Batboard

Could someone explaine what a system key is used for. I know that it is used to program radios on trunked systems. I've looked around, but info on this topic is scarce.

A system key is a secret code that the person that programs the trunking freqs and the info it uses to gain access to the trunking program for changes later.

Its intended purpose is to keep everybody from changing the trunking programmed info unless they have the corect system key that the radio will look for before allowing access to the trunking program for changes ect.

In simple terms its a padlock and unless you have the key to the padlock you dont get in.

You can usualy read the trunking program info but you cant access the info to change its programming to anything diferent with out the sys key.

There are ways to get around the sys key if you by chance got one off of ebay and needed to program it for a trunking system in your area but you should get a hold of the system owner and he/she can usualy gain access to the radio by using other programs or methods that i wont go into here .

If your talking about a trunking radio that also does conventional ch freqs as well then you can normaly access the conventional freqs and change them if you wanted but not the trunking info as its the one that will want the sys key it was programmed to accept as valid access to the trunking program for changes.

No you cant read the sys key from the radio to find out what sys key the radio was programmed to accept.

Trunking system operators use this to protect there systems from unauthorized users as one example.

EKLB

This information isn't exactly secret:

A program that generates system keys got leaked a LONG time ago. It's not too tough to get a copy of it.


Also, look in the Batlabs info files. At one time there was a guide to making system keys yourself. I've never tried it. I presume that data is still there.

Another way around it is to get "lab" software. Only a few examples of lab software have sneaked out of M's labs, and they're only usable on certain radios. Some versions of lab software are incomplete and/or buggy, but others, like the famous STX lab software, were, for lack of a better term, PERFECT. But not many people are using the STX anymore.

Of these methods, only the method of making your own key is technically legal. The key generator and lab software are both copyrighted and not available for sale, period. Motorola won't sell it and nobody else has the authority to do so, either.


Elroy

Well, from a legal standpoint, you're in no more hot water with LAB or the Key-Generator than you are with regular RSS. If you're a Motorola dealer, that's another story, but for a regular person, it's still just piracy.

That being said...I dont know how legal a home made key is either, since you DO need a regular system key to begin with.

Perhaps somebody should post the exact hex contents of a system key for a system ID of 0001, so you don't have a system key, you have a copy of the data in the key.

I'm not sure how that adds up.

-M

FYI, system keys themselves bear no copyright. They're just a data string, usually between 31 and 33 bytes long, and bearing a file name.

Elroy

if you ever become famous and they want to give you the key to the city be sure to ask for the System key to the city instead!

Frank

This system key issue is about to get a lot more complicated.

Starting next month, Motorola is supposed to begin shipping the new advanced system key. Once a radio is programmed with the advanced key, it can no longer be programmed with a regular key, period.

This will affect Astro Saber, XTS3000, Astro Spectra and Plus, XTS1500/2500/5000 and XTL5000 when programmed with their corresponding CPS.

The codeplug will even retain the serial number of the advanced key that programmed it.

The advanced key is a hardware based system using the Dallas / Maxim I-button technology.

It remains to be seen if you can take a radio that has been programmed with an advanced key and get past that by cloning a factory codeplug into it with DOS RSS. It's unlikely that will ever work with CPS so that rules cloning out as a fix for the newer radios.

It is also unclear if the CPS will even read a radio programmed with an advanced key. Well, OK, it will read it, it probably just won't let you see what's in there.

Another thing that is not clear is whether the advanced key locks out all programming of the radio or just programming of the radio for the system that the advanced key programmed it for.

Once the advanced key gets delivered, many experiments will need to be done to get answers to these questions and more.

done

And this too shall fall to the efforts of dedicated hackers.


Motorola has yet to learn that their best course of action is to acknowledge that there IS a segment of the population that wishes to monitor these PUBLIC radio systems and use Motorola products to do it, and that the best course of action is not to make it difficult for them to do it, but instead to make it EASY for them to do it in a SAFE AND RESPONSIBLE MANNER.

