Hit me up on social media! ► Buy me a coffee: www.paypal.me/ringwaymanchester ► Email: ringwaymanchester@mail.com ► Instagram: / m3hhyofficial ► Facebook: / m3hhy ► Twitter: / officialm3hhy
I have several fully working pairs of each of the above mentioned models masc radios, had them years & years, all programmed with my own keys & iv also deactivated the key erase & radio stun feature 👍 .. I also have a few pairs of HT600 transcrypt sets 👍 all new old stock demo radios that were never issued .. 👍
I also have several working pairs of the ht600e masc radios with matching keys and some of the ht600 transcrypt radios which all program nicely on the Motorola RSS running from DOS but I’ve never seen anything to do with keys or stun erase feature in the RSS? If you’ve programmed your own keys then I’m guessing you have a KVL fill gun, only ever seen one of those in the flesh 👍
Hi ! Do you still have by any chance the floppy disks with the software package needed to turn a standard (DOS) PC into the Crypto Management Unit ? I've got two keyloaders myself (good ol' Psion LZ with special datapak) but as you know they aren't "true" Keyloaders like a Motorola T3011 KVL would be. Theses Psion are merely Fillguns and can't generate a cryptovariable by themselves... My old a** forgot that at those time, infinite key retention was not popular, and so both my MASC keyloaders have now lost their fill content after sitting for some years in a storage box... For the Zeroise feature deactivation, was it on EVN4602 or EVN4653A RSS ? I still have the academic publication of the scrambler inventor, because Marconi was just the builder, it was an University that designed the scrambling algo... Interesting read, like the use of a 31bits sync word with BCH FEC... IIRC the DSP used was a TMS320C17. The prototype PCB was built inside a Pye PFX Remote Speaker-Mic The French had a similar system for their police UHF handheld, but it was Time-Domain instead of Frequency-Domain Scrambling. (I got lucky and found one, but of course zeroised and I've heard the fillguns were destroyed too...) Thanks a lot for any answers you may provide, as I intend to lend one MASC fillgun to the CryptoMuseum. (IMHO it's important to safeguard old techs to see how it was before...)
I love in the brochure how it says "MASC has no adverse effect on the performance of your radio equipment". I know Notts had issues with MASC and mostly used Clear mode (using ID bursts) on the general district channels, especially in the last few years before shutdown. The system only really worked well with a good solid signal, so in fringe areas the radios used to lose sync.
That's pretty much true with any encryption. Hahaha, had to laugh at a deputy who says to me when they get their new radio system you won't hear us anymore. So a couple days after it was turned on I see him and we are talking and suddenly he hears his number over my scanner but NOT on his portable his jaw dropped and his face turned white as a sheet. He says stay here, I want to check into this after this call. And sure enough he came back, and with 5 other officers 🙄. They did some testing at the store we were at and sure enough, my scanner worked and their $8,000 radios didn't. Then he said hey, you aren't allowed to ha e an encryption capable radio. I said it's not encrypted, and proceeded to explain the new system to him. Anyway that night they discovered a serious problem with coverage on the new system thanks to me. They had just gone to a Phase 1 P25 statewide system. He assumed no scanner could receive it. I said I was receiving it the day the city turned their new system on 3 years earlier. At the time I tested scanners for a company. Now our county has 2 of 7 channels encrypted, but that's no big deal as the important stuff is still in the clear.
The government won't let you use a walkie talkie with a form of voice scrambling that absolutely can be broken without too much effort, and yet they are content to allow you to talk on a phone which uses AES-256 encryption.
@Jam Pudding "If you've got nothing to hide, you've got nothing to fear" God I hate the mentality of the British public sometimes, no wonder those guys across the pond rebelled.
@Jam Pudding If you use the regular phone line and SMS, or services that don’t respect your privacy like anything Facebook, Google or WhatsApp, then yes, but a properly end-to-end encrypted communication is practically undecipherable without the key. Why do you think the police often doesn’t have access to private conversations?
