AES256 Encryption - DMR Radio

Подписаться 398

Просмотров 61 тыс.

50% 1

This is a sample of how a DMR signal could be intercepted using software or another DMR radio and what an AES256 ciphered signal would sound like to an eavesdropper.
I also show what it would sound like being decoded by another authorized radio with matching key parameters (KID and secret key value).
Encryption used: AES256
Software used: DSD+
Radios used: 2- Hytera PD782's, 1- Connect Systems CS700
AES256 is certified to protect voice and data up to the level of Top Secret and there is no known way for someone to break this level of encryption now or in the foreseeable future without resorting to extremes.
Other forms of voice security that come with some DMR radios:
Basic Privacy: Usually 1-255 , or up to 4 hex characters (65,536 keys) Security: Minimal
Basic Encrypt (Hytera)- 40,128,or 256 bit encryption, but the keystream is predictable.
Security: Medium
Full Encrypt (Hytera)- 40 bit ARC4, AES128, or AES256 ,user selectable, user defined keys. An IV is randomly generated every 360mS and is appended to the secret key which results in the keystream being unpredictable. Security (ARC4): Medium.
Security (AES128/ AES256): High to Very High.
Extra Hytera security feature:
Multi-key
Random key
When these are selected and the encryption boxes for 64 digit keys are all defined and populated the radio will now change the AES256 key with each PTT of the radio.
Thank you for visiting.

Опубликовано:

29 мар 2016

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 126

@radiosification 8 лет назад

Good video!

@WillPhoneman 6 лет назад

Do you need anything other than the programming software and cable to load keys on these? I only have the TYT MD-380, and that's how it is for basic and enhanced privacy. I know some radios require a key load device (KVL) to load encryption keys

@rfi-cryptolab4251 6 лет назад

Will Phoneman Neither MotoTRBO or the Hytera DMR radios require a key loader. You set the keys using CPS. It's more convenient, but I'm not sure it's as good. At least if someone tried to read your Moto or HYT radio, the keys would not display. Now on an MD-380, they will display, but the scheme on those isn't secure anyway. Only AES can be considered secure. On higher tier HYT's, you can create, select, and edit keys from the radio display/key pad, but you can't view them there (actual key). Hope this helps.

@no_signal_here 5 лет назад

Hello am trying to get the Message Indicator from DSD+, is a spécial version ? Thanks you

@rfi-cryptolab4251 4 года назад

Add -v 4 to your command line

@ehaka Год назад

Do you have a tutorial video on how to setup AES256 on the likes of an AnyTone radio?

@Haavar100 6 лет назад

Hi! So any make DMR that uses the same AES256 keyphrase can communicate, or is this make-proprietary?

@rfi-cryptolab4251 6 лет назад

Haavar Knutsen Hytera has two versions of AES: 1- AES DMRA 2- AES-Hytera You'll need the DMRA version to communicate with MotoTRBO radios using AES. DMRA= DMR Association standard. The other is Hytera proprietary and will only work with their radios. Contact a Hytera dealer for more details.

@mesked 7 лет назад

Hello and thanks for a nice video. Question:Is the Full encryption,10 digits = 40bit ARC4 or ??How much stronger is Full vs Basic both 10 digits do you have any idea ??Unfortunaltely My Hytera MD785 is only able to make a 10 digit code. The 32 and 64 are greyed out. Thanks a lotMesked

@rfi-cryptolab4251 7 лет назад

mesked The 40 bit ARC4 would be a bit more secure than Hytera 40 bit basic encrypt. Hyt basic seems to be a simple xor scheme, but with many more key variables compared to Moto basic privacy. But I'm not exactly sure how hytera basic encrypt generates a key stream. I've never looked into it. However, I did notice a weakness in the way Hyt implemented their basic encrypt. Neither of the above privacy schemes can be considered secure, but they'll still stop the general masses from monitoring you as long as you don't use an easily guessed key. Make it random, something like "B4E716615F" would work.

@mesked 7 лет назад

RFI-Crypto Lab Thanks a lot for your answer 👌

@Gripengamer 4 года назад

RFI-Crypto Lab Hello, does Hytera offer some basic encryption standard without buying a extra license?

@rfi-cryptolab4251 4 года назад

@@Gripengamer My PD782's came with 40,128, and 256 bit basic encryption. They added 40 bit ARC 4 encryption a few years back also via a firmware update. I purchased the advanced encryption licenses for AES from Hytera.

