Slashdot Mirror
Jailbreak Turns Cheap Walkie-Talkie Into DMR Police Scanner
An anonymous reader writes: Last Shmoocon, famous reverse engineer Travis Goodspeed presented his jailbreak of the Chinese MD380 digital handheld radio. The hack has since been published at GitHub with all needed source code to turn a cheap digital radio into the first hardware scanner for DMR digital mobile radio: a firmware patch for promiscuous mode that puts all talk groups through the speaker including private calling. In the U.S. the competing APCO-25 is a suite of standards for digital radio communications for federal users, but a lot of state/county and local public safety organizations including city police dispatch channels are using the Mototrbo MotorolaDMR digital standard.
Very cool, but not the first hardware scanner: http://www.aorusa.com/receiver...
"If you can monitor things you shouldn't" who says you shouldn't? Many people have and do get scanners for that very reason. Nothing wrong or illegal about it.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
It's not. Many P25 talkgroups are encrypted, specifically the police tactical ones. Sometimes they just use a cell phone.
It's broadcast over public radio waves in the clear ... where does "shouldn't" come into play?
If our cell phones have no expectation of privacy, WTF should the police expect any for?
It's not like it hasn't been perfectly legal to have police scanners for decades. This is just more of the same thing.
Lost at C:>. Found at C.
Don't you think that keeping the conversation about movements and roadblocks secret might help in catching the suspects?
While many police agencies use this as an excuse for encrypting their radio traffic, it is very very rare for armed robbers to use police scanners to aid their escape.
I've had a police-capable radio in my car for many years, and I can count on the fingers of no hands the number of times it has allowed me to know ahead of time where the state police have set up radar on the interstate, for example. I have been able to hear about traffic problems before I get stuck in the middle of them, however. Just a couple of weeks ago, I was able to learn what the source of a series of explosions near my house was without having to call 911, and even more recently, that one of our town's major roads was shut down because of an event.
Do we really need to know every car that the police pull over?
Another common excuse used by the police to hide their radio traffic.
Most agencies these days have digital data systems for communicating private stuff, so there is no need to encrypt voice traffic. Not encrypting avoids the issues of key management and the inability of neighboring agencies to assist directly just beause they are not "keyed" properly.
You do realize, of course, that Motorola has the only system that works well with a lot of users in urban canyons, but that 700 MHz doesn't work for shit in large open spaces where the locals can't afford half a dozen repeaters. In much of Colorado, the high ground makes it even worse, as it's an amazingly shitty place to put repeaters (no power, 150 kt winds, and no road access), so they tend towards VHF systems in the mountain counties. There are actual reasons different municipalities chose different systems, and it's not that they're being bribed by the vendors. Oh, and the radios I have used had something like "inter-agency A" and "inter-agency B" programmed in. Not too hard for your average cop (who doesn't do much inter-agency anyway) to figure out.
"Mototrbo Motorola DMR digital standard"
Is a complete misnomer. DMR is not a Motorola standard, it's a European standard (ETSI) and effectively a digital radio replacement for the MPT1327 standard (a British standard from the Ministry of Post and Telecommunications). Having said that many radio manufacturers would have had input to the standard, including Motorola. The one I worked for did.
DMR/P25 are similar, in that if you don't want people to listen in on what you're broadcasting, encrypt it! As far I can remember, AES256 was the best encyrption option availble to P25... I can't remember the details for DMR, or even if it supported it.
DMR standard had/has some weirdness: for instance the vocoder wasn't specified. Everyone seems to have defaulted to the AMBE half rate vocoder from DVSI, the same as what is being used for P25 phase 2.
and open source software like Gnu Radio. No need to spend $150 bucks and then void your warranty.
The thing GNU Radio is just just a bunch of software routines. People have cobbled things together that will allow you to listen to AM, FM, and SSB, but the UI is crude and it's not something an average person would find usable. On top of that the digital voice decoding is a separate piece of software which (except on Windows) you have to compile from source and figure out how to bolt that on.
It'd be nice if more people were putting their hacking energies into SDR, because then maybe someone would come up with a nice, slick plug-and-play solution anyone could download from a distro repository. It's happened in other somewhat technical areas, like GIS (e.g., Quantum GIS) or computer algebra.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
This may shock you, but many people are not Libertarian children, and actually support their own elected government. Don't mistake loud Internet reactionaries for people in general.
Libertarians know this. Our founding fathers knew this. Tyranny of the majority is exactly why we have so many limits on our government. It's why the population must be allowed to monitor what government officials do. I know most people wouldn't mind having a secret police force and it scares me greatly.