Understanding Capacity Plus trunking, some more

[lwvmobile]

Anyway, what do you think?
Looks like it could be right to me.

Looks good to me. Makes sense.
Not that I had any inkling on that one. I figured it was probably something to do with the sites by the structure of it.

 

[inigo88]

Hey guys,

Agree it would probably be wise to split Hytera XPT off into its own thread. I bet if we asked nicely and specified which post numbers a mod would do it.

Back to mototrbo capacity plus, I’m amazed at the progress that’s been made over the years - I participated in the original understanding capacity plus thread but back then it was figuring out the east stuff like group calls and which LCN the rest channel was on.

What software is everyone using to decode the packets these days? @thewraith2008 originally I was using your evolving builds of dmrdecode, but it looks like now you use a custom build of DSD? @lwvmobile looks like you’re using DSD-FME primarily? (Florida man! ) I’m interested in getting into a program that is RTL-SDR compatible and open source so I could add new packet types if I find them, do either of those fit the bill?

05:32:58 Sync: +DMR [slot1] slot2 | Color Code=01 | CSBK
Capacity Plus Channel Status - FL: 3 TS: 0 RS: 0 - Rest Channel 4 - Single Block
Ch1: Idle Ch2: Idle Ch3: Idle Ch4: Rest
Ch5: Idle Ch6: Idle Ch7: Idle Ch8: Idle
DMR PDU Payload [BE][10][C4][00][00][00][00][00][00][00][7D][C3]
05:32:58 Sync: +DMR slot1 [slot2] | Color Code=01 | CSBK
Capacity Plus Neighbor List S[4]-R[2] S[2]-R[2] S[3]-R[2] S[5]-R[1] S[6]-R[1]
DMR PDU Payload [BB][10][E4][0D][42][22][32][51][61][00][13][D2]
SLCO Capacity Plus Site: 1 - Rest Channel 4 - RS: 00
SLCO Completed Block [F1][00][40][81][C0]
05:32:59 Sync: +DMR [slot1] slot2 | Color Code=01 | CSBK
Capacity Plus Neighbor List S[4]-R[2] S[2]-R[2] S[3]-R[2] S[5]-R[1] S[6]-R[1]
DMR PDU Payload [BB][10][C4][0D][42][22][32][51][61][00][68][BA]

@lwvmobile I’m excited by the bold packets from DSD-FME above. I primarily use DSD+FL right now and there’s nothing close to the capacity plus channel status and for linked capacity plus no rest channel LCNs in the neighbor list shown.

One big frustration for me figuring out new Cap+ systems is a lot of them have very little traffic, so finding any other LCNs besides the rest channel beacon is difficult. In fact it’s difficult to even tell if the capacity plus system has a single LCN or if there are multiple channels on the system because it never gets busy enough (many just have a single talkgroup that talks occasionally, which makes me think they could have had a conventional DMR repeater with two time slots and just got up sold on the idea of “trunking”). Even old LTR systems have the “FREE Ch” LCN in every idle burst, so over time you could eventually map out all active LCNs on the system.

Is the channel status packet a similar tool? For example for Ch 1 thru 8 there is one rest channel and all the others show idle. Does idle just mean the absence of the rest channel, or are we able to infer from that packet that LCNs 1 thru 8 exist on that system?

Thanks for your time!

 

[lwvmobile]

Is the channel status packet a similar tool? For example for Ch 1 thru 8 there is one rest channel and all the others show idle. Does idle just mean the absence of the rest channel, or are we able to infer from that packet that LCNs 1 thru 8 exist on that system?

In the case of DSD-FME, idle means that that channel (lcn timeslot) has no activity, but is not designated as the current rest channel. Ideally, any new traffic should start on the current rest channel, the rest channel moves to another channel, and then another call starts up. I say that, but I cannot guarantee that a call will always start on the rest channel. DSD-FME uses the rest channel as the tune to channel when sync drops. That's all I do with it internally. Idle will change to a target value when the activity bit is set for that channel and a target value is found.

I've also seen areas where a Cap+ system has a single frequency (assuming so for future expansion) and like you mention, ones that aren't very busy at all. The busiest I've seen personally is a 3 frequency 6 channel system that is moderately busy.

DSD-FME will always show 8 channels, whether or not a system has 8 channels, or 2 channels. I should also mention, I'm not an expert on Cap+, I just write the software based on samples I have and systems I've had remote access to study.

