XTS5000 not hackable? Someone update me, I'm not current.
Moderator: Queue Moderator
- Elroy Jetson
- Posts: 1158
- Joined: Mon Sep 03, 2001 4:00 pm
XTS5000 not hackable? Someone update me, I'm not current.
The title pretty much says it all.
What's this about the XTS5000 not being hackable?
Information, please.
Elroy
			
			
									
									
						What's this about the XTS5000 not being hackable?
Information, please.
Elroy
hmm
let's see...
there is/was no DOS software support for the xts 5000
there is no current method to read/write no pack/unpack the radio
and
the s-record format is different.
i think that pretty much sums it up.
and - coming down the pipe are all the other goodies... expiring system keys, system key lockout (prevents reprogramming w/o the original system key used to program the radio), blah blah blah
oh, and lets not forget the "ESN" that XTS 5000's have.... i betcha that's going to be used eventually as well.
d
			
			
									
									
						there is/was no DOS software support for the xts 5000
there is no current method to read/write no pack/unpack the radio
and
the s-record format is different.
i think that pretty much sums it up.
and - coming down the pipe are all the other goodies... expiring system keys, system key lockout (prevents reprogramming w/o the original system key used to program the radio), blah blah blah
oh, and lets not forget the "ESN" that XTS 5000's have.... i betcha that's going to be used eventually as well.
d
- Elroy Jetson
- Posts: 1158
- Joined: Mon Sep 03, 2001 4:00 pm
You realize, of course, that one important aspect of all these extra security precautions is that it makes the radio virtually worthless when it's surplussed out from its original customer, don't you?
They're virtually making radios that can only be used ONCE. Well, with just ONE customer.
When word of this gets out, any radio dealer that knows what's up won't even be bothering to bid a dollar for a pallet full of these radios. They'll be worthless.
Next, I predict that they'll make radios that have an internal clock/calendar function, in the firmware, and after a certain date, the radio goes totally, permanently, and completely dead. The radios will be sold with a stipulation in the contract that they have a definite, non-extendable service life of (x) years, and not a day more.
We need to start buying M's stock, and lots of it, and acquire control of the company that way! Imagine if radio enthusiasts owned them, what'd happen next!
There'd be a hidden hacker's menu in every release of the CPS/RSS!
  
 
Elroy
			
			
									
									
						They're virtually making radios that can only be used ONCE. Well, with just ONE customer.
When word of this gets out, any radio dealer that knows what's up won't even be bothering to bid a dollar for a pallet full of these radios. They'll be worthless.
Next, I predict that they'll make radios that have an internal clock/calendar function, in the firmware, and after a certain date, the radio goes totally, permanently, and completely dead. The radios will be sold with a stipulation in the contract that they have a definite, non-extendable service life of (x) years, and not a day more.
We need to start buying M's stock, and lots of it, and acquire control of the company that way! Imagine if radio enthusiasts owned them, what'd happen next!
There'd be a hidden hacker's menu in every release of the CPS/RSS!
 
 Elroy
How can you say they are only able to be used by one customer and they are useless as surplus? The radios will still have the same Flash features available, it's just not hackable to change it.Elroy Jetson wrote:You realize, of course, that one important aspect of all these extra security precautions is that it makes the radio virtually worthless when it's surplussed out from its original customer, don't you?
They're virtually making radios that can only be used ONCE. Well, with just ONE customer.
Elroy
As far as the expiring system keys, that is for technicians, etc where a limited set of features or a time expiration is desired (time expiration being when the system programming key will expire.
George
Elroy's theory is correct.
With the ESN's and other features that are coming out with the newer series of radios, they chould feisably lock them down so that you need a system key or other dongle based device just to read the radio, or even to write to it.
As it is now, there are several places that CRUSH the radios after they have been replaced.
From the "I like to play with things" perspective, it sucks. From the business standpoint, it just makes your systems more secure.
If no one has the technology or if they do - lack the ability to "mess around" with it, then there really isn't much of a security risk.
-Alex
			
			
									
									With the ESN's and other features that are coming out with the newer series of radios, they chould feisably lock them down so that you need a system key or other dongle based device just to read the radio, or even to write to it.
As it is now, there are several places that CRUSH the radios after they have been replaced.
From the "I like to play with things" perspective, it sucks. From the business standpoint, it just makes your systems more secure.
If no one has the technology or if they do - lack the ability to "mess around" with it, then there really isn't much of a security risk.
-Alex
The Radio Information Board: http://www.radioinfoboard.com
Your source for information on: Harris/Ma-Comm/EFJ/RELM/Kenwood/ICOM/Thales, equipment.
						Your source for information on: Harris/Ma-Comm/EFJ/RELM/Kenwood/ICOM/Thales, equipment.
- Elroy Jetson
- Posts: 1158
- Joined: Mon Sep 03, 2001 4:00 pm
If the radio has to have the same system key present to program it the second time as was present when it was programmed the FIRST time, then a second owner of that radio would have to have BOTH keys, and I can't see M approving of that.
Of course, with the system key generator being not so terribly difficult to obtain.... I'll leave it at that.
Something else to consider: the number of trunking capable radios that enter the surplus market and actually get reused by another trunking user (a fully legitimate one) is relatively low. It isn't all that much of a stretch to say that there is no significant aftermarket (except for the radio enthusiast crowd) for trunking radios. Sure, there are exceptions, but if a department were to surplus out 10,000 XTS3000s, how many do you think would actually end up getting purchased by a trunking user and getting reutilized?
Not all that many, actually. Those users are usually funded with public money and can afford new radios if they need more radios. It's not always the most cost-effective use of YOUR taxpayer's dollars, but that IS the reality of the situation.
Our favorite toys can be said to have a legitimate use in the aftermarket if they cover an amateur band or other bands in which we can be licensed to operate, but between you and me, it's not all that easy to convince a cop that there's a justifiable reason for you to have an 800 MHz portable radio, especially if it's fancier than HIS is.
I view the justification to be a simple matter: Because I can. But that may not always be enough.
Elroy
			
