is anything dealing with secured info because that's a part of the software that allows access to the secured sites.
Maybe you missed the part about ENcryption coding, and that you will need the software and a valid log-in for BOTH the system level AND the CAD level, all of which requires a transmitter with a valid ESN in order to GET the current DEcryption coding so that you can "monitor" the data. Without a way to respond to polling, there's no way to get the coding updates as they occur. No DEcrypt coding, no "monitoring." None of this process has anything at all to do with running wants/warrant checks. That's another level altogether.
The system looks at the ESN of the radio to determine if it's a registered unit, then it looks at your system log-in to see if you're an authorized user. If you pass those tests, you're logged in as "active" in the system. Now you can begin your log-in to the CAD system using the last encryption coding your computer has on board. If you pass the log-in, the CAD will do the little coding change dance with your unit and you'll be logged into the CAD as "active." Then and only then will your computer be able to DEcrypt the CAD data being transmitted. As long as your computer is fully logged in, the periodic polling sessions will keep your unit logged in.
Since unit polling is individual, the little coding change dance is also frequently done with short individually encrypted exchanges, so forget a blanket coding exchange that might work for all units. Outgoing Encryption coding can be different than incoming coding, too, so add that to the mix, not that any of that would affect just receiving data so long as the incoming coding hasn't changed.
The system tracks which units have updated and which haven't. Those that haven't (like being out of range for a set number of polling intervals but not long enough to drop the system) won't have the new coding and may revert to being logged into the system but not to the CAD. No CAD log-in, no updates, so the operator has to log-in to the CAD again to get the current coding so his computer will DEcrypt properly. The system knows this MDT hasn't updated and allows it a set number of log-in attempts with the old coding before it pulls the plug. If your unit has been out of range or out of service for a sufficient period of time, and the last coding in your computer is old enough to have been discarded by the system, you'll have to call the "help desk" and get initially logged in manually by the system people. Then you can log into the CAD itself if all else is still valid.
As to plain text transmissions, those are now pretty much limited to local option preset text type status and disposition codes, if in fact any plain text is still used at all. You are correct about older systems still in service that may use plain text, but even those systems go to encryption when the data is anything dealing with secured info because that's a part of the software that allows access to the secured sites.
Last edited:
I'm aware of the DRM bs war that has been unleashed in this day and age, but never new about just how jaw-dropping it really is?
http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act#Impact_on_research
Talk about a total loss of freedom of speech. The way I see it, you have people who explain the vulnerabilities and thus the methods of this DRM can be improved. This is the case in Firefox or other software. Holes are found and patched. I know that because of a DEFCON presentation of a supposed lock that could never be picked, but yet this lock was shown to be picked and now the manufacture has to go back to the drawing board.
Now I guess if I gave a presentation on how to brute force a P25 system key, then I'm willing to bet they would jail me too. :roll: Communists!
Last edited:
57Bill
Member
A google search for" MTD decoder" turns up all kinds of available things.
- Status
Similar threads