@mesked 7 лет назад

Where do you buy the software to get AES 256 Encryption to put in the CPS ??

@rfi-cryptolab4251 7 лет назад

mesked From an authorized Hytera dealer. They'll need the model and serial # for each radio you want AES on. It runs $225-$275/radio. Once paid, it takes a couple days to get the upgrade file. Once you get it perform the upgrade and it will show in Feature Control list. Very simple to do.

@mesked 7 лет назад

RFI-Crypto Lab Again thank you. Very nice of you to explain for me 😀

@duartejaneiro2620 2 года назад

Hi, how to make the dsd show the number of key used? Many Thanks

@paulhassold381 3 года назад

The real question is - can you apply a known key to listen in to the encryption using ANY SDR software or decoding software? What if you are testing the strength of your own encryption? Have you figured out how to try random keys or common keys as a form of pen testing your own security? I'm pretty surprised that people haven't said anything about this publicly which makes me think there are folks doing this quietly. I have seen you can jam signals but this is pretty much a no go unless you want to get caught up in legal problems. Besides - Looking for passive testing not intrusive testing that will disrupt normal operations. This also gives away (eventually) that something is 'not right'.

@realghostactual Год назад

if only you know they key, you cannot decrypt it. Its 256 AES, even taking hundreds of super computers to try to decrypt the key - it can take BILLIONS of years, to decode a single key. And if youre smart? You change your key often

@rfi-cryptolab4251 2 месяца назад

Unless the key is something stupid like all 1's or similar the key is just too damn long to guess. On our Harris radios the key manager software generates the AES key and even we don't know the actual key value.

@rfi-cryptolab4251 7 лет назад

Some of you on here are completely missing the point. This IS NOT a video showing any hack. It simply shows how encrypted voice sounds if received by DSD or another receiver. The decoded voice was decoded by another one of MY Hytera radios with MY unique secret key. I programmed them myself.

@abokhaled5020 7 лет назад

hello ... i have a question ... how can i put a key to make dsd decrypt the sound ... ( np : i know the encryption key ) ... thank you

@rfi-cryptolab4251 7 лет назад

abo khaled You must find Odin of Asgard and ask him.

@abokhaled5020 7 лет назад

thank you for your answer... maybe you didn't get me.... i know the encryption key .... and i want to decrypt the sound by dsd .... can dsdpluse do that or not?

@rfi-cryptolab4251 7 лет назад

abo khaled DSD+, as shown in my video, has no facilities for entering any type of "key" to decrypt any form of voice privacy. The most it will tell you is if a signal is encrypted and what algorithm is being used. I do not even know of any software that allows a key for any type of encryption to be entered where you can just enter it and off you go. There are some expensive receivers and commercial software products that allow a 15 bit nxdn scramble key to be entered or instantly found. I think Decodio is one such manufacturer. I believe they sell more to intelligence communities. DSD+ is closed source. What are you trying to listen to with DSD+ , since you are authorized to hold the Enc key and all, why would you want to use DSD+ instead of a radio authorized on the system which you should have, no? Please explain some more.

@abokhaled5020 7 лет назад

Thank you for this wonderful clarification. ok.. i'm a programmer and i'm trying to write such dsd+ program to decrypt the voice by Enc key genarator ... and i have heard about dsd+ and i saw your video .... so i ask you to know if this feature is exist in dsd+... thank you again for your such good answer.

@danceswithghostsquickspiri697 7 лет назад

I have a few questions. 1. Can civilian beginner Hobbyists like myself download the encryption software and 2. is it user friendly and easy to work wit and program?

@rfi-cryptolab4251 7 лет назад

I bought the advanced encryption licenses through an authorized Hytera dealer. You need a license for each radio you want AES on. The license is tied to the radio's serial#. Once you get the license you install it to the radio. Then, in CPS you can set up 128 or 256 bit AES keys. There are two license options: DMRA Advanced Encrypt( works with MotoTRBO AES 256) and: Hytera Advanced Encryption (Hytera proprietary algorithm). There are no restrictions on selling this to "civilians". In the U.S you should have no problems,but I would NOT export these radios out of the country.

@rfi-cryptolab4251 7 лет назад

For reasons not specified, Motorola won't sell the AES EID in the U.S. There used to be a way to get it enabled, but that kind of went away. Buy Hytera.

@PKFortyseven 7 лет назад

RFI-Crypto Lab I have it on my XPR, it's an older CPS 10. Can't store as many TGs or sites on that radio, probably cause I have analog and digital sites and the algos are stored on the radio memory and not a chip/board.

