Trying to identify/decode LOCN binary format?

[avkghost]

Hi all.
In the last few days, I've found packets similar to LOCN in a binary format. I've tried to convert the data using LRRP formulas but had no luck. So, data in LAT/LON doesn't look like float/double in a little and big-endian. Has someone tried to parse data packets like this?
Packets, see below

       T|  ST|  Seq   |                | Seq|  |    LAT   |  LON   |                 
----------------------------------------------------------------------------------
01 00 01 C003 00000035 FFFFFFFFFFFFFFFF 0D1C 34 1B0818D3EF 29834A8B 60 01 00009000
01 00 01 C003 00000036 FFFFFFFFFFFFFFFF 0D1D 35 1B0818D3EF 29834A8B 60 01 00009000
01 00 01 C003 0000008D FFFFFFFFFFFFFFFF 0E38 35 1B0818EA2D 2A8360FD 5F 01 2C011101
01 00 01 C003 00000094 FFFFFFFFFFFFFFFF 0F03 34 1B0818291C 2A83C2AB 5F 01 D2004E01
01 01 01 C003 000000BA FFFFFFFFFFFFFFFF 0F29 35 1B081836A0 29834C1F 60 01 2C018D00
01 00 01 C003 000000C4 FFFFFFFFFFFFFFFF 0F33 34 1B0818EBD9 29836ADB 60 01 00003B00

01 00 01 C003 000001A9 FFFFFFFFFFFFFFFF 0D1D 1A 1B0818DAC4 29837C22 60 01 08005300
01 00 01 C003 000001AB FFFFFFFFFFFFFFFF 0D1F 1B 1B08188AC4 29839222 60 01 0900D400
01 00 01 C003 000001BC FFFFFFFFFFFFFFFF 0D32 1B 1B0818A8C4 2983BB22 60 01 03000C01
01 00 01 C003 000001C5 FFFFFFFFFFFFFFFF 0E01 1B 1B08188FC5 29839522 60 01 0100A200
01 00 01 C003 000001D2 FFFFFFFFFFFFFFFF 0E0E 1B 1B08184BC5 29839222 60 01 02006E00
01 00 01 C003 000001F5 FFFFFFFFFFFFFFFF 0E34 1C 1B0818B6C4 29839522 60 01 02009800
01 00 01 C003 000001FB FFFFFFFFFFFFFFFF 0E3A 1B 1B0818A8C4 29838522 60 01 0A00C000

Seq looks like sequences because they increase by 1 for each packet for each radio on a large amount of data analyzed.

The packet with LOCN in text format looks like

       T|  ST| Seq|                  | IDS?           |    Date + LAT + LON  in ASCII                                                      |              
-------------------------------------------------------------------------------------------------------------------------------------------
01 00 08 C003 0038 000000C5 0A 0952CA FFFFFFFFFFFFFFFF 413130343331343039303632314E343533362E323833304530313334382E35323631302E303132332B03

Where T - is probably Type, ST - is probably Subtype.
Packet headers look similar but have different lengths and payloads. The difference in T is 01 for binary and 08 for text.
FFFFFFFFFFFFFFFF - looks like IDs.

 

[DSheirer]

Are you trying to figure out the lat/long from the ASCII text format or see if the binary messages also contain lat/long, or both?

The ASCII text format seems straight forward:

413130343331343039303632314E343533362E323833304530313334382E35323631302E303132332B03
 A 1 0 4 3 1 4 0 9 0 6 2 1 N 4 5 3 6 . 2 8 3 0 E 0 1 3 4 8 . 5 2 6 1 0 . 0 1 2 3 +

N4536.2830 = 45 degrees + 36.2830 minutes = 45 + (36.2830 / 60) = 45.6047166667 N
E01348.5261 = 013 degrees + 48.5261 minutes = 13 + (48.5261 / 60) = 13.8087733333 E

45.6047166667N 13.8087733333E = Hotel Oasi in Italy?

Denny

 

[avkghost]

Are you trying to figure out the lat/long from the ASCII text format or see if the binary messages also contain lat/long, or both?

Yes, I'm. There is no problem to decode coordinates in ASCII. The packet contains ASCII data provided as example to show similarity between packets.
Sorry. I described packets but don't provide information what I did.

I tried identify/decode parts of new packets provided in a first code block. I found that byte 2 contains value 1 in packets with maybe LOCN data in binary format and 8 in packets with LOCN data in text format.