			
									
									
						Of course, with the system key generator being not so terribly difficult to obtain.... I'll leave it at that.
Something else to consider: the number of trunking capable radios that enter the surplus market and actually get reused by another trunking user (a fully legitimate one) is relatively low. It isn't all that much of a stretch to say that there is no significant aftermarket (except for the radio enthusiast crowd) for trunking radios. Sure, there are exceptions, but if a department were to surplus out 10,000 XTS3000s, how many do you think would actually end up getting purchased by a trunking user and getting reutilized?
Not all that many, actually. Those users are usually funded with public money and can afford new radios if they need more radios. It's not always the most cost-effective use of YOUR taxpayer's dollars, but that IS the reality of the situation.
Our favorite toys can be said to have a legitimate use in the aftermarket if they cover an amateur band or other bands in which we can be licensed to operate, but between you and me, it's not all that easy to convince a cop that there's a justifiable reason for you to have an 800 MHz portable radio, especially if it's fancier than HIS is.
I view the justification to be a simple matter: Because I can. But that may not always be enough.
Elroy
hmmm
<snip from alex>
other dongle based device just to read the radio
i can't believe that it's taken THIS LONG to get this worked into the hardware and programming platforms.
if it were *ME* based on what i know about the ..hmm... "grey hackeristic circles"...
the ability to read/write/re-write a radio from ANY copy of the software would have been fixed many many moons ago... it's one of their biggest holes besides the unbelievable assertion that the system key is still a valid security model (hence MA/COM's abortion of ESK...) - bottom line here is that if i was a system admin - i sure wouldn't want officer johnny out there getting his radio read/re-written by some smack-ass out in town (or officer johnny himself) - which right now is certainly VERY plausible...
and
<snip> from elroy
but if a department were to surplus out 10,000 XTS3000s, how many do you think would actually end up getting purchased by a trunking user and getting reutilized?
let's wait and see what happens to the astro infrastructure and subscriber gear coming out of florida
my bet: motorola buys it back at .01 on the dollar - JUST to keep it out of the second hand market.... although it IS florida... so god only knows what will actually happen to all that equipment - it would certainly be in moto's interest to keep all of that equipment out of the secondary market... i know there are MANY MANY departments and agencies out there that would love to buy all of it. as to final disposition - if motorola gets it - it's going to be big astro radio melting pot in the sky.
doug
doug
			
			
									
									
						other dongle based device just to read the radio
i can't believe that it's taken THIS LONG to get this worked into the hardware and programming platforms.
if it were *ME* based on what i know about the ..hmm... "grey hackeristic circles"...
the ability to read/write/re-write a radio from ANY copy of the software would have been fixed many many moons ago... it's one of their biggest holes besides the unbelievable assertion that the system key is still a valid security model (hence MA/COM's abortion of ESK...) - bottom line here is that if i was a system admin - i sure wouldn't want officer johnny out there getting his radio read/re-written by some smack-ass out in town (or officer johnny himself) - which right now is certainly VERY plausible...
and
<snip> from elroy
but if a department were to surplus out 10,000 XTS3000s, how many do you think would actually end up getting purchased by a trunking user and getting reutilized?
let's wait and see what happens to the astro infrastructure and subscriber gear coming out of florida
my bet: motorola buys it back at .01 on the dollar - JUST to keep it out of the second hand market.... although it IS florida... so god only knows what will actually happen to all that equipment - it would certainly be in moto's interest to keep all of that equipment out of the secondary market... i know there are MANY MANY departments and agencies out there that would love to buy all of it. as to final disposition - if motorola gets it - it's going to be big astro radio melting pot in the sky.
doug
doug
- Elroy Jetson
- Posts: 1158
- Joined: Mon Sep 03, 2001 4:00 pm
Doug, what is this about Ma/Com's abortion of ESK?
You mean they abandoned it?
Tell me more.
I do know that the scheme has been defeated by a hacker (trunkedradio.net) and has been revealed to be a bit change in the trunking data frames, essentially turning an expected value into any other. As a result, there are essentially 256 (and ONLY 256) "dialects" of the ProVoice data stream, and when used with relatively simple translation software interfaced to ETrunk, this should be very easy to defeat in a practical sense.
Anyway, M already HAS bought out the old equipment in systems undergoing changeover, and some of that equipment has gotten out anyway. They hire somebody to scrap it, and stuff scampers away all the time. There's not much they can do about it if they don't have a very clear legal contract with the scrapper, which most scrappers won't sign anyway as most scrapyards are at least marginally accessible to the public and they can't maintain 100 percent control of everything tha comes in the gate.
Elroy
			
			
									
									
						You mean they abandoned it?
Tell me more.
I do know that the scheme has been defeated by a hacker (trunkedradio.net) and has been revealed to be a bit change in the trunking data frames, essentially turning an expected value into any other. As a result, there are essentially 256 (and ONLY 256) "dialects" of the ProVoice data stream, and when used with relatively simple translation software interfaced to ETrunk, this should be very easy to defeat in a practical sense.
Anyway, M already HAS bought out the old equipment in systems undergoing changeover, and some of that equipment has gotten out anyway. They hire somebody to scrap it, and stuff scampers away all the time. There's not much they can do about it if they don't have a very clear legal contract with the scrapper, which most scrappers won't sign anyway as most scrapyards are at least marginally accessible to the public and they can't maintain 100 percent control of everything tha comes in the gate.
Elroy
 
				