@vlastimilkoutecky9519 3 года назад

Hello. Where to insert key id on rádio? Anytone 878. I don't know where the box is key ID.

@systemfive7 5 лет назад

Thanks for sharing this! Do you need to purchase a separate license to use AES ("Full Encrypt") or is it configurable in CPS out of the box?

@rfi-cryptolab4251 5 лет назад

You need to purchase licenses from a dealer.

@systemfive7 5 лет назад

@@rfi-cryptolab4251 Thanks for the info! Can you share any info on the pricing model? Is it on a per-radio basis, or is it a flat price for "up to X number of radios" model? And if you don't mind, I''d love to know a price as well ;)

@rfi-cryptolab4251 5 лет назад

@@systemfive7 I upgraded 4 Hytera PD782's and the price was $275 each. I since found another dealer that charged $225 per radio. The dealer places the order and the upgrade license is created by Hytera and sent back to the dealer. The dealer then emails the licenses to you. You go into CPS and there's a feature upgrade menu where you place the upgrade license file. Once applied you can select "full encrypt" and create either a 128 bit or 256 bit key. The license also enables "random key". If enabled, you program up to 30 AES keys and the key will change each transmission. All radios must have all the proper key IDs and keys set up. I don't use random key as I need the radios to work with 40 bit encryption also. Hytera offers AES in either DMRA standard or Hytera proprietary. DMRA using a 256 bit key will work with MotoTRBO radios equipped with AES.

@systemfive7 5 лет назад

@@rfi-cryptolab4251 Thank you so much for taking the time to answer! That was just the kind of info I needed! Subscribed to your channel as well, you've got some interesting videos I'll go through :)

@rfi-cryptolab4251 5 лет назад

@@systemfive7 Thanks.

@TheNamelessOne12357 2 года назад

Great info. At least encryption does not modify main DMR protocol, so you can identify and record encrypted transmission to analyze and decode it later.

@kishascape 2 года назад

Proper SIGINT yes. Although even if it did you could always just use an SDR to raw capture.

@mr_ali3692 Год назад

Yes, but how later decode raw sound?

@Gripengamer Год назад

Yeah sure decode it, but good luck decrypting that 256 AES lol

@realghostactual Год назад

@@Gripengamer yea, i dont have 7 billion years (i believe thats the actual number they said it takes to decrypt it) and if you use PROPER OPSEC with encryption on radios, you revolve your keys. So even if someone somehow could decrypt your key? By the time they decrypted it, you changed your key already and all that work for nothing.

@enriquelopez109 5 месяцев назад

@@realghostactualYou can manage to get the keys

@AL6S00740 6 лет назад

Does this feature come as a standard with every Hytera radio ? or you need to buy a licence to make this happen , plus can it be used with other DMR radios ? or just between Hytera ones ? lastly can it be bundled with a repeater ?

@rfi-cryptolab4251 6 лет назад

AL6S00740 You have to buy it. It's called an "Advanced Encryption License" and is at cost per radio. Contact a Hytera dealer. If you want to talk to MotoTRBO radios that might have AES, you will need the DMRA advanced encryption license, NOT the Hytera advanced encryption license which is Hytera proprietary AES. Speaking of proprietary encryption, never trust it.

@AL6S00740 6 лет назад

RFI-Crypto Lab well to be honest proprietary encryption is better than clear text all together. Does it cost a lot? (the radio already costos around 300 euro) if the license is like 10,20 eyros good, if its an other 100 well i don't think it's worth it. So just say a number rather than an exact price if you feel uncomfortable 😊, thank you

@rfi-cryptolab4251 6 лет назад

AL6S00740 I paid $220 USD per radio for the AES.

@AL6S00740 6 лет назад

Extra on top of the Price of the radio :D ?? Make a dump of the firmware definitely in there there is a bit changed lool

@rfi-cryptolab4251 6 лет назад

AL6S00740 Im pretty sure it's a feature encryption string and it's tied to the radios ESN. Don't think a "firmware dump" would help. Once you receive the upgrade file you use CPS to apply and activate it. Yes, it's an additional cost.

@filipekkrasny4855 3 года назад

Hello Friend. Is it possible to open a hack sdrsharp? And is there a guide somewhere? I have a signal here. It's locked anyway and I don't know how to unlock it.

@evolved4545 3 года назад

How can I learn to do all of this.

@nas64_mhzperspective16 7 лет назад

AES256 is just vioce encrypter ? or more fonction encryption ? very cool vid !!