They have not learned the lessons learned by America's experiment with Prohibition in the early 20th century. That lesson is that if you try to make something desirable inaccessible, the result is enhanced demand and a black market which does more harm than simple reasonable controls in the first place.

I really hope someone from Motorola, someone in a position of authority, reads this.

All you need to do is allow a true receive only option in the RSS/CPS that requires no system key but allows monitoring only of any given trunked system. It would be fine if that version of the program were to allow LIMITED functionality of the radio, too. As long as it can receive non-encrypted transmissions that are normally dispatched, that would be sufficient. And make the software affordable. Price it low enough and practically every interested person would buy it.

I don't expect Motorola to take my advice. They lack the vision, wisdom, and sensibility that is required for them to see that what I propose is workable and beneficial for all concerned.

And before anyone says that it compromises security on a public safety system, I remind you of this...it's a PUBLIC safety system. We DO have the right to know what our EMPLOYEES are doing on the job. They should EXPECT to be monitored by the civilian population, and if they're doing their job RIGHT, that shouldn't be any cause for them to be concerned.

Elroy

Maybe Motorola will see the money to be made in selling more radios and software.
Maybe even some of the agencies out there would use this version of the RSS to program radios to monitor systems they want to keep track of without being on the system. Maybe something like a local security company that uses a trunked system and now the local police could montior them.

One of the challenges (aside from /\/\'s general history and corporate culture) is that /\/\ has traditionally made privacy and security a major selling point for spending big $$$ on their systems.

It is probably an easy guess that they could see themselves losing more in sales of so-called private/secure/unmonitorable systems than they would ever make by producing the hardware or software to make monitoring those same systems easier for hobbyists, etc.

Additionally, it is pretty clear that /\/\ is fast losing interest in selling radios in ones and twos in favor of selling large complete mega-dollar systems in the name of gorging themselves at the federally funded grant trough.

It is pretty clear that the odds of corporate cooperation from /\/\ go down by the day.

Funny you should talk about privacy and Motorola trunked systems. The local shop here sold the ambulance service on using a local system because of the privacy they would have including private call. They found out all to soon that even the private call could be monitored with a trunking scanner. The local shop wasn't too happy when they got a call from the owner complaining about the security the sold them.

Motorola's direction is pretty clear here. Look at the new P25 Smartzone subscriber units. Even if they are programmed properly, they MUST affiliate or they won't monitor. And they MUST have a subscriber record in the Zone Controller or they can't affiliate.

What Motorola is doing is putting control of the radios into the hands of the system administrator. The system administrator can decide who gets what capabilities.

It's easy enough to set up a subscriber record that is receive only. We do it for media radios. They can listen but not transmit.

If the system administrator won't set up your radio to monitor - the solution is as close as the nearest Radio Shack. That solves all the "we have to be able to monitor public safety - it's our tax dollars" issues, so don't look for a public outcry to change Motorola's position.

I don't think the prohibition analogy holds any water either since probably 82% of the adult population drinks, whereas approximately 0.00000001% of the population are radio enthusiasts who want to monitor trunked systems with 'real' Motorola radios instead of scanners.

Actually, that doesn't sound too bad. If the system administrator is well trained in this feature and is also a reasonable human being, he should not have a problem with granting monitoring permission to someone who's motivated enough to BUY his own very expensive radio, particularly when you consider that the person who wants to monitor is essentially putting himself under a bit of a spotlight. He'd be well known to the system administration.

I wonder...in such a situation, could the administrator enable remote monitoring on the receive only unit?

Something tells me the answer is probably YES.

Elroy

If you mean that a system administrator could create a subscriber record for your unit such that it is authorized to receive but not to transmit - then send your radio a remote monitor command and have it transmit without your knowledge or any indication to you - say that's a pretty good idea... Thanks Elroy.

One catch: If that option were to ever be enabled, a legal document would have to be signed by the radio owner that authorized the silent monitoring of the radio owner under specific circumstances. Otherwise it would be 100 percent identical to the illegal act of placing a bug without a court order.

