Go easy on me now... system key question

Forum for the promotion and understanding of digital voice on the amateur bands.

Moderator: Global Moderator Team

User avatar
n3wrx
142490-000000-7
Posts: 372
Joined: Fri Apr 13, 2007 8:28 am
Location: Jersey City, NJ
Contact:

Go easy on me now... system key question

Postby n3wrx » Mon Nov 30, 2009 2:54 pm

Hi guys,

If you have [legal] possession of a radio (XTS series) programmed to a given P25 trunked system, is it possible to retrieve the system key for that trunked system from that radio (assuming you have software)?

Thanks.

-j

User avatar
VE9MP
98247E-011480-1
Posts: 1348
Joined: Wed Oct 27, 2004 11:18 am
Location: What ya lookin' at my gut fer?
Contact:

Re: Go easy on me now... system key question

Postby VE9MP » Mon Nov 30, 2009 3:05 pm

No, the system key is an actual computer file, that has to be in a certain folder on your computer, that your CPS looks for....

or alternatively, depending on how new the system is, it could be an Advanced System Key required, which is an actual hardware dongle that has to be connected to the computer, research ibuttons for more info, but essentially there is a single Master key, from Motorola, which daughter keys can be created, that customizes what the end user can program, like ranges of ID's, and they have expiry dates.... I did some research into ibuttons and what it would take to "make" one, but its way over my head, im sure other people have figured it out or found a loophole.....
Nick

User avatar
n3wrx
142490-000000-7
Posts: 372
Joined: Fri Apr 13, 2007 8:28 am
Location: Jersey City, NJ
Contact:

Re: Go easy on me now... system key question

Postby n3wrx » Mon Nov 30, 2009 5:35 pm

Can you add conventional stuff to a radio with a programmed trunked system without the system key?

User avatar
VE9MP
98247E-011480-1
Posts: 1348
Joined: Wed Oct 27, 2004 11:18 am
Location: What ya lookin' at my gut fer?
Contact:

Re: Go easy on me now... system key question

Postby VE9MP » Mon Nov 30, 2009 6:36 pm

Yes, as long as it wasnt programmed with an ASK....
Nick

User avatar
n3wrx
142490-000000-7
Posts: 372
Joined: Fri Apr 13, 2007 8:28 am
Location: Jersey City, NJ
Contact:

Re: Go easy on me now... system key question

Postby n3wrx » Mon Nov 30, 2009 7:00 pm

Thanks man, appreciate the info.

What about scan lists/scan priorities? Can those be changed with an existing trunked system without the key (assuming no ASK)?

Sorry about all the questions, trying to help someone out (really).

User avatar
motorola_otaku
Cock Block
Posts: 6669
Joined: Mon Nov 29, 2004 8:53 pm
Location: Stinkadena, TX
Contact:

Re: Go easy on me now... system key question

Postby motorola_otaku » Mon Nov 30, 2009 7:21 pm

Scanlists can be added and deleted. You can add and remove trunked personalities from said scanlists. Zone/Channel assignments can be added, deleted, and renamed. Trunked talkgroup names can be edited. Conventional personalities can be added, deleted, and manipulated every way imaginable. What not having the system key does is locks you out of that particular system's settings AND the settings of any personality assigned to it.

Now, as VE9MP pointed out, if your radio was touched by an Advanced System Key then you can write off doing anything to it ever again without one of two things:
-another Advanced System Key; caveat: if it is for a different SysID than the one in the radio, you won't be able to mess with that system's settings at all.
-(XTS3000 only) a DOS RSS codeplug or s-record of that radio with matching model number, serial number, and Flashcode.

Now, I am not the BATLABS TRUNKING POLICE nor do I necessarily agree with the tack they take on people asking similar questions, but I do have to throw this hypothetical at you as a caution: let's say you or a friend have a legitimately-programmed Motorola trunking/P25 radio and every right in the world to be operating on the systems in it, but you make some non-system-key-required changes to it with your own programming kit. When that radio goes back to its designated programmer for system updates or whatever, they are going to see the changes made to it (the Last Programmed Date among other things) and you or your friend may find some hard questions posed to you by gentlemen with badges. In that event it would be wise for you or your friend to have your asses appropriately covered, preferably in the form of written permissions on company or department letterheads. But that's just, like, my opinion, man.
And the sign says you got to have a membership card to get inside.

User avatar
VE9MP
98247E-011480-1
Posts: 1348
Joined: Wed Oct 27, 2004 11:18 am
Location: What ya lookin' at my gut fer?
Contact:

Re: Go easy on me now... system key question

Postby VE9MP » Mon Nov 30, 2009 9:00 pm

In another 5 years or so I can see ASK's being a major obstacle for us M nerds, once these new radios start hitting ebay or government surplus, we arnt going to be able to manipulate the programming in these radios at, like the APX radios for example that will only program with ASK's, legacy system keys arn't even supported in the CPS.....
Nick

User avatar
n3wrx
142490-000000-7
Posts: 372
Joined: Fri Apr 13, 2007 8:28 am
Location: Jersey City, NJ
Contact:

Re: Go easy on me now... system key question

Postby n3wrx » Mon Nov 30, 2009 9:26 pm

Thanks again for the reply and the information. I also appreciate the warning, Josh (great name!), and it is good information to know, and useful food for thought.