@@Admiral_Jezza I think they were being sarcastic... and do you mean Canadians? Because the NSA and PRISM aren’t particularly what I’d call privacy friendly...
@@Kaiyats If you don't know that phones today can support many different protocols like Signal, and you think "GCHQ" has a "backdoor" to all of them then you are indeed and idiot. 👍
Hi Lewis, Nice vid. here in NL its forbidden to use encryption for normal ham communication. The exception to this is is repeater or beacon control where it is encouraged to do so for obvious reasons. Sad side not, this is the second of your video's that didn't make it in my notifications. I suspect the reason on this one is cause of the subject.
typically the only type of attack against these types of encryption systems is as follows: they utilize the mixed mode ability, basically encouraging users to switch to clear by dumping a key off of one radio or by attacking encrypted talkgroups. the system will then move to be in the clear to continue supporting the radio that has dumped its key. on project 25 systems the key can be dumped by loss of power to an ht. or removal of the hts battery. but this is also only taking into account a type of system that could operate in the clear, by user selectability. which is not always the case. it can also just be a fully encrypted talkgroup. with OTAR this type of attack has been reduced. if a radio looses its key for whatever reason it can simply be tended to wirelessly by the system admin and tech. that was a different story in the keyloader era which is i believe the way these hts mentioned would be keyloaded. an expensive, and cumbersome process requiring each radio unit to present themselves to a tech.
I worked on converting the HT600 to a mask sets for the forces and did hundreds of them. Stripping the front speaker case and building the new one with the pcb and then installing the ribbon cable to the main pcb. They were then programmed using the Psion as stated below.
Of course they don't - amongst many reasons, upwards of 90% of UK user services aren't legally permitted to use any kind of high level encryption systems under their specific licenses. In fact, almost all, domestic/hobby level user services aren't permitted to use ANY scrambling or otherwise signal/modulation methods that will obscure or encrypt communication - in fact, the general public aren't even legally permitted to use any encryption or obscuring technology on telecoms systems either. Note, regarding GSM/UTMS and non cellular legal radio telephony, encoding digitally as an integral part of the communication protocol for modulation is permitted but it's not classified as high level and isn't secure. So, unless you've specific NOV on a radio license to permit it (government agencies have it at high and medium levels of complexity, as do some Tetra users at a fundamental medium level type level over and above the regular digital encoding), then you're automatically in breached of the license and the overall encompassing UK radio usage regs if you do - which effectively invalidates your license. In the ham world, even we're not permitted to use the non-regular encryption (AES) on many DMR radios and (subject to NOV) nor are 446 DMR users. In fact, according to the strict license wording, hams aren't allowed to use anything that obfuscates or encrypts communication - we only get to use Digital Voice systems like DMR & P25 reprogrammed to legally usable allocations under a general issue NOV (one that's not a request able one, but a non-integrated general extension to the license). DSTAR & YSF were on actual ham market gear and it was mostly for those systems we got the gen NOV, DMR usage exploiting it was pretty much additional. So it's a matter of known established record, going way on back, that they dont want us using encrypted radio tech at all, but under some provisions, some licenses can have limited NOV for encryption for specific legitimate purposes. On user services which were entirely created around analogue voice modulation (such as CB), no form of embedded non voice content is actually legal to send - encrypted or non-encrypted tunnelled over typically NBFM in most such user services cases. That's why CTCSS isn't permitted on CB, but is permitted on PMR446 because it's integral to the whole service. So, even old time idents such as K-Tone and 'roger beeps' weren't actually legally used on CB. That said, CB 'Roger beeps' were ass ways round, true roger beeps preceded the voice traffic as an alert. A K-tone was the proper communication (of the days) EOT indicator. So aside from highlighting the MASC system and it being retrofit capable or factory fit to some commercial gear, nothing to see and nothing new or secretive or even obscure and unknown to the public really if you actually are a person who takes interest in emerging radio tech as some of us are.
Incidentally the one major time it is perfectly legal to add an encryption key to a DMR radio in the Amateur band is when you are using it on behalf of a user service.