Not even Motorola wants to play THAT game!

Elroy

"whereas approximately 0.00000001% of the population are radio enthusiasts who want to monitor trunked systems with 'real' Motorola radios instead of scanners."


That would be one in every ten BILLION people. Try again!

A more reasonable figure is that one percent of the population has some interest in scanning. Sounds about right. Maybe half that. Of the scanner listeners, a significant percentage of them would prefer the Genuine Article at a fair price. Maybe five percent of them? Again, that seems about right to me.

If the US population is 250 million people then maybe 2.5 million may have some interest in scanning. 5 percent of them would be 125,000.

Let's go pessimistic and assume even less. One percent of scanner listeners want the real thing. Still, that's 25,000 people.

For the sale of 25,000 radios, Motorola will CUSTOM DESIGN a model to the customer's exact specs!

I think the market IS big enough that Motorola could make it worth their while to cater to it.


Elroy

"...For the sale of 25,000 radios, Motorola will CUSTOM DESIGN a model to the customer's exact specs! ..."
______________________________________________________________________

They might do that for a confirmed order for 25,000 units for ONE customer, but 25,000 individual customers - to Motorola management that's just 25,000 problems.

The reason I bought one of my MaxTrac trunked radios is so I can monitor a local public safety system that my scanner won't monitor properly.

The pain in the but about it is they added in a series of 5 beeps after the radio has keyed off, keeping the scanner tied up while the rest of the system continues onto the next frequency for reception. Figured maybe the way I could get around that is to actually program a trunked radio for use as a monitor, like I've tried.

Again, I ran into teh stupid system key issue, so my radio is pretty much worthless because it won't do conventional in its current programming. As I said in my post about converting an 820 mobile to conventional I blanked the board and I think I killed the damn radio, it just gives a solid tone now when you're not programming. Reloaded the original codeplug from disk and tried to write it to the radio, it worked, but still gives tone. Still this doens't solve my problem of getting around the stupid system key issue, and I can't find any keygens or anything like that on the 'net.

Sounds to me like the system you want to monitor is an EDACS system, in which case, a Maxtrac isn't going to do you any good, unless it's got the GeeWhiz board in it.

-Mike

I agree. Five beeps sounds like EDACS. Never heard that on a Motorola system.

If that's the case, you've got a useless radio for what you want to do.

Try doing a search for your agency's radio system via Google. Odds are you'll find some info on it that points you in the RIGHT direction.

Elroy

Well CRAP! I set the control channel on the scanner (Radio Shack Pro-93) to "MO" and it came up with all the proper data, but I guess I haven't tried EDACS setting yet. Reguardless, I can't get around the beeps with a scanner right? Anymore ideas about the codeplug problem?


Now that you mention it, yeah, OPPD uses the GE EDACS systems.. I totally forgot they spent all that money on those a few years ago

I live in a really huge area (Kansas City) so theres like 10 different cities full of public safety that I could listen to. My actual residence is Overland Park, (OPPD == Overland Park Police Department, of course.) But KCKSPD and KCMOPD both use Motorola systems, I know that for sure.. A friend fo mine is a KCKS officer and he has a motorola MTS2000 SmartNET that he let me play with a little.

elesjuan wrote: I live in a really huge area (Kansas City) so theres like 10 different cities full of public safety that I could listen to. My actual residence is Overland Park, (OPPD == Overland Park Police Department, of course.) But KCKSPD and KCMOPD both use Motorola systems, I know that for sure.. A friend fo mine is a KCKS officer and he has a motorola MTS2000 SmartNET that he let me play with a little.

No, you don't know your information for sure: Being that you are on the MO side of the river, then it's all GE/Ericcson over there....KCMO, MSHP etc.

KCMO uses an EDACS system, and MSHP is on lowband using conventional GE equipment. Some of the other 'burbs may have bought /\/\ systems, but it's mostly M/A-Com (and Code 3 PSE) down there - whereas the northern states are almost all /\/\ (and Federal Signal).