I tred to convert to float/double this part 34 1B0818D3EF 29834A8B

0x341b0818 = 1.44384e-07(little endian), 1.75913e-24(big endian)
0x1b0818d3 = 1.12577e-22 (little endian), -6.52971e+11 (big endian) 
0x0818D3E = 4.599e-34 (le), -1.30661e+29(be)
0x29834a8b = 5.8305e-14(le), -3.90025e-32(be)

LRRP calculation

0x341b0818 * 180 / 0xffffffff = 874186776 * 4,1909515867454352757766459313633e-8 = 36,63674455989076396447857002832
0x1b0818d3 * 180 / 0xffffffff = 453515475 * 4,1909515867454352757766459313633e-8 = 19,00661399564859783175601573469
0x0818D3E * 180 / 0xffffffff = 8490302 * 4,1909515867454352757766459313633e-8 = 0,35582444638847942612797008504346
0x29834a8 * 180 / 0xffffffff = 43529384 * 4,1909515867454352757766459313633e-8 = 1,8242954094485136236642751897835
0x29834a8 * 360 / 0xffffffff = 43529384 * 8,3819031734908705515532918627265e-8 = 3,648590818897027247328550379567

45.6047166667N 13.8087733333E = Hotel Oasi in Italy?

Maybe yes. The packet provideded as example. I had not captured LOCN packets in ASCII format.

 

[BinaryMode]

You can try CyberChef and create a recipe by stacking. As an example: drag "From Base64" to the recipe box. Now drag "Swap endianness" to the recipe box. Depending on how they're stacked (the recipe) you get different results.

CyberChef

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

gchq.github.io

You can download the web code and run it locally on a computer.

GitHub - gchq/CyberChef: The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - gchq/CyberChef

github.com

Have been a user of CyberChef for years. Good stuff.

 

[avkghost]

You can try CyberChef and create a recipe by stacking.

Thank you! It's very helpful tool.
I've tried to shift values or convert values from float/int but no luck.

At the moment, I need more data to analyze from different locations. In my opinion, I wrongly got data for lat/lon parts. Packets from different locations can show which parts belong to latitude/longitude.Then it would possible to find a solution how to get real coordinates from values.

 

[avkghost]

Update.
I found new information about the packet formats.
The packet with LOCN in text format is a Location protocol packet (A part of Hytera DMR Application protocol). Unfortunately, I could not find the information about LOCN in binary format.

Hytera DMR Application protocol packet looks like

| ServiceType (byte) | Opcode (2 bytes) | Number of bytes in payload (2 bytes) | Payload (n bytes) | Checksum (1 byte) | MsgEnd (1 byte) |

There is a detailed description of the whole LOCN packet in text format.

      ST|OpCo|NrBy| Payload                                                                                                           |CS|ME|
---------------------------------------------------------------------------------------------------------------------------------------------
      ST|OpCo|NrBy| ReqId  |RadioIP |Result?         | GPS Data  Date + LAT + LON + Speed + heading in ASCII                          |CS|ME|
--------------------------------------------------------------------------------------------------------------------------------------------
01 00 08 C003 0038 000000C5 0A0952CA FFFFFFFFFFFFFFFF 413130343331343039303632314E343533362E323833304530313334382E35323631302E30313233 2B 03

---------------------------------------------------------------------------------------------------------------------------------------------
                                                       A 1 0 4 3 1 4 0 9 0 6 2 1 N 4 5 3 6 . 2 8 3 0 E 0 1 3 4 8 . 5 2 6 1 0 . 0 1 2 3 
01 - Unknown?
00 - Unknown?
ST - is_reliable and service type and, is_reliable = False, 0x08 - LocationProtocol
OpCo - TriggeredReport 0xC003
NrBy - number of bytes
ReqId - Request ID
RadioIP - 10.9.82.202
Result? - In an information that I found it is an unsigned int (32 bit), but in the real data it is 64 bit length
GPS Info   
[00:01] A/V - is data valid (A - valid, V - invalid)
[01:07] 104314 - HH:MM:SS
[07:13] 090621 - dd.mm.yy
[13:14] N/S - Norh/South
[14:23] 4536.2830 = 45 degrees + 36.2830 minutes = 45 + (36.2830 / 60) = 45.6047166667 N
[23:24] E/W - East/West
[24:34] 01348.5261 = 013 degrees + 48.5261 minutes = 13 + (48.5261 / 60) = 13.8087733333 E
[34:37] 0.0 - Speed in knots ( * 1.852 for speed in kmh)
[37:40] 123 - Direction

2B - Checksum
03 - MsgEnd marker

@DSheirer, thanks for the providing calculation information.