Jailbreak Turns Cheap Walkie-Talkie Into DMR Police Scanner 82
An anonymous reader writes: Last Shmoocon, famous reverse engineer Travis Goodspeed presented his jailbreak of the Chinese MD380 digital handheld radio. The hack has since been published at GitHub with all needed source code to turn a cheap digital radio into the first hardware scanner for DMR digital mobile radio: a firmware patch for promiscuous mode that puts all talk groups through the speaker including private calling. In the U.S. the competing APCO-25 is a suite of standards for digital radio communications for federal users, but a lot of state/county and local public safety organizations including city police dispatch channels are using the Mototrbo MotorolaDMR digital standard.
Cool, but not the first (Score:4, Informative)
Re: (Score:3)
Re:Cool, but not the first (Score:5, Informative)
Why is Police band unencrypted? (Score:5, Insightful)
If you can monitor things you shouldn't, the problem is with the insecure communications system not with the hacked walkie talkie.
Re:Why is Police band unencrypted? (Score:5, Informative)
Re: (Score:2)
Heh. Like common criminals would
a) Have the awareness to buy/steal a scanner
2) program it correctly
c) use it correctly
d) Listen to it often enough to decode the jargon
Even if in the unlikely event all the above conditions are met, what EXACTLY would a criminal do with what he heard? Most businesses and many homes have security cameras, alarm systems, barking dogs, etc. Cops are mostly documenters. They spent most of their time writing reports or testifying on the content of those reports in court. People wh
Re:Why is Police band unencrypted? (Score:5, Informative)
Re:Why is Police band unencrypted? (Score:5, Funny)
Ahahahahahh here we are in 2016, and someone is concerned about the morality of monitoring public government channels.
Re: (Score:1)
Lets say the police are chasing armed robbery suspects. Don't you think that keeping the conversation about movements and roadblocks secret might help in catching the suspects?
Then there is just the privacy of police talking abut private citizens. Do we really need to know every car that the police pull over?
Re:Why is Police band unencrypted? (Score:5, Insightful)
Do we really need to know every car that the police pull over?
Yes, I don't think the police should be able to pull people over secretly. Do you not understand why public oversight of the police is so important?
Re: (Score:3, Informative)
Don't you think that keeping the conversation about movements and roadblocks secret might help in catching the suspects?
While many police agencies use this as an excuse for encrypting their radio traffic, it is very very rare for armed robbers to use police scanners to aid their escape.
I've had a police-capable radio in my car for many years, and I can count on the fingers of no hands the number of times it has allowed me to know ahead of time where the state police have set up radar on the interstate, for example. I have been able to hear about traffic problems before I get stuck in the middle of them, however. Just a coup
Re: (Score:2)
I was able to learn what the source of a series of explosions near my house was without having to call 911
This statement shows poor thought processes. Calling 911 to get information about an event is a missus of 911. 911 is for calling when you need assisance and is not an information line. If you don't need immediate help don't call 911.
I've had a police-capable radio in my car for many years, and I can count on the fingers of no hands the number of times it has allowed me to know ahead of time where the state police have set up radar on the interstate
Not what I am talking about. The issue is suspects getting away because they can avoid police by knowing where the police are. If it happens once a year it isa justification for encrypting year round.
Most agencies these days have digital data systems for communicating private stuff
Which means that there are some agencies who do not use digital systems and ne
Re: (Score:3)
This statement shows poor thought processes. Calling 911 to get information about an event is a missus of 911.
And this statement shows a lack of reading comprehension. I didn't say I would call 911 to get information. I would call 911 to report a series of explosions -- except I found out what they were and that I didn't need to call by listening to unencrypted police radio traffic.
If you don't need immediate help don't call 911.
I think reporting explosions of unknown origin is a valid use of 911. You don't seem to think so. The large number of people who did call to report them disagree. The manager of the PSAP also disagrees with you. Nobody said that nobody s
Re: (Score:1)
I don't think I've ever, once, called someone a bootlicker. I'm kind of loathe to do so now.
However... No, not you OBVIOUSLY... I think the term might actually be appropriate for the person you're responding to. I really don't think I've ever even considered calling someone an authoritarian bootlicker.
What have I become?!? I am a monster. :/
Re: (Score:2)
Re: (Score:2)
Some departments use to have alternate channels that where not published before digital bands that they would switch to when needed.
All channels are published in the sense that you can search the FCC database [fcc.gov] for a geographic area and find out what is licensed for use. Yes, unlicensed use happens, but it is the exception not the rule.