The friend is LE with many years on the force and more than a couple stripes on the sleeve. BUT, since s/he obviously doesn't have quite enough influence to just get the programming done "officially", I will be sure to discuss it with him/her before we start writing any codeplugs (assuming we are even able).

Based on the conversations we've had thus far, I believe that my name would not be mentioned, and s/he would probably just be chewed out... at worst. But I'll confirm. Assuming anyone even noticed... which based on my understanding of the less-than-organized environment there, is unlikely to begin with. We're talking about changing some scan lists and/or scan priorities - probably nothing beyond that.

User avatar
n3wrx
142490-000000-7
Posts: 372
Joined: Fri Apr 13, 2007 8:28 am
Location: Jersey City, NJ
Contact:

Re: Go easy on me now... system key question

Postby n3wrx » Mon Nov 30, 2009 9:30 pm


User avatar
007
98247E-011480-1
Posts: 1560
Joined: Wed Jun 23, 2004 2:28 am
Location: Burpleson Air Force base

Re: Go easy on me now... system key question

Postby 007 » Tue Dec 01, 2009 10:43 am

My advise is don't do it.

Josh hit the nail on the head with his comments above regarding programming dates, etc. If you go into the radio and change settings then the Sys Admin sees this at a later time, get ready to ride the lightning. Like Josh, I am not the trunking police and can understand what you are trying to do. However, if changes are made outside the authorized shop, don't be surprised in the least if you get called on it. The tolerance for asshattery with trunked systems is at an all time low and odds are they will be looking for blood if the changes are detected.

Just saying...
[R]eal men eat meat and potatoes and drop logs that would choke a donkey.

User avatar
n3wrx
142490-000000-7
Posts: 372
Joined: Fri Apr 13, 2007 8:28 am
Location: Jersey City, NJ
Contact:

Re: Go easy on me now... system key question

Postby n3wrx » Tue Dec 01, 2009 2:30 pm

Thanks guys, I appreciate the advice, and know that you are looking to keep me out of trouble.

While I could just sit down and do it for them, maybe the safest way is to just sit with them and verbally guide them through it so that they do it themselves - they do everything, using all of their own equipment. That should keep me as 'in the clear' as possible.

Apparently the radio[s], as issued by the organization, power on with some sort of "bad system key" error already... it suggests that the PD's radio room, [apparently] lacking access to the [advanced?] system key, have been making "unauthorized" changes. Frankly, it wouldn't surprise me.

This may be moot anyway - it's a very recently implemented system, they might be using ASKs, in which case we're boned - I'll just help them program their personal radio for the hammy sh*t.

User avatar
Victor Xray
DAYTON 2006/2007 SUPPORTER
Posts: 458
Joined: Tue May 31, 2005 11:00 am

Re: Go easy on me now... system key question

Postby Victor Xray » Tue Dec 01, 2009 4:08 pm

If they power on with a KEYFAIL error, that has to do with the encryption module not having a valid authentication key programmed in it.
There's nothing more permanent than a temporary solution.

User avatar
motorola_otaku
Cock Block
Posts: 6669
Joined: Mon Nov 29, 2004 8:53 pm
Location: Stinkadena, TX
Contact:

Re: Go easy on me now... system key question

Postby motorola_otaku » Tue Dec 01, 2009 5:55 pm

And the sign says you got to have a membership card to get inside.

spareparts
Dayton 2005/2006/2007 Supporter
Posts: 417
Joined: Sun Feb 27, 2005 4:33 pm

Re: Go easy on me now... system key question

Postby spareparts » Tue Dec 01, 2009 6:52 pm

Side question on ASK: At the end of useful life, Is it possible to remove all programing and personalties (or restore the factory defaults) and provide a daughter ASK so you can sell or transfer the radio to another department?

Failing that, can the original owner send the radio back to /\/\ to be wiped and defaulted?

slimbob
142490-000000-7
Posts: 305
Joined: Sun Jan 23, 2005 10:13 pm
Location: I sold my soul for a Saber.

Re: Go easy on me now... system key question

Postby slimbob » Sat Dec 05, 2009 4:49 am

iButtons are damn near impossible to take apart and keep working. The CIA/NSA has only managed it a few times.
Pass me my Saber -- it's the one marked 'Bad Motherf***er'.