@@dasy2k1 True, but in the correct context - 'on behalf of user service' use of encryption when working as an indentured volunteer relay (if requested to, you are obligated to - it's a license requirement that you adopt the role where required by the User Service) is limited to necessary use of obfuscation and encryption of traffic but only if mandated, it doesn't mean you can arbitrarily just use available encryption means to secure a link because you think it wise/appropriate - it's still only permissible under User Service relay when requested you do therefore providing the authorised consent for use, otherwise nothing changes legality wise. Notably, it will only be primary essential/critical aka restricted User Services where indentured relay operations will be cleared for use of encryption/obscuration. And to ensure clarity (for those who need it), obscuration is where you change the form to obscure (simple voice scrambler tech, that's a fairly commonly implemented system on radios as a basic security system) the modulated content. Encryption is the higher level where it's effectively not human readable in raw demux/demos form, and without some key/matrix to decipher, is unintelligible and human and machine undecipherable as stands. Neither form is actually permitted normally, only under specific license variation exemption (for common level activities) or under emergency provisions where authorised or necessary to provide the relay under indentured obligation. So even where permissible it's far from a clear cut case of simply being OK in coordination with other User Services. Remember, all licensed categories of radio users are User Services operators by default, but not in the Restricted category such as Police, Emergency Services, Military and civil service /government grade operator level users. Remember, as Hams, we are tech grade operators hence why in many cases (outside of rare exception in war time) we don't automatically lose our right of use of radio communication unless it's mandated that only Restricted User Services are exclusively the only permitted users of radio communication means in an extreme crisis or national emergency situation. You are essentially right, but it's nowhere near as clear cut a situation as it seems. It's still a minefield territory even when under such a exemption because there's often no certified proof given to authorise and as anyone should know, you really need (from the outset, or retrospectively on return to regular operations) evidence of the variation notice to keep with your license and logs (where kept) for proof should you be held accountable at a later time.
Perhaps a silly question, but I assume "Magic Numbers" would count as obfuscation? If I were to say "the system is in Mode 7" I am not encrypting anything, and I'm being entirely truthful, but without knowledge of "the system" no one could hope to understand the meaning of "Mode 7". Likewise "I'm at Uncle Kenny's" or "it's in that place I put that thing that time" only mean something to the people talking. At what point do in-references become obfuscation?
@@jameswalker199 Well, neither of those would be obsufucation because say the reference to Mode 7 would be reporting a status, no different really to when using the RS(T) method of reporting communication grade. Likewise announcing to other party something to the effect of 'resume on Channel 9E', meaning Channel 9 Encrypted, in itself isn't obsufucation as the context and dialogue is in plain open form - whether the act of moving to Encrypted mode on CH9 is legit is another matter entirely. But generally using common practice shortcode or abbreviations isn't obsufucation where It's meaning can be derived and the actual context and the message itself isn't a coded form of something else entirely non contextual to the subject referenced. Obsufucation refers really to any method that reduces or encodes traffic into a form where the form is designed to effectively encrypt it. So, for example, transmitting using DMR or other DV mode without further encryption isn't obsufucation because the digital modulation that otherwise makes it unintelligible to non DV mode equipment (analogue) or raw monitoring is just that, the product of the modulation type - not to encrypt/secure the traffic. Under some licenses there are provisions for simple encryption (such as the basic encrypted mode on DMR gear), and where license permits, that's acceptable obsufucation because it's not really secure just a basic level of communication privacy that's permitted on some radio services. Now using one of your examples - if the 'using Mode 7" report is just a passphrase the other party looks up to determine it's real context (so the message report is irrelevant to it's real context), that's a basic form of obsufucation in the form of sending messages in a coded form. So, if you listened to a number station, some of it may (almost certainly) be obsufucated traffic, and most of the rest of the station's output is contextual camouflage to make the obsufucated phrases look like part of regular not obsufucated traffic. But in general, if what's used is designed to deliberately obscure it's meaning, it can be considered as coded and by association an act of obsufucation. But in the context of your examples, not really because one would (if literal) be essentially reporting and referring to say a meeting without stating where (in general or loosely or specifically) to the effect of passing information or confirming - that's not generally obfuscation as often in commercial/professional radio usage, you'll rarely hear people refer specifically to a obvious location or route or suchlike as generally within the the scope of the parties involved, locations and times typically are known and as such there's rarely a reason to elaborate with obvious reiteration of that related info. If you ever heard police traffic (you shouldn't have been, but may accidentally caught some), you'd have heard what seemed vague but in the context of legitimate use of the traffic, it's just basic