• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

Russian Military using Motorola DigitalšŸ‘€

Status
Not open for further replies.
RFI-EMI-GUY

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
7,386
kayn1n32008 said:
This is the correct answer. I doubt the algorithm has been defeated.
Click to expand...
There has been a lot of speculation about "known plaintext" attacks on AES (and DES) . The weak point being certain data created by the Vocoder such as silence and control bits. I would not dismiss the capabilities of a determined adversary.
 
J

jimmy9999

Member
Joined
Oct 10, 2023
Messages
39
Bowlieweekender said:
they started with Motorola and Hytera mostly simplex though the radio's are expensive and no radioman in the field any longer believes that AES-256 is actually secure so an alternative solution was sought.
Click to expand...
Why do you say "no radioman in the field any longer believes that AES-256 is actually secure ?"
256-bit key, which takes more years to find the key to the number of stars in the universe, etc.
 
Bowlieweekender

Bowlieweekender

Encryption is Easy - Key Management is Hard
Premium Subscriber
Joined
Aug 6, 2006
Messages
70
Location
Prineville Oregon
That's what Fort Meade wants you to believe, so you go right ahead believing that. Same goes for Tetra TEA1/2/3 for those outside the US.
 
ElroyJetson

ElroyJetson

Getting tired of all the stupidity.
Joined
Sep 8, 2002
Messages
3,881
Location
Somewhere between the Scylla and Charybdis
The complete AES-256 algorithm and "source code" for AES has been in the public domain for years. Nobody has yet found a back door to it.
That's probably an indicator that there isn't one.
Be sure that a lot of REALLY smart researchers have gone hunting for that particular snipe.

So far, no snipe has been found.
 
J

jimmy9999

Member
Joined
Oct 10, 2023
Messages
39
ElroyJetson said:
The complete AES-256 algorithm and "source code" for AES has been in the public domain for years. Nobody has yet found a back door to it.
That's probably an indicator that there isn't one.
Be sure that a lot of REALLY smart researchers have gone hunting for that particular snipe.

So far, no snipe has been found.
Click to expand...
I'm not talking about backdoor in the algorithm itself, but in the implementation in radios, like for example the backdoor I found in Motorola's LFSR RC4.

forums.radioreference.com

I found a bug in Motorola DMRA ARC4

I found a bug in Motorola DMRA ARC4 Encryption. The bug is present in the standard, so it is found in all manufacturers who use the DMRA ARC4 standard. The DMRA standard uses an LFSR to generate 32 hit IVs. An IV (Initialization Vector) should only be repeated after 4 billion times (2 to the...
forums.radioreference.com forums.radioreference.com

No independent researchers have verified the AES implementations in the radios themselves. The fact that the radios are interoperable does not guarantee the absence of a backdoor. One bit of the key can be delivered randomly in each AMBE frame, as explained here:

Bckdoor

cryptomuseum.com cryptomuseum.com
 
K

kayn1n32008

ƘƆSƘ Say it, say 'ENCRYPTION'
Joined
Sep 20, 2008
Messages
6,825
Location
Sector 001
RFI-EMI-GUY said:
There has been a lot of speculation about "known plaintext" attacks on AES (and DES) . The weak point being certain data created by the Vocoder such as silence and control bits. I would not dismiss the capabilities of a determined adversary.
Click to expand...
DES is a broken algorithm, that was broken uears ago.
jimmy9999 said:
It should be remembered that Motorola has already put backdoors in Securenet DVP radios.

DVP

www.cryptomuseum.com www.cryptomuseum.com

They managed to simulate the algorithm in software and proved that it could be broken in realtime with simple methods.
Click to expand...

And DVP was an unvetted, proprietary cipher, that was weak even in the 70's. They simulated the algorithm in 2014.

Don't just quote what you think supports your position, quote it all.

Also DVP-XL was an 'export cipher'
 
K

kayn1n32008

ƘƆSƘ Say it, say 'ENCRYPTION'
Joined
Sep 20, 2008
Messages
6,825
Location
Sector 001
jimmy9999 said:
It should be remembered that Motorola has already put backdoors in Securenet DVP radios.
Click to expand...
AES is an open sourced algorithm. It has been vetted by the crypto community. DVP was a proprietary algorithm that was never subject to any sort of vetting.
 
vjkurvy

vjkurvy

KURVYNATION.COM
Premium Subscriber
Joined
Jul 6, 2013
Messages
50
Location
Ponchatoula, LA
I actually watched a video and agree with EVERYONES comments. At the start of the war, I believe they were using scattered weapons and radios. I donated a bunch of HT1000s and all baofengs that were stockpiled all over place. At the beginning (when things started to get a little more organized) I think they (Ukrainians) were swapping entire cacheā€™s of ammo and radios. The radios that were running TDMA via ā€œtrailer sitesā€ were taken back and OTA rekeyed for encryption/ or manually pushed. The Tetra radios as any Brit will tell you was a pretty stable system (up into 10 years ago was considered uncrackable). Before anyone jumps this comment, I do not know much about Tetra. I do not care what anyone ā€œthinksā€ they know about Motorola TDMA/FDA but good luck trying to listen to an actual ā€œencryptedā€ system.. ask any user with the best SDR or a actual Moto capable radio.. it canā€™t be done. You may see an Astro ID pop up but you canā€™t hear anythingā€¦
 