Re: (Score:1)
Yes, those might seem like valid concerns and I actually know people who monitor police radio while they violate the law - just to keep tabs on the police.
Your first question, do I think it might help? Absolutely, I'm am quite reasonable. It'd probably help to keep that information secret. There's no doubt about it - the police are more likely to have success if they have the tools available to prevent people from listening to their communications.
So? No... I'm not kidding. So what? The police could do thei
Re: (Score:2)
Right now, there's no trust that the police are doing good.
There is the major flaw in your argument. It may be an opinion held by others but you have no proof that it is the majority. You are stating your opinion and not the opinion of everyone. I personally believe that the police are doing good almost all of the time.
They've clearly violated that trust, many times over, and have done so in galling and more egregious ways.
More flaws in your argument. First is when you use "they". All police are not the same. Yes there are some bad cops but the vast majority are good cops. Almost the only time when we see reports about the police is when one of them do something bad. T
Re: (Score:1)
It's funny that you try to point to flaws in my argument but, obviously, never actually took a debate class or participated on a debate team. Here we go...
Perhaps you do not understand the concept but trust is lost when you violate the rules you agreed on. Trust is lost for the police (more on that in a minute). There's no question about this. To touch on a latter statement you made - it doesn't even need to be a majority-agreed on opinion. In fact, we've worked to protect ourselves from the tyranny of the
Re: (Score:2)
For somone who supposidly knows how to debate you sure don't understand the principle of ad hominem [wikipedia.org].
Re: (Score:2)
Where do you live that the police are elected?
Re: (Score:1)
Most civilized areas elect their sheriff, who chooses deputies, and rank over the hired police department.
Parallel (but more successful than) the method of electing a senator who outranks the party-provided support staff who do most of the work so the senator can spend time golfing, feasting, and/or campaigning.
Re: (Score:3)
Where do you live that the police are elected?
Every police department, in every jurisdiction (municipal, county, state, federal) reports to officials in the executive branches of government. The executive branch IS the law enforcement branch, and the executive branch is run by regularly elected people. If a county executive, a mayor, or a governor (or even the president) is doing such a bad job in telling their subordinate LEOs which policies to use in directing their actions, then that's an issue to bring up when those executives are next up for elec
Re: (Score:2)
Well I live here: http://swtimes.com/sections/ne... [swtimes.com]
Some of our elected officials changed some laws to remove our elected police chiefs power and appointed someone else in his place.
The Oklahoma Supreme Court has since decided that it was all ok and legal. So thats screwed too. Just because it happens to be legal doesn't make it right.
Even though the chief of police is elected he is not able to fire problem officers due to the strength of the FOP police union.
So even though we have voted out everyone involve
Re: (Score:2)
Re: (Score:2)
I intend to. Like I said we have already managed to get everyone involved with the coup voted out. So the local elections are doing well but the state elections required for something to be done with orginsations like the fop will take some doing. That would require the rest of the state to recognize there is a problem & considering the current state of medicare expansion in Oklahoma that may take a while...
Re: (Score:3)
Where do you live that the police are elected?
The chief of police in this city is hired by the elected city council. The county Sheriff is directly elected by the public.
Re: (Score:2)
Most towns and counties in the USA you elect the sheriff.
Re: (Score:2, Informative)
This may shock you, but many people are not Libertarian children, and actually support their own elected government. Don't mistake loud Internet reactionaries for people in general.
Libertarians know this. Our founding fathers knew this. Tyranny of the majority [wikipedia.org] is exactly why we have so many limits on our government. It's why the population must be allowed to monitor what government officials do. I know most people wouldn't mind having a secret police force and it scares me greatly.
Re: (Score:2)
If you can monitor things you shouldn't, the problem is with the insecure communications system not with the hacked walkie talkie.
When you don't have the physical custody of an object, it cannot be secured.
Re:Why is Police band unencrypted? (Score:4, Informative)
It's broadcast over public radio waves in the clear ... where does "shouldn't" come into play?
If our cell phones have no expectation of privacy, WTF should the police expect any for?
It's not like it hasn't been perfectly legal to have police scanners for decades. This is just more of the same thing.
Re:Why is Police band unencrypted? (Score:5, Interesting)
The funny thing about that ruling you reference is that cell phone communications are encrypted by default. The Stingray devices have to trick the cell phones into connecting to them because passive monitoring doesn't work for capture of the information, they actually have to tell the cell phone to turn off encryption to even work.