@rfi-cryptolab4251 7 лет назад

Nas64 Tech RadioH Encryption on Motorola and Hytera DMR radios will encrypt voice and text. It does not encrypt any of the metadata like radio ID or talk group numbers. So someone could do traffic analysis on you, but wouldn't be able to decipher the message unless they had the right encryption key. I noticed the cheap Chinese DMR radios with their homebrew cheap encryption schemes will only scramble the voice, but not text.

@nas64_mhzperspective16 7 лет назад

thx for the précision , yes that's what I also noticed for cheap radio TYT..it's very cheap encryption radio LOL

@Alialiali737 6 лет назад

Good

@northernliving2387 3 года назад

I have a question. What dose digital sound like on a analogy scanner?

@tylerhottes6760 2 года назад

I’ve heard it, it sounds like a helicopter when in FDMA mode but in TDMA it’s different here are some links for you to listen, DMR FDMA:www.w2sjw.com/sounds/DMR TDMA_Simplex.mp3 DMR TDMA:www.w2sjw.com/sounds/DMR_TDMA.mp3

@tylerhottes6760 2 года назад

By the way, TDMA is short for. Time division multiple access FDMA it’s also short for. Frequency division multiple access when used in Symplex for amateur radio

@realghostactual Год назад

like a bunch of clicks and pops. Even unencrypted. Its exactly that - a "digital" signal. Its not modulated the same, so an analog scanner or even another analog radio tuned to the same frequency will just be like "yea, I have a signal but - I have no idea what this is" and you just here this annoying popping sound that sounds like a machine gun lmao. Analog radios typically us FM (Frequency Modulation) so it has no idea what to do with a digital signal thats modulated a completely different way

@midoedo 2 года назад

how about rc4 40 bits could it be cracked ?

@pyrofriends2323 6 лет назад

Hey, I have a question: Is 256 bit HYTERA's basic encryption strong? I use randomly generated keys. Thanks for your video!

@rfi-cryptolab4251 6 лет назад

Pyrofriends Not at all.

@pyrofriends2323 6 лет назад

RFI-Crypto Lab it's more thank the basic privacy of motorola?

@rfi-cryptolab4251 6 лет назад

Pyrofriends Slightly more complicated than Moto BP, but still very weak. Don't be fooled by it being called a 256 bit basic key. No security if the key can be found by performing a simple math op on only 4 basic privacy frames from stereotyped segments of a transmission. It's adequate to stop the general masses but doesn't stand up to even simple analysis. If you need security, use AES. There's no other secure option for DMR.

@pyrofriends2323 6 лет назад

RFI-Crypto Lab thanks for your answer! What do you think about scrambling in analog channels?

@davidglc 6 лет назад

Well, according to me analogue scrambling is only to avoid listening by simple scanners/receivers. Real security is quite zero. I absolutely agree with "RFI Crypto Lab", at the moment only AES can be considered a secure encryption algorithm. Basic encryption uses RC4 encryption algorithm which is no more secure. Hytera implements a very good solution to increase security using "rolling keys". So setting AES + 30 rolling keys is the most secure solution. Of course to use AES you've to pay for a dedicated license, both for Hytera or Motorola.

@drnv150 6 лет назад

So for now there will be no way with over-the-air-rekeying even if you decrypt AES you would not know what key or when they change it, since it can all be done over the air remotely.

@rfi-cryptolab4251 6 лет назад

Tz5n You're worrying too much. Just AES 128 is enough to stop advanced adversaries. Keeping the key a secret is hard part so maybe consider entering them using FPP. 80bit is about the upper bounds for brute Force recovery at the present. Even if they could find 1 80 bit enc key every second they still couldn't even search 50% of the 128 bit key space in any reasonable time. If you're really paranoid, run AES 256 voice crypto with Hytera 128 bit OTA signaling encryption. Then add 30 AES keys to CPS and check random key encrypt. Now the AES keys rotate with every PTT. Guard your keys. Keep the voice crypto keys out of your codeplug and enter them by FPP. AES 256 voice encryption 128 bit OTA signalling encryption Random AES key hopping. This is the Pinnacle of security for any LMR system. Kills whackers dead, like Raid. System also had the ability to stand up to sophisticated adversaries/threat actors.

@drnv150 6 лет назад

RFI-Crypto Lab You're right, unfortunately my local metropolitan police are going AES 256 bit with OTAR, which means, no more listening to what is happening where I live.