ElroyJetson

ElroyJetson

Getting tired of all the stupidity.
Joined
Sep 8, 2002
Messages
3,881
Location
Somewhere between the Scylla and Charybdis
The KSA (Known Silence Attack) can be rendered moot by implementing rolling keys, but ask me if or how rolling keys are implemented in a P25 environment and I'll just tell you that I don't know anything about that. Because it's the truth. I don't know.

I do know that AES is a deterministic algorithm. For a specific input, and a specific key, the output will always be the same. If the input word was, for example, "7311" in hex, with a specific key, call it key ABC123 and that caused the output to be "1234" in hex, then every time the input word is 7311 the output is 1234. As long as key ABC123 is being used.

And, there are only a limited number of sound "symbols" in the IMBE/AMBE codecs. It provides a limited range of word values, rather than all possible world values. This limits the possible number of input symbols. This implies a reduced workload required to mathematically crack the encryption, except that you still have to deal with the rolling code if implemented.

However, the weakness is not in AES itself, but in the handling of the keys. Key security is a limiting factor in system security.
 
J

jimmy9999

Member
Joined
Oct 10, 2023
Messages
39
kayn1n32008 said:
AES is an open sourced algorithm. It has been vetted by the crypto community. DVP was a proprietary algorithm that was never subject to any sort of vetting.
Click to expand...
I have the impression that you do not understand what I am saying. Do you know the difference between an algorithm and the implementation of the algorithm? The algorithm may be reliable, but the implementation may not.

The LFSR used with the algorithm may be weak, the implementation may deliberately drop bits of the key into the encrypted stream.

I get the impression that you believe that if an algorithm is reliable then there can be no backdoor, this is not the case at all.

If I took the example of the DVP it is to show that Motorola has used weak algorithms even for the US domestic market.
In addition, today, Motorola sells the same AES products in the domestic market and in the foreign market.

P25 products are bound to be reliable (no backdoors) because they are intended for public safety.
The same does not apply to DMR products intended for the domestic market.

I'm demonstrating that Motorola deliberately introduced an extra backdoor into RC4 to break it even more easily when it was already weak, but you're repeating the fact that RC4 is weak and AES is strong, whereas the backdoor was not introduced in RC4 but in the implementation of RC4 (not in the algorithm itself).
 
K

kayn1n32008

ƘƆSƘ Say it, say 'ENCRYPTION'
Joined
Sep 20, 2008
Messages
6,825
Location
Sector 001
jimmy9999 said:
I have the impression that you do not understand what I am saying. Do you know the difference between an algorithm and the implementation of the algorithm? The algorithm may be reliable, but the implementation may not.

The LFSR used with the algorithm may be weak, the implementation may deliberately drop bits of the key into the encrypted stream.
Click to expand...
Oh I do understand.

You haven't shown there is a 'back door'in the DMRA implementation of AES, and to my(albeit limited knoweledge) there has been no such weakness found in either the implementation of AES, or weakness in the cipher.
 
KevinC

KevinC

The big K
Super Moderator
Joined
Jan 7, 2001
Messages
12,385
Location
Home
kayn1n32008 said:
Oh I do understand.

You haven't shown there is a 'back door'in the DMRA implementation of AES, and to my(albeit limited knoweledge) there has been no such weakness found in either the implementation of AES, or weakness in the cipher.
Click to expand...
I heard if you use "Joshua" as your key variable it will decode all other keys. I know Joshua isn't hexadecimal, but it is the only exception to the hex requirement.
 
J

jimmy9999

Member
Joined
Oct 10, 2023
Messages
39
KevinC said:
I heard if you use "Joshua" as your key variable it will decode all other keys. I know Joshua isn't hexadecimal, but it is the only exception to the hex requirement.
Click to expand...
Don't play with this code, you risk starting a Global Thermonculear War !
 
Status
Not open for further replies.

Similar threads

N1SQB
HT1250 Warris CPS Question!
Replies
1
Views
246
ff026
F
A
New to Lower Mainland scanning. Looking for guidance with NXDN with a SDS100
Replies
3
Views
550
BC_Scan
BC_Scan
N
XTL/XTS5000 Xtl5000 head swap help
Replies
6
Views
561
nlorisch
N
B
Santa Clarita - Updates
Replies
4
Views
444
FrensicPic
F
F
Eton Elite Executive Radio issue
Replies
4
Views
266
Grunddiigg
Grunddiigg
Top