Re: (Score:1)
Police, fire, and other public safety communication should be by definition NOT encrypted, and should be open to public monitoring anywhere and at any time! For example: In many states it is illegal to use a scanner in a moving vehicle. The same as are "radar" detectors, and other devices that warn drivers of police speed traps. This is mainly so that the police (highway patrol etc...) can write more speeding tickets, resulting in more fines (same with traffic cameras!).
Wouldn't it be just as effective t
Re: (Score:2)
Even if they are encrypted you can broadcast interference and the radios then default to un-encrypted without any sort of notification.
Re: (Score:2)
Who said I shouldn't? I have 100% legal right to.
It's why they are not allowed to encrypt police and fire radio traffic.
Re: (Score:2)
TETRA is encrypted and runs over the cellular network or in the absence of a network, relayed radio. The other major difference between TETRA and eg GSM is that TETRA can use lower frequencies (outside the GSM bands, eg 425MHz) for broadcasting with air encryption or the cell networks for 1-1 with end to end encryption.
Re: (Score:2)
Why do the police need encrypted communications? If they are not doing anything illegal, they've got nothing to hide.
Okay (Score:2)
Okay, I gotta say that's a pretty nifty little hack.
The "Read More" link... (Score:2, Insightful)
A nice simple way for the new owners to demonstrate their good intentions:
Please can we have the "Read more..." link back for all stories and not just on the polls ?
Thanks.
Déjà Vu (Score:3)
Anyone else read that as "Jailbreak Turns Cheap Walkie-Talkie Into DRM Police Scanner"?
Re: (Score:3)
No, but I had to read "Last Shmoocon famous reverse engineer" about eight times to parse it. That's a very unlikely set of five words to begin a sentence.
Re: (Score:2)
What's a "Shmoocon" anyway?
Re: (Score:2)
it's a Shmoo Convention.
A Shmoo is a fictional creature first appearing in Lil'Abner in 1948. It's pretty much the Swiss Army Knife of housepets, in that it tastes like anything (depending on how you cook it - handy because it loves to be eaten) and you can use its whiskers as toothpicks, its hide can be used for leather or lumber depending on how thick you slice it, and they'll never go extinct because they feed on air and breed prolifically. As if that wasn't enough, they're great at performing showtunes.
Interoperability be damned (Score:2)
but a lot of state/county and local public safety organizations including city police dispatch channels are using Mototrbo Motorola DMR digital standard.
Isn't it wonderful that the lessons of 9/11 and other major events is being lost in the push for more sales of commercial radio systems?
It's critical that first responders from different agencies be able to communicate with each other when a large event requires mutual aid. It is just as critical for neighboring agencies to be able to communicate on each other's systems when an event crosses a border. A first responder from county A who responds to something just over the border because he's closer should
Re: (Score:2, Informative)
You do realize, of course, that Motorola has the only system that works well with a lot of users in urban canyons, but that 700 MHz doesn't work for shit in large open spaces where the locals can't afford half a dozen repeaters. In much of Colorado, the high ground makes it even worse, as it's an amazingly shitty place to put repeaters (no power, 150 kt winds, and no road access), so they tend towards VHF systems in the mountain counties. There are actual reasons different municipalities chose different sys
Re: (Score:2)
You do realize, of course, that Motorola has the only system that works well with a lot of users in urban canyons,
Are you a Motorola salesman? You must be, since this kind of marketing hype is patently absurd.
There are actual reasons different municipalities chose different systems,
Of course. I think I said it was "bad enough", which means that it is a necessary evil. Using multiple digital systems is not a necessary evil.
Oh, and the radios I have used had something like "inter-agency A" and "inter-agency B" programmed in.
That's nice. This works when A is using DMR and B is using P-25? No, I don't think so. Or when A is on UHF and B is on VHF? No? I didn't think so. The only way such programming works is if the radios can already operate on each other's systems, and in that case it is just
Re: (Score:2)
okay, which other system works well in a dense urban canyon?
Harris, Daniels, GE, Kenwood, Icom. Should I name more?
And, I'm sure you agree that the Motorola trunking radios don't work very well out in sparse country without repeaters.
No trunking system works ANYWHERE without repeaters. There has to be a control channel coming from somewhere or else it isn't trunked. Are you sure you know anything about modern radio systems?
By the way, what works better is to have different agency heads collocated so that they can coordinate while the people working actually work.