information being passed or notifying a change. Likewise if you listen to aviation traffic (which is legal in the UK), you could not unduly think that some of the traffic is encoded/obsufucated but actually isn't because in the right context as understood by ATC, aircrew etc, it's simply traffic that's got a structured context but shortcode laden to effectively communicate a lot more information or easily misinterpreted info (where communication may suffer due to conditions and range) effectively - example being traffic between aircraft and ATC is pretty quickfire, abbreviated and structured to maximise communication over many communication variables effectively and efficiently. So whether something is obfuscated pretty much is best determined by why and how - where it's clearly rendered unintelligible by some means, it's basically obsufucated, but shortcode structured messaging isn't necessarily obsufucated - it depends on the intent and purpose that actual traffic serves rather than what's literally sent. Interestingly, and often mis-cited as examples of encryption are subcoded traffic that top and tails open traffic, such as DTMF sequences and DCS coding or pre/post appended digital fingerprint or addressing. Those aren't obsufucation or encryption because they are part of regular usage of the radio system, where your license allows the use of. It's a deep subject, so if that has confused you, then looking deeper into the subject of obfuscation and what is/isn't is very much a trip down a very long drop rabbit hole of the Alice In Wonderland context.
That explains why the mercenaries in Die Hard 2 were above the law, even though the real Kenwood TH-45ATs they used don't have MASC. Then again, they needed a plot device.
The Motorola radios have AES256 bit encryption, that has 2 keys that one is"public" the other is entered by you, and it can not be cracked This is really awesome when you use a digital Motorola radio No one, not even the government, can hear it. The bits are just garbled data to anyone without the "key" OTAR is used to delete a radio or reprogram a radio on or off the network It is complicated, but really great if you are the one who owns the network If you couple a simple analog simplex frequency with a DTMF controller to turn on and off your digital encrypted Network you can use a simple analog radio and activate your digital system and it will begin transmitting its control frequency and your digital radios will see it and spring to life and ask for your login and password and you can quickly log on to the digital system and communicate over the digital system and then shut down the digital system using your analog radio and this limits the time that the digital system is on the air and makes it very hard to pinpoint especially if you are mobile and the networks control system is mobile If you have multiple people and one of them has a van that has the digital radio repeater then it becomes almost impossible to find it And you can use simple handhelds that are encrypted for simplex communication but when you have more than a few people needing to all communicate encrypted you really should have a network utilizing multiple frequencies and unlike systems that are set up according to all of the rules a system like this you can program in any frequencies you like especially out of band frequencies which makes it very hard to locate what frequencies you're using especially if you have the frequencies deleted from the data stream so that the control system sends just the channel That the radios need to tune to not the frequency All of the non-military systems that I've seen transmit frequencies in addition to the channel so you can use just the control channel and be able to map the entire system and no exactly what radio is on what frequency and what slot on the frequency they are using and even when they go into talk around simplex mode the control system maps where they are so you can change frequencies to the simplex frequency they are using and monitor their communications that way The radios that have been coming out of China have allowed easy access into the 60 to 88 MHz range, as well as the 174 to 240 range And for quite a while I've seen the 350 megahertz to 520 megahertz radios but now I just saw the 250 to 400 MHz radios and the 400 to 660 megahertz radios Since the 525 MHz to 600 MHz is still used for UHF television here in the United States and 600 to 700 MHz is now used by 5G cellular phones there shouldn't be anyone transmitting up in those ranges and it is doubtful that anyone is going to be looking for communications from two-way radios up in those frequencies As long as you don't interfere with TV stations in your area you can use those ranges to have a private Network that isn't going to bother anybody and that no one would be looking for in their normal scanning I'm really surprised that those radios are being sold and I've even seen radios that transmit from 125 to 136 MHz and I'm guessing their FM even though the aircraft band is AM I believe there are FM to a radios that are used in the 130s for aircraft operations and maintenance that doesn't need to talk to aircraft I think that's why they make these And I haven't seen one myself but I am interested to know if they can pick up the am transmissions from the airports and airplanes I doubt it because the type of signal is so different that even if it could pick it up it's probably going to be pretty garbled
Interesting video, I am willing to bet a modern computer could break the encryption by gathering the band slices and re-arranging them to plot the audio curve of the transmission. Like a broken puzzle. The key space of the code is also very likely reduced from the prime encryption key down to a useable key in the memory that is smaller in bit length. Having brute forced the key for a particular channel/talk group then you can listen away. Modern digital systems with AES/DES + digital voice processing such as CELP could not be brute forced in this way since it's not simple time domain encryption.
