Slashdot Mirror

← Back to Stories (view on slashdot.org)

Jailbreak Turns Cheap Walkie-Talkie Into DMR Police Scanner

Posted by timothy on from the more-than-meets-the-eye dept.

An anonymous reader writes: Last Shmoocon, famous reverse engineer Travis Goodspeed presented his jailbreak of the Chinese MD380 digital handheld radio. The hack has since been published at GitHub with all needed source code to turn a cheap digital radio into the first hardware scanner for DMR digital mobile radio: a firmware patch for promiscuous mode that puts all talk groups through the speaker including private calling. In the U.S. the competing APCO-25 is a suite of standards for digital radio communications for federal users, but a lot of state/county and local public safety organizations including city police dispatch channels are using the Mototrbo MotorolaDMR digital standard.

11 of 82 comments (clear)

  1. Cool, but not the first by rfengr · · Score: 3, Informative

    Very cool, but not the first hardware scanner: http://www.aorusa.com/receiver...

    1. Re:Cool, but not the first by rfengr · · Score: 4, Informative

      Yep, been doing that for a while with GNU Radio, gr-dsd with USRP. I may get an Airspy just so I can use Unitrunker on Windows (without using the RTL dongles). Still really isn't a good digital scanning solution for SDR, although I wrote one for NBFM and AM: https://github.com/madengr/ham...

  2. Why is Police band unencrypted? by gmack · · Score: 4, Insightful

    If you can monitor things you shouldn't, the problem is with the insecure communications system not with the hacked walkie talkie.

    1. Re:Why is Police band unencrypted? by Holi · · Score: 4, Informative

      "If you can monitor things you shouldn't" who says you shouldn't? Many people have and do get scanners for that very reason. Nothing wrong or illegal about it.

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    2. Re:Why is Police band unencrypted? by rfengr · · Score: 4, Informative

      It's not. Many P25 talkgroups are encrypted, specifically the police tactical ones. Sometimes they just use a cell phone.

    3. Re:Why is Police band unencrypted? by Anonymous Coward · · Score: 5, Funny

      Ahahahahahh here we are in 2016, and someone is concerned about the morality of monitoring public government channels.

    4. Re:Why is Police band unencrypted? by gstoddart · · Score: 3, Informative

      If you can monitor things you shouldn't

      It's broadcast over public radio waves in the clear ... where does "shouldn't" come into play?

      If our cell phones have no expectation of privacy, WTF should the police expect any for?

      It's not like it hasn't been perfectly legal to have police scanners for decades. This is just more of the same thing.

      --
      Lost at C:>. Found at C.
    5. Re:Why is Police band unencrypted? by Anonymous Coward · · Score: 5, Insightful

      Do we really need to know every car that the police pull over?

      Yes, I don't think the police should be able to pull people over secretly. Do you not understand why public oversight of the police is so important?

    6. Re:Why is Police band unencrypted? by Coren22 · · Score: 4, Interesting

      The funny thing about that ruling you reference is that cell phone communications are encrypted by default. The Stingray devices have to trick the cell phones into connecting to them because passive monitoring doesn't work for capture of the information, they actually have to tell the cell phone to turn off encryption to even work.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  3. DMR is not a Motorola standard by Anonymous Coward · · Score: 4, Informative

    "Mototrbo Motorola DMR digital standard"

    Is a complete misnomer. DMR is not a Motorola standard, it's a European standard (ETSI) and effectively a digital radio replacement for the MPT1327 standard (a British standard from the Ministry of Post and Telecommunications). Having said that many radio manufacturers would have had input to the standard, including Motorola. The one I worked for did.

    DMR/P25 are similar, in that if you don't want people to listen in on what you're broadcasting, encrypt it! As far I can remember, AES256 was the best encyrption option availble to P25... I can't remember the details for DMR, or even if it supported it.

    DMR standard had/has some weirdness: for instance the vocoder wasn't specified. Everyone seems to have defaulted to the AMBE half rate vocoder from DVSI, the same as what is being used for P25 phase 2.

  4. You can do this today with a $10 dongle by hey! · · Score: 3, Informative

    and open source software like Gnu Radio. No need to spend $150 bucks and then void your warranty.

    The thing GNU Radio is just just a bunch of software routines. People have cobbled things together that will allow you to listen to AM, FM, and SSB, but the UI is crude and it's not something an average person would find usable. On top of that the digital voice decoding is a separate piece of software which (except on Windows) you have to compile from source and figure out how to bolt that on.

    It'd be nice if more people were putting their hacking energies into SDR, because then maybe someone would come up with a nice, slick plug-and-play solution anyone could download from a distro repository. It's happened in other somewhat technical areas, like GIS (e.g., Quantum GIS) or computer algebra.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.