Right. It is so much better to create a JOC (joint operations center) and have "different agency heads" go there while the people in the field are dealing with a multi-car accident near the county border, and have all those "workers" talking to their own dispatc
Re: (Score:3)
Yet old 50mhz police band works better than ANYTHING that can be bought today in the urban canyons as well as the spread out for thousands of miles states.
all this digital shit is only there to make a profit selling new gear. the old analog stuff works great and still does.
Re: (Score:2)
no, the analogue got dumped because a more restrictive technology (ie digital) is easier to regulate, or monitor.
DMR is not a Motorola standard (Score:4, Informative)
"Mototrbo Motorola DMR digital standard"
Is a complete misnomer. DMR is not a Motorola standard, it's a European standard (ETSI) and effectively a digital radio replacement for the MPT1327 standard (a British standard from the Ministry of Post and Telecommunications). Having said that many radio manufacturers would have had input to the standard, including Motorola. The one I worked for did.
DMR/P25 are similar, in that if you don't want people to listen in on what you're broadcasting, encrypt it! As far I can remember, AES256 was the best encyrption option availble to P25... I can't remember the details for DMR, or even if it supported it.
DMR standard had/has some weirdness: for instance the vocoder wasn't specified. Everyone seems to have defaulted to the AMBE half rate vocoder from DVSI, the same as what is being used for P25 phase 2.
Re: (Score:2)
I think DMR has 8 and 40 bit encryption.
You can do this today with a $10 dongle (Score:4, Informative)
and open source software like Gnu Radio. No need to spend $150 bucks and then void your warranty.
The thing GNU Radio is just just a bunch of software routines. People have cobbled things together that will allow you to listen to AM, FM, and SSB, but the UI is crude and it's not something an average person would find usable. On top of that the digital voice decoding is a separate piece of software which (except on Windows) you have to compile from source and figure out how to bolt that on.
It'd be nice if more people were putting their hacking energies into SDR, because then maybe someone would come up with a nice, slick plug-and-play solution anyone could download from a distro repository. It's happened in other somewhat technical areas, like GIS (e.g., Quantum GIS) or computer algebra.
Re: (Score:2)
Or a $300 laptop. Or even a $40 tablet -- the libraries have been ported to Android.
Re: (Score:2)
key phrase: "People have cobbled things together "
And that is the problem. All those nice little bits and pieces are just that: bits and pieces, poorly documented, often not handling everything.
Well yes, that's exactly my point. We need more attention to the SDR stuff, hacking that would be waaay more impactful than hacking some obscure Chinese handheld; more attention to this area will draw more effort.
Not that I have any criticism of the people doing this; you hack what interests you; often what you've got lying around. Good for them. I just wanted people to know about the super-cheap SDR dongles they can get. If they're interested in this radio project they'll be interested in that too.
Re: (Score:2)
Your heart is in the right place, but my experience with those $10-20 dongles is that they are good for strong signal reception, such as my local public safety trunked system, but they just can't cut it in the real world as an all-around receiver. Software can only do so much with crap hardware.
I tried to set up one on a linux laptop that I was running at my parent's house to receive the local baseball games broadcast on an FM station about 15 miles away. It wasn't happening. Not sensitive enough and gettin
Wake me when a cheap HT decodes P25 audio. (Score:1)
I like to monitor the LAPD and the big LA trunked system.
Hmmm I have a 380. Now maybe I have a USE for it (Score:2)
I've had an MDR380 for a while but it's been sitting in a drawer because DMR for amateur radio is a joke.
They've built all these local, regional, and national talk groups but everyone is afraid to use them in case somebody else wants to use them, so everyone who does try is either scared or they are idiots who hog it for tens of minutes.
And the DMR system is broken such that when you turn on your radio, you have no idea if the repeater you are calling is linked into anything. The act of transmitting will ca
One small detail kind of ruins it (Score:2)
This statement is not correct:
"Here in the US Project 25 (P25 or APCO-25) is a suite of standards for digital radio communications for federal users, but for state/county and local public safety organizations including police dispatch channels are using Mototrbo DMR digital standard."
It should say "Here in the US Project 25 (P25 or APCO-25) is a suite of standards for digital radio communications for federal users, but SOME state/county and local public safety organizations including police dispatch channe
Please Explain To Me (Score:1)
And if your answer involves crowded bandwidth, I ask, is it really? I have seen graphics describing the use of radio bands, but every time I've had the opport