User avatar
escomm
professor of rectalingus
Posts: 4398
Joined: Thu Mar 30, 2006 1:54 am
Location: Chief of the CAREPOLICE

Re: Go easy on me now... system key question

Postby escomm » Sat Dec 05, 2009 1:21 pm

I'd hit it so hard you'd have to be to King of England to pull me out

User avatar
n3wrx
142490-000000-7
Posts: 372
Joined: Fri Apr 13, 2007 8:28 am
Location: Jersey City, NJ
Contact:

Re: Go easy on me now... system key question

Postby n3wrx » Fri Dec 11, 2009 4:43 pm


High_Order1
102480-000000-3
Posts: 158
Joined: Mon Mar 20, 2006 8:08 pm

Re: Go easy on me now... system key question

Postby High_Order1 » Sat Dec 12, 2009 12:54 am

Well....

Nothing like me to screw up an otherwise decent conversation, but since no one else seems to be able to get the thread locked....

While researching something entirely different, I found a website where this guy does nothing but create software 'virtual' dongles. Since the iButton is a dongle..............


just sayin'. Y'all probably are nineteen steps ahead, but hey, what do I know?


On the topic of anal retentive LEO radio shops (kinda redundant), I have had my share of battles with them. If, oh, say, you (theoretically) used lab to make a perfect copy of the codeplug before you started messing about, and when time came for Yearly Sniffing of the Equipment, you blew the original back in, couldn't Lab also be able to, uh, adjust the last programmed date/time/source/# of times flashed?


Oh, and just in case I haven't shit the bed enough, hey n3wrx, go ask The Googler about something called syskeygen.exe. (whistles and walks away like I've been cropdusting after Fajita Day at work)

Shawn

User avatar
n3wrx
142490-000000-7
Posts: 372
Joined: Fri Apr 13, 2007 8:28 am
Location: Jersey City, NJ
Contact:

Re: Go easy on me now... system key question

Postby n3wrx » Sat Dec 12, 2009 5:10 pm


User avatar
VE9MP
98247E-011480-1
Posts: 1348
Joined: Wed Oct 27, 2004 11:18 am
Location: What ya lookin' at my gut fer?
Contact:

Re: Go easy on me now... system key question

Postby VE9MP » Fri Dec 18, 2009 2:11 am

No
Nick

User avatar
n3wrx
142490-000000-7
Posts: 372
Joined: Fri Apr 13, 2007 8:28 am
Location: Jersey City, NJ
Contact:

Re: Go easy on me now... system key question

Postby n3wrx » Mon Jan 11, 2010 3:09 am


spareparts
Dayton 2005/2006/2007 Supporter
Posts: 417
Joined: Sun Feb 27, 2005 4:33 pm

Re: Go easy on me now... system key question

Postby spareparts » Tue Jan 12, 2010 9:00 pm


User avatar
escomm
professor of rectalingus
Posts: 4398
Joined: Thu Mar 30, 2006 1:54 am
Location: Chief of the CAREPOLICE

Re: Go easy on me now... system key question

Postby escomm » Wed Jan 13, 2010 12:33 am

I'd hit it so hard you'd have to be to King of England to pull me out

User avatar
n3wrx
142490-000000-7
Posts: 372
Joined: Fri Apr 13, 2007 8:28 am
Location: Jersey City, NJ
Contact:

Re: Go easy on me now... system key question

Postby n3wrx » Thu Jan 14, 2010 1:14 am

If I understand this document correctly, it discusses how to perform a dictionary attack against the passwords that protect the key(s) that reside in a Motorola ASK/ibutton/whatever-it's-called.

That is quite different from syskeygen, which as I understand it (from the explanation here) can be used to access radios without bothering with the real system key or programming equipment at all.

In order to work with an existing ASK system, you would have to have prolonged access to the ASK/ibutton/whatever-it's-called device, no? Long enough to perform a dictionary attack.

User avatar
escomm
professor of rectalingus
Posts: 4398
Joined: Thu Mar 30, 2006 1:54 am
Location: Chief of the CAREPOLICE

Re: Go easy on me now... system key question

Postby escomm » Thu Feb 04, 2010 1:17 pm

I'd hit it so hard you'd have to be to King of England to pull me out

User avatar
captlpol
No post too old... no topic too irrelevant.... I'll bump them all...Formerly K0DEN
Posts: 245
Joined: Fri Nov 26, 2004 9:02 pm

Re: Go easy on me now... system key question

Postby captlpol » Thu Feb 03, 2011 10:06 pm

Would it not be easier to just get a scanner to listen to said talkgroups?
Silence is golden, duct tape is silver.

User avatar
smokeybehr
98247E-211491-4
Posts: 3241
Joined: Thu Apr 19, 2007 12:58 am
Location: In the muthaf***in' forest, bitch! Where else?
Contact:

Re: Go easy on me now... system key question

Postby smokeybehr » Sat Feb 12, 2011 8:08 pm

Holy Necropost, Batman!

Reread the thread carefully...


Return to “Astro DStar and other digital voice formats”

Who is online

Users browsing this forum: No registered users and 5 guests