@lwvmobile looks like you’re using DSD-FME primarily? (Florida man! )

I am the one that made it. DSD-FME fits the bill. Here is the github page.

GitHub - lwvmobile/dsd-fme: Digital Speech Decoder - Florida Man Edition

Digital Speech Decoder - Florida Man Edition. Contribute to lwvmobile/dsd-fme development by creating an account on GitHub.

github.com

EDIT: Just to clarify, I didn't make dsd. I use the szechyjs code base as well as others along with my own code to make it work on modern linux desktop systems. I just turned it into my own flavor called florida man edition.

 

[thewraith2008]

Hey guys,

Agree it would probably be wise to split Hytera XPT off into its own thread. I bet if we asked nicely and specified which post numbers a mod would do it.

Either:

1. Changing the thread name to "Understanding Capacity Plus and XPT trunking, some more"
2. Moving the related XPT posts to "Understanding XPT trunking" or "Understanding XPT trunking, some more"

Not sure if there is a place on forum to ask this request.
I think using the "Report" feature is not the right approach for this.
I don't mind creating a list of the XPT posts to do this.

Back to mototrbo capacity plus, I’m amazed at the progress that’s been made over the years - I participated in the original understanding capacity plus thread but back then it was figuring out the east stuff like group calls and which LCN the rest channel was on.

Thanks for some of the early work done on this.

What software is everyone using to decode the packets these days? @thewraith2008 originally I was using your evolving builds of dmrdecode, but it looks like now you use a custom build of DSD? @lwvmobile looks like you’re using DSD-FME primarily? (Florida man! ) I’m interested in getting into a program that is RTL-SDR compatible and open source so I could add new packet types if I find them, do either of those fit the bill?

Just to be clear, I'm not IanWraith.

Yes I'm using as custom evolved version of DSD (szechyjs).
It's mainly for DMR and it has all the EDC/FEC and upper layers to decode whatever it sees with exception of PDUs/DATA that I've not got information on yet.
Displays/logs seen PDUs(SLCO/FLCO/CSBKO/DATA/PI) / LCNs / Neighbor / (ALOHA)Network Information and to normal call information.
It's not as polished as some of the other offerings but but it does have things that others don't.

 

[lwvmobile]

Just to be clear, I'm not IanWraith.

You're NOT!?!?

 

[inigo88]

Just to be clear, I'm not IanWraith.

Doh! Sorry!

 

[thewraith2008]

Common mistake, we must look alike

 

[lwvmobile]

Here's a question: Do some Capacity Plus systems just stop beaconing on all RF frequencies all together for a duration of time. On the systems that I've monitored frequently, this has never happened, but now I am finding some that all signal just completely seems to drop off and I go into a prolonged CC hunt. I was wondering if some Cap+ systems just stop if there is zero activity, or if I'm missing a channel. The rest channel or activity never seems to go over channel 4, and I only have two RF frequencies on this system.

 

[thewraith2008]

I saw one that disappeared, but that was a seasonal event type of network so I think it just got switched off.

Not sure if there exists a no traffic or after hours power down feature for it.
In "MOTOTRBO Radio Management 2.0 User Guide", I've only seen 'Beacon Interval (ms)' and 'Rest Channel Time-Out-Timer (Min)' mentioned, but then I've not read every page of it either.

 

[lwvmobile]

'Rest Channel Time-Out-Timer (Min)'

Well, the signal disappears entirely for minutes of time, so perhaps this means when nothing to do, just quit beaconing entirely. Either that, or just rotate to another rest channel?

 

[thewraith2008]

It does mention the continued rest channel rotation.

3.17.3.7 - (page 572)
Rest Channel Time-Out-Timer (Min)
... However, during a low call volume scenario (e.g. during off hours and holidays) the Rest Channel TOT
will time out more often and it will normally keep rotating the rest channel from one channel to another. ...

The valid choices available are Disabled, 2, 4, 6, 8, and 10. (minutes)

 

[lwvmobile]

Well, I was looking through my samples trying to find the capmax embedded talker alias again, but instead ran across this sample. Its from a larger Cap+ System with activity on channel 1 and channel 9 and 10, with rest channel swapping between 9 and 10 as well.