Another comment said MASC was never cracked. I'm very skeptical that cracking MASC is as easy as you think. I doubt there's much utility in cracking MASC now but I'd still think if MASC were easy to crack someone would have done it just for bragging rights. Are you aware of anyone who cracked MASC?
Unbreakable (yet) encryption and sick radio's... doesn't get much better than that for this geek over here! But to the point... what the F(M) is that STONKA OF A BEAT at the end mate? Corr.
Hi! have you heard about the Motorola MXP600? I saw images and films of police officers fitted with them, I'm just as curious as others if you don't mind me asking how well do they perform? tyia
On those radios that can be "killed, stunned, revived" over the air, doesn't that depend on whether they are in range of the signal, or turned on when the signal is transmitted ? I just purchased a Baofeng P10UV and one of the menu items (which is NOT explained) is FHSS Frequency Hopping Spread Spectrum. This is an analog HT. I sort of tested it transmitting with the FHSS turned on. It won't "hear" another radio, but the the other radio with no CTCSS or DCS WILL hear it - though kinda scratchy. About a decade ago I recall Anytone marketing an HT called the Terminator which supposedly DID have working FHSS to give a fairly decent degree of encryption. Enjoyed the program !
In the UK, unless it's integral to the user service (such as with WiFi as an example), no public radio license actually permits spread spectrum and frequency hopping facility use without specific NOV or a variant license. It's used on WIFI and networking as a combination way to maximise efficient frequency usage (which is a limited segment at 2 4 & 5 GHz) and as part of why even under high contention on frequencies, the packet transmission is has both good throughput whilst retaining good SQ/AQ and quality of communication. If you'd even used packet radio system which didn't use spread spectrum & FH, you'd appreciate why SS & FH really benefits the system performance.
@Chris Riff-RAF Sepura never made or sold analogue radios, it was an all digital TETRA company from the start. You may be thinking of its predecessor companies Philips and Simoco.
@@christopherblackmur7962 I was probably not detailed enough about the Baofeng and FHSS. It SUPPOSEDLY has the "hopping" option for CTCSS and DCS . Motorola is the only manufacturer that I'm aware of that has FHSS, and then it's only for the 3 902-928mhz 1 watt ISM radios. I've noted several Chinese radios that are marked incorrectly with regards to a few things from TX power to Ingress Protection. Oversight, honest mistake, ... Only they know
@@stakkerhmnd You obviously never been in our office back in the day we had Ransomes & Briggs & Stratton calendars that would make you blush. But of course this was back when people was not so easily offended by anything & everything. I could also tell you how we made rockets in our dinner hour & past time but I am scared you lack any common sense. PS. Base stations go on desks they not big fit 6 to 8 hand units in ours did at anyway.
