WEM Security and other attractions on DMR appear to have gone encrypted

harryshute

harryshute

Member
Premium Subscriber
Joined
Dec 14, 2009
Messages
1,868
Location
Edmonton, Alberta, CANADA
:( The DMR Cap+ system at West Edmonton Mall seems to be encrypted now, When listening, talk group 100 still is Security going by the radio numbers. ENCRY shows up on the scanner. Other new talk groups like 105, 107, 108 and 109 are active. I wonder if they rolled over the Casino, Waterpark and Galaxyland into CAP+ from their single frequency DMR frequencies.
451.0125 and 460.6125 are very active. Not seeing 462.4125 or 463.5875. I'm using the Uniden SDR series so they should handle RAS.
 
E

EWC_BDN

Member
Joined
Apr 25, 2017
Messages
159
Unless they paid extra, aren't there only a few encryption codes that can be used on MOTOtrbo? I guess RAS + Moto privacy probably does a good job of keeping anyone from hearing. Without RAS, I think it would be pretty easy to hear everything with a Motorola radio by just trying out all the privacy codes.

NVM that, it's a bit harder. It's a 16 bit number so it's would take awhile to figure out. If it's the free basic version it's one code for the radio though. No per talkgroup codes allowed. That's extra money.
 
harryshute

harryshute

Member
Premium Subscriber
Joined
Dec 14, 2009
Messages
1,868
Location
Edmonton, Alberta, CANADA
EWC_BDN said:
Unless they paid extra, aren't there only a few encryption codes that can be used on MOTOtrbo? I guess RAS + Moto privacy probably does a good job of keeping anyone from hearing. Without RAS, I think it would be pretty easy to hear everything with a Motorola radio by just trying out all the privacy codes.

NVM that, it's a bit harder. It's a 16 bit number so it's would take awhile to figure out. If it's the free basic version it's one code for the radio though. No per talkgroup codes allowed. That's extra money.
Click to expand...
Hopefully they went Basic Privacy rather than enhanced. But whatever they are doing is gonna cost money. Licensing says they are going to a Four channel UHF DMR Cap+ system from the current two.
I'm disregarding 462.4125 as it's Gateway Casino in the Mall which is low powered DMR. My money is on 451.0125 ,463.5875, 460.6125 and 463.0875. 460.6125 is already converted from CC8 to CC1 like the rest.
 
K

kayn1n32008

ØÆSØ
Joined
Sep 20, 2008
Messages
6,638
Location
Sector 001
EWC_BDN said:
Unless they paid extra, aren't there only a few encryption codes that can be used on MOTOtrbo? I guess RAS + Moto privacy probably does a good job of keeping anyone from hearing. Without RAS, I think it would be pretty easy to hear everything with a Motorola radio by just trying out all the privacy codes.

NVM that, it's a bit harder. It's a 16 bit number so it's would take awhile to figure out. If it's the free basic version it's one code for the radio though. No per talkgroup codes allowed. That's extra money.
Click to expand...
Enhanced Privacy is 40 bit RC4 . No key loader needed, but every radio needs to be touched. If they went to a 4 channel CAP+ system, then it is only a matter of a few extra minutes to turn on encryption and add a key or two.
 
X

XVCham

Another radio dude
Joined
Dec 2, 2021
Messages
77
The different encryption methods should be somewhat distinguishable over the scanner. Not many agencies use DMR AES in Canada, meaning that leaves us with MotoTRBO EP and BP for Motorola side.

If they are using Motorola radio with encryption, EP should sound like a normal encrypted traffic. BP however, almost acts like inversion scrambler. You are able to make out each pauses between words. If you have ever heard EP and BP side by side, you'll know exactly what I mean.
 
harryshute

harryshute

Member
Premium Subscriber
Joined
Dec 14, 2009
Messages
1,868
Location
Edmonton, Alberta, CANADA
XVCham said:
The different encryption methods should be somewhat distinguishable over the scanner. Not many agencies use DMR AES in Canada, meaning that leaves us with MotoTRBO EP and BP for Motorola side.

If they are using Motorola radio with encryption, EP should sound like a normal encrypted traffic. BP however, almost acts like inversion scrambler. You are able to make out each pauses between words. If you have ever heard EP and BP side by side, you'll know exactly what I mean.
Click to expand...
Thanks for your descriptions. From what you described I think the mall is using Basic Privacy. Even the Food Court Custodians are encrypted:)
 
n3obl

n3obl

Ø
Database Admin
Joined
Dec 19, 2002
Messages
1,836
Location
PA
You can use DSD plus to easily figure out which method they are using. If it basic then just need to program the same channel with each of 15 privacy codes.
 
X

XVCham

Another radio dude
Joined
Dec 2, 2021
Messages
77
Should be noted that it's probably not a good idea to go around sharing the keys though. Which is exactly what happened when I first deployed a Cap+ system for people to just "hang out" on. It was using BP as a way to keep scanner users away but I have made the keys public to those who had a Cap+ capable radio.

The keys were then posted online and I ended up having to restrict the users by adding RAS and changing key alg to Enhanced Privacy. Not fun

This is why some people can't have good things...
 
You must log in or register to reply here.

Similar threads

polkaroo
  • Locked
On a visit to Vancouver
Replies
1
Views
762
Jay911
Jay911
Top