00:05:42 Sync: +DMR   slot1  [slot2] | Color Code=10 | CSBK
 Capacity Plus Channel Status - FL: 3 TS: 1 RS: 0 - Rest Channel 10 - Single Block
  LSN 01:  102; LSN 02: Idle; LSN 03: Idle; LSN 04: Idle;
  LSN 05: Idle; LSN 06: Idle; LSN 07: Idle; LSN 08: Idle;
  LSN 09:  106; LSN 10: Rest; LSN 11: Idle; LSN 12: Idle;
  LSN 13: Idle; LSN 14: Idle; LSN 15: Idle; LSN 16: Idle;
 DMR PDU Payload [BE][10][EA][80][66][80][6A][00][00][00][F2][13]

Previously, I wasn't set up to handle larger Cap+ sites, but now that I have this sample, I had to change my code around some.

To help me figure it out, I had to get DSDPlus FL to decode it so I could figure out where in the payload I was supposed to decode what was going on.

+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106

What it looks like is after the first 8 bits that denote what is happening on on the first 8 channels, when you skip the relevant number of bits for TGs that are active, you land on another 8 bits that denote what is happening on the next 8 channels.

So, I guess that begs the question, if anybody has any samples of a busy Cap+ system that has more than 8 slots, then I'd like to examine it to see what all else is going on in them.

Here is a link to the sample that had this activity in it. You'll see I named it something so I would be able to find it again.

Upload files for free - 2 IMPORTANT_Rest_CH_10_STUDY_THIS! DMR CAP+ 2slot.wav - ufile.io

Download 2 IMPORTANT_Rest_CH_10_STUDY_THIS! DMR CAP+ 2slot.wav for free from ufile.io instantly, no signup required and no popup ads

ufile.io

This also makes me wonder though, on those samples with the private calls, those are in a bit set a little further down even, I wonder if those are set to be yet another 'bank' or 'logical bank' of slots just for private or data, or if that's just a flag and fill in type of deal.

Also, I thought I saw (maybe even in this thread) what the number of maximun number of Cap+ voice and data paths are, but how exactly does Moto come up with this figure in their advertising? Does that mean its a total of 24, or a total of 32 slots across 16 RF channels? Or is it different sites in that figure?

 

[thewraith2008]

What it looks like is after the first 8 bits that denote what is happening on on the first 8 channels, when you skip the relevant number of bits for TGs that are active, you land on another 8 bits that denote what is happening on the next 8 channels.

I tried detailing the CAP+ status flags usage in this post after you spotted the private call flags and TG bits been used.

To summarize:
Looks to be up to 5x 8 bit flags been used to indicate active logical channels.
1. Group call activity CH 1-8
2. Group call activity CH 9-16
3. Feature flags? - indicates that private call flags are used. (other features?)
4. Private call activity CH 1-8
5. Private call activity CH 9-16

Depending on activity, this CAP+ CH status PDU can span multiple PDUs. (FL bits)

1st 8 bit flag indicates whether CH1-8 have group calls.
If any channels flags are active, then the # of active CHs by 8 bits for the TG will follow after the 8 bit group call flags.
If no activity, then read next 8 bit flags for group call on CH9-16.

2nd 8 bit flag indicates whether CH9-16 have group calls.
If any channels flags are active, then the # of active CHs by 8 bits for the TG will follow after the 2nd 8 bit group call flags.
If no activity, then read next 8 bit flags for features? (bit7 or MSB to indicate if private call flags/addresses are needed)

If bit7 - MSB = 0, then private call flags/addresses are NOT used. Done
If bit7 - MSB = 1, then private call flags/addresses are used. Follow the above procedure (for group call) but use 16 bits for addresses.

Also, I thought I saw (maybe even in this thread) what the number of maximun number of Cap+ voice and data paths are, but how exactly does Moto come up with this figure in their advertising? Does that mean its a total of 24, or a total of 32 slots across 16 RF channels? Or is it different sites in that figure?

I'm sure I saw a site with 14 logical channels been used.
Back when I used DSD+, I had the 13/14 defined in frequencies file and it saw 13/14 active. (as well as 1-12)
The high activity site I saw had the activity change quite rapidly and did not stay high for long.
For DSD, the refresh rate of the display (not the console) may not always show quick calls.

Not sure how the 12voice / 24data works.
I thought there was up to 8 BS (16 CH) that could be used on a site.

 

[thewraith2008]

Things seem to change for CAP+ depending on where you read it.

