-
To anyone looking to acquire commercial radio programming software:
Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.
If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.
To obtain Motorola software see the Sticky in the Motorola forum.
The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.
For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).
This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.
Security Weakness in P25
- Thread starter DJX
- Start date
- Status
MarMatthias
Member
I agree completely. I would also add that the cost vs outright jamming will be a factor. On fully encrypted systems, I can easily see someone building hundreds of micro-jammers positioned around a target like a bank effectively crippling any police communications. With a partially encrypted system (where only TAC2 and such are encrypted), building jamming devices is too expensive.
I personally believe that full time encryption will hender more then help the police as right now, anyone with a scanner including retired police, fire, EMS, can and have responded to a call for help. There have been plenty of cases where even concern citizens have come to the aid of a officer in need. Technology only works when it is balanced with practical usage.
Last edited:
PeterGV
K1PGV
Actually, yes... the US government can access these communications at will. However, all they'll get is clear-text message headers with encrypted message bodies. Blackberries use end-to-end encryption, with the keys shared between the subscriber unit and Blackberry Enterprise Server. Each phone has a separate key. The subscriber can generate a new key at any time... from the phone, from the desktop software, or from the Enterprise Server.
The encryption algorithm is selectable: Either 3DES or AES 256. The encryption algorithm can be selected by the subscriber (from the phone) and changed at any time, or from the Server (which can force a given selection).
RIM doesn't have the keys. The FBI, CIA, NSA, and whoever else doesn't have the keys.
THAT's the big deal in various foreign countries.
Peter
K1PGV
PeterGV
K1PGV
(Google is your friend...)
The BES server is run by whatever company issues the Blackberry phones to their employees. It lives within the company's firewall and interfaces with the company's email server (Microsoft Exchange Server, for example).
While I grant that NOTHING is unbreakable, given enough resources (time, money, computing power, etc) Blackberry's really are very secure.
By the way, if you're using a Blackberry that's NOT issued by a company, you can use Blackberry Desktop Redirector... which does the same thing: Encrypts your data traffic on your computer with a key that's shared between the software and your phone.
Peter
K1PGV
The BES server is run by whatever company issues the Blackberry phones to their employees. It lives within the company's firewall and interfaces with the company's email server (Microsoft Exchange Server, for example).
While I grant that NOTHING is unbreakable, given enough resources (time, money, computing power, etc) Blackberry's really are very secure.
By the way, if you're using a Blackberry that's NOT issued by a company, you can use Blackberry Desktop Redirector... which does the same thing: Encrypts your data traffic on your computer with a key that's shared between the software and your phone.
Peter
K1PGV
kayn1n32008
ØÆSØ
Wirelessly posted (BlackBerry9630/4.7.1.57 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/109)
I believe a BES is a piece of hardware installed inconjunction within the IT hardware
I believe a BES is a piece of hardware installed inconjunction within the IT hardware
ok for the person who buys a black berry out of the store (no company server, not hooked up to a comnputer at home) and texts, talks and emails on it. its all encryped right. Now most recently it was Dubai if my memory serves me right. india before that. these contries didnt allow these devices becuase what? Was it becuase RIM wouldnt let them have access to the UNENCRYPTED data? if my memory serves me right yes that was the issue. the corporation would not provide those governents with access to the unencrypted data from the devices.
so has there ever been this issue in north, centra,l or south america? no. becasue RIM allows the goverment access to the unencrypted data coming and going from those devices AND the location of the device. remember the 1994 telecom act, patriot act, fisa reform act? do you know what "roving tap" is? well they dont need a warrant anymore for one thanks to the above mentioned laws. if you dont think this is going on i dont know what i can do for you.
so has there ever been this issue in north, centra,l or south america? no. becasue RIM allows the goverment access to the unencrypted data coming and going from those devices AND the location of the device. remember the 1994 telecom act, patriot act, fisa reform act? do you know what "roving tap" is? well they dont need a warrant anymore for one thanks to the above mentioned laws. if you dont think this is going on i dont know what i can do for you.
PeterGV
K1PGV
So, tell me: How CAN this work for Corporate users who run their own BES? The data is encrypted using end-to-end using AES-256 and the key can be changed arbitrarily. Unless you believe (a) that RIM is lying and that AES-256 isn't REALLY being used (seems to me that'd be pretty clear to people pretty quickly, as I trust this would be evident from a simple cryptographic analysis), or (b) that RIM is encrypting the data properly, but is ALSO sending the data for every message in clear form to the government (provably false by looking at the traffic that passes an enterprise firewall)... I don't see how it could be possible. I know a bit about this topic, but I am by no means an expert, so I look forward to hearing the technical details of how this works.
And to the best of my knowledge, the end-to-end encryption is the same for individual users (using desktop redirector).
I've been told the same thing by other people who claim that Queen Elizabeth and George Bush are both members of a race of humanoid reptillians that control all of society. Seriously, I have.
We all will believe what we believe. I'm good with that.
Peter
K1PGV
PeterGV
K1PGV
Hello.
Way off base with a lot of wrong assumptions.
Sure, one can transmit a massage "in the clear", and encrypted units will hear it.
But, have you tried this?
The radio will indicate that this is a clear voice transmission as a mode change.
Next, encryption.
P-25 is a standard for the physical layer of both analog and digital communications, the Common Air Interface, or CAI.
It is also a pair of inter-operable trunking standards.
Lets say you jam a control channel.
The radios simply hunt for another control channel, while the site deals with a control channel failure.
In P-25, like in most trunking systems, the control channel can be moved within the channel groups.