@rfi-cryptolab4251 6 лет назад

Tz5n That is unfortunate. Dispatch should be in the clear. I feel your pain. My area went dark in 2009. I don't really monitor anything on a radio/scanner anymore. Kind of gave that up.

@Jah_Rastafari_ORIG Год назад

Sylvester Stallone is an example of a 'threat actor'. He'll threaten to take your cheesesteak...

@Jay-hr9ci Год назад

How do you get DSD+ to decode encryption?

@kc8onr-dan152 Год назад

you can't.

@realghostactual Год назад

its virtually impossible to decode AES 256 at all. The most powerful computer in the world can take nearly 7 Billion years to get even close

@Jay-hr9ci Год назад

Des56 you can

@lifeisamatrix5960 7 лет назад

what usb dongle types do you utilize to test with?

@rfi-cryptolab4251 7 лет назад

LosRioDelMar In this video I used a disc tap. I sometimes use an AirSpy or a nooelec premium.

@rhcredcamofficerk456 11 месяцев назад

I got a encrypted aes 256 onn walkie talkies for frs

@davidgrant2725 5 лет назад

i had no problem obtaining AE31 boards for my nx-5000 series radios and the encryption software from kenwood and now i run all my HT and mobiles on AES 256Bit on ham frequencies in Canada its legal

@rfi-cryptolab4251 5 лет назад

Would you mind sharing how much the boards cost?

@davidgrant2725 5 лет назад

@@rfi-cryptolab4251 my cost was around 400 canadian dollars per cryptographic module. Prices vary depending on wether you are paying retail or dealer cost.

@rfi-cryptolab4251 5 лет назад

@@davidgrant2725 Thank you for the information. I purchased the AES (DMRA) licenses for my Hytera radios. They were $275/radio. You can enter a 128 or 256 bit key. Using 256 they work with MotoTRBO AES.

@weldorguy 6 лет назад

Is there a way to decrypt (not decode the digital) signal that my local police use? They use a digital trunk system but it’s also encrypted. Thanks in advance Jay

@rfi-cryptolab4251 6 лет назад

weldorguy Yes, become a cop and get hired by the department.

@radioxdeath 5 лет назад

There is also the federal prison option.

@rfi-cryptolab4251 5 лет назад

@@TexasTimelapse Please do explain.

@jessed1586 4 года назад

There’s no possible way to just listen to police encryption? I heard if you use a method that isn’t a scanner it’s still considered a legal loophole according to FCC laws. Is it automatically a felony?

@gaborm4767 5 лет назад

Is it AES? Are you sure?

@rfi-cryptolab4251 5 лет назад

Uh huh.

@charliedallachie3539 4 года назад

Just need a quantum computer or a quantum scanner to decrypt on the fly

@rfi-cryptolab4251 4 года назад

Ha, even if there was one AES 256 was designed to be quantum resistant. It would be reduced to AES 128 bit strength. Still very strong. So strong that if a computer could search 2^80 keys a second it will still take 100,000 years to search just 1% of the AES 128 key space. My guess is the most expensive, purpose built supercomputers today could probably only search 20 - 50 quadrillion keys per second. That's very fast. Fast enough to crack any 80 bit keys (RSA-1024 included) in under a year. Hence, the changeover to RSA-2048.

@charliedallachie3539 4 года назад

RFI-Crypto Lab yea it was more of a joke, thought experiment. As it is quantum computers are still huge setups in labs and no where near being practical outside of research. But looking at the last 50 years who knows how fast technology can develop. It’d be cool to see what the NSA or CIA uses but most likely they just require every agency, departmen/ applicant (domestically) to send their secret keys

@rfi-cryptolab4251 4 года назад

@@charliedallachie3539 This video has got to be at least 20+ years old since it's still focused on the DES cipher. No idea when it was built, maybe early 90's and updated? The Thinking Machine : ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-4VTxyRVmL5c.html

@KeiranR 3 года назад

Naaa youd be able to snag the key

@rasheedali2587 Месяц назад

How can I contact you?

@rfi-cryptolab4251 Месяц назад

Why right here me lad.

@abdezh4082 Год назад

Decrypt Alg =AES .DSD+

@ManuelPinner 2 года назад

You can by a cheap Chinese DMR Radio and Find the Scramble Code,

@abdeabde8237 3 года назад

Hello my friend When I hear in my country, I don't hear anything I find guidance in writing Enc Group call; TG = 1RID = 5136068 Is there a solution to this thing? I want to know what, please