From CapMax: (MOTOTRBO_Capacity_Max_Overview_EN presentation.pdf - circa 2016)

 

[lwvmobile]

2nd 8 bit flag indicates whether CH9-16 have group calls.
If any channels flags are active, then the # of active CHs by 8 bits for the TG will follow after the 2nd 8 bit group call flags.
If no activity, then read next 8 bit flags for features? (bit7 or MSB to indicate if private call flags/addresses are needed)

Yep, that's the part I didn't have. Until I ran across that sample, I didn't have anything with active channels above slot 6.

Not sure how the 12voice / 24data works.
I thought there was up to 8 BS (16 CH) that could be used on a site.

Things seem to change for CAP+ depending on where you read it.

Probably just marketing deception, or incompetence, or its achievable with multiple sites set up.

 

[thewraith2008]

Probably just marketing deception, or incompetence, or its achievable with multiple sites set up.

I think these things come out with one feature set and then they 'update/upgrade' some of the features along the way. (for a fee of course)

 

[lwvmobile]

A little something different, but still on the topic of Capacity Plus, I've noticed lately that a lot of my samples and systems that are Capacity Plus, all have this thing where occasionally, VC6 has errors in it and there is some single burst or reverse channel going on. The thing is, I don't see any special indication that this will happen, but when it does, the single burst seems to indicate a site id, I think, and/or other things going on, but the single burst can be there with valid voice frames, or without.

For example:

18:20:15 Sync: +DMR  [SLOT1]  slot2  | Color Code=10 | VC6
 SLOT 1 TGT=102 SRC=10191 FLCO=0x20 FID=0x10 SVC=0x30 Group RS3 Call   (CRC ERR)
 DMR PDU Payload [20][10][30][00][00][66][00][27][CF]
  SB: 00100110011 - 133
 AMBE 5F11F441960F80 err = [0] [0]
 AMBE AEA3E1CDAB6380 err = [0] [0]
 AMBE 0F0D1BB7706180 err = [0] [0]

18:20:16 Sync: +DMR  [SLOT1]  slot2  | Color Code=10 | VC6
 SLOT 1 TGT=102 SRC=10191 FLCO=0x20 FID=0x10 SVC=0x20 Group TXI Call   (CRC ERR)
 DMR PDU Payload [20][10][20][00][00][66][00][27][CF]
  SB: 00100110011 - 133
 AMBE 000C0FC006D380 err = [3] [2] <--errors and doesn't look like voice to me
 AMBE 000C0FC006D380 err = [3] [2]
 AMBE 000C0FC006D380 err = [3] [2]
18:20:16 Sync: +DMR   slot1  [slot2] | Color Code=10 | CSBK

I had enabled some more debug printing to check the Power/Pre-empt PI, LCSS, AT, etc, but didn't find anything out of the ordinary to signify when this would occur. If this were something that happened once or twice, I'd just chuck it up to random bad decode or bad signal, but now that I've noticed this, I see it in a lot of samples and systems I've been testing on. I would have almost missed it entirely, but for the weird random 'pfft' pop I get when the voice errors occur. Keep in mind, this is happening to me on pristine samples as well, and only on Capacity Plus.

I was also under the impression (due to the manual) that when an RC occurs, its only for the bits in the 'sync or emb' field of the frame, and doesn't mess with the payload on outbound RC. Is this some manufacturer specific occurrence in Capacity Plus, or am I just confused lol.

Any thoughts?

 

[lwvmobile]

Just to verify I'm not crazy, here is the same cross section from DSDPlus FL, and DSD-FME

+DMR           slot1         BS VC6    e:7r7r7r <---errors
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
+DMR           slot1         BS VOICE
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
Cap+ Site=1 RestCh=10
+DMR           slot1         BS VC2
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
+DMR           slot1         BS VC3
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
Cap+ Site=1 RestCh=10
+DMR           slot1         BS VC4
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
+DMR           slot1         BS VC5
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
Cap+ Site=1 RestCh=10
+DMR           slot1         BS VC6
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
+DMR           slot1         BS VOICE
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
Cap+ Site=1 RestCh=10
+DMR           slot1         BS VC2
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
+DMR           slot1         BS VC3
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
Cap+ Site=1 RestCh=10
+DMR           slot1         BS VC4
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
+DMR           slot1         BS VC5
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
Cap+ Site=1 RestCh=10
+DMR           slot1         BS VC6
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
+DMR           slot1         BS VOICE
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
Cap+ Site=1 RestCh=10
+DMR           slot1         BS VC2
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
+DMR           slot1         BS VC3
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
Cap+ Site=1 RestCh=10
+DMR           slot1         BS VC4
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
+DMR           slot1         BS VC5
+DMR                slot2    BS DATA       DCC=10  CSBK Cap+ RestCh=10 ActiveCh:TG=1:102,9:106
Cap+ Site=1 RestCh=10
+DMR           slot1         BS VC6    e:7r7r7r <--errs