Loss of the control channel and no way to restore it will cause a trunking failure and the system will assign radios to dynamic talk groups on a channel by channel basis.
At that point, selecting a differing talk group is actually switching frequencies, in effect, a conventional system for the duration of the failure.
Failing that, the radios drop into full conventional mode, the site is now a true repeater and nothing more, talk around is now an option.
If even that does not work the entire system can be set for talk around.
In this mode the site can hear the units in the field as well as the reverse but unless units are close together they can not hear each other.
In San Antonio Texas it is a mixed system, both P-25 and ProVoice.
All of the local area radios can do both modes, the operator does nothing to select this.
Project 25 - Wikipedia, the free encyclopedia
Way off base with a lot of wrong assumptions.
Sure, one can transmit a massage "in the clear", and encrypted units will hear it.
But, have you tried this?
The radio will indicate that this is a clear voice transmission as a mode change.
Next, encryption.
P-25 is a standard for the physical layer of both analog and digital communications, the Common Air Interface, or CAI.
It is also a pair of inter-operable trunking standards.
Lets say you jam a control channel.
The radios simply hunt for another control channel, while the site deals with a control channel failure.
In P-25, like in most trunking systems, the control channel can be moved within the channel groups.
Loss of the control channel and no way to restore it will cause a trunking failure and the system will assign radios to dynamic talk groups on a channel by channel basis.
At that point, selecting a differing talk group is actually switching frequencies, in effect, a conventional system for the duration of the failure.
Failing that, the radios drop into full conventional mode, the site is now a true repeater and nothing more, talk around is now an option.
If even that does not work the entire system can be set for talk around.
In this mode the site can hear the units in the field as well as the reverse but unless units are close together they can not hear each other.
In San Antonio Texas it is a mixed system, both P-25 and ProVoice.
All of the local area radios can do both modes, the operator does nothing to select this.
Project 25 - Wikipedia, the free encyclopedia
Hooligan
Member
Yes, I have tried it (during a penetration test), & was successful in intruding into the net & injecting info to alter the correct course of action. What helped me a lot is that one legit net participant was transmitting in the clear, which provided me with good timing & context for my intrusion.
Posters here indicate that DES-OFB can be broken with ease and laugh at anyone who thinks its secure. And P25 is open to attack with simple methods. Maybe US public safety should start to look at TETRA. I understand it can not be monitored, and a big plus is mobiles work as a gateway so there would be far less towers needed as you would only need to provide mobile level coverage. That's a huge savings when you consider the cost of site equipment and the associated service contracts for equipment and software. Also the TETRA subscriber radios are cheaper. This is good for government – cheaper, more secure, and less frequencies needed – but horrible for the scanner enthusiasts.
In regards to clear / coded transmissions on the same talkgroup, resulting in users accidently transmitting in the clear - why not set up the radio to be forced coded on the talkgroup? Then the switch position won't matter. Furthermore a TG on a moto system can be set to clear or coded only in net management. For example if a TG was set to coded only and a user tries to transmit clear it will be rejected.
In regards to clear / coded transmissions on the same talkgroup, resulting in users accidently transmitting in the clear - why not set up the radio to be forced coded on the talkgroup? Then the switch position won't matter. Furthermore a TG on a moto system can be set to clear or coded only in net management. For example if a TG was set to coded only and a user tries to transmit clear it will be rejected.
Last edited:
Those posters are wrong, and I laugh at anyone who believes something on a forum posted without evidence.
Raccon
Member
- Joined
- Mar 1, 2005
- Messages
- 408
Only if it's encrypted it can't be monitored. Encryption in TETRA is optional, though most public safety organizations usually will request for that option.
Certain mobiles can work as a gateway and it might be fine for voice comms, however depending on the needs of the user organization many features that require infrastructure support won't work if the radios are not registered to the system (e.g packet data transfer, sending GPS location to the control room, displaying certain information about individual radios at the dispatcher console etc.).
Agreed, will believe it when I see it. With that said, the gentleman in post #26 in this thread has posted some evidence, although I am skeptical to try and open it.
MattSR
Member
lol.
As ive already said multiple times, the attack on DES-OFB is being published as part of a PHD thesis, and a white paper that will be presented at a tier one security conference, and also as a presentation at the RUXCON security conference last year.
Thats THREE places the work has been published and peer reviewed.
But hey, if someone claims it can't be done, without any proof or investigation that this is the case, and ignores the evidence I have posted to the contrary, then not much can done. I'll just leave deluded forums posters to post their nonsense here.
Meanwhile, I'll be off submitting my next paper, or researching and hacking some other new technology while the disbelievers sit here and wank themselves while thinking their radio networks are secure when they really aren't
Keep in mind people, DES was broken 15 years ago now, and since that work was a brute force key recovery, it naturally includes ALL MODES of DES. -ECB, -OFB, -CBC etc.
As ive already said multiple times, the attack on DES-OFB is being published as part of a PHD thesis, and a white paper that will be presented at a tier one security conference, and also as a presentation at the RUXCON security conference last year.
Thats THREE places the work has been published and peer reviewed.
But hey, if someone claims it can't be done, without any proof or investigation that this is the case, and ignores the evidence I have posted to the contrary, then not much can done. I'll just leave deluded forums posters to post their nonsense here.
Meanwhile, I'll be off submitting my next paper, or researching and hacking some other new technology while the disbelievers sit here and wank themselves while thinking their radio networks are secure when they really aren't
Keep in mind people, DES was broken 15 years ago now, and since that work was a brute force key recovery, it naturally includes ALL MODES of DES. -ECB, -OFB, -CBC etc.
Last edited:
- Status