@@Northstar-Media You had Motorola 6000s and desk for a base station in your office and some calendars. You have any chairs to sit down on when at the desk which had the base station on? Council Layabout1 (you) on base station: "calling all workshy council employee planks. Don't forget to load the wheel barrow on the back of the flat bed. Put some bags of gravel on as well. 10-4" Council Spanner Employee (your mate): "received. base station - please stop looking at those calendars and day-dreaming. Or I'm gonna tell your missus Betty about you." I'm scared you even know about the concept of common sense. It's a miracle you've got this far. Actually it's not. Sitting on the sofa all day eating cheap crisps and on the cheap lager. Watching Great British Bake Off. Do have any aspirations in life? Try and be better.
@@stakkerhmnd Ha,ha,ha triggered much you making some rather steep assumptions there. Do you want our formula for rocket fuel you could send yourself to the moon out of harms way. PS you may be correct about it being the S model because I was not sure if it was encrypted. You could get a decent range with them though because we all used to have a best range competition while we was out on our jollys 🤣
@@Northstar-Media Apart from your multiple confusions and substance abuse driven thought processes, have you not in actual reality "triggered" yourself? I'd recommend a personality change course for you. I'm sure residential weekend courses exist. Somewhere. In terms of range please try standing on a chair.
I have a pair of MASC equipped radios (Motorola MT6000E's) here in the states and they talk to each other fine. Not revealing where I got the boards and keyloader from though, guess you can say it comes from my years of working in the communications field professionally and coming across weird and odd comms equipment here and there
Just a thought. 1) intercept and record an encrypted masc broadcast 2)train an AI to find and identify the frequency at which the signal is scrambled. (every second every 2 seconds every 0.5 seconds... asuming that the time frame is not allready know and varies depending on the encryption key) 3)break the recording down into these segments and simulate reordering them sequentially, pass the reordered sound into a voice recognition ai or a custom neuro net build specifically for this. You would probably have to do some reinforcement learning with your neuro net for this to be anything other than shit. 4)when the ai spits something out that is probably correct all you have to do is work backwards to get the encryption key.
If my understanding of MASC is correct, decoding a transmission is analogous to reassembling a shredded document. Throwing an AI at it probably would work quite well if you had enough example transmissions with known -cleartext- clearvoice, cyphervoice, decyphervoice, and encryption keys.
It sounds odd that you would train AI, it should be able to train itself ! MASC only relied on the KEY, so changing the key would eventually reveal the transmission. Don't be too concerned, GCHQ can still locate and kill the radios if you use them. Every BT phone exchange has SDR equipment that was fitted in the early 1990s and upgraded over the years. Apart from helping monitor the spectrum in each area for OFCOM (who can connect in), identify and locate transmissions, it was also used to mess about with WiFi as it started becoming popular. The cover story in the press if you find it was that the equipment would help locate WiFi with poor or no passwords and help users tighten them up!!! What they meant was - someone found the GCHQ network of SDRs and reported it, the official comment had to be something like this to stop the public knowing what went on. My local BT Exchange still has aerials up and SDRs for this monitoring and messing about, plus it can block signals in certain areas. MASC developed in to the TETRA system we have today. I fitted many boards, repaired them with radios and installed entire systems in the 90s. MASC was good against hobbyists with scanners, but criminals were able to "obtain" codes and input them on radios that had IDs disabled and the lockout and stun feature disabled. People that paid enough still got access.
over on the other side of the pond (usa) using an encrypted radio is very very very illegal and i would never touch the stuff only because i had to research if i was lawfully able to do so or not. most people dont research if you can or cant do something and that is important so these videos do help even if we are on the other side of the pond. i do find it silly that the government fears - yes that is the correct word is fear citizens using encrypted radio. i have never found a single case of any terrorist ever using secure radio to carry out an illegal act. can anyone validate that i am wrong or did i miss something?