18:40:48 Sync: +DMR  [SLOT1]  slot2  | Color Code=10 | VC1*
 AMBE AEF2A5F9950700 err = [0] [0]
 AMBE 6857FE4D297980 err = [0] [0]
 AMBE 977F17507F0780 err = [0] [0]
18:40:48 Sync: +DMR   slot1  [slot2] | Color Code=10 | CSBK
 Capacity Plus Channel Status - FL: 3 TS: 1 RS: 0 - Rest Channel 10 - Single Block
  LSN 01:   102;  LSN 02:  Idle;  LSN 03:  Idle;  LSN 04:  Idle; 
  LSN 05:  Idle;  LSN 06:  Idle;  LSN 07:  Idle;  LSN 08:  Idle; 
  LSN 09:   106;  LSN 10:  Rest;  LSN 11:  Idle;  LSN 12:  Idle; 
 DMR PDU Payload [BE][10][EA][80][66][80][6A][00][00][00][F2][13]
 SLCO CRC ERR
18:40:48 Sync: +DMR  [SLOT1]  slot2  | Color Code=10 | VC2
 AMBE A07FBFEFE96D00 err = [0] [0]
 AMBE A05FF1AAAD6800 err = [0] [0]
 AMBE B05B3842E8C480 err = [0] [0]
18:40:48 Sync: +DMR   slot1  [slot2] | Color Code=10 | CSBK
 Capacity Plus Channel Status - FL: 3 TS: 1 RS: 0 - Rest Channel 10 - Single Block
  LSN 01:   102;  LSN 02:  Idle;  LSN 03:  Idle;  LSN 04:  Idle; 
  LSN 05:  Idle;  LSN 06:  Idle;  LSN 07:  Idle;  LSN 08:  Idle; 
  LSN 09:   106;  LSN 10:  Rest;  LSN 11:  Idle;  LSN 12:  Idle; 
 DMR PDU Payload [BE][10][EA][80][66][80][6A][00][00][00][F2][13]
18:40:48 Sync: +DMR  [SLOT1]  slot2  | Color Code=10 | VC3
 AMBE B05F20E0E91A00 err = [0] [0]
 AMBE B18F246FE91A80 err = [0] [0]
 AMBE B37B1D53889600 err = [0] [0]
18:40:48 Sync: +DMR   slot1  [slot2] | Color Code=10 | CSBK
 Capacity Plus Channel Status - FL: 3 TS: 1 RS: 0 - Rest Channel 10 - Single Block
  LSN 01:   102;  LSN 02:  Idle;  LSN 03:  Idle;  LSN 04:  Idle; 
  LSN 05:  Idle;  LSN 06:  Idle;  LSN 07:  Idle;  LSN 08:  Idle; 
  LSN 09:   106;  LSN 10:  Rest;  LSN 11:  Idle;  LSN 12:  Idle; 
 DMR PDU Payload [BE][10][EA][80][66][80][6A][00][00][00][F2][13]
 SLCO Capacity Plus Site: 1 - Rest Channel 10 - RS: 00
 SLCO Completed Block [F1][00][A0][8C][A0]

18:40:48 Sync: +DMR  [SLOT1]  slot2  | Color Code=10 | VC4
 AMBE A17D7469A74800 err = [0] [0]
 AMBE A34D9C5EAE5780 err = [0] [0]
 AMBE A54A3EEFA5BA00 err = [0] [0]
18:40:48 Sync: +DMR   slot1  [slot2] | Color Code=10 | CSBK
 Capacity Plus Channel Status - FL: 3 TS: 1 RS: 0 - Rest Channel 10 - Single Block
  LSN 01:   102;  LSN 02:  Idle;  LSN 03:  Idle;  LSN 04:  Idle; 
  LSN 05:  Idle;  LSN 06:  Idle;  LSN 07:  Idle;  LSN 08:  Idle; 
  LSN 09:   106;  LSN 10:  Rest;  LSN 11:  Idle;  LSN 12:  Idle; 
 DMR PDU Payload [BE][10][EA][80][66][80][6A][00][00][00][F2][13]
18:40:48 Sync: +DMR  [SLOT1]  slot2  | Color Code=10 | VC5
 AMBE A6397C9EAE9700 err = [0] [0]
 AMBE A61CC22046E800 err = [0] [0]
 AMBE A812E5C006D300 err = [0] [0]
18:40:48 Sync: +DMR   slot1  [slot2] | Color Code=10 | CSBK
 Capacity Plus Channel Status - FL: 3 TS: 1 RS: 0 - Rest Channel 10 - Single Block
  LSN 01:   102;  LSN 02:  Idle;  LSN 03:  Idle;  LSN 04:  Idle; 
  LSN 05:  Idle;  LSN 06:  Idle;  LSN 07:  Idle;  LSN 08:  Idle; 
  LSN 09:   106;  LSN 10:  Rest;  LSN 11:  Idle;  LSN 12:  Idle; 
 DMR PDU Payload [BE][10][EA][80][66][80][6A][00][00][00][F2][13]
 SLCO Capacity Plus Site: 1 - Rest Channel 10 - RS: 00
 SLCO Completed Block [F1][00][A0][8C][A0]

18:40:48 Sync: +DMR  [SLOT1]  slot2  | Color Code=10 | VC6
 SLOT 1 TGT=102 SRC=10191 FLCO=0x20 FID=0x10 SVC=0x20 Group TXI Call   (CRC ERR)
 DMR PDU Payload [20][10][20][00][00][66][00][27][CF]
  SB: 00100110011 - 133
 AMBE 000C0FC006D380 err = [3] [2] <--voice errs, always the 'same'??
 AMBE 000C0FC006D380 err = [3] [2]
 AMBE 000C0FC006D380 err = [3] [2]

 

[thewraith2008]

I was going to ask the same question about this at some point myself but just haven't had the time of late to experiment with things.

I have observed this for quite sometime myself and not just CAP+ but also with some of Motorola's non TIII systems as well.
You see the voice superframe payload for frame 'F' return 'RRR' (repeat) for the 3 voice frames it is supposed to contain.
And/Or you see the voice superframe frame 'F' EMB signalling/RC single fragment return a failed CRC7.

I guessed this maybe a hidden CSBK PDU but I have never tried to decode as such yet.
I also thought this was connected to the ALGO_ID/MI PDU for higher encryption types, but none of the ones I have observed where this is seen use encryption.

This ALGO_ID/MI PDU is also some info I need to look into sometime as well.
I'm sure I saw this was contained in a superframe as well.

 

[lwvmobile]

I guessed this maybe a hidden CSBK PDU but I have never tried to decode as such yet.

That's kind of what I was thinking, if I get around to trying it out sometime, I may just force all VC6 to go to the BPTC and look at its payload for grins.

This ALGO_ID/MI PDU is also some info I need to look into sometime as well.
I'm sure I saw this was contained in a superframe as well.

What I've figured out (going by the cryptic moto patent regarding this) is that in the Single Voice Burst F, that the 11-bit PDU has the frist 8 bits for the key id, and the last three bits for a truncated alg id, and you add 0x20 to it. This will give you the current key id and alg id on an RC4/DES/AES transmission, but the thing is, its not always there, or its mixed with other things in there and I haven't figured out when to look for the alg/key vs look for other Cap+/other do-dads. On an ENC Cap+ System, I've seen the key/alg in the single burst alternating with the other cap+ thing, which I think is a Site ID thing or something. I've also seen on an ENC system nothing in the single burst at all.

As far as the late entry message indicator goes, you can compile that by taking the first four bits of every ambe_fr[3] frame and de-interleaving each segment. golay parity bits are also present as well, all mixed up. All I'm going to say, is that after extensive testing, this works extremely well when you miss the PI header or turn it off for testing and need to pull the current MI. Here is an old graphic I made for it lol.



and here is the current working code, if the enc bit is on and we have a current alg id from a pi header, if for some reason the LFSR fails to occur on the current MI (frame skip on bad signal or something) or it gets out of sync then it'll correct the MI for the next superframe.

Here is my current code on Late Entry MI and also the SB/RC stuff, the later being kind of sparse at the moment due to lack of consistency on when to run the SB alg/key.

dsd-fme/dmr_le.c at main · lwvmobile/dsd-fme

Digital Speech Decoder - Florida Man Edition. Contribute to lwvmobile/dsd-fme development by creating an account on GitHub.

github.com