Slashdot Mirror

← Back to Stories (view on slashdot.org)

Jailbreak Turns Cheap Walkie-Talkie Into DMR Police Scanner

Posted by timothy on from the more-than-meets-the-eye dept.

An anonymous reader writes: Last Shmoocon, famous reverse engineer Travis Goodspeed presented his jailbreak of the Chinese MD380 digital handheld radio. The hack has since been published at GitHub with all needed source code to turn a cheap digital radio into the first hardware scanner for DMR digital mobile radio: a firmware patch for promiscuous mode that puts all talk groups through the speaker including private calling. In the U.S. the competing APCO-25 is a suite of standards for digital radio communications for federal users, but a lot of state/county and local public safety organizations including city police dispatch channels are using the Mototrbo MotorolaDMR digital standard.

4 of 82 comments (clear)

  1. Re:Why is Police band unencrypted? by Holi · · Score: 4, Informative

    "If you can monitor things you shouldn't" who says you shouldn't? Many people have and do get scanners for that very reason. Nothing wrong or illegal about it.

    --
    Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
  2. Re:Why is Police band unencrypted? by rfengr · · Score: 4, Informative

    It's not. Many P25 talkgroups are encrypted, specifically the police tactical ones. Sometimes they just use a cell phone.

  3. Re:Cool, but not the first by rfengr · · Score: 4, Informative

    Yep, been doing that for a while with GNU Radio, gr-dsd with USRP. I may get an Airspy just so I can use Unitrunker on Windows (without using the RTL dongles). Still really isn't a good digital scanning solution for SDR, although I wrote one for NBFM and AM: https://github.com/madengr/ham...

  4. DMR is not a Motorola standard by Anonymous Coward · · Score: 4, Informative

    "Mototrbo Motorola DMR digital standard"

    Is a complete misnomer. DMR is not a Motorola standard, it's a European standard (ETSI) and effectively a digital radio replacement for the MPT1327 standard (a British standard from the Ministry of Post and Telecommunications). Having said that many radio manufacturers would have had input to the standard, including Motorola. The one I worked for did.

    DMR/P25 are similar, in that if you don't want people to listen in on what you're broadcasting, encrypt it! As far I can remember, AES256 was the best encyrption option availble to P25... I can't remember the details for DMR, or even if it supported it.

    DMR standard had/has some weirdness: for instance the vocoder wasn't specified. Everyone seems to have defaulted to the AMBE half rate vocoder from DVSI, the same as what is being used for P25 phase 2.