MASC and similar hopping systems are not really encryption but merely obfuscation. With a bunch of $3 RTLSDR modules, you can take a dump of all permutations of permitted hopping channels. Feeding this data back in, several algorithmic approaches can be used to find the most plausible stream based on analyzing all of the potential frequencies. For example Fourier, differential analysis of characteristics such as RSSI, background noise and carrier, and emerging AI "black box" classifiers which are fed samples of *correctly* decoded data from a set of test radjos, and eventually identify their own metrics on which to base classification. There are large (~30+) numbers of algorithms devoted to basically finding a best match, and some of this technology has been used for peaceful purposes like noise cancellation, automatic adjustment for frequency drift, and restoration of audio files from yesteryear. The difference between frequency hopping and true encryption is night and day. True encryption can use asymmetric crypto like RSA to establish a secure connection over an insecure channel, but for simplicity we will discuss symmetric encryption. (long post alert, this goes into the basics of encryption with emphasis on digital packet radio technology - stop here if uninterested) A key, known only to the authorized parties and distributed offline via a secure channel, preferably in person where authentication can also occur is issued to the operative. This key is large enough to make brute forcing of the keyspace an impossible endeavor in the real world, generally based on assumptions that Moore's Law holds true and that nation state adversaries can and will use clustered computing and emerging technologies like quantum computing against them. A good key is a truly randomly generated string with all characters within the permitted character set given equal weighting. A reasonably strong key will likely be at least 64 characters of 7bit ASCII, and even that will be put through a "key stretching" algorithm. Some implementations will go the whole nine yards for initial authentication, handover, and other crucial places but in order to reduce overhead will mutually agree upon a "session key" which is significantly shorter, but is time limited. When the rekeying timer expires a new session key is negotiated - often silently as the salting and hashing used to generate a new session key is often agreed upon at session initialization. Radio technology which does this will do two things - if given an incorrect key, roll the session key table forward, eg n+1 and check to see if the data decrypts successfully. If so, it's accepted and the session key updated and timer reset to a best guess based on jitter and latency (generally the other host can demand a rekey if a timer is disrespected). If not, the session must be reauthenticated using the primary key and new session keys established (and yes, several DoS attacks on wifi networks center around some of these features, eg sending deauth packets to everyone; jamming the network when a host attempts to update as their group key interval is reached etc). Another technique is simply declarative with the first host to realize setting a bit that corresponds to "session timer expiring, this is my last message in this key" (and if this isn't during traffic, it will be a simple status/ping/keepalive packet with the bit set). The other host generally acknowledges receipt by sending a packet back encoded with the next session key. Again, failure recovery involves reinitializing the session key. Smart cards with in baked in crypto will often perform key generation, management and retention on the chip itself. This arguably can ease provisioning and increase security but it has also been an Achilles heel, eg the mant satellite TV systems that were reliant upon smart cards which did not adequately protect the private key from exfiltration. Encryption and the underlying basebands that make this all possible are an extremely complex subject and I've merely touched on a few concepts for illustrative purposes, and oversimplified quite a bit. This is intended to be an intro to get you interested in crypto and start learning about the topic in detail from reputable sources. We've only just been discussing symmetric encryption, or encryption where you and your party have colluded in private somewhere and swapped keys (hence "preshared key"). We haven't discussed RSA - the prototypical asymmetrical encryption algorithm (and of course there are many others). RSA relies on the factoring of primes (of large integers), something that is trivial for a PC to perform in one direction but notoriously difficult to achieve in the other, hence the /asymmetry/), nor have we discussed PKI and certificate authorities or the alternate web of trust model. Nor have we touched on elliptic curve cryptography and how EC crypto promises higher security, smaller key sizes and better performance and is potentially more resilient against theoretical quantum attacks. I hope I've encouraged a few radio buffs to go down the encryption rabbit hole. Perhaps start reading about PGP - there is a fantastic story about Zimmerman smuggling the source code out in a book, as printed works would be protected by the first amendment in order to get around the armament export restrictions that existed in the US at the time.
@@uploadJ from what I know on masc it was reordering chunks of the voice based on band, which makes sense when you look at the processing power of the HTs of the day. Unfortunately human speech has characteristic features that make descrambling possible, even without trying all permutations. You're right though, I shouldn't have used both examples in the same sentence - although there's plenty of overlap conceptually. Both attempt to hide data from interception by simply reordering (or in the case of hopping, retuning) in an order known supposedly only by authorized users.
Here in the US 🇺🇸, hams can't use any encryption on our radios. I found out that here the Nashua, NH police are encrypted, so we can't listen, among others, to the police here.
@@eliotmansfield That's what I thought, from what Lewis has stated previously about not listening to the Police. It's less restricted here in the US 🇺🇸, but I am sure most countries have rules against most non government people using encryption.
@@eliotmansfield if the key is public, anyone can look it up. Just like anyone can look up a NAC or a CC or info on DSTAR which you can only hear if you have that brand.
MASC was used on our Motorola radios when I worked for WMP. Awful system. Having to repeat most of what was said and a lot of the time it was switched off as it was so unreliable.
Wmp hardly ever used it due to it’s out of sync problems, this was caused by bad network and the radios being programmed incorrectly allowing to overlay others.
Carlisle used it on main ch 39 on and off , many many times the controller would try to force the encrypted units into clear with 3 data bursts , I used to have a lot a btp cops visiting on a railways site I used to work at , they never had the masc modules fitted to their radios
As a radio Tech for many years in the states, we have used Motorola encrypted radios while servicing police systems. They have the ability of OTAR to a specific radio, basically enableing TX on our preprogrammed Zone. When we are finished with the assignment they again stun the one zone with their data on it. In the mean time depending on which radios we deploy they might be equipped with DES ENCRYPTION which we use our key fill equipment to program radios. We are not concerned about terrorist issues with this standard as the FCC's remote monitoring sites are equipped with decryption equipment that will allow full monitoring. We use DES to keep company info from prying ears especially when we are dealing with law enforcement.
It’s rather a pity that police forces are this worried about it. I suspect that a recording could be broken quite readily with a computer. Honestly use of the encryption along with an actual investigation would resonate effectively with a jury. I frankly see the efforts to restrict the radio as just plain shoddy police work. A decent loss prevention officer doesn’t waste time looking at “suspicious” people. He catches actual shoplifters.
Encryption on the internet is not only the norm, it's required in many circumstances. Why so much consternation from countries about keeping private communications over wireless? Seems silly.
Nice one Lewis another great Video to help Promote Amateure Radio... Keep up the good work. I hope you don't mind I'm sharing this one. Best Regards Luigi - de G0LMM..
As to WHY is was never cracked, it sounds like police stopped using the radios 20 years ago as the technology became obsolete. Now the only people interested in MASC are a bunch of hobbyists with some second-hand equipment. Breaking the code for that is probably a little low on the priority list for the CIA/MI6/FSB.
We use AES 256 digital encryption on the local hams bands. The old timers don't like it, but to bad! The Key loaders and radios are hard to get even if you knew the correct keys. Privacy rules!
Privacy is great but how do you announce your callsign? Isn't this why LMR licenses exist? If you want private radio comms, get a commercial license. Don't risk your callsign and maybe fines, I mean nothing is ever going to happen most likely but you never know. A sad ham might triangulate you and report you at some point
Used to play about with encryption boards years ago on the CB slap on between the mic and between the op amp an speaker worked but was rubbish. Bards from maplin back in the 90s.
This encryption must be obsolate by now. The alogoryth of frequncy jumps could be brute forced if needed with key. I doubt that it is AE256 encryption under the hood. So listen to whole spectrum and put it back toghetre,
I dnt kno the rate modern GPUs can hack hash an wep passwords are unreal. if someone was inclined to write a program for doing it I'm sure a modern GPUs could smash it out ver very quickly just on a brute force
The biggest pain in the ass that I've seen is the ask that Motorola uses to prevent anyone except an authorized Motorola dealer from reprogramming or even reading the radios Prior to this it was possible to just write a brand new code plug over the encrypted one and the radio would spring back to life but with the ask it is a brick without taking it to an authorized Motorola dealer and having them unlock it and most Motorola dealers will not do this unless you are a client so any people that are using radios for their own personal use are out of luck if they find one of these and there's